From d6bcaa53f24d3df2dbf6336b03d1d66a29e9f0f3 Mon Sep 17 00:00:00 2001 From: 0xMarcio Date: Thu, 25 Jul 2024 21:25:12 +0000 Subject: [PATCH] Update CVE sources 2024-07-25 21:25 --- 2000/CVE-2000-0267.md | 17 + 2000/CVE-2000-0268.md | 17 + 2000/CVE-2000-0368.md | 17 + 2000/CVE-2000-0380.md | 17 + 2000/CVE-2000-0388.md | 1 + 2000/CVE-2000-0700.md | 17 + 2000/CVE-2000-0984.md | 2 +- 2000/CVE-2000-1022.md | 17 + 2000/CVE-2000-1054.md | 17 + 2000/CVE-2000-1055.md | 17 + 2000/CVE-2000-1056.md | 17 + 2001/CVE-2001-0019.md | 17 + 2001/CVE-2001-0020.md | 17 + 2001/CVE-2001-0041.md | 17 + 2001/CVE-2001-0055.md | 17 + 2001/CVE-2001-0056.md | 17 + 2001/CVE-2001-0057.md | 17 + 2001/CVE-2001-0058.md | 17 + 2001/CVE-2001-0288.md | 17 + 2001/CVE-2001-0375.md | 17 + 2001/CVE-2001-0412.md | 17 + 2001/CVE-2001-0427.md | 17 + 2001/CVE-2001-0428.md | 17 + 2001/CVE-2001-0429.md | 17 + 2001/CVE-2001-0455.md | 17 + 2001/CVE-2001-0537.md | 2 +- 2001/CVE-2001-0554.md | 1 + 2001/CVE-2001-0621.md | 17 + 2001/CVE-2001-0622.md | 17 + 2001/CVE-2001-0650.md | 17 + 2001/CVE-2001-0669.md | 17 + 2001/CVE-2001-0711.md | 17 + 2001/CVE-2001-0748.md | 17 + 2001/CVE-2001-0750.md | 17 + 2001/CVE-2001-0751.md | 17 + 2001/CVE-2001-0752.md | 17 + 2001/CVE-2001-0753.md | 17 + 2001/CVE-2001-0754.md | 17 + 2001/CVE-2001-0757.md | 17 + 2001/CVE-2001-0817.md | 17 + 2001/CVE-2001-0861.md | 17 + 2001/CVE-2001-0862.md | 17 + 2001/CVE-2001-0863.md | 17 + 2001/CVE-2001-0864.md | 17 + 2001/CVE-2001-0865.md | 17 + 2001/CVE-2001-0866.md | 17 + 2001/CVE-2001-0867.md | 17 + 2001/CVE-2001-0895.md | 17 + 2001/CVE-2001-0929.md | 17 + 2001/CVE-2001-1037.md | 17 + 2001/CVE-2001-1038.md | 17 + 2001/CVE-2001-1064.md | 17 + 2001/CVE-2001-1065.md | 17 + 2001/CVE-2001-1105.md | 17 + 2001/CVE-2001-1183.md | 17 + 2001/CVE-2001-1434.md | 17 + 2002/CVE-2002-0071.md | 17 + 2002/CVE-2002-0072.md | 17 + 2002/CVE-2002-0073.md | 1 + 2002/CVE-2002-0074.md | 17 + 2002/CVE-2002-0075.md | 17 + 2002/CVE-2002-0079.md | 17 + 2002/CVE-2002-0083.md | 17 + 2002/CVE-2002-0147.md | 17 + 2002/CVE-2002-0148.md | 1 + 2002/CVE-2002-0149.md | 1 + 2002/CVE-2002-0150.md | 17 + 2002/CVE-2002-0159.md | 17 + 2002/CVE-2002-0160.md | 17 + 2002/CVE-2002-0339.md | 17 + 2002/CVE-2002-0505.md | 17 + 2002/CVE-2002-0545.md | 17 + 2002/CVE-2002-0769.md | 17 + 2002/CVE-2002-0778.md | 17 + 2002/CVE-2002-0792.md | 17 + 2002/CVE-2002-0813.md | 1 + 2002/CVE-2002-0848.md | 17 + 2002/CVE-2002-0852.md | 17 + 2002/CVE-2002-0853.md | 17 + 2002/CVE-2002-0870.md | 17 + 2002/CVE-2002-0880.md | 17 + 2002/CVE-2002-0881.md | 17 + 2002/CVE-2002-0882.md | 17 + 2002/CVE-2002-0886.md | 17 + 2002/CVE-2002-0952.md | 17 + 2002/CVE-2002-1024.md | 2 +- 2002/CVE-2002-1092.md | 17 + 2002/CVE-2002-1093.md | 17 + 2002/CVE-2002-1094.md | 17 + 2002/CVE-2002-1095.md | 17 + 2002/CVE-2002-1096.md | 17 + 2002/CVE-2002-1097.md | 17 + 2002/CVE-2002-1098.md | 17 + 2002/CVE-2002-1099.md | 17 + 2002/CVE-2002-1100.md | 17 + 2002/CVE-2002-1101.md | 17 + 2002/CVE-2002-1102.md | 17 + 2002/CVE-2002-1103.md | 17 + 2002/CVE-2002-1104.md | 17 + 2002/CVE-2002-1105.md | 17 + 2002/CVE-2002-1106.md | 17 + 2002/CVE-2002-1107.md | 17 + 2002/CVE-2002-1108.md | 17 + 2002/CVE-2002-1131.md | 1 + 2002/CVE-2002-1137.md | 17 + 2002/CVE-2002-1145.md | 17 + 2002/CVE-2002-1189.md | 17 + 2002/CVE-2002-1190.md | 17 + 2002/CVE-2002-1222.md | 17 + 2002/CVE-2002-1447.md | 17 + 2002/CVE-2002-1491.md | 17 + 2002/CVE-2002-1492.md | 17 + 2002/CVE-2002-1553.md | 17 + 2002/CVE-2002-1554.md | 17 + 2002/CVE-2002-1555.md | 17 + 2002/CVE-2002-1556.md | 17 + 2002/CVE-2002-1557.md | 17 + 2002/CVE-2002-1558.md | 17 + 2002/CVE-2002-1595.md | 17 + 2002/CVE-2002-1596.md | 17 + 2002/CVE-2002-1597.md | 17 + 2002/CVE-2002-1706.md | 17 + 2002/CVE-2002-2037.md | 17 + 2002/CVE-2002-2139.md | 17 + 2002/CVE-2002-2140.md | 17 + 2002/CVE-2002-2208.md | 17 + 2002/CVE-2002-2239.md | 17 + 2003/CVE-2003-0190.md | 1 + 2003/CVE-2003-0210.md | 17 + 2003/CVE-2003-0216.md | 17 + 2003/CVE-2003-0258.md | 17 + 2003/CVE-2003-0259.md | 17 + 2003/CVE-2003-0260.md | 17 + 2003/CVE-2003-0305.md | 17 + 2003/CVE-2003-0511.md | 17 + 2003/CVE-2003-0512.md | 17 + 2003/CVE-2003-0567.md | 1 + 2003/CVE-2003-0647.md | 17 + 2003/CVE-2003-0731.md | 17 + 2003/CVE-2003-0732.md | 17 + 2003/CVE-2003-0812.md | 1 + 2003/CVE-2003-0851.md | 2 +- 2003/CVE-2003-0982.md | 17 + 2003/CVE-2003-1001.md | 17 + 2003/CVE-2003-1002.md | 17 + 2003/CVE-2003-1003.md | 17 + 2003/CVE-2003-1004.md | 17 + 2003/CVE-2003-1096.md | 17 + 2003/CVE-2003-1109.md | 17 + 2003/CVE-2003-1132.md | 17 + 2003/CVE-2003-1418.md | 1 + 2004/CVE-2004-0044.md | 17 + 2004/CVE-2004-0054.md | 17 + 2004/CVE-2004-0077.md | 1 + 2004/CVE-2004-0079.md | 1 + 2004/CVE-2004-0081.md | 1 + 2004/CVE-2004-0112.md | 1 + 2004/CVE-2004-0230.md | 1 + 2004/CVE-2004-0244.md | 17 + 2004/CVE-2004-0306.md | 17 + 2004/CVE-2004-0307.md | 17 + 2004/CVE-2004-0308.md | 17 + 2004/CVE-2004-0352.md | 17 + 2004/CVE-2004-0391.md | 17 + 2004/CVE-2004-0519.md | 1 + 2004/CVE-2004-0551.md | 17 + 2004/CVE-2004-0589.md | 2 +- 2004/CVE-2004-0650.md | 17 + 2004/CVE-2004-0710.md | 17 + 2004/CVE-2004-0714.md | 17 + 2004/CVE-2004-1060.md | 1 + 2004/CVE-2004-1099.md | 17 + 2004/CVE-2004-1111.md | 17 + 2004/CVE-2004-1112.md | 17 + 2004/CVE-2004-1235.md | 1 + 2004/CVE-2004-1322.md | 17 + 2004/CVE-2004-1432.md | 17 + 2004/CVE-2004-1433.md | 17 + 2004/CVE-2004-1434.md | 17 + 2004/CVE-2004-1435.md | 17 + 2004/CVE-2004-1436.md | 17 + 2004/CVE-2004-1454.md | 17 + 2004/CVE-2004-1458.md | 17 + 2004/CVE-2004-1459.md | 17 + 2004/CVE-2004-1460.md | 17 + 2004/CVE-2004-1461.md | 17 + 2004/CVE-2004-1464.md | 2 +- 2004/CVE-2004-1759.md | 17 + 2004/CVE-2004-1760.md | 17 + 2004/CVE-2004-1775.md | 17 + 2004/CVE-2004-1776.md | 17 + 2004/CVE-2004-2687.md | 3 + 2005/CVE-2005-0186.md | 17 + 2005/CVE-2005-0195.md | 17 + 2005/CVE-2005-0197.md | 17 + 2005/CVE-2005-0356.md | 17 + 2005/CVE-2005-0736.md | 1 + 2005/CVE-2005-0943.md | 17 + 2005/CVE-2005-1020.md | 17 + 2005/CVE-2005-1021.md | 17 + 2005/CVE-2005-1057.md | 17 + 2005/CVE-2005-1058.md | 17 + 2005/CVE-2005-1263.md | 1 + 2005/CVE-2005-1942.md | 17 + 2005/CVE-2005-2105.md | 17 + 2005/CVE-2005-2241.md | 17 + 2005/CVE-2005-2242.md | 17 + 2005/CVE-2005-2243.md | 17 + 2005/CVE-2005-2244.md | 17 + 2005/CVE-2005-2279.md | 17 + 2005/CVE-2005-2280.md | 17 + 2005/CVE-2005-2428.md | 1 + 2005/CVE-2005-2451.md | 17 + 2005/CVE-2005-2631.md | 17 + 2005/CVE-2005-2681.md | 17 + 2005/CVE-2005-2695.md | 17 + 2005/CVE-2005-2841.md | 17 + 2005/CVE-2005-2969.md | 2 +- 2005/CVE-2005-3299.md | 1 + 2005/CVE-2005-3426.md | 17 + 2005/CVE-2005-3427.md | 1 + 2005/CVE-2005-3481.md | 17 + 2005/CVE-2005-3482.md | 1 + 2005/CVE-2005-3669.md | 17 + 2005/CVE-2005-3774.md | 17 + 2005/CVE-2005-3803.md | 17 + 2005/CVE-2005-3804.md | 17 + 2005/CVE-2005-3886.md | 17 + 2005/CVE-2005-3921.md | 1 + 2005/CVE-2005-4332.md | 1 + 2005/CVE-2005-4385.md | 1 + 2005/CVE-2005-4442.md | 1 + 2005/CVE-2005-4794.md | 17 + 2005/CVE-2005-4825.md | 17 + 2006/CVE-2006-0181.md | 17 + 2006/CVE-2006-0340.md | 1 + 2006/CVE-2006-0354.md | 17 + 2006/CVE-2006-0367.md | 17 + 2006/CVE-2006-0368.md | 17 + 2006/CVE-2006-0483.md | 17 + 2006/CVE-2006-0485.md | 17 + 2006/CVE-2006-0486.md | 17 + 2006/CVE-2006-0561.md | 17 + 2006/CVE-2006-1631.md | 17 + 2006/CVE-2006-1670.md | 17 + 2006/CVE-2006-1671.md | 17 + 2006/CVE-2006-1672.md | 17 + 2006/CVE-2006-1888.md | 17 + 2006/CVE-2006-1927.md | 17 + 2006/CVE-2006-1928.md | 17 + 2006/CVE-2006-1960.md | 17 + 2006/CVE-2006-1961.md | 18 + 2006/CVE-2006-2322.md | 17 + 2006/CVE-2006-2369.md | 1 + 2006/CVE-2006-2393.md | 1 + 2006/CVE-2006-2451.md | 1 + 2006/CVE-2006-2754.md | 1 + 2006/CVE-2006-2842.md | 1 + 2006/CVE-2006-2937.md | 1 + 2006/CVE-2006-2940.md | 1 + 2006/CVE-2006-3073.md | 17 + 2006/CVE-2006-3285.md | 17 + 2006/CVE-2006-3286.md | 17 + 2006/CVE-2006-3287.md | 17 + 2006/CVE-2006-3288.md | 17 + 2006/CVE-2006-3289.md | 17 + 2006/CVE-2006-3290.md | 17 + 2006/CVE-2006-3291.md | 17 + 2006/CVE-2006-3592.md | 2 +- 2006/CVE-2006-3594.md | 17 + 2006/CVE-2006-3595.md | 17 + 2006/CVE-2006-3596.md | 17 + 2006/CVE-2006-3626.md | 1 + 2006/CVE-2006-3633.md | 17 + 2006/CVE-2006-3732.md | 17 + 2006/CVE-2006-3733.md | 17 + 2006/CVE-2006-3734.md | 17 + 2006/CVE-2006-3738.md | 1 + 2006/CVE-2006-4032.md | 1 + 2006/CVE-2006-4097.md | 17 + 2006/CVE-2006-4098.md | 17 + 2006/CVE-2006-4304.md | 1 + 2006/CVE-2006-4312.md | 17 + 2006/CVE-2006-4313.md | 17 + 2006/CVE-2006-4339.md | 1 + 2006/CVE-2006-4343.md | 1 + 2006/CVE-2006-4352.md | 17 + 2006/CVE-2006-4774.md | 17 + 2006/CVE-2006-4775.md | 17 + 2006/CVE-2006-4776.md | 17 + 2006/CVE-2006-4909.md | 17 + 2006/CVE-2006-4910.md | 17 + 2006/CVE-2006-4911.md | 17 + 2006/CVE-2006-4950.md | 17 + 2006/CVE-2006-5051.md | 10 +- 2006/CVE-2006-5277.md | 17 + 2006/CVE-2006-5278.md | 17 + 2006/CVE-2006-5465.md | 2 +- 2006/CVE-2006-5750.md | 1 + 2006/CVE-2006-5779.md | 1 + 2006/CVE-2006-5806.md | 17 + 2006/CVE-2006-5807.md | 17 + 2006/CVE-2006-5808.md | 17 + 2006/CVE-2006-6493.md | 1 + 2006/CVE-2006-6548.md | 17 + 2007/CVE-2007-0057.md | 17 + 2007/CVE-2007-0058.md | 17 + 2007/CVE-2007-0105.md | 17 + 2007/CVE-2007-0198.md | 17 + 2007/CVE-2007-0199.md | 17 + 2007/CVE-2007-0648.md | 18 + 2007/CVE-2007-0885.md | 1 + 2007/CVE-2007-1036.md | 1 + 2007/CVE-2007-1062.md | 18 + 2007/CVE-2007-1063.md | 18 + 2007/CVE-2007-1064.md | 17 + 2007/CVE-2007-1065.md | 17 + 2007/CVE-2007-1066.md | 17 + 2007/CVE-2007-1067.md | 17 + 2007/CVE-2007-1068.md | 17 + 2007/CVE-2007-1072.md | 18 + 2007/CVE-2007-1257.md | 17 + 2007/CVE-2007-1258.md | 17 + 2007/CVE-2007-1826.md | 17 + 2007/CVE-2007-1833.md | 17 + 2007/CVE-2007-1834.md | 17 + 2007/CVE-2007-2032.md | 17 + 2007/CVE-2007-2033.md | 17 + 2007/CVE-2007-2034.md | 17 + 2007/CVE-2007-2035.md | 17 + 2007/CVE-2007-2036.md | 17 + 2007/CVE-2007-2037.md | 17 + 2007/CVE-2007-2038.md | 17 + 2007/CVE-2007-2039.md | 17 + 2007/CVE-2007-2040.md | 17 + 2007/CVE-2007-2041.md | 17 + 2007/CVE-2007-2447.md | 3 + 2007/CVE-2007-3698.md | 17 + 2007/CVE-2007-3775.md | 17 + 2007/CVE-2007-3776.md | 17 + 2007/CVE-2007-3923.md | 17 + 2007/CVE-2007-4263.md | 17 + 2007/CVE-2007-4414.md | 17 + 2007/CVE-2007-4415.md | 17 + 2007/CVE-2007-4459.md | 17 + 2007/CVE-2007-4504.md | 1 + 2007/CVE-2007-4559.md | 1 + 2007/CVE-2007-4788.md | 17 + 2007/CVE-2007-4789.md | 17 + 2007/CVE-2007-5134.md | 17 + 2007/CVE-2007-5581.md | 17 + 2007/CVE-2007-5582.md | 17 + 2007/CVE-2007-5707.md | 1 + 2007/CVE-2007-5708.md | 1 + 2007/CVE-2007-5728.md | 1 + 2007/CVE-2007-6750.md | 4 + 2008/CVE-2008-0028.md | 17 + 2008/CVE-2008-0029.md | 17 + 2008/CVE-2008-0537.md | 17 + 2008/CVE-2008-0600.md | 1 + 2008/CVE-2008-0900.md | 1 + 2008/CVE-2008-0960.md | 1 + 2008/CVE-2008-1153.md | 17 + 2008/CVE-2008-1157.md | 17 + 2008/CVE-2008-2398.md | 1 + 2008/CVE-2008-2441.md | 1 + 2008/CVE-2008-4109.md | 7 +- 2008/CVE-2008-4210.md | 1 + 2008/CVE-2008-4250.md | 3 + 2008/CVE-2008-5161.md | 1 + 2008/CVE-2008-5587.md | 1 + 2008/CVE-2008-6222.md | 1 + 2008/CVE-2008-6465.md | 1 + 2008/CVE-2008-6982.md | 1 + 2009/CVE-2009-0079.md | 1 + 2009/CVE-2009-0545.md | 1 + 2009/CVE-2009-0932.md | 1 + 2009/CVE-2009-1151.md | 1 + 2009/CVE-2009-1185.md | 2 + 2009/CVE-2009-1337.md | 1 + 2009/CVE-2009-2265.md | 1 + 2009/CVE-2009-2692.md | 1 + 2009/CVE-2009-2698.md | 1 + 2009/CVE-2009-2890.md | 1 + 2009/CVE-2009-2929.md | 17 + 2009/CVE-2009-3547.md | 1 + 2009/CVE-2009-3555.md | 1 + 2009/CVE-2009-4223.md | 1 + 2010/CVE-2010-0738.md | 1 + 2010/CVE-2010-1122.md | 1 + 2010/CVE-2010-1146.md | 1 + 2010/CVE-2010-1871.md | 1 + 2010/CVE-2010-2075.md | 1 + 2010/CVE-2010-2333.md | 17 + 2010/CVE-2010-2554.md | 1 + 2010/CVE-2010-2795.md | 1 + 2010/CVE-2010-2796.md | 1 + 2010/CVE-2010-2959.md | 1 + 2010/CVE-2010-3081.md | 1 + 2010/CVE-2010-3301.md | 1 + 2010/CVE-2010-3904.md | 3 + 2010/CVE-2010-4073.md | 1 + 2010/CVE-2010-4258.md | 2 + 2010/CVE-2010-4347.md | 1 + 2011/CVE-2011-0049.md | 1 + 2011/CVE-2011-1002.md | 3 + 2011/CVE-2011-1249.md | 1 + 2011/CVE-2011-2523.md | 5 + 2011/CVE-2011-2678.md | 17 + 2011/CVE-2011-2780.md | 1 + 2011/CVE-2011-3298.md | 1 + 2011/CVE-2011-3299.md | 1 + 2011/CVE-2011-3300.md | 1 + 2011/CVE-2011-3301.md | 1 + 2011/CVE-2011-3302.md | 1 + 2011/CVE-2011-3303.md | 1 + 2011/CVE-2011-3304.md | 17 + 2011/CVE-2011-3305.md | 17 + 2011/CVE-2011-3315.md | 1 + 2011/CVE-2011-4079.md | 1 + 2012/CVE-2012-0056.md | 3 + 2012/CVE-2012-0814.md | 1 + 2012/CVE-2012-0816.md | 17 + 2012/CVE-2012-1182.md | 1 + 2012/CVE-2012-2122.md | 1 + 2012/CVE-2012-2459.md | 1 + 2012/CVE-2012-3524.md | 1 + 2012/CVE-2012-4253.md | 1 + 2012/CVE-2012-4273.md | 1 + 2012/CVE-2012-4547.md | 1 + 2012/CVE-2012-5568.md | 1 + 2013/CVE-2013-0268.md | 1 + 2013/CVE-2013-1763.md | 1 + 2013/CVE-2013-1858.md | 1 + 2013/CVE-2013-1959.md | 1 + 2013/CVE-2013-2094.md | 2 + 2013/CVE-2013-2251.md | 2 + 2013/CVE-2013-4548.md | 2 +- 2013/CVE-2013-4810.md | 1 + 2013/CVE-2013-7282.md | 18 + 2014/CVE-2014-0018.md | 1 + 2014/CVE-2014-0038.md | 1 + 2014/CVE-2014-0107.md | 1 + 2014/CVE-2014-0160.md | 1 + 2014/CVE-2014-0196.md | 1 + 2014/CVE-2014-10037.md | 1 + 2014/CVE-2014-1203.md | 1 + 2014/CVE-2014-2024.md | 1 + 2014/CVE-2014-2527.md | 17 + 2014/CVE-2014-2528.md | 17 + 2014/CVE-2014-2532.md | 1 + 2014/CVE-2014-3120.md | 3 + 2014/CVE-2014-3146.md | 1 + 2014/CVE-2014-3153.md | 1 + 2014/CVE-2014-4014.md | 1 + 2014/CVE-2014-4113.md | 1 + 2014/CVE-2014-4210.md | 2 + 2014/CVE-2014-4544.md | 1 + 2014/CVE-2014-4699.md | 1 + 2014/CVE-2014-5284.md | 1 + 2014/CVE-2014-5461.md | 1 + 2014/CVE-2014-6271.md | 1 + 2014/CVE-2014-8122.md | 1 + 2014/CVE-2014-9322.md | 1 + 2014/CVE-2014-9709.md | 1 + 2015/CVE-2015-0057.md | 1 + 2015/CVE-2015-0204.md | 1 + 2015/CVE-2015-1328.md | 1 + 2015/CVE-2015-1345.md | 1 + 2015/CVE-2015-1427.md | 2 + 2015/CVE-2015-1503.md | 1 + 2015/CVE-2015-1701.md | 1 + 2015/CVE-2015-1880.md | 1 + 2015/CVE-2015-4852.md | 1 + 2015/CVE-2015-5600.md | 1 + 2015/CVE-2015-6563.md | 1 + 2015/CVE-2015-6564.md | 1 + 2015/CVE-2015-6927.md | 17 + 2015/CVE-2015-7450.md | 1 + 2015/CVE-2015-7501.md | 2 + 2015/CVE-2015-7547.md | 1 + 2015/CVE-2015-7780.md | 1 + 2015/CVE-2015-8103.md | 2 + 2015/CVE-2015-8550.md | 1 + 2015/CVE-2015-8660.md | 1 + 2016/CVE-2016-0099.md | 1 + 2016/CVE-2016-0638.md | 2 + 2016/CVE-2016-0728.md | 1 + 2016/CVE-2016-0777.md | 1 + 2016/CVE-2016-0788.md | 1 + 2016/CVE-2016-0792.md | 2 + 2016/CVE-2016-1000109.md | 1 + 2016/CVE-2016-1000110.md | 1 + 2016/CVE-2016-1000216.md | 17 + 2016/CVE-2016-10009.md | 1 + 2016/CVE-2016-10012.md | 1 + 2016/CVE-2016-2384.md | 1 + 2016/CVE-2016-3088.md | 1 + 2016/CVE-2016-3115.md | 1 + 2016/CVE-2016-3309.md | 1 + 2016/CVE-2016-3510.md | 3 + 2016/CVE-2016-4437.md | 1 + 2016/CVE-2016-4557.md | 1 + 2016/CVE-2016-4997.md | 1 + 2016/CVE-2016-5195.md | 3 + 2016/CVE-2016-5385.md | 1 + 2016/CVE-2016-5386.md | 1 + 2016/CVE-2016-5387.md | 1 + 2016/CVE-2016-5388.md | 1 + 2016/CVE-2016-6210.md | 1 + 2016/CVE-2016-7067.md | 17 + 2016/CVE-2016-7124.md | 1 + 2016/CVE-2016-8527.md | 1 + 2016/CVE-2016-8655.md | 1 + 2016/CVE-2016-9793.md | 1 + 2016/CVE-2016-9957.md | 1 + 2016/CVE-2016-9958.md | 1 + 2016/CVE-2016-9959.md | 1 + 2016/CVE-2016-9960.md | 1 + 2016/CVE-2016-9961.md | 1 + 2017/CVE-2017-0143.md | 1 + 2017/CVE-2017-0144.md | 2 + 2017/CVE-2017-0199.md | 2 + 2017/CVE-2017-0213.md | 1 + 2017/CVE-2017-1000112.md | 1 + 2017/CVE-2017-1000253.md | 1 + 2017/CVE-2017-1000353.md | 1 + 2017/CVE-2017-1000367.md | 1 + 2017/CVE-2017-1001000.md | 1 + 2017/CVE-2017-10271.md | 4 + 2017/CVE-2017-11176.md | 1 + 2017/CVE-2017-11882.md | 4 + 2017/CVE-2017-12149.md | 2 + 2017/CVE-2017-12615.md | 1 + 2017/CVE-2017-12617.md | 1 + 2017/CVE-2017-12637.md | 1 + 2017/CVE-2017-12794.md | 1 + 2017/CVE-2017-12972.md | 19 + 2017/CVE-2017-12973.md | 19 + 2017/CVE-2017-12974.md | 19 + 2017/CVE-2017-13698.md | 17 + 2017/CVE-2017-13699.md | 17 + 2017/CVE-2017-13700.md | 17 + 2017/CVE-2017-13701.md | 17 + 2017/CVE-2017-13702.md | 17 + 2017/CVE-2017-13703.md | 17 + 2017/CVE-2017-15906.md | 1 + 2017/CVE-2017-16939.md | 1 + 2017/CVE-2017-16995.md | 2 + 2017/CVE-2017-18640.md | 2 + 2017/CVE-2017-20066.md | 1 + 2017/CVE-2017-20073.md | 1 + 2017/CVE-2017-20117.md | 1 + 2017/CVE-2017-3248.md | 2 + 2017/CVE-2017-3506.md | 1 + 2017/CVE-2017-5123.md | 1 + 2017/CVE-2017-5638.md | 2 + 2017/CVE-2017-5992.md | 1 + 2017/CVE-2017-6074.md | 1 + 2017/CVE-2017-7264.md | 2 +- 2017/CVE-2017-7308.md | 1 + 2017/CVE-2017-7391.md | 1 + 2017/CVE-2017-7494.md | 2 + 2017/CVE-2017-7504.md | 1 + 2017/CVE-2017-8464.md | 1 + 2017/CVE-2017-8570.md | 1 + 2017/CVE-2017-8625.md | 1 + 2017/CVE-2017-8759.md | 2 + 2017/CVE-2017-8890.md | 1 + 2017/CVE-2017-9791.md | 1 + 2017/CVE-2017-9805.md | 1 + 2018/CVE-2018-0127.md | 1 + 2018/CVE-2018-0296.md | 1 + 2018/CVE-2018-1000001.md | 1 + 2018/CVE-2018-1000036.md | 2 +- 2018/CVE-2018-1000037.md | 2 +- 2018/CVE-2018-1000038.md | 2 +- 2018/CVE-2018-1000039.md | 2 +- 2018/CVE-2018-1000040.md | 2 +- 2018/CVE-2018-1000600.md | 1 + 2018/CVE-2018-1000861.md | 2 + 2018/CVE-2018-10933.md | 1 + 2018/CVE-2018-11776.md | 2 + 2018/CVE-2018-1207.md | 1 + 2018/CVE-2018-12634.md | 1 + 2018/CVE-2018-1273.md | 1 + 2018/CVE-2018-13390.md | 17 + 2018/CVE-2018-14013.md | 1 + 2018/CVE-2018-15126.md | 1 + 2018/CVE-2018-15127.md | 1 + 2018/CVE-2018-15473.md | 1 + 2018/CVE-2018-15685.md | 1 + 2018/CVE-2018-15892.md | 17 + 2018/CVE-2018-15982.md | 1 + 2018/CVE-2018-17066.md | 1 + 2018/CVE-2018-17182.md | 1 + 2018/CVE-2018-17199.md | 1 + 2018/CVE-2018-17463.md | 1 + 2018/CVE-2018-18506.md | 1 + 2018/CVE-2018-18955.md | 1 + 2018/CVE-2018-1999002.md | 1 + 2018/CVE-2018-20019.md | 1 + 2018/CVE-2018-20020.md | 1 + 2018/CVE-2018-20021.md | 1 + 2018/CVE-2018-20022.md | 1 + 2018/CVE-2018-20023.md | 1 + 2018/CVE-2018-20024.md | 1 + 2018/CVE-2018-20250.md | 1 + 2018/CVE-2018-20748.md | 1 + 2018/CVE-2018-20749.md | 1 + 2018/CVE-2018-20750.md | 1 + 2018/CVE-2018-25031.md | 2 +- 2018/CVE-2018-2628.md | 2 + 2018/CVE-2018-2893.md | 2 + 2018/CVE-2018-2894.md | 3 + 2018/CVE-2018-3191.md | 1 + 2018/CVE-2018-3245.md | 1 + 2018/CVE-2018-3252.md | 1 + 2018/CVE-2018-4241.md | 1 + 2018/CVE-2018-4878.md | 2 + 2018/CVE-2018-5230.md | 1 + 2018/CVE-2018-5333.md | 1 + 2018/CVE-2018-5389.md | 7 +- 2018/CVE-2018-6307.md | 1 + 2018/CVE-2018-7600.md | 1 + 2018/CVE-2018-8174.md | 1 + 2018/CVE-2018-8438.md | 22 + 2018/CVE-2018-8440.md | 1 + 2018/CVE-2018-9230.md | 1 + 2019/CVE-2019-0193.md | 1 + 2019/CVE-2019-0211.md | 2 + 2019/CVE-2019-0230.md | 2 + 2019/CVE-2019-0708.md | 3 + 2019/CVE-2019-1003000.md | 1 + 2019/CVE-2019-1003005.md | 1 + 2019/CVE-2019-1003029.md | 1 + 2019/CVE-2019-1010268.md | 1 + 2019/CVE-2019-10392.md | 1 + 2019/CVE-2019-10758.md | 1 + 2019/CVE-2019-10936.md | 87 ++- 2019/CVE-2019-11043.md | 1 + 2019/CVE-2019-11358.md | 18 + 2019/CVE-2019-11454.md | 18 + 2019/CVE-2019-11455.md | 1 + 2019/CVE-2019-12581.md | 1 + 2019/CVE-2019-12593.md | 1 + 2019/CVE-2019-12968.md | 19 + 2019/CVE-2019-13272.md | 2 + 2019/CVE-2019-13343.md | 4 + 2019/CVE-2019-13392.md | 1 + 2019/CVE-2019-13462.md | 1 + 2019/CVE-2019-1388.md | 1 + 2019/CVE-2019-14234.md | 2 + 2019/CVE-2019-14287.md | 2 + 2019/CVE-2019-14322.md | 1 + 2019/CVE-2019-15107.md | 1 + 2019/CVE-2019-15666.md | 1 + 2019/CVE-2019-16097.md | 1 + 2019/CVE-2019-16759.md | 1 + 2019/CVE-2019-17003.md | 1 + 2019/CVE-2019-17195.md | 1 + 2019/CVE-2019-17564.md | 1 + 2019/CVE-2019-17567.md | 1 + 2019/CVE-2019-17671.md | 1 + 2019/CVE-2019-18393.md | 1 + 2019/CVE-2019-19300.md | 38 +- 2019/CVE-2019-19551.md | 17 + 2019/CVE-2019-19552.md | 17 + 2019/CVE-2019-20141.md | 1 + 2019/CVE-2019-20375.md | 17 + 2019/CVE-2019-20376.md | 17 + 2019/CVE-2019-2725.md | 3 + 2019/CVE-2019-2729.md | 1 + 2019/CVE-2019-3394.md | 1 + 2019/CVE-2019-5418.md | 1 + 2019/CVE-2019-5475.md | 1 + 2019/CVE-2019-6111.md | 1 + 2019/CVE-2019-6977.md | 1 + 2019/CVE-2019-7238.md | 1 + 2019/CVE-2019-7256.md | 1 + 2019/CVE-2019-7304.md | 2 + 2019/CVE-2019-7609.md | 1 + 2019/CVE-2019-8451.md | 1 + 2019/CVE-2019-8761.md | 2 +- 2019/CVE-2019-9193.md | 1 + 2020/CVE-2020-0554.md | 1 + 2020/CVE-2020-0601.md | 1 + 2020/CVE-2020-0618.md | 1 + 2020/CVE-2020-0688.md | 1 + 2020/CVE-2020-0796.md | 1 + 2020/CVE-2020-10021.md | 1 + 2020/CVE-2020-10580.md | 2 +- 2020/CVE-2020-11023.md | 1 + 2020/CVE-2020-11651.md | 1 + 2020/CVE-2020-11989.md | 1 + 2020/CVE-2020-12127.md | 1 + 2020/CVE-2020-12145.md | 1 + 2020/CVE-2020-12146.md | 18 + 2020/CVE-2020-12720.md | 1 + 2020/CVE-2020-13111.md | 17 + 2020/CVE-2020-1350.md | 1 + 2020/CVE-2020-13942.md | 1 + 2020/CVE-2020-13950.md | 1 + 2020/CVE-2020-13957.md | 1 + 2020/CVE-2020-14179.md | 1 + 2020/CVE-2020-14645.md | 1 + 2020/CVE-2020-1472.md | 1 + 2020/CVE-2020-14750.md | 1 + 2020/CVE-2020-14815.md | 1 + 2020/CVE-2020-14825.md | 1 + 2020/CVE-2020-14882.md | 4 + 2020/CVE-2020-14883.md | 1 + 2020/CVE-2020-14974.md | 1 + 2020/CVE-2020-15257.md | 1 + 2020/CVE-2020-15505.md | 1 + 2020/CVE-2020-15778.md | 1 + 2020/CVE-2020-16846.md | 1 + 2020/CVE-2020-16875.md | 1 + 2020/CVE-2020-16898.md | 1 + 2020/CVE-2020-17049.md | 1 + 2020/CVE-2020-17496.md | 1 + 2020/CVE-2020-17518.md | 1 + 2020/CVE-2020-17519.md | 1 + 2020/CVE-2020-17530.md | 1 + 2020/CVE-2020-18048.md | 2 +- 2020/CVE-2020-18885.md | 2 +- 2020/CVE-2020-19001.md | 2 +- 2020/CVE-2020-1938.md | 2 + 2020/CVE-2020-1947.md | 1 + 2020/CVE-2020-1948.md | 1 + 2020/CVE-2020-20982.md | 1 + 2020/CVE-2020-2109.md | 1 + 2020/CVE-2020-24312.md | 1 + 2020/CVE-2020-25217.md | 2 +- 2020/CVE-2020-2551.md | 1 + 2020/CVE-2020-25540.md | 1 + 2020/CVE-2020-2555.md | 2 + 2020/CVE-2020-26258.md | 1 + 2020/CVE-2020-27130.md | 1 + 2020/CVE-2020-27131.md | 1 + 2020/CVE-2020-27194.md | 1 + 2020/CVE-2020-27982.md | 1 + 2020/CVE-2020-2883.md | 1 + 2020/CVE-2020-35121.md | 17 + 2020/CVE-2020-35122.md | 17 + 2020/CVE-2020-35452.md | 1 + 2020/CVE-2020-36541.md | 1 + 2020/CVE-2020-36542.md | 1 + 2020/CVE-2020-5902.md | 1 + 2020/CVE-2020-6383.md | 1 + 2020/CVE-2020-7471.md | 1 + 2020/CVE-2020-7799.md | 1 + 2020/CVE-2020-7931.md | 1 + 2020/CVE-2020-8191.md | 1 + 2020/CVE-2020-8209.md | 1 + 2020/CVE-2020-8515.md | 1 + 2020/CVE-2020-8835.md | 1 + 2020/CVE-2020-8982.md | 1 + 2020/CVE-2020-9484.md | 1 + 2020/CVE-2020-9490.md | 1 + 2020/CVE-2020-9496.md | 1 + 2020/CVE-2020-9757.md | 1 + 2021/CVE-2021-1675.md | 3 + 2021/CVE-2021-1732.md | 1 + 2021/CVE-2021-20050.md | 1 + 2021/CVE-2021-2109.md | 2 + 2021/CVE-2021-21300.md | 1 + 2021/CVE-2021-21479.md | 1 + 2021/CVE-2021-21799.md | 1 + 2021/CVE-2021-21972.md | 2 + 2021/CVE-2021-21975.md | 1 + 2021/CVE-2021-21978.md | 1 + 2021/CVE-2021-21985.md | 2 + 2021/CVE-2021-22005.md | 2 + 2021/CVE-2021-22214.md | 1 + 2021/CVE-2021-22555.md | 2 + 2021/CVE-2021-22986.md | 2 + 2021/CVE-2021-2394.md | 1 + 2021/CVE-2021-25646.md | 1 + 2021/CVE-2021-26084.md | 1 + 2021/CVE-2021-26295.md | 1 + 2021/CVE-2021-26690.md | 1 + 2021/CVE-2021-26691.md | 1 + 2021/CVE-2021-26708.md | 1 + 2021/CVE-2021-26855.md | 3 + 2021/CVE-2021-27330.md | 1 + 2021/CVE-2021-27363.md | 1 + 2021/CVE-2021-27364.md | 1 + 2021/CVE-2021-27365.md | 2 + 2021/CVE-2021-28153.md | 1 + 2021/CVE-2021-29442.md | 1 + 2021/CVE-2021-29505.md | 1 + 2021/CVE-2021-30179.md | 1 + 2021/CVE-2021-3019.md | 1 + 2021/CVE-2021-30641.md | 1 + 2021/CVE-2021-30860.md | 1 + 2021/CVE-2021-3129.md | 2 + 2021/CVE-2021-31440.md | 1 + 2021/CVE-2021-3156.md | 2 + 2021/CVE-2021-33193.md | 1 + 2021/CVE-2021-3377.md | 1 + 2021/CVE-2021-34429.md | 1 + 2021/CVE-2021-34527.md | 3 + 2021/CVE-2021-34798.md | 1 + 2021/CVE-2021-3490.md | 1 + 2021/CVE-2021-3493.md | 2 + 2021/CVE-2021-35464.md | 1 + 2021/CVE-2021-36160.md | 1 + 2021/CVE-2021-36934.md | 1 + 2021/CVE-2021-39275.md | 1 + 2021/CVE-2021-4034.md | 3 + 2021/CVE-2021-40438.md | 1 + 2021/CVE-2021-40444.md | 1 + 2021/CVE-2021-41037.md | 2 +- 2021/CVE-2021-41073.md | 1 + 2021/CVE-2021-41174.md | 1 + 2021/CVE-2021-41293.md | 1 + 2021/CVE-2021-4154.md | 1 + 2021/CVE-2021-41773.md | 2 + 2021/CVE-2021-42008.md | 1 + 2021/CVE-2021-42013.md | 2 + 2021/CVE-2021-42278.md | 2 + 2021/CVE-2021-42287.md | 3 + 2021/CVE-2021-42321.md | 1 + 2021/CVE-2021-43267.md | 1 + 2021/CVE-2021-44224.md | 1 + 2021/CVE-2021-44228.md | 2 + 2021/CVE-2021-4440.md | 17 + 2021/CVE-2021-44790.md | 1 + 2021/CVE-2021-45785.md | 17 + 2021/CVE-2021-46709.md | 17 + 2022/CVE-2022-0185.md | 1 + 2022/CVE-2022-0847.md | 2 + 2022/CVE-2022-0995.md | 1 + 2022/CVE-2022-1015.md | 2 + 2022/CVE-2022-1388.md | 1 + 2022/CVE-2022-21894.md | 1 + 2022/CVE-2022-22719.md | 1 + 2022/CVE-2022-22720.md | 1 + 2022/CVE-2022-22721.md | 1 + 2022/CVE-2022-22947.md | 1 + 2022/CVE-2022-22954.md | 1 + 2022/CVE-2022-22963.md | 1 + 2022/CVE-2022-22965.md | 1 + 2022/CVE-2022-22972.md | 1 + 2022/CVE-2022-23222.md | 1 + 2022/CVE-2022-23823.md | 1 + 2022/CVE-2022-23943.md | 1 + 2022/CVE-2022-24112.md | 1 + 2022/CVE-2022-24436.md | 1 + 2022/CVE-2022-24816.md | 1 + 2022/CVE-2022-2487.md | 1 + 2022/CVE-2022-24975.md | 2 +- 2022/CVE-2022-25622.md | 38 +- 2022/CVE-2022-25636.md | 1 + 2022/CVE-2022-2585.md | 1 + 2022/CVE-2022-25857.md | 3 +- 2022/CVE-2022-2586.md | 1 + 2022/CVE-2022-2588.md | 1 + 2022/CVE-2022-2602.md | 1 + 2022/CVE-2022-26134.md | 1 + 2022/CVE-2022-26258.md | 1 + 2022/CVE-2022-2639.md | 1 + 2022/CVE-2022-26563.md | 17 + 2022/CVE-2022-27666.md | 1 + 2022/CVE-2022-29034.md | 4 +- 2022/CVE-2022-29266.md | 1 + 2022/CVE-2022-29420.md | 6 +- 2022/CVE-2022-31656.md | 1 + 2022/CVE-2022-32250.md | 1 + 2022/CVE-2022-32253.md | 2 +- 2022/CVE-2022-32254.md | 2 +- 2022/CVE-2022-34346.md | 17 + 2022/CVE-2022-34918.md | 1 + 2022/CVE-2022-36530.md | 17 + 2022/CVE-2022-37967.md | 1 + 2022/CVE-2022-38749.md | 2 +- 2022/CVE-2022-38750.md | 2 +- 2022/CVE-2022-38751.md | 2 +- 2022/CVE-2022-40438.md | 17 + 2022/CVE-2022-40439.md | 2 +- 2022/CVE-2022-40487.md | 17 + 2022/CVE-2022-40488.md | 17 + 2022/CVE-2022-41120.md | 1 + 2022/CVE-2022-43032.md | 17 + 2022/CVE-2022-43033.md | 17 + 2022/CVE-2022-43034.md | 17 + 2022/CVE-2022-43035.md | 17 + 2022/CVE-2022-43037.md | 17 + 2022/CVE-2022-43038.md | 17 + 2022/CVE-2022-43039.md | 2 +- 2022/CVE-2022-43040.md | 2 +- 2022/CVE-2022-43042.md | 2 +- 2022/CVE-2022-43043.md | 2 +- 2022/CVE-2022-43044.md | 2 +- 2022/CVE-2022-43045.md | 2 +- 2022/CVE-2022-43235.md | 2 +- 2022/CVE-2022-43236.md | 1 + 2022/CVE-2022-43237.md | 2 +- 2022/CVE-2022-43238.md | 2 +- 2022/CVE-2022-43239.md | 2 +- 2022/CVE-2022-43240.md | 2 +- 2022/CVE-2022-43241.md | 2 +- 2022/CVE-2022-43242.md | 2 +- 2022/CVE-2022-43243.md | 2 +- 2022/CVE-2022-43244.md | 2 +- 2022/CVE-2022-43245.md | 2 +- 2022/CVE-2022-43248.md | 2 +- 2022/CVE-2022-43249.md | 2 +- 2022/CVE-2022-43250.md | 2 +- 2022/CVE-2022-43252.md | 2 +- 2022/CVE-2022-43253.md | 2 +- 2022/CVE-2022-43254.md | 2 +- 2022/CVE-2022-43255.md | 2 +- 2022/CVE-2022-44704.md | 1 + 2022/CVE-2022-45669.md | 1 + 2022/CVE-2022-45670.md | 1 + 2022/CVE-2022-45673.md | 1 + 2022/CVE-2022-45674.md | 1 + 2022/CVE-2022-45796.md | 17 + 2022/CVE-2022-47069.md | 2 +- 2022/CVE-2022-48063.md | 2 +- 2022/CVE-2022-48064.md | 2 +- 2022/CVE-2022-48065.md | 2 +- 2022/CVE-2022-4968.md | 4 +- 2023/CVE-2023-0400.md | 2 +- 2023/CVE-2023-1773.md | 17 + 2023/CVE-2023-2033.md | 1 + 2023/CVE-2023-20598.md | 1 + 2023/CVE-2023-20872.md | 17 + 2023/CVE-2023-20938.md | 1 + 2023/CVE-2023-20945.md | 17 + 2023/CVE-2023-21266.md | 2 +- 2023/CVE-2023-21400.md | 2 +- 2023/CVE-2023-21768.md | 1 + 2023/CVE-2023-21839.md | 1 + 2023/CVE-2023-21931.md | 1 + 2023/CVE-2023-22463.md | 1 + 2023/CVE-2023-22515.md | 1 + 2023/CVE-2023-22527.md | 2 + 2023/CVE-2023-23388.md | 35 + 2023/CVE-2023-2375.md | 17 + 2023/CVE-2023-24159.md | 1 + 2023/CVE-2023-24160.md | 1 + 2023/CVE-2023-24161.md | 1 + 2023/CVE-2023-24322.md | 1 + 2023/CVE-2023-2474.md | 1 + 2023/CVE-2023-24871.md | 27 + 2023/CVE-2023-24932.md | 30 +- 2023/CVE-2023-25194.md | 1 + 2023/CVE-2023-2523.md | 1 + 2023/CVE-2023-2648.md | 1 + 2023/CVE-2023-27372.md | 1 + 2023/CVE-2023-27636.md | 17 + 2023/CVE-2023-2796.md | 1 + 2023/CVE-2023-28432.md | 2 + 2023/CVE-2023-28486.md | 1 + 2023/CVE-2023-28487.md | 1 + 2023/CVE-2023-29300.md | 1 + 2023/CVE-2023-29489.md | 1 + 2023/CVE-2023-30237.md | 1 + 2023/CVE-2023-30800.md | 17 + 2023/CVE-2023-3141.md | 17 + 2023/CVE-2023-31582.md | 17 + 2023/CVE-2023-32233.md | 1 + 2023/CVE-2023-32315.md | 1 + 2023/CVE-2023-3268.md | 2 +- 2023/CVE-2023-32832.md | 2 +- 2023/CVE-2023-32837.md | 2 +- 2023/CVE-2023-32878.md | 17 + 2023/CVE-2023-32882.md | 17 + 2023/CVE-2023-33252.md | 1 + 2023/CVE-2023-33303.md | 17 + 2023/CVE-2023-33468.md | 2 +- 2023/CVE-2023-33469.md | 2 +- 2023/CVE-2023-33669.md | 1 + 2023/CVE-2023-33670.md | 1 + 2023/CVE-2023-33671.md | 1 + 2023/CVE-2023-33672.md | 1 + 2023/CVE-2023-33673.md | 1 + 2023/CVE-2023-33675.md | 1 + 2023/CVE-2023-33768.md | 2 +- 2023/CVE-2023-33829.md | 1 + 2023/CVE-2023-33919.md | 1 + 2023/CVE-2023-33951.md | 1 + 2023/CVE-2023-33952.md | 1 + 2023/CVE-2023-34256.md | 2 +- 2023/CVE-2023-3450.md | 1 + 2023/CVE-2023-35789.md | 17 + 2023/CVE-2023-35823.md | 17 + 2023/CVE-2023-35824.md | 17 + 2023/CVE-2023-35826.md | 17 + 2023/CVE-2023-35828.md | 2 +- 2023/CVE-2023-35829.md | 2 +- 2023/CVE-2023-36845.md | 1 + 2023/CVE-2023-38426.md | 2 +- 2023/CVE-2023-38427.md | 2 +- 2023/CVE-2023-38428.md | 2 +- 2023/CVE-2023-38429.md | 2 +- 2023/CVE-2023-38430.md | 2 +- 2023/CVE-2023-38431.md | 2 +- 2023/CVE-2023-38432.md | 2 +- 2023/CVE-2023-38646.md | 1 + 2023/CVE-2023-3881.md | 18 + 2023/CVE-2023-38941.md | 17 + 2023/CVE-2023-38947.md | 1 + 2023/CVE-2023-39070.md | 2 +- 2023/CVE-2023-3979.md | 2 +- 2023/CVE-2023-39848.md | 16 + 2023/CVE-2023-40305.md | 2 +- 2023/CVE-2023-41251.md | 19 + 2023/CVE-2023-4165.md | 1 + 2023/CVE-2023-4166.md | 1 + 2023/CVE-2023-4220.md | 3 +- 2023/CVE-2023-4226.md | 2 +- 2023/CVE-2023-42282.md | 3 + 2023/CVE-2023-42465.md | 1 + 2023/CVE-2023-4427.md | 1 + 2023/CVE-2023-44313.md | 1 + 2023/CVE-2023-44315.md | 2 +- 2023/CVE-2023-44487.md | 1 + 2023/CVE-2023-45215.md | 19 + 2023/CVE-2023-45288.md | 1 + 2023/CVE-2023-45498.md | 2 +- 2023/CVE-2023-45499.md | 2 +- 2023/CVE-2023-45651.md | 4 +- 2023/CVE-2023-45830.md | 4 +- 2023/CVE-2023-46214.md | 2 + 2023/CVE-2023-4622.md | 1 + 2023/CVE-2023-46280.md | 11 +- 2023/CVE-2023-46404.md | 1 + 2023/CVE-2023-46604.md | 1 + 2023/CVE-2023-46685.md | 17 + 2023/CVE-2023-47856.md | 19 + 2023/CVE-2023-48106.md | 2 +- 2023/CVE-2023-48107.md | 2 +- 2023/CVE-2023-48270.md | 19 + 2023/CVE-2023-48362.md | 17 + 2023/CVE-2023-49073.md | 19 + 2023/CVE-2023-49188.md | 4 +- 2023/CVE-2023-49460.md | 2 +- 2023/CVE-2023-49462.md | 2 +- 2023/CVE-2023-49463.md | 2 +- 2023/CVE-2023-49464.md | 2 +- 2023/CVE-2023-49465.md | 2 +- 2023/CVE-2023-49467.md | 2 +- 2023/CVE-2023-49468.md | 2 +- 2023/CVE-2023-49593.md | 17 + 2023/CVE-2023-49595.md | 19 + 2023/CVE-2023-49867.md | 19 + 2023/CVE-2023-50239.md | 19 + 2023/CVE-2023-50240.md | 19 + 2023/CVE-2023-50243.md | 19 + 2023/CVE-2023-50244.md | 19 + 2023/CVE-2023-50381.md | 19 + 2023/CVE-2023-50382.md | 19 + 2023/CVE-2023-50383.md | 19 + 2023/CVE-2023-50917.md | 1 + 2023/CVE-2023-51104.md | 2 +- 2023/CVE-2023-51219.md | 2 +- 2023/CVE-2023-51437.md | 2 +- 2023/CVE-2023-51444.md | 1 + 2023/CVE-2023-52251.md | 3 + 2023/CVE-2023-52340.md | 17 + 2023/CVE-2023-52428.md | 18 + 2023/CVE-2023-5360.md | 1 + 2023/CVE-2023-5633.md | 1 + 2023/CVE-2023-5675.md | 2 +- 2023/CVE-2023-5981.md | 2 + 2023/CVE-2023-6350.md | 17 + 2023/CVE-2023-6351.md | 17 + 2023/CVE-2023-6356.md | 1 + 2023/CVE-2023-6535.md | 1 + 2023/CVE-2023-6536.md | 1 + 2023/CVE-2023-6546.md | 5 + 2023/CVE-2023-6606.md | 1 + 2023/CVE-2023-6610.md | 1 + 2023/CVE-2023-6704.md | 17 + 2023/CVE-2023-6717.md | 4 +- 2023/CVE-2023-6725.md | 1 + 2023/CVE-2023-7012.md | 17 + 2023/CVE-2023-7045.md | 17 + 2023/CVE-2023-7268.md | 17 + 2023/CVE-2023-7269.md | 18 + 2023/CVE-2023-7270.md | 18 + 2023/CVE-2023-7271.md | 19 + 2024/CVE-2024-0044.md | 1 + 2024/CVE-2024-0056.md | 1 + 2024/CVE-2024-0151.md | 17 + 2024/CVE-2024-0193.md | 2 + 2024/CVE-2024-0517.md | 1 + 2024/CVE-2024-0553.md | 2 + 2024/CVE-2024-0565.md | 1 + 2024/CVE-2024-0567.md | 2 + 2024/CVE-2024-0646.md | 1 + 2024/CVE-2024-0874.md | 2 +- 2024/CVE-2024-0974.md | 17 + 2024/CVE-2024-0985.md | 2 +- 2024/CVE-2024-1062.md | 2 + 2024/CVE-2024-1086.md | 1 + 2024/CVE-2024-1141.md | 1 + 2024/CVE-2024-1151.md | 1 + 2024/CVE-2024-1234.md | 1 + 2024/CVE-2024-1330.md | 17 + 2024/CVE-2024-1394.md | 5 +- 2024/CVE-2024-1512.md | 1 + 2024/CVE-2024-1635.md | 2 +- 2024/CVE-2024-1845.md | 17 + 2024/CVE-2024-1963.md | 17 + 2024/CVE-2024-20399.md | 17 + 2024/CVE-2024-2040.md | 17 + 2024/CVE-2024-20666.md | 1 + 2024/CVE-2024-21006.md | 2 + 2024/CVE-2024-21183.md | 17 + 2024/CVE-2024-21490.md | 1 + 2024/CVE-2024-21513.md | 17 + 2024/CVE-2024-21514.md | 2 +- 2024/CVE-2024-21520.md | 18 + 2024/CVE-2024-21521.md | 17 + 2024/CVE-2024-21522.md | 17 + 2024/CVE-2024-21523.md | 17 + 2024/CVE-2024-21524.md | 17 + 2024/CVE-2024-21525.md | 17 + 2024/CVE-2024-21526.md | 17 + 2024/CVE-2024-21527.md | 21 + 2024/CVE-2024-21583.md | 24 + 2024/CVE-2024-2173.md | 2 +- 2024/CVE-2024-21754.md | 19 + 2024/CVE-2024-21762.md | 2 + 2024/CVE-2024-21827.md | 17 + 2024/CVE-2024-21833.md | 2 +- 2024/CVE-2024-2194.md | 17 + 2024/CVE-2024-22058.md | 17 + 2024/CVE-2024-2218.md | 1 + 2024/CVE-2024-22198.md | 2 +- 2024/CVE-2024-22274.md | 19 + 2024/CVE-2024-22275.md | 19 + 2024/CVE-2024-2231.md | 17 + 2024/CVE-2024-2233.md | 17 + 2024/CVE-2024-2234.md | 17 + 2024/CVE-2024-2235.md | 17 + 2024/CVE-2024-22853.md | 2 + 2024/CVE-2024-22899.md | 1 + 2024/CVE-2024-22903.md | 1 + 2024/CVE-2024-23122.md | 2 +- 2024/CVE-2024-23123.md | 2 +- 2024/CVE-2024-23127.md | 2 +- 2024/CVE-2024-23128.md | 4 +- 2024/CVE-2024-23129.md | 2 +- 2024/CVE-2024-23130.md | 2 +- 2024/CVE-2024-23131.md | 2 +- 2024/CVE-2024-23137.md | 2 +- 2024/CVE-2024-23692.md | 2 + 2024/CVE-2024-2375.md | 17 + 2024/CVE-2024-2376.md | 17 + 2024/CVE-2024-23765.md | 18 + 2024/CVE-2024-23766.md | 18 + 2024/CVE-2024-23767.md | 18 + 2024/CVE-2024-23828.md | 17 + 2024/CVE-2024-23897.md | 1 + 2024/CVE-2024-23997.md | 17 + 2024/CVE-2024-23998.md | 17 + 2024/CVE-2024-2430.md | 17 + 2024/CVE-2024-24550.md | 19 + 2024/CVE-2024-24551.md | 19 + 2024/CVE-2024-24552.md | 17 + 2024/CVE-2024-24553.md | 17 + 2024/CVE-2024-24554.md | 18 + 2024/CVE-2024-24788.md | 1 + 2024/CVE-2024-2485.md | 2 +- 2024/CVE-2024-24889.md | 1 + 2024/CVE-2024-2489.md | 2 +- 2024/CVE-2024-2490.md | 2 +- 2024/CVE-2024-24919.md | 2 + 2024/CVE-2024-25228.md | 1 + 2024/CVE-2024-2546.md | 1 + 2024/CVE-2024-2547.md | 1 + 2024/CVE-2024-2558.md | 1 + 2024/CVE-2024-2559.md | 1 + 2024/CVE-2024-2560.md | 1 + 2024/CVE-2024-25600.md | 1 + 2024/CVE-2024-25638.md | 19 + 2024/CVE-2024-25642.md | 2 +- 2024/CVE-2024-2581.md | 1 + 2024/CVE-2024-25846.md | 17 + 2024/CVE-2024-25928.md | 2 +- 2024/CVE-2024-25943.md | 17 + 2024/CVE-2024-26020.md | 17 + 2024/CVE-2024-26144.md | 1 + 2024/CVE-2024-26229.md | 1 + 2024/CVE-2024-26260.md | 2 +- 2024/CVE-2024-26261.md | 4 +- 2024/CVE-2024-2640.md | 17 + 2024/CVE-2024-2696.md | 17 + 2024/CVE-2024-2700.md | 3 +- 2024/CVE-2024-2703.md | 1 + 2024/CVE-2024-2704.md | 1 + 2024/CVE-2024-2705.md | 1 + 2024/CVE-2024-2706.md | 1 + 2024/CVE-2024-2707.md | 1 + 2024/CVE-2024-2708.md | 1 + 2024/CVE-2024-2709.md | 1 + 2024/CVE-2024-2710.md | 1 + 2024/CVE-2024-2711.md | 1 + 2024/CVE-2024-27141.md | 17 + 2024/CVE-2024-27142.md | 17 + 2024/CVE-2024-27143.md | 17 + 2024/CVE-2024-27144.md | 18 + 2024/CVE-2024-27145.md | 17 + 2024/CVE-2024-27146.md | 17 + 2024/CVE-2024-27147.md | 17 + 2024/CVE-2024-27148.md | 17 + 2024/CVE-2024-27149.md | 17 + 2024/CVE-2024-27150.md | 17 + 2024/CVE-2024-27151.md | 17 + 2024/CVE-2024-27152.md | 17 + 2024/CVE-2024-27153.md | 17 + 2024/CVE-2024-27154.md | 17 + 2024/CVE-2024-27155.md | 17 + 2024/CVE-2024-27156.md | 17 + 2024/CVE-2024-27157.md | 17 + 2024/CVE-2024-27158.md | 17 + 2024/CVE-2024-27159.md | 17 + 2024/CVE-2024-27160.md | 17 + 2024/CVE-2024-27161.md | 17 + 2024/CVE-2024-27162.md | 17 + 2024/CVE-2024-27163.md | 17 + 2024/CVE-2024-27164.md | 17 + 2024/CVE-2024-27165.md | 17 + 2024/CVE-2024-27166.md | 19 + 2024/CVE-2024-27167.md | 17 + 2024/CVE-2024-27168.md | 17 + 2024/CVE-2024-27169.md | 17 + 2024/CVE-2024-27170.md | 17 + 2024/CVE-2024-27171.md | 17 + 2024/CVE-2024-27172.md | 17 + 2024/CVE-2024-27173.md | 2 +- 2024/CVE-2024-27174.md | 17 + 2024/CVE-2024-27175.md | 17 + 2024/CVE-2024-27176.md | 17 + 2024/CVE-2024-27177.md | 17 + 2024/CVE-2024-27178.md | 17 + 2024/CVE-2024-27179.md | 17 + 2024/CVE-2024-27180.md | 17 + 2024/CVE-2024-27198.md | 1 + 2024/CVE-2024-27292.md | 19 + 2024/CVE-2024-27316.md | 2 +- 2024/CVE-2024-2746.md | 4 +- 2024/CVE-2024-2763.md | 1 + 2024/CVE-2024-2764.md | 1 + 2024/CVE-2024-27815.md | 1 + 2024/CVE-2024-27830.md | 1 + 2024/CVE-2024-2805.md | 1 + 2024/CVE-2024-2806.md | 1 + 2024/CVE-2024-2807.md | 1 + 2024/CVE-2024-28074.md | 17 + 2024/CVE-2024-2808.md | 1 + 2024/CVE-2024-2809.md | 1 + 2024/CVE-2024-2810.md | 1 + 2024/CVE-2024-2811.md | 1 + 2024/CVE-2024-2812.md | 1 + 2024/CVE-2024-2813.md | 1 + 2024/CVE-2024-2814.md | 1 + 2024/CVE-2024-28147.md | 1 + 2024/CVE-2024-2815.md | 1 + 2024/CVE-2024-2816.md | 1 + 2024/CVE-2024-2817.md | 1 + 2024/CVE-2024-2850.md | 1 + 2024/CVE-2024-2851.md | 1 + 2024/CVE-2024-2853.md | 1 + 2024/CVE-2024-28535.md | 1 + 2024/CVE-2024-28537.md | 1 + 2024/CVE-2024-2854.md | 1 + 2024/CVE-2024-28545.md | 2 +- 2024/CVE-2024-28547.md | 1 + 2024/CVE-2024-2855.md | 1 + 2024/CVE-2024-28550.md | 1 + 2024/CVE-2024-28551.md | 2 +- 2024/CVE-2024-28553.md | 1 + 2024/CVE-2024-2856.md | 1 + 2024/CVE-2024-2870.md | 17 + 2024/CVE-2024-28794.md | 17 + 2024/CVE-2024-28795.md | 17 + 2024/CVE-2024-28797.md | 17 + 2024/CVE-2024-2884.md | 17 + 2024/CVE-2024-2886.md | 2 +- 2024/CVE-2024-2891.md | 1 + 2024/CVE-2024-2899.md | 2 +- 2024/CVE-2024-28995.md | 1 + 2024/CVE-2024-2900.md | 2 +- 2024/CVE-2024-2901.md | 2 +- 2024/CVE-2024-2902.md | 2 +- 2024/CVE-2024-29025.md | 1 + 2024/CVE-2024-2903.md | 2 +- 2024/CVE-2024-29038.md | 18 + 2024/CVE-2024-29073.md | 17 + 2024/CVE-2024-29415.md | 1 + 2024/CVE-2024-29506.md | 17 + 2024/CVE-2024-29507.md | 17 + 2024/CVE-2024-29508.md | 17 + 2024/CVE-2024-29509.md | 17 + 2024/CVE-2024-29510.md | 17 + 2024/CVE-2024-29511.md | 17 + 2024/CVE-2024-2980.md | 1 + 2024/CVE-2024-2981.md | 1 + 2024/CVE-2024-2982.md | 1 + 2024/CVE-2024-29824.md | 1 + 2024/CVE-2024-2983.md | 1 + 2024/CVE-2024-2984.md | 1 + 2024/CVE-2024-2985.md | 2 +- 2024/CVE-2024-29863.md | 17 + 2024/CVE-2024-29868.md | 17 + 2024/CVE-2024-29943.md | 2 + 2024/CVE-2024-29973.md | 1 + 2024/CVE-2024-29974.md | 2 +- 2024/CVE-2024-29975.md | 2 +- 2024/CVE-2024-29976.md | 2 +- 2024/CVE-2024-30088.md | 44 ++ 2024/CVE-2024-3011.md | 1 + 2024/CVE-2024-3012.md | 1 + 2024/CVE-2024-3026.md | 17 + 2024/CVE-2024-3032.md | 1 + 2024/CVE-2024-3050.md | 1 + 2024/CVE-2024-30506.md | 1 + 2024/CVE-2024-30583.md | 1 + 2024/CVE-2024-30584.md | 1 + 2024/CVE-2024-30585.md | 1 + 2024/CVE-2024-30586.md | 1 + 2024/CVE-2024-30587.md | 1 + 2024/CVE-2024-30588.md | 1 + 2024/CVE-2024-30589.md | 1 + 2024/CVE-2024-30590.md | 1 + 2024/CVE-2024-30591.md | 1 + 2024/CVE-2024-30592.md | 1 + 2024/CVE-2024-30593.md | 1 + 2024/CVE-2024-30594.md | 1 + 2024/CVE-2024-30595.md | 2 +- 2024/CVE-2024-30596.md | 1 + 2024/CVE-2024-30597.md | 1 + 2024/CVE-2024-30598.md | 1 + 2024/CVE-2024-30599.md | 1 + 2024/CVE-2024-30600.md | 1 + 2024/CVE-2024-30601.md | 1 + 2024/CVE-2024-30602.md | 1 + 2024/CVE-2024-30603.md | 1 + 2024/CVE-2024-30604.md | 1 + 2024/CVE-2024-30606.md | 1 + 2024/CVE-2024-30607.md | 1 + 2024/CVE-2024-30612.md | 1 + 2024/CVE-2024-30613.md | 2 +- 2024/CVE-2024-30622.md | 2 +- 2024/CVE-2024-30623.md | 2 +- 2024/CVE-2024-30624.md | 2 +- 2024/CVE-2024-30625.md | 2 +- 2024/CVE-2024-30626.md | 2 +- 2024/CVE-2024-30627.md | 2 +- 2024/CVE-2024-30628.md | 2 +- 2024/CVE-2024-30629.md | 2 +- 2024/CVE-2024-30630.md | 2 +- 2024/CVE-2024-30631.md | 2 +- 2024/CVE-2024-30632.md | 2 +- 2024/CVE-2024-30633.md | 2 +- 2024/CVE-2024-30634.md | 2 +- 2024/CVE-2024-30635.md | 2 +- 2024/CVE-2024-30636.md | 2 +- 2024/CVE-2024-30637.md | 2 +- 2024/CVE-2024-30638.md | 2 +- 2024/CVE-2024-30639.md | 2 +- 2024/CVE-2024-30645.md | 1 + 2024/CVE-2024-30840.md | 1 + 2024/CVE-2024-30920.md | 1 + 2024/CVE-2024-30929.md | 1 + 2024/CVE-2024-31082.md | 2 - 2024/CVE-2024-3111.md | 17 + 2024/CVE-2024-3112.md | 17 + 2024/CVE-2024-31318.md | 17 + 2024/CVE-2024-31484.md | 27 + 2024/CVE-2024-31485.md | 19 + 2024/CVE-2024-31486.md | 17 + 2024/CVE-2024-3156.md | 2 +- 2024/CVE-2024-3157.md | 2 +- 2024/CVE-2024-3169.md | 17 + 2024/CVE-2024-3172.md | 17 + 2024/CVE-2024-31818.md | 1 + 2024/CVE-2024-31819.md | 1 + 2024/CVE-2024-31970.md | 17 + 2024/CVE-2024-31971.md | 17 + 2024/CVE-2024-31977.md | 17 + 2024/CVE-2024-31982.md | 1 + 2024/CVE-2024-31989.md | 2 +- 2024/CVE-2024-32030.md | 20 + 2024/CVE-2024-32113.md | 1 + 2024/CVE-2024-32152.md | 17 + 2024/CVE-2024-32228.md | 17 + 2024/CVE-2024-32229.md | 17 + 2024/CVE-2024-32230.md | 17 + 2024/CVE-2024-32238.md | 1 + 2024/CVE-2024-32281.md | 2 +- 2024/CVE-2024-32282.md | 2 +- 2024/CVE-2024-32283.md | 2 +- 2024/CVE-2024-32285.md | 2 +- 2024/CVE-2024-32286.md | 2 +- 2024/CVE-2024-32287.md | 2 +- 2024/CVE-2024-32288.md | 2 +- 2024/CVE-2024-32290.md | 2 +- 2024/CVE-2024-32292.md | 2 +- 2024/CVE-2024-32293.md | 2 +- 2024/CVE-2024-32299.md | 2 +- 2024/CVE-2024-32301.md | 2 +- 2024/CVE-2024-32302.md | 2 +- 2024/CVE-2024-32303.md | 2 +- 2024/CVE-2024-32305.md | 2 +- 2024/CVE-2024-32306.md | 2 +- 2024/CVE-2024-32307.md | 2 +- 2024/CVE-2024-32310.md | 2 +- 2024/CVE-2024-32311.md | 2 +- 2024/CVE-2024-32312.md | 2 +- 2024/CVE-2024-32313.md | 2 +- 2024/CVE-2024-32314.md | 2 +- 2024/CVE-2024-32315.md | 2 +- 2024/CVE-2024-32316.md | 2 +- 2024/CVE-2024-32317.md | 2 +- 2024/CVE-2024-32318.md | 2 +- 2024/CVE-2024-32320.md | 1 + 2024/CVE-2024-3246.md | 17 + 2024/CVE-2024-32484.md | 17 + 2024/CVE-2024-32709.md | 1 + 2024/CVE-2024-33111.md | 1 + 2024/CVE-2024-33113.md | 1 + 2024/CVE-2024-33326.md | 17 + 2024/CVE-2024-33694.md | 2 +- 2024/CVE-2024-33883.md | 1 + 2024/CVE-2024-3410.md | 17 + 2024/CVE-2024-34102.md | 20 + 2024/CVE-2024-34312.md | 17 + 2024/CVE-2024-34313.md | 17 + 2024/CVE-2024-34329.md | 17 + 2024/CVE-2024-34350.md | 17 + 2024/CVE-2024-34361.md | 17 + 2024/CVE-2024-34470.md | 1 + 2024/CVE-2024-34580.md | 17 + 2024/CVE-2024-34722.md | 17 + 2024/CVE-2024-3516.md | 2 +- 2024/CVE-2024-35242.md | 17 + 2024/CVE-2024-35255.md | 29 + 2024/CVE-2024-35545.md | 17 + 2024/CVE-2024-3596.md | 19 + 2024/CVE-2024-36115.md | 17 + 2024/CVE-2024-3632.md | 17 + 2024/CVE-2024-3633.md | 17 + 2024/CVE-2024-36401.md | 29 + 2024/CVE-2024-36404.md | 18 + 2024/CVE-2024-36405.md | 2 +- 2024/CVE-2024-36412.md | 18 + 2024/CVE-2024-36438.md | 17 + 2024/CVE-2024-36495.md | 18 + 2024/CVE-2024-36496.md | 18 + 2024/CVE-2024-36497.md | 18 + 2024/CVE-2024-36522.md | 18 + 2024/CVE-2024-36526.md | 17 + 2024/CVE-2024-36527.md | 2 +- 2024/CVE-2024-36534.md | 17 + 2024/CVE-2024-36535.md | 17 + 2024/CVE-2024-36536.md | 17 + 2024/CVE-2024-36537.md | 17 + 2024/CVE-2024-36538.md | 17 + 2024/CVE-2024-36539.md | 17 + 2024/CVE-2024-36540.md | 17 + 2024/CVE-2024-36541.md | 17 + 2024/CVE-2024-3657.md | 6 +- 2024/CVE-2024-36573.md | 17 + 2024/CVE-2024-36574.md | 17 + 2024/CVE-2024-36575.md | 17 + 2024/CVE-2024-36577.md | 17 + 2024/CVE-2024-36578.md | 17 + 2024/CVE-2024-36580.md | 17 + 2024/CVE-2024-36581.md | 17 + 2024/CVE-2024-36582.md | 17 + 2024/CVE-2024-36583.md | 17 + 2024/CVE-2024-36600.md | 17 + 2024/CVE-2024-36650.md | 17 + 2024/CVE-2024-36656.md | 17 + 2024/CVE-2024-36681.md | 17 + 2024/CVE-2024-36755.md | 17 + 2024/CVE-2024-36787.md | 17 + 2024/CVE-2024-36788.md | 17 + 2024/CVE-2024-36789.md | 17 + 2024/CVE-2024-36790.md | 17 + 2024/CVE-2024-36792.md | 17 + 2024/CVE-2024-36795.md | 2 +- 2024/CVE-2024-36837.md | 2 +- 2024/CVE-2024-36843.md | 1 + 2024/CVE-2024-36886.md | 24 + 2024/CVE-2024-36991.md | 18 + 2024/CVE-2024-37016.md | 17 + 2024/CVE-2024-37032.md | 21 + 2024/CVE-2024-3706.md | 2 +- 2024/CVE-2024-3707.md | 2 +- 2024/CVE-2024-37081.md | 20 + 2024/CVE-2024-37084.md | 17 + 2024/CVE-2024-3710.md | 17 + 2024/CVE-2024-37147.md | 17 + 2024/CVE-2024-37253.md | 17 + 2024/CVE-2024-3727.md | 39 ++ 2024/CVE-2024-37386.md | 17 + 2024/CVE-2024-37465.md | 17 + 2024/CVE-2024-37466.md | 17 + 2024/CVE-2024-37480.md | 17 + 2024/CVE-2024-37485.md | 17 + 2024/CVE-2024-37486.md | 17 + 2024/CVE-2024-3751.md | 17 + 2024/CVE-2024-3753.md | 17 + 2024/CVE-2024-37726.md | 18 + 2024/CVE-2024-37742.md | 17 + 2024/CVE-2024-37759.md | 17 + 2024/CVE-2024-37762.md | 17 + 2024/CVE-2024-37763.md | 17 + 2024/CVE-2024-37764.md | 17 + 2024/CVE-2024-37765.md | 17 + 2024/CVE-2024-37770.md | 17 + 2024/CVE-2024-37843.md | 17 + 2024/CVE-2024-37890.md | 2 +- 2024/CVE-2024-37894.md | 17 + 2024/CVE-2024-37923.md | 17 + 2024/CVE-2024-3798.md | 19 + 2024/CVE-2024-3799.md | 17 + 2024/CVE-2024-38030.md | 44 ++ 2024/CVE-2024-38041.md | 38 ++ 2024/CVE-2024-38112.md | 47 ++ 2024/CVE-2024-38345.md | 17 + 2024/CVE-2024-38366.md | 17 + 2024/CVE-2024-38427.md | 2 +- 2024/CVE-2024-38457.md | 17 + 2024/CVE-2024-38458.md | 17 + 2024/CVE-2024-38519.md | 19 + 2024/CVE-2024-38537.md | 17 + 2024/CVE-2024-3874.md | 2 +- 2024/CVE-2024-3875.md | 1 + 2024/CVE-2024-3876.md | 1 + 2024/CVE-2024-3877.md | 2 +- 2024/CVE-2024-3878.md | 2 +- 2024/CVE-2024-38781.md | 17 + 2024/CVE-2024-38782.md | 17 + 2024/CVE-2024-38784.md | 17 + 2024/CVE-2024-38785.md | 17 + 2024/CVE-2024-38786.md | 17 + 2024/CVE-2024-3879.md | 2 +- 2024/CVE-2024-3880.md | 2 +- 2024/CVE-2024-3881.md | 2 +- 2024/CVE-2024-3882.md | 2 +- 2024/CVE-2024-3896.md | 17 + 2024/CVE-2024-39031.md | 17 + 2024/CVE-2024-3905.md | 2 +- 2024/CVE-2024-3906.md | 2 +- 2024/CVE-2024-39069.md | 17 + 2024/CVE-2024-3907.md | 2 +- 2024/CVE-2024-39071.md | 17 + 2024/CVE-2024-39072.md | 17 + 2024/CVE-2024-3908.md | 2 +- 2024/CVE-2024-3909.md | 2 +- 2024/CVE-2024-39090.md | 17 + 2024/CVE-2024-3910.md | 2 +- 2024/CVE-2024-39133.md | 17 + 2024/CVE-2024-39134.md | 17 + 2024/CVE-2024-3919.md | 17 + 2024/CVE-2024-39203.md | 17 + 2024/CVE-2024-39206.md | 17 + 2024/CVE-2024-39210.md | 17 + 2024/CVE-2024-39211.md | 17 + 2024/CVE-2024-39248.md | 17 + 2024/CVE-2024-39249.md | 17 + 2024/CVE-2024-39250.md | 17 + 2024/CVE-2024-39345.md | 17 + 2024/CVE-2024-39373.md | 18 + 2024/CVE-2024-39374.md | 18 + 2024/CVE-2024-39375.md | 18 + 2024/CVE-2024-39376.md | 18 + 2024/CVE-2024-3963.md | 17 + 2024/CVE-2024-3964.md | 17 + 2024/CVE-2024-39670.md | 19 + 2024/CVE-2024-39671.md | 19 + 2024/CVE-2024-39672.md | 19 + 2024/CVE-2024-39673.md | 19 + 2024/CVE-2024-39674.md | 19 + 2024/CVE-2024-39685.md | 17 + 2024/CVE-2024-39686.md | 17 + 2024/CVE-2024-39688.md | 17 + 2024/CVE-2024-39689.md | 18 + 2024/CVE-2024-39840.md | 17 + 2024/CVE-2024-39844.md | 17 + 2024/CVE-2024-39884.md | 17 + 2024/CVE-2024-39899.md | 18 + 2024/CVE-2024-39908.md | 17 + 2024/CVE-2024-39911.md | 18 + 2024/CVE-2024-39914.md | 18 + 2024/CVE-2024-39920.md | 18 + 2024/CVE-2024-39929.md | 17 + 2024/CVE-2024-39943.md | 18 + 2024/CVE-2024-3999.md | 17 + 2024/CVE-2024-40119.md | 17 + 2024/CVE-2024-40348.md | 18 + 2024/CVE-2024-40422.md | 17 + 2024/CVE-2024-40430.md | 17 + 2024/CVE-2024-40492.md | 17 + 2024/CVE-2024-40502.md | 17 + 2024/CVE-2024-40614.md | 17 + 2024/CVE-2024-40628.md | 17 + 2024/CVE-2024-40629.md | 17 + 2024/CVE-2024-4064.md | 1 + 2024/CVE-2024-4065.md | 2 +- 2024/CVE-2024-4066.md | 2 +- 2024/CVE-2024-40725.md | 18 + 2024/CVE-2024-40767.md | 17 + 2024/CVE-2024-40898.md | 18 + 2024/CVE-2024-41003.md | 17 + 2024/CVE-2024-4105.md | 19 + 2024/CVE-2024-4106.md | 19 + 2024/CVE-2024-41107.md | 19 + 2024/CVE-2024-4111.md | 1 + 2024/CVE-2024-41110.md | 20 + 2024/CVE-2024-4112.md | 1 + 2024/CVE-2024-4113.md | 1 + 2024/CVE-2024-4114.md | 1 + 2024/CVE-2024-4115.md | 2 +- 2024/CVE-2024-4116.md | 2 +- 2024/CVE-2024-4117.md | 2 +- 2024/CVE-2024-4118.md | 2 +- 2024/CVE-2024-4119.md | 2 +- 2024/CVE-2024-4120.md | 2 +- 2024/CVE-2024-4121.md | 2 +- 2024/CVE-2024-4122.md | 2 +- 2024/CVE-2024-4123.md | 2 +- 2024/CVE-2024-4124.md | 2 +- 2024/CVE-2024-4125.md | 2 +- 2024/CVE-2024-4126.md | 1 + 2024/CVE-2024-4127.md | 1 + 2024/CVE-2024-41462.md | 17 + 2024/CVE-2024-41463.md | 17 + 2024/CVE-2024-41464.md | 17 + 2024/CVE-2024-41465.md | 17 + 2024/CVE-2024-41466.md | 17 + 2024/CVE-2024-41550.md | 17 + 2024/CVE-2024-41551.md | 17 + 2024/CVE-2024-4164.md | 2 +- 2024/CVE-2024-4165.md | 2 +- 2024/CVE-2024-4166.md | 2 +- 2024/CVE-2024-41662.md | 18 + 2024/CVE-2024-41666.md | 17 + 2024/CVE-2024-41667.md | 17 + 2024/CVE-2024-41668.md | 17 + 2024/CVE-2024-4167.md | 2 +- 2024/CVE-2024-41672.md | 17 + 2024/CVE-2024-4168.md | 2 +- 2024/CVE-2024-4169.md | 2 +- 2024/CVE-2024-4170.md | 2 +- 2024/CVE-2024-41705.md | 17 + 2024/CVE-2024-41706.md | 17 + 2024/CVE-2024-41707.md | 17 + 2024/CVE-2024-41709.md | 17 + 2024/CVE-2024-4171.md | 1 + 2024/CVE-2024-41827.md | 17 + 2024/CVE-2024-4201.md | 17 + 2024/CVE-2024-4217.md | 17 + 2024/CVE-2024-4224.md | 17 + 2024/CVE-2024-4236.md | 1 + 2024/CVE-2024-4237.md | 1 + 2024/CVE-2024-4238.md | 2 +- 2024/CVE-2024-4239.md | 1 + 2024/CVE-2024-4240.md | 2 +- 2024/CVE-2024-4241.md | 2 +- 2024/CVE-2024-4242.md | 2 +- 2024/CVE-2024-4243.md | 2 +- 2024/CVE-2024-4244.md | 2 +- 2024/CVE-2024-4245.md | 2 +- 2024/CVE-2024-4246.md | 2 +- 2024/CVE-2024-4247.md | 2 +- 2024/CVE-2024-4248.md | 2 +- 2024/CVE-2024-4249.md | 2 +- 2024/CVE-2024-4250.md | 2 +- 2024/CVE-2024-4251.md | 2 +- 2024/CVE-2024-4252.md | 1 + 2024/CVE-2024-4260.md | 17 + 2024/CVE-2024-4268.md | 17 + 2024/CVE-2024-4269.md | 17 + 2024/CVE-2024-4272.md | 17 + 2024/CVE-2024-4395.md | 17 + 2024/CVE-2024-4418.md | 1 + 2024/CVE-2024-4460.md | 17 + 2024/CVE-2024-4491.md | 2 +- 2024/CVE-2024-4492.md | 2 +- 2024/CVE-2024-4493.md | 1 + 2024/CVE-2024-4494.md | 1 + 2024/CVE-2024-4495.md | 2 +- 2024/CVE-2024-4496.md | 2 +- 2024/CVE-2024-4497.md | 2 +- 2024/CVE-2024-4577.md | 4 + 2024/CVE-2024-4602.md | 17 + 2024/CVE-2024-4627.md | 17 + 2024/CVE-2024-4655.md | 17 + 2024/CVE-2024-4664.md | 17 + 2024/CVE-2024-4704.md | 17 + 2024/CVE-2024-4752.md | 17 + 2024/CVE-2024-4753.md | 17 + 2024/CVE-2024-4757.md | 18 + 2024/CVE-2024-4758.md | 17 + 2024/CVE-2024-4759.md | 17 + 2024/CVE-2024-4811.md | 17 + 2024/CVE-2024-4835.md | 2 +- 2024/CVE-2024-4879.md | 23 + 2024/CVE-2024-4883.md | 19 + 2024/CVE-2024-4885.md | 18 + 2024/CVE-2024-4899.md | 17 + 2024/CVE-2024-4900.md | 17 + 2024/CVE-2024-4934.md | 17 + 2024/CVE-2024-4957.md | 17 + 2024/CVE-2024-4959.md | 17 + 2024/CVE-2024-4977.md | 17 + 2024/CVE-2024-5002.md | 17 + 2024/CVE-2024-5004.md | 17 + 2024/CVE-2024-5009.md | 17 + 2024/CVE-2024-5011.md | 17 + 2024/CVE-2024-5017.md | 17 + 2024/CVE-2024-5028.md | 17 + 2024/CVE-2024-5032.md | 17 + 2024/CVE-2024-5033.md | 18 + 2024/CVE-2024-5034.md | 18 + 2024/CVE-2024-5042.md | 2 +- 2024/CVE-2024-5067.md | 17 + 2024/CVE-2024-5071.md | 17 + 2024/CVE-2024-5074.md | 17 + 2024/CVE-2024-5075.md | 17 + 2024/CVE-2024-5076.md | 18 + 2024/CVE-2024-5077.md | 18 + 2024/CVE-2024-5079.md | 17 + 2024/CVE-2024-5080.md | 17 + 2024/CVE-2024-5084.md | 1 + 2024/CVE-2024-5151.md | 17 + 2024/CVE-2024-5167.md | 17 + 2024/CVE-2024-5169.md | 17 + 2024/CVE-2024-5199.md | 17 + 2024/CVE-2024-5274.md | 1 + 2024/CVE-2024-5276.md | 18 + 2024/CVE-2024-5280.md | 18 + 2024/CVE-2024-5281.md | 17 + 2024/CVE-2024-5282.md | 17 + 2024/CVE-2024-5283.md | 17 + 2024/CVE-2024-5284.md | 18 + 2024/CVE-2024-5286.md | 17 + 2024/CVE-2024-5287.md | 18 + 2024/CVE-2024-5318.md | 17 + 2024/CVE-2024-5442.md | 17 + 2024/CVE-2024-5444.md | 17 + 2024/CVE-2024-5450.md | 17 + 2024/CVE-2024-5472.md | 17 + 2024/CVE-2024-5473.md | 17 + 2024/CVE-2024-5488.md | 17 + 2024/CVE-2024-5529.md | 17 + 2024/CVE-2024-5535.md | 17 + 2024/CVE-2024-5555.md | 18 + 2024/CVE-2024-5570.md | 17 + 2024/CVE-2024-5573.md | 17 + 2024/CVE-2024-5575.md | 17 + 2024/CVE-2024-5604.md | 17 + 2024/CVE-2024-5606.md | 17 + 2024/CVE-2024-5626.md | 17 + 2024/CVE-2024-5627.md | 17 + 2024/CVE-2024-5630.md | 17 + 2024/CVE-2024-5633.md | 18 + 2024/CVE-2024-5642.md | 17 + 2024/CVE-2024-5644.md | 17 + 2024/CVE-2024-5653.md | 17 + 2024/CVE-2024-5655.md | 17 + 2024/CVE-2024-5672.md | 18 + 2024/CVE-2024-5676.md | 1 + 2024/CVE-2024-5713.md | 17 + 2024/CVE-2024-5715.md | 17 + 2024/CVE-2024-5727.md | 17 + 2024/CVE-2024-5728.md | 17 + 2024/CVE-2024-5729.md | 17 + 2024/CVE-2024-5730.md | 17 + 2024/CVE-2024-5735.md | 18 + 2024/CVE-2024-5736.md | 18 + 2024/CVE-2024-5737.md | 18 + 2024/CVE-2024-5744.md | 17 + 2024/CVE-2024-5767.md | 18 + 2024/CVE-2024-5802.md | 17 + 2024/CVE-2024-5806.md | 18 + 2024/CVE-2024-5811.md | 17 + 2024/CVE-2024-5818.md | 17 + 2024/CVE-2024-5861.md | 17 + 2024/CVE-2024-5947.md | 18 + 2024/CVE-2024-5961.md | 17 + 2024/CVE-2024-5973.md | 17 + 2024/CVE-2024-6011.md | 17 + 2024/CVE-2024-6022.md | 17 + 2024/CVE-2024-6023.md | 17 + 2024/CVE-2024-6024.md | 17 + 2024/CVE-2024-6025.md | 17 + 2024/CVE-2024-6026.md | 17 + 2024/CVE-2024-6028.md | 17 + 2024/CVE-2024-6050.md | 17 + 2024/CVE-2024-6070.md | 17 + 2024/CVE-2024-6072.md | 17 + 2024/CVE-2024-6073.md | 17 + 2024/CVE-2024-6074.md | 17 + 2024/CVE-2024-6075.md | 18 + 2024/CVE-2024-6076.md | 17 + 2024/CVE-2024-6094.md | 17 + 2024/CVE-2024-6095.md | 17 + 2024/CVE-2024-6130.md | 17 + 2024/CVE-2024-6138.md | 17 + 2024/CVE-2024-6164.md | 17 + 2024/CVE-2024-6205.md | 17 + 2024/CVE-2024-6231.md | 17 + 2024/CVE-2024-6243.md | 17 + 2024/CVE-2024-6244.md | 17 + 2024/CVE-2024-6265.md | 17 + 2024/CVE-2024-6267.md | 17 + 2024/CVE-2024-6271.md | 18 + 2024/CVE-2024-6273.md | 17 + 2024/CVE-2024-6289.md | 17 + 2024/CVE-2024-6334.md | 17 + 2024/CVE-2024-6385.md | 17 + 2024/CVE-2024-6387.md | 49 ++ 2024/CVE-2024-6420.md | 17 + 2024/CVE-2024-6484.md | 17 + 2024/CVE-2024-6485.md | 17 + 2024/CVE-2024-6507.md | 17 + 2024/CVE-2024-6523.md | 17 + 2024/CVE-2024-6531.md | 17 + 2024/CVE-2024-6553.md | 17 + 2024/CVE-2024-6571.md | 17 + 2024/CVE-2024-6589.md | 17 + 2024/CVE-2024-6629.md | 17 + 2024/CVE-2024-6646.md | 18 + 2024/CVE-2024-6666.md | 18 + 2024/CVE-2024-6729.md | 17 + 2024/CVE-2024-6731.md | 17 + 2024/CVE-2024-6732.md | 17 + 2024/CVE-2024-6750.md | 17 + 2024/CVE-2024-6751.md | 17 + 2024/CVE-2024-6752.md | 17 + 2024/CVE-2024-6753.md | 17 + 2024/CVE-2024-6754.md | 17 + 2024/CVE-2024-6755.md | 17 + 2024/CVE-2024-6756.md | 17 + 2024/CVE-2024-6783.md | 17 + 2024/CVE-2024-6802.md | 17 + 2024/CVE-2024-6807.md | 17 + 2024/CVE-2024-6836.md | 17 + 2024/CVE-2024-6896.md | 17 + 2024/CVE-2024-6911.md | 18 + 2024/CVE-2024-6912.md | 18 + 2024/CVE-2024-6913.md | 18 + 2024/CVE-2024-6930.md | 17 + 2024/CVE-2024-6960.md | 17 + 2024/CVE-2024-6961.md | 17 + 2024/CVE-2024-6962.md | 17 + 2024/CVE-2024-6963.md | 17 + 2024/CVE-2024-6964.md | 17 + 2024/CVE-2024-6965.md | 17 + 2024/CVE-2024-6966.md | 17 + 2024/CVE-2024-6967.md | 17 + 2024/CVE-2024-6968.md | 17 + 2024/CVE-2024-6969.md | 17 + 2024/CVE-2024-6970.md | 17 + 2024/CVE-2024-6972.md | 17 + 2024/CVE-2024-7027.md | 17 + 2024/CVE-2024-7047.md | 17 + 2024/CVE-2024-7057.md | 17 + 2024/CVE-2024-7060.md | 17 + 2024/CVE-2024-7065.md | 17 + 2024/CVE-2024-7066.md | 17 + 2024/CVE-2024-7067.md | 19 + 2024/CVE-2024-7080.md | 17 + 2024/CVE-2024-7081.md | 17 + 2024/CVE-2024-7091.md | 17 + github.txt | 1366 ++++++++++++++++++++++++++++++++++++++ references.txt | 830 +++++++++++++++++++++++ 1879 files changed, 18812 insertions(+), 361 deletions(-) create mode 100644 2000/CVE-2000-0267.md create mode 100644 2000/CVE-2000-0268.md create mode 100644 2000/CVE-2000-0368.md create mode 100644 2000/CVE-2000-0380.md create mode 100644 2000/CVE-2000-0700.md create mode 100644 2000/CVE-2000-1022.md create mode 100644 2000/CVE-2000-1054.md create mode 100644 2000/CVE-2000-1055.md create mode 100644 2000/CVE-2000-1056.md create mode 100644 2001/CVE-2001-0019.md create mode 100644 2001/CVE-2001-0020.md create mode 100644 2001/CVE-2001-0041.md create mode 100644 2001/CVE-2001-0055.md create mode 100644 2001/CVE-2001-0056.md create mode 100644 2001/CVE-2001-0057.md create mode 100644 2001/CVE-2001-0058.md create mode 100644 2001/CVE-2001-0288.md create mode 100644 2001/CVE-2001-0375.md create mode 100644 2001/CVE-2001-0412.md create mode 100644 2001/CVE-2001-0427.md create mode 100644 2001/CVE-2001-0428.md create mode 100644 2001/CVE-2001-0429.md create mode 100644 2001/CVE-2001-0455.md create mode 100644 2001/CVE-2001-0621.md create mode 100644 2001/CVE-2001-0622.md create mode 100644 2001/CVE-2001-0650.md create mode 100644 2001/CVE-2001-0669.md create mode 100644 2001/CVE-2001-0711.md create mode 100644 2001/CVE-2001-0748.md create mode 100644 2001/CVE-2001-0750.md create mode 100644 2001/CVE-2001-0751.md create mode 100644 2001/CVE-2001-0752.md create mode 100644 2001/CVE-2001-0753.md create mode 100644 2001/CVE-2001-0754.md create mode 100644 2001/CVE-2001-0757.md create mode 100644 2001/CVE-2001-0817.md create mode 100644 2001/CVE-2001-0861.md create mode 100644 2001/CVE-2001-0862.md create mode 100644 2001/CVE-2001-0863.md create mode 100644 2001/CVE-2001-0864.md create mode 100644 2001/CVE-2001-0865.md create mode 100644 2001/CVE-2001-0866.md create mode 100644 2001/CVE-2001-0867.md create mode 100644 2001/CVE-2001-0895.md create mode 100644 2001/CVE-2001-0929.md create mode 100644 2001/CVE-2001-1037.md create mode 100644 2001/CVE-2001-1038.md create mode 100644 2001/CVE-2001-1064.md create mode 100644 2001/CVE-2001-1065.md create mode 100644 2001/CVE-2001-1105.md create mode 100644 2001/CVE-2001-1183.md create mode 100644 2001/CVE-2001-1434.md create mode 100644 2002/CVE-2002-0071.md create mode 100644 2002/CVE-2002-0072.md create mode 100644 2002/CVE-2002-0074.md create mode 100644 2002/CVE-2002-0075.md create mode 100644 2002/CVE-2002-0079.md create mode 100644 2002/CVE-2002-0083.md create mode 100644 2002/CVE-2002-0147.md create mode 100644 2002/CVE-2002-0150.md create mode 100644 2002/CVE-2002-0159.md create mode 100644 2002/CVE-2002-0160.md create mode 100644 2002/CVE-2002-0339.md create mode 100644 2002/CVE-2002-0505.md create mode 100644 2002/CVE-2002-0545.md create mode 100644 2002/CVE-2002-0769.md create mode 100644 2002/CVE-2002-0778.md create mode 100644 2002/CVE-2002-0792.md create mode 100644 2002/CVE-2002-0848.md create mode 100644 2002/CVE-2002-0852.md create mode 100644 2002/CVE-2002-0853.md create mode 100644 2002/CVE-2002-0870.md create mode 100644 2002/CVE-2002-0880.md create mode 100644 2002/CVE-2002-0881.md create mode 100644 2002/CVE-2002-0882.md create mode 100644 2002/CVE-2002-0886.md create mode 100644 2002/CVE-2002-0952.md create mode 100644 2002/CVE-2002-1092.md create mode 100644 2002/CVE-2002-1093.md create mode 100644 2002/CVE-2002-1094.md create mode 100644 2002/CVE-2002-1095.md create mode 100644 2002/CVE-2002-1096.md create mode 100644 2002/CVE-2002-1097.md create mode 100644 2002/CVE-2002-1098.md create mode 100644 2002/CVE-2002-1099.md create mode 100644 2002/CVE-2002-1100.md create mode 100644 2002/CVE-2002-1101.md create mode 100644 2002/CVE-2002-1102.md create mode 100644 2002/CVE-2002-1103.md create mode 100644 2002/CVE-2002-1104.md create mode 100644 2002/CVE-2002-1105.md create mode 100644 2002/CVE-2002-1106.md create mode 100644 2002/CVE-2002-1107.md create mode 100644 2002/CVE-2002-1108.md create mode 100644 2002/CVE-2002-1137.md create mode 100644 2002/CVE-2002-1145.md create mode 100644 2002/CVE-2002-1189.md create mode 100644 2002/CVE-2002-1190.md create mode 100644 2002/CVE-2002-1222.md create mode 100644 2002/CVE-2002-1447.md create mode 100644 2002/CVE-2002-1491.md create mode 100644 2002/CVE-2002-1492.md create mode 100644 2002/CVE-2002-1553.md create mode 100644 2002/CVE-2002-1554.md create mode 100644 2002/CVE-2002-1555.md create mode 100644 2002/CVE-2002-1556.md create mode 100644 2002/CVE-2002-1557.md create mode 100644 2002/CVE-2002-1558.md create mode 100644 2002/CVE-2002-1595.md create mode 100644 2002/CVE-2002-1596.md create mode 100644 2002/CVE-2002-1597.md create mode 100644 2002/CVE-2002-1706.md create mode 100644 2002/CVE-2002-2037.md create mode 100644 2002/CVE-2002-2139.md create mode 100644 2002/CVE-2002-2140.md create mode 100644 2002/CVE-2002-2208.md create mode 100644 2002/CVE-2002-2239.md create mode 100644 2003/CVE-2003-0210.md create mode 100644 2003/CVE-2003-0216.md create mode 100644 2003/CVE-2003-0258.md create mode 100644 2003/CVE-2003-0259.md create mode 100644 2003/CVE-2003-0260.md create mode 100644 2003/CVE-2003-0305.md create mode 100644 2003/CVE-2003-0511.md create mode 100644 2003/CVE-2003-0512.md create mode 100644 2003/CVE-2003-0647.md create mode 100644 2003/CVE-2003-0731.md create mode 100644 2003/CVE-2003-0732.md create mode 100644 2003/CVE-2003-0982.md create mode 100644 2003/CVE-2003-1001.md create mode 100644 2003/CVE-2003-1002.md create mode 100644 2003/CVE-2003-1003.md create mode 100644 2003/CVE-2003-1004.md create mode 100644 2003/CVE-2003-1096.md create mode 100644 2003/CVE-2003-1109.md create mode 100644 2003/CVE-2003-1132.md create mode 100644 2004/CVE-2004-0044.md create mode 100644 2004/CVE-2004-0054.md create mode 100644 2004/CVE-2004-0244.md create mode 100644 2004/CVE-2004-0306.md create mode 100644 2004/CVE-2004-0307.md create mode 100644 2004/CVE-2004-0308.md create mode 100644 2004/CVE-2004-0352.md create mode 100644 2004/CVE-2004-0391.md create mode 100644 2004/CVE-2004-0551.md create mode 100644 2004/CVE-2004-0650.md create mode 100644 2004/CVE-2004-0710.md create mode 100644 2004/CVE-2004-0714.md create mode 100644 2004/CVE-2004-1099.md create mode 100644 2004/CVE-2004-1111.md create mode 100644 2004/CVE-2004-1112.md create mode 100644 2004/CVE-2004-1322.md create mode 100644 2004/CVE-2004-1432.md create mode 100644 2004/CVE-2004-1433.md create mode 100644 2004/CVE-2004-1434.md create mode 100644 2004/CVE-2004-1435.md create mode 100644 2004/CVE-2004-1436.md create mode 100644 2004/CVE-2004-1454.md create mode 100644 2004/CVE-2004-1458.md create mode 100644 2004/CVE-2004-1459.md create mode 100644 2004/CVE-2004-1460.md create mode 100644 2004/CVE-2004-1461.md create mode 100644 2004/CVE-2004-1759.md create mode 100644 2004/CVE-2004-1760.md create mode 100644 2004/CVE-2004-1775.md create mode 100644 2004/CVE-2004-1776.md create mode 100644 2005/CVE-2005-0186.md create mode 100644 2005/CVE-2005-0195.md create mode 100644 2005/CVE-2005-0197.md create mode 100644 2005/CVE-2005-0356.md create mode 100644 2005/CVE-2005-0943.md create mode 100644 2005/CVE-2005-1020.md create mode 100644 2005/CVE-2005-1021.md create mode 100644 2005/CVE-2005-1057.md create mode 100644 2005/CVE-2005-1058.md create mode 100644 2005/CVE-2005-1942.md create mode 100644 2005/CVE-2005-2105.md create mode 100644 2005/CVE-2005-2241.md create mode 100644 2005/CVE-2005-2242.md create mode 100644 2005/CVE-2005-2243.md create mode 100644 2005/CVE-2005-2244.md create mode 100644 2005/CVE-2005-2279.md create mode 100644 2005/CVE-2005-2280.md create mode 100644 2005/CVE-2005-2451.md create mode 100644 2005/CVE-2005-2631.md create mode 100644 2005/CVE-2005-2681.md create mode 100644 2005/CVE-2005-2695.md create mode 100644 2005/CVE-2005-2841.md create mode 100644 2005/CVE-2005-3426.md create mode 100644 2005/CVE-2005-3481.md create mode 100644 2005/CVE-2005-3669.md create mode 100644 2005/CVE-2005-3774.md create mode 100644 2005/CVE-2005-3803.md create mode 100644 2005/CVE-2005-3804.md create mode 100644 2005/CVE-2005-3886.md create mode 100644 2005/CVE-2005-4794.md create mode 100644 2005/CVE-2005-4825.md create mode 100644 2006/CVE-2006-0181.md create mode 100644 2006/CVE-2006-0354.md create mode 100644 2006/CVE-2006-0367.md create mode 100644 2006/CVE-2006-0368.md create mode 100644 2006/CVE-2006-0483.md create mode 100644 2006/CVE-2006-0485.md create mode 100644 2006/CVE-2006-0486.md create mode 100644 2006/CVE-2006-0561.md create mode 100644 2006/CVE-2006-1631.md create mode 100644 2006/CVE-2006-1670.md create mode 100644 2006/CVE-2006-1671.md create mode 100644 2006/CVE-2006-1672.md create mode 100644 2006/CVE-2006-1888.md create mode 100644 2006/CVE-2006-1927.md create mode 100644 2006/CVE-2006-1928.md create mode 100644 2006/CVE-2006-1960.md create mode 100644 2006/CVE-2006-1961.md create mode 100644 2006/CVE-2006-2322.md create mode 100644 2006/CVE-2006-3073.md create mode 100644 2006/CVE-2006-3285.md create mode 100644 2006/CVE-2006-3286.md create mode 100644 2006/CVE-2006-3287.md create mode 100644 2006/CVE-2006-3288.md create mode 100644 2006/CVE-2006-3289.md create mode 100644 2006/CVE-2006-3290.md create mode 100644 2006/CVE-2006-3291.md create mode 100644 2006/CVE-2006-3594.md create mode 100644 2006/CVE-2006-3595.md create mode 100644 2006/CVE-2006-3596.md create mode 100644 2006/CVE-2006-3633.md create mode 100644 2006/CVE-2006-3732.md create mode 100644 2006/CVE-2006-3733.md create mode 100644 2006/CVE-2006-3734.md create mode 100644 2006/CVE-2006-4097.md create mode 100644 2006/CVE-2006-4098.md create mode 100644 2006/CVE-2006-4312.md create mode 100644 2006/CVE-2006-4313.md create mode 100644 2006/CVE-2006-4352.md create mode 100644 2006/CVE-2006-4774.md create mode 100644 2006/CVE-2006-4775.md create mode 100644 2006/CVE-2006-4776.md create mode 100644 2006/CVE-2006-4909.md create mode 100644 2006/CVE-2006-4910.md create mode 100644 2006/CVE-2006-4911.md create mode 100644 2006/CVE-2006-4950.md create mode 100644 2006/CVE-2006-5277.md create mode 100644 2006/CVE-2006-5278.md create mode 100644 2006/CVE-2006-5806.md create mode 100644 2006/CVE-2006-5807.md create mode 100644 2006/CVE-2006-5808.md create mode 100644 2006/CVE-2006-6548.md create mode 100644 2007/CVE-2007-0057.md create mode 100644 2007/CVE-2007-0058.md create mode 100644 2007/CVE-2007-0105.md create mode 100644 2007/CVE-2007-0198.md create mode 100644 2007/CVE-2007-0199.md create mode 100644 2007/CVE-2007-0648.md create mode 100644 2007/CVE-2007-1062.md create mode 100644 2007/CVE-2007-1063.md create mode 100644 2007/CVE-2007-1064.md create mode 100644 2007/CVE-2007-1065.md create mode 100644 2007/CVE-2007-1066.md create mode 100644 2007/CVE-2007-1067.md create mode 100644 2007/CVE-2007-1068.md create mode 100644 2007/CVE-2007-1072.md create mode 100644 2007/CVE-2007-1257.md create mode 100644 2007/CVE-2007-1258.md create mode 100644 2007/CVE-2007-1826.md create mode 100644 2007/CVE-2007-1833.md create mode 100644 2007/CVE-2007-1834.md create mode 100644 2007/CVE-2007-2032.md create mode 100644 2007/CVE-2007-2033.md create mode 100644 2007/CVE-2007-2034.md create mode 100644 2007/CVE-2007-2035.md create mode 100644 2007/CVE-2007-2036.md create mode 100644 2007/CVE-2007-2037.md create mode 100644 2007/CVE-2007-2038.md create mode 100644 2007/CVE-2007-2039.md create mode 100644 2007/CVE-2007-2040.md create mode 100644 2007/CVE-2007-2041.md create mode 100644 2007/CVE-2007-3698.md create mode 100644 2007/CVE-2007-3775.md create mode 100644 2007/CVE-2007-3776.md create mode 100644 2007/CVE-2007-3923.md create mode 100644 2007/CVE-2007-4263.md create mode 100644 2007/CVE-2007-4414.md create mode 100644 2007/CVE-2007-4415.md create mode 100644 2007/CVE-2007-4459.md create mode 100644 2007/CVE-2007-4788.md create mode 100644 2007/CVE-2007-4789.md create mode 100644 2007/CVE-2007-5134.md create mode 100644 2007/CVE-2007-5581.md create mode 100644 2007/CVE-2007-5582.md create mode 100644 2008/CVE-2008-0028.md create mode 100644 2008/CVE-2008-0029.md create mode 100644 2008/CVE-2008-0537.md create mode 100644 2008/CVE-2008-1153.md create mode 100644 2008/CVE-2008-1157.md create mode 100644 2009/CVE-2009-2929.md create mode 100644 2010/CVE-2010-2333.md create mode 100644 2011/CVE-2011-2678.md create mode 100644 2011/CVE-2011-3304.md create mode 100644 2011/CVE-2011-3305.md create mode 100644 2012/CVE-2012-0816.md create mode 100644 2013/CVE-2013-7282.md create mode 100644 2014/CVE-2014-2527.md create mode 100644 2014/CVE-2014-2528.md create mode 100644 2015/CVE-2015-6927.md create mode 100644 2016/CVE-2016-1000216.md create mode 100644 2016/CVE-2016-7067.md create mode 100644 2017/CVE-2017-12972.md create mode 100644 2017/CVE-2017-12973.md create mode 100644 2017/CVE-2017-12974.md create mode 100644 2017/CVE-2017-13698.md create mode 100644 2017/CVE-2017-13699.md create mode 100644 2017/CVE-2017-13700.md create mode 100644 2017/CVE-2017-13701.md create mode 100644 2017/CVE-2017-13702.md create mode 100644 2017/CVE-2017-13703.md create mode 100644 2018/CVE-2018-13390.md create mode 100644 2018/CVE-2018-15892.md create mode 100644 2018/CVE-2018-8438.md create mode 100644 2019/CVE-2019-11454.md create mode 100644 2019/CVE-2019-12968.md create mode 100644 2019/CVE-2019-19551.md create mode 100644 2019/CVE-2019-19552.md create mode 100644 2019/CVE-2019-20375.md create mode 100644 2019/CVE-2019-20376.md create mode 100644 2020/CVE-2020-12146.md create mode 100644 2020/CVE-2020-13111.md create mode 100644 2020/CVE-2020-35121.md create mode 100644 2020/CVE-2020-35122.md create mode 100644 2021/CVE-2021-4440.md create mode 100644 2021/CVE-2021-45785.md create mode 100644 2021/CVE-2021-46709.md create mode 100644 2022/CVE-2022-26563.md create mode 100644 2022/CVE-2022-34346.md create mode 100644 2022/CVE-2022-36530.md create mode 100644 2022/CVE-2022-40438.md create mode 100644 2022/CVE-2022-40487.md create mode 100644 2022/CVE-2022-40488.md create mode 100644 2022/CVE-2022-43032.md create mode 100644 2022/CVE-2022-43033.md create mode 100644 2022/CVE-2022-43034.md create mode 100644 2022/CVE-2022-43035.md create mode 100644 2022/CVE-2022-43037.md create mode 100644 2022/CVE-2022-43038.md create mode 100644 2022/CVE-2022-45796.md create mode 100644 2023/CVE-2023-1773.md create mode 100644 2023/CVE-2023-20872.md create mode 100644 2023/CVE-2023-20945.md create mode 100644 2023/CVE-2023-23388.md create mode 100644 2023/CVE-2023-2375.md create mode 100644 2023/CVE-2023-24871.md create mode 100644 2023/CVE-2023-27636.md create mode 100644 2023/CVE-2023-30800.md create mode 100644 2023/CVE-2023-3141.md create mode 100644 2023/CVE-2023-31582.md create mode 100644 2023/CVE-2023-32878.md create mode 100644 2023/CVE-2023-32882.md create mode 100644 2023/CVE-2023-33303.md create mode 100644 2023/CVE-2023-35789.md create mode 100644 2023/CVE-2023-35823.md create mode 100644 2023/CVE-2023-35824.md create mode 100644 2023/CVE-2023-35826.md create mode 100644 2023/CVE-2023-3881.md create mode 100644 2023/CVE-2023-38941.md create mode 100644 2023/CVE-2023-41251.md create mode 100644 2023/CVE-2023-45215.md create mode 100644 2023/CVE-2023-46685.md create mode 100644 2023/CVE-2023-47856.md create mode 100644 2023/CVE-2023-48270.md create mode 100644 2023/CVE-2023-48362.md create mode 100644 2023/CVE-2023-49073.md create mode 100644 2023/CVE-2023-49593.md create mode 100644 2023/CVE-2023-49595.md create mode 100644 2023/CVE-2023-49867.md create mode 100644 2023/CVE-2023-50239.md create mode 100644 2023/CVE-2023-50240.md create mode 100644 2023/CVE-2023-50243.md create mode 100644 2023/CVE-2023-50244.md create mode 100644 2023/CVE-2023-50381.md create mode 100644 2023/CVE-2023-50382.md create mode 100644 2023/CVE-2023-50383.md create mode 100644 2023/CVE-2023-52340.md create mode 100644 2023/CVE-2023-52428.md create mode 100644 2023/CVE-2023-6350.md create mode 100644 2023/CVE-2023-6351.md create mode 100644 2023/CVE-2023-6704.md create mode 100644 2023/CVE-2023-7012.md create mode 100644 2023/CVE-2023-7045.md create mode 100644 2023/CVE-2023-7268.md create mode 100644 2023/CVE-2023-7269.md create mode 100644 2023/CVE-2023-7270.md create mode 100644 2023/CVE-2023-7271.md create mode 100644 2024/CVE-2024-0151.md create mode 100644 2024/CVE-2024-0974.md create mode 100644 2024/CVE-2024-1330.md create mode 100644 2024/CVE-2024-1845.md create mode 100644 2024/CVE-2024-1963.md create mode 100644 2024/CVE-2024-20399.md create mode 100644 2024/CVE-2024-2040.md create mode 100644 2024/CVE-2024-21183.md create mode 100644 2024/CVE-2024-21513.md create mode 100644 2024/CVE-2024-21520.md create mode 100644 2024/CVE-2024-21521.md create mode 100644 2024/CVE-2024-21522.md create mode 100644 2024/CVE-2024-21523.md create mode 100644 2024/CVE-2024-21524.md create mode 100644 2024/CVE-2024-21525.md create mode 100644 2024/CVE-2024-21526.md create mode 100644 2024/CVE-2024-21527.md create mode 100644 2024/CVE-2024-21583.md create mode 100644 2024/CVE-2024-21754.md create mode 100644 2024/CVE-2024-21827.md create mode 100644 2024/CVE-2024-2194.md create mode 100644 2024/CVE-2024-22058.md create mode 100644 2024/CVE-2024-22274.md create mode 100644 2024/CVE-2024-22275.md create mode 100644 2024/CVE-2024-2231.md create mode 100644 2024/CVE-2024-2233.md create mode 100644 2024/CVE-2024-2234.md create mode 100644 2024/CVE-2024-2235.md create mode 100644 2024/CVE-2024-2375.md create mode 100644 2024/CVE-2024-2376.md create mode 100644 2024/CVE-2024-23765.md create mode 100644 2024/CVE-2024-23766.md create mode 100644 2024/CVE-2024-23767.md create mode 100644 2024/CVE-2024-23828.md create mode 100644 2024/CVE-2024-23997.md create mode 100644 2024/CVE-2024-23998.md create mode 100644 2024/CVE-2024-2430.md create mode 100644 2024/CVE-2024-24550.md create mode 100644 2024/CVE-2024-24551.md create mode 100644 2024/CVE-2024-24552.md create mode 100644 2024/CVE-2024-24553.md create mode 100644 2024/CVE-2024-24554.md create mode 100644 2024/CVE-2024-25638.md create mode 100644 2024/CVE-2024-25846.md create mode 100644 2024/CVE-2024-25943.md create mode 100644 2024/CVE-2024-26020.md create mode 100644 2024/CVE-2024-2640.md create mode 100644 2024/CVE-2024-2696.md create mode 100644 2024/CVE-2024-27141.md create mode 100644 2024/CVE-2024-27142.md create mode 100644 2024/CVE-2024-27143.md create mode 100644 2024/CVE-2024-27144.md create mode 100644 2024/CVE-2024-27145.md create mode 100644 2024/CVE-2024-27146.md create mode 100644 2024/CVE-2024-27147.md create mode 100644 2024/CVE-2024-27148.md create mode 100644 2024/CVE-2024-27149.md create mode 100644 2024/CVE-2024-27150.md create mode 100644 2024/CVE-2024-27151.md create mode 100644 2024/CVE-2024-27152.md create mode 100644 2024/CVE-2024-27153.md create mode 100644 2024/CVE-2024-27154.md create mode 100644 2024/CVE-2024-27155.md create mode 100644 2024/CVE-2024-27156.md create mode 100644 2024/CVE-2024-27157.md create mode 100644 2024/CVE-2024-27158.md create mode 100644 2024/CVE-2024-27159.md create mode 100644 2024/CVE-2024-27160.md create mode 100644 2024/CVE-2024-27161.md create mode 100644 2024/CVE-2024-27162.md create mode 100644 2024/CVE-2024-27163.md create mode 100644 2024/CVE-2024-27164.md create mode 100644 2024/CVE-2024-27165.md create mode 100644 2024/CVE-2024-27166.md create mode 100644 2024/CVE-2024-27167.md create mode 100644 2024/CVE-2024-27168.md create mode 100644 2024/CVE-2024-27169.md create mode 100644 2024/CVE-2024-27170.md create mode 100644 2024/CVE-2024-27171.md create mode 100644 2024/CVE-2024-27172.md create mode 100644 2024/CVE-2024-27174.md create mode 100644 2024/CVE-2024-27175.md create mode 100644 2024/CVE-2024-27176.md create mode 100644 2024/CVE-2024-27177.md create mode 100644 2024/CVE-2024-27178.md create mode 100644 2024/CVE-2024-27179.md create mode 100644 2024/CVE-2024-27180.md create mode 100644 2024/CVE-2024-27292.md create mode 100644 2024/CVE-2024-28074.md create mode 100644 2024/CVE-2024-2870.md create mode 100644 2024/CVE-2024-28794.md create mode 100644 2024/CVE-2024-28795.md create mode 100644 2024/CVE-2024-28797.md create mode 100644 2024/CVE-2024-2884.md create mode 100644 2024/CVE-2024-29038.md create mode 100644 2024/CVE-2024-29073.md create mode 100644 2024/CVE-2024-29506.md create mode 100644 2024/CVE-2024-29507.md create mode 100644 2024/CVE-2024-29508.md create mode 100644 2024/CVE-2024-29509.md create mode 100644 2024/CVE-2024-29510.md create mode 100644 2024/CVE-2024-29511.md create mode 100644 2024/CVE-2024-29863.md create mode 100644 2024/CVE-2024-29868.md create mode 100644 2024/CVE-2024-30088.md create mode 100644 2024/CVE-2024-3026.md create mode 100644 2024/CVE-2024-3111.md create mode 100644 2024/CVE-2024-3112.md create mode 100644 2024/CVE-2024-31318.md create mode 100644 2024/CVE-2024-31484.md create mode 100644 2024/CVE-2024-31485.md create mode 100644 2024/CVE-2024-31486.md create mode 100644 2024/CVE-2024-3169.md create mode 100644 2024/CVE-2024-3172.md create mode 100644 2024/CVE-2024-31970.md create mode 100644 2024/CVE-2024-31971.md create mode 100644 2024/CVE-2024-31977.md create mode 100644 2024/CVE-2024-32030.md create mode 100644 2024/CVE-2024-32152.md create mode 100644 2024/CVE-2024-32228.md create mode 100644 2024/CVE-2024-32229.md create mode 100644 2024/CVE-2024-32230.md create mode 100644 2024/CVE-2024-3246.md create mode 100644 2024/CVE-2024-32484.md create mode 100644 2024/CVE-2024-33326.md create mode 100644 2024/CVE-2024-3410.md create mode 100644 2024/CVE-2024-34102.md create mode 100644 2024/CVE-2024-34312.md create mode 100644 2024/CVE-2024-34313.md create mode 100644 2024/CVE-2024-34329.md create mode 100644 2024/CVE-2024-34350.md create mode 100644 2024/CVE-2024-34361.md create mode 100644 2024/CVE-2024-34580.md create mode 100644 2024/CVE-2024-34722.md create mode 100644 2024/CVE-2024-35242.md create mode 100644 2024/CVE-2024-35255.md create mode 100644 2024/CVE-2024-35545.md create mode 100644 2024/CVE-2024-3596.md create mode 100644 2024/CVE-2024-36115.md create mode 100644 2024/CVE-2024-3632.md create mode 100644 2024/CVE-2024-3633.md create mode 100644 2024/CVE-2024-36401.md create mode 100644 2024/CVE-2024-36404.md create mode 100644 2024/CVE-2024-36412.md create mode 100644 2024/CVE-2024-36438.md create mode 100644 2024/CVE-2024-36495.md create mode 100644 2024/CVE-2024-36496.md create mode 100644 2024/CVE-2024-36497.md create mode 100644 2024/CVE-2024-36522.md create mode 100644 2024/CVE-2024-36526.md create mode 100644 2024/CVE-2024-36534.md create mode 100644 2024/CVE-2024-36535.md create mode 100644 2024/CVE-2024-36536.md create mode 100644 2024/CVE-2024-36537.md create mode 100644 2024/CVE-2024-36538.md create mode 100644 2024/CVE-2024-36539.md create mode 100644 2024/CVE-2024-36540.md create mode 100644 2024/CVE-2024-36541.md create mode 100644 2024/CVE-2024-36573.md create mode 100644 2024/CVE-2024-36574.md create mode 100644 2024/CVE-2024-36575.md create mode 100644 2024/CVE-2024-36577.md create mode 100644 2024/CVE-2024-36578.md create mode 100644 2024/CVE-2024-36580.md create mode 100644 2024/CVE-2024-36581.md create mode 100644 2024/CVE-2024-36582.md create mode 100644 2024/CVE-2024-36583.md create mode 100644 2024/CVE-2024-36600.md create mode 100644 2024/CVE-2024-36650.md create mode 100644 2024/CVE-2024-36656.md create mode 100644 2024/CVE-2024-36681.md create mode 100644 2024/CVE-2024-36755.md create mode 100644 2024/CVE-2024-36787.md create mode 100644 2024/CVE-2024-36788.md create mode 100644 2024/CVE-2024-36789.md create mode 100644 2024/CVE-2024-36790.md create mode 100644 2024/CVE-2024-36792.md create mode 100644 2024/CVE-2024-36886.md create mode 100644 2024/CVE-2024-36991.md create mode 100644 2024/CVE-2024-37016.md create mode 100644 2024/CVE-2024-37032.md create mode 100644 2024/CVE-2024-37081.md create mode 100644 2024/CVE-2024-37084.md create mode 100644 2024/CVE-2024-3710.md create mode 100644 2024/CVE-2024-37147.md create mode 100644 2024/CVE-2024-37253.md create mode 100644 2024/CVE-2024-3727.md create mode 100644 2024/CVE-2024-37386.md create mode 100644 2024/CVE-2024-37465.md create mode 100644 2024/CVE-2024-37466.md create mode 100644 2024/CVE-2024-37480.md create mode 100644 2024/CVE-2024-37485.md create mode 100644 2024/CVE-2024-37486.md create mode 100644 2024/CVE-2024-3751.md create mode 100644 2024/CVE-2024-3753.md create mode 100644 2024/CVE-2024-37726.md create mode 100644 2024/CVE-2024-37742.md create mode 100644 2024/CVE-2024-37759.md create mode 100644 2024/CVE-2024-37762.md create mode 100644 2024/CVE-2024-37763.md create mode 100644 2024/CVE-2024-37764.md create mode 100644 2024/CVE-2024-37765.md create mode 100644 2024/CVE-2024-37770.md create mode 100644 2024/CVE-2024-37843.md create mode 100644 2024/CVE-2024-37894.md create mode 100644 2024/CVE-2024-37923.md create mode 100644 2024/CVE-2024-3798.md create mode 100644 2024/CVE-2024-3799.md create mode 100644 2024/CVE-2024-38030.md create mode 100644 2024/CVE-2024-38041.md create mode 100644 2024/CVE-2024-38112.md create mode 100644 2024/CVE-2024-38345.md create mode 100644 2024/CVE-2024-38366.md create mode 100644 2024/CVE-2024-38457.md create mode 100644 2024/CVE-2024-38458.md create mode 100644 2024/CVE-2024-38519.md create mode 100644 2024/CVE-2024-38537.md create mode 100644 2024/CVE-2024-38781.md create mode 100644 2024/CVE-2024-38782.md create mode 100644 2024/CVE-2024-38784.md create mode 100644 2024/CVE-2024-38785.md create mode 100644 2024/CVE-2024-38786.md create mode 100644 2024/CVE-2024-3896.md create mode 100644 2024/CVE-2024-39031.md create mode 100644 2024/CVE-2024-39069.md create mode 100644 2024/CVE-2024-39071.md create mode 100644 2024/CVE-2024-39072.md create mode 100644 2024/CVE-2024-39090.md create mode 100644 2024/CVE-2024-39133.md create mode 100644 2024/CVE-2024-39134.md create mode 100644 2024/CVE-2024-3919.md create mode 100644 2024/CVE-2024-39203.md create mode 100644 2024/CVE-2024-39206.md create mode 100644 2024/CVE-2024-39210.md create mode 100644 2024/CVE-2024-39211.md create mode 100644 2024/CVE-2024-39248.md create mode 100644 2024/CVE-2024-39249.md create mode 100644 2024/CVE-2024-39250.md create mode 100644 2024/CVE-2024-39345.md create mode 100644 2024/CVE-2024-39373.md create mode 100644 2024/CVE-2024-39374.md create mode 100644 2024/CVE-2024-39375.md create mode 100644 2024/CVE-2024-39376.md create mode 100644 2024/CVE-2024-3963.md create mode 100644 2024/CVE-2024-3964.md create mode 100644 2024/CVE-2024-39670.md create mode 100644 2024/CVE-2024-39671.md create mode 100644 2024/CVE-2024-39672.md create mode 100644 2024/CVE-2024-39673.md create mode 100644 2024/CVE-2024-39674.md create mode 100644 2024/CVE-2024-39685.md create mode 100644 2024/CVE-2024-39686.md create mode 100644 2024/CVE-2024-39688.md create mode 100644 2024/CVE-2024-39689.md create mode 100644 2024/CVE-2024-39840.md create mode 100644 2024/CVE-2024-39844.md create mode 100644 2024/CVE-2024-39884.md create mode 100644 2024/CVE-2024-39899.md create mode 100644 2024/CVE-2024-39908.md create mode 100644 2024/CVE-2024-39911.md create mode 100644 2024/CVE-2024-39914.md create mode 100644 2024/CVE-2024-39920.md create mode 100644 2024/CVE-2024-39929.md create mode 100644 2024/CVE-2024-39943.md create mode 100644 2024/CVE-2024-3999.md create mode 100644 2024/CVE-2024-40119.md create mode 100644 2024/CVE-2024-40348.md create mode 100644 2024/CVE-2024-40422.md create mode 100644 2024/CVE-2024-40430.md create mode 100644 2024/CVE-2024-40492.md create mode 100644 2024/CVE-2024-40502.md create mode 100644 2024/CVE-2024-40614.md create mode 100644 2024/CVE-2024-40628.md create mode 100644 2024/CVE-2024-40629.md create mode 100644 2024/CVE-2024-40725.md create mode 100644 2024/CVE-2024-40767.md create mode 100644 2024/CVE-2024-40898.md create mode 100644 2024/CVE-2024-41003.md create mode 100644 2024/CVE-2024-4105.md create mode 100644 2024/CVE-2024-4106.md create mode 100644 2024/CVE-2024-41107.md create mode 100644 2024/CVE-2024-41110.md create mode 100644 2024/CVE-2024-41462.md create mode 100644 2024/CVE-2024-41463.md create mode 100644 2024/CVE-2024-41464.md create mode 100644 2024/CVE-2024-41465.md create mode 100644 2024/CVE-2024-41466.md create mode 100644 2024/CVE-2024-41550.md create mode 100644 2024/CVE-2024-41551.md create mode 100644 2024/CVE-2024-41662.md create mode 100644 2024/CVE-2024-41666.md create mode 100644 2024/CVE-2024-41667.md create mode 100644 2024/CVE-2024-41668.md create mode 100644 2024/CVE-2024-41672.md create mode 100644 2024/CVE-2024-41705.md create mode 100644 2024/CVE-2024-41706.md create mode 100644 2024/CVE-2024-41707.md create mode 100644 2024/CVE-2024-41709.md create mode 100644 2024/CVE-2024-41827.md create mode 100644 2024/CVE-2024-4201.md create mode 100644 2024/CVE-2024-4217.md create mode 100644 2024/CVE-2024-4224.md create mode 100644 2024/CVE-2024-4260.md create mode 100644 2024/CVE-2024-4268.md create mode 100644 2024/CVE-2024-4269.md create mode 100644 2024/CVE-2024-4272.md create mode 100644 2024/CVE-2024-4395.md create mode 100644 2024/CVE-2024-4460.md create mode 100644 2024/CVE-2024-4602.md create mode 100644 2024/CVE-2024-4627.md create mode 100644 2024/CVE-2024-4655.md create mode 100644 2024/CVE-2024-4664.md create mode 100644 2024/CVE-2024-4704.md create mode 100644 2024/CVE-2024-4752.md create mode 100644 2024/CVE-2024-4753.md create mode 100644 2024/CVE-2024-4757.md create mode 100644 2024/CVE-2024-4758.md create mode 100644 2024/CVE-2024-4759.md create mode 100644 2024/CVE-2024-4811.md create mode 100644 2024/CVE-2024-4879.md create mode 100644 2024/CVE-2024-4883.md create mode 100644 2024/CVE-2024-4885.md create mode 100644 2024/CVE-2024-4899.md create mode 100644 2024/CVE-2024-4900.md create mode 100644 2024/CVE-2024-4934.md create mode 100644 2024/CVE-2024-4957.md create mode 100644 2024/CVE-2024-4959.md create mode 100644 2024/CVE-2024-4977.md create mode 100644 2024/CVE-2024-5002.md create mode 100644 2024/CVE-2024-5004.md create mode 100644 2024/CVE-2024-5009.md create mode 100644 2024/CVE-2024-5011.md create mode 100644 2024/CVE-2024-5017.md create mode 100644 2024/CVE-2024-5028.md create mode 100644 2024/CVE-2024-5032.md create mode 100644 2024/CVE-2024-5033.md create mode 100644 2024/CVE-2024-5034.md create mode 100644 2024/CVE-2024-5067.md create mode 100644 2024/CVE-2024-5071.md create mode 100644 2024/CVE-2024-5074.md create mode 100644 2024/CVE-2024-5075.md create mode 100644 2024/CVE-2024-5076.md create mode 100644 2024/CVE-2024-5077.md create mode 100644 2024/CVE-2024-5079.md create mode 100644 2024/CVE-2024-5080.md create mode 100644 2024/CVE-2024-5151.md create mode 100644 2024/CVE-2024-5167.md create mode 100644 2024/CVE-2024-5169.md create mode 100644 2024/CVE-2024-5199.md create mode 100644 2024/CVE-2024-5276.md create mode 100644 2024/CVE-2024-5280.md create mode 100644 2024/CVE-2024-5281.md create mode 100644 2024/CVE-2024-5282.md create mode 100644 2024/CVE-2024-5283.md create mode 100644 2024/CVE-2024-5284.md create mode 100644 2024/CVE-2024-5286.md create mode 100644 2024/CVE-2024-5287.md create mode 100644 2024/CVE-2024-5318.md create mode 100644 2024/CVE-2024-5442.md create mode 100644 2024/CVE-2024-5444.md create mode 100644 2024/CVE-2024-5450.md create mode 100644 2024/CVE-2024-5472.md create mode 100644 2024/CVE-2024-5473.md create mode 100644 2024/CVE-2024-5488.md create mode 100644 2024/CVE-2024-5529.md create mode 100644 2024/CVE-2024-5535.md create mode 100644 2024/CVE-2024-5555.md create mode 100644 2024/CVE-2024-5570.md create mode 100644 2024/CVE-2024-5573.md create mode 100644 2024/CVE-2024-5575.md create mode 100644 2024/CVE-2024-5604.md create mode 100644 2024/CVE-2024-5606.md create mode 100644 2024/CVE-2024-5626.md create mode 100644 2024/CVE-2024-5627.md create mode 100644 2024/CVE-2024-5630.md create mode 100644 2024/CVE-2024-5633.md create mode 100644 2024/CVE-2024-5642.md create mode 100644 2024/CVE-2024-5644.md create mode 100644 2024/CVE-2024-5653.md create mode 100644 2024/CVE-2024-5655.md create mode 100644 2024/CVE-2024-5672.md create mode 100644 2024/CVE-2024-5713.md create mode 100644 2024/CVE-2024-5715.md create mode 100644 2024/CVE-2024-5727.md create mode 100644 2024/CVE-2024-5728.md create mode 100644 2024/CVE-2024-5729.md create mode 100644 2024/CVE-2024-5730.md create mode 100644 2024/CVE-2024-5735.md create mode 100644 2024/CVE-2024-5736.md create mode 100644 2024/CVE-2024-5737.md create mode 100644 2024/CVE-2024-5744.md create mode 100644 2024/CVE-2024-5767.md create mode 100644 2024/CVE-2024-5802.md create mode 100644 2024/CVE-2024-5806.md create mode 100644 2024/CVE-2024-5811.md create mode 100644 2024/CVE-2024-5818.md create mode 100644 2024/CVE-2024-5861.md create mode 100644 2024/CVE-2024-5947.md create mode 100644 2024/CVE-2024-5961.md create mode 100644 2024/CVE-2024-5973.md create mode 100644 2024/CVE-2024-6011.md create mode 100644 2024/CVE-2024-6022.md create mode 100644 2024/CVE-2024-6023.md create mode 100644 2024/CVE-2024-6024.md create mode 100644 2024/CVE-2024-6025.md create mode 100644 2024/CVE-2024-6026.md create mode 100644 2024/CVE-2024-6028.md create mode 100644 2024/CVE-2024-6050.md create mode 100644 2024/CVE-2024-6070.md create mode 100644 2024/CVE-2024-6072.md create mode 100644 2024/CVE-2024-6073.md create mode 100644 2024/CVE-2024-6074.md create mode 100644 2024/CVE-2024-6075.md create mode 100644 2024/CVE-2024-6076.md create mode 100644 2024/CVE-2024-6094.md create mode 100644 2024/CVE-2024-6095.md create mode 100644 2024/CVE-2024-6130.md create mode 100644 2024/CVE-2024-6138.md create mode 100644 2024/CVE-2024-6164.md create mode 100644 2024/CVE-2024-6205.md create mode 100644 2024/CVE-2024-6231.md create mode 100644 2024/CVE-2024-6243.md create mode 100644 2024/CVE-2024-6244.md create mode 100644 2024/CVE-2024-6265.md create mode 100644 2024/CVE-2024-6267.md create mode 100644 2024/CVE-2024-6271.md create mode 100644 2024/CVE-2024-6273.md create mode 100644 2024/CVE-2024-6289.md create mode 100644 2024/CVE-2024-6334.md create mode 100644 2024/CVE-2024-6385.md create mode 100644 2024/CVE-2024-6387.md create mode 100644 2024/CVE-2024-6420.md create mode 100644 2024/CVE-2024-6484.md create mode 100644 2024/CVE-2024-6485.md create mode 100644 2024/CVE-2024-6507.md create mode 100644 2024/CVE-2024-6523.md create mode 100644 2024/CVE-2024-6531.md create mode 100644 2024/CVE-2024-6553.md create mode 100644 2024/CVE-2024-6571.md create mode 100644 2024/CVE-2024-6589.md create mode 100644 2024/CVE-2024-6629.md create mode 100644 2024/CVE-2024-6646.md create mode 100644 2024/CVE-2024-6666.md create mode 100644 2024/CVE-2024-6729.md create mode 100644 2024/CVE-2024-6731.md create mode 100644 2024/CVE-2024-6732.md create mode 100644 2024/CVE-2024-6750.md create mode 100644 2024/CVE-2024-6751.md create mode 100644 2024/CVE-2024-6752.md create mode 100644 2024/CVE-2024-6753.md create mode 100644 2024/CVE-2024-6754.md create mode 100644 2024/CVE-2024-6755.md create mode 100644 2024/CVE-2024-6756.md create mode 100644 2024/CVE-2024-6783.md create mode 100644 2024/CVE-2024-6802.md create mode 100644 2024/CVE-2024-6807.md create mode 100644 2024/CVE-2024-6836.md create mode 100644 2024/CVE-2024-6896.md create mode 100644 2024/CVE-2024-6911.md create mode 100644 2024/CVE-2024-6912.md create mode 100644 2024/CVE-2024-6913.md create mode 100644 2024/CVE-2024-6930.md create mode 100644 2024/CVE-2024-6960.md create mode 100644 2024/CVE-2024-6961.md create mode 100644 2024/CVE-2024-6962.md create mode 100644 2024/CVE-2024-6963.md create mode 100644 2024/CVE-2024-6964.md create mode 100644 2024/CVE-2024-6965.md create mode 100644 2024/CVE-2024-6966.md create mode 100644 2024/CVE-2024-6967.md create mode 100644 2024/CVE-2024-6968.md create mode 100644 2024/CVE-2024-6969.md create mode 100644 2024/CVE-2024-6970.md create mode 100644 2024/CVE-2024-6972.md create mode 100644 2024/CVE-2024-7027.md create mode 100644 2024/CVE-2024-7047.md create mode 100644 2024/CVE-2024-7057.md create mode 100644 2024/CVE-2024-7060.md create mode 100644 2024/CVE-2024-7065.md create mode 100644 2024/CVE-2024-7066.md create mode 100644 2024/CVE-2024-7067.md create mode 100644 2024/CVE-2024-7080.md create mode 100644 2024/CVE-2024-7081.md create mode 100644 2024/CVE-2024-7091.md diff --git a/2000/CVE-2000-0267.md b/2000/CVE-2000-0267.md new file mode 100644 index 0000000000..5d0a0ded07 --- /dev/null +++ b/2000/CVE-2000-0267.md @@ -0,0 +1,17 @@ +### [CVE-2000-0267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0267) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0268.md b/2000/CVE-2000-0268.md new file mode 100644 index 0000000000..f8685aef00 --- /dev/null +++ b/2000/CVE-2000-0268.md @@ -0,0 +1,17 @@ +### [CVE-2000-0268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0268) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0368.md b/2000/CVE-2000-0368.md new file mode 100644 index 0000000000..b426ce7b9a --- /dev/null +++ b/2000/CVE-2000-0368.md @@ -0,0 +1,17 @@ +### [CVE-2000-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0368) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/770/ioshist-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0380.md b/2000/CVE-2000-0380.md new file mode 100644 index 0000000000..4c05e7c7b4 --- /dev/null +++ b/2000/CVE-2000-0380.md @@ -0,0 +1,17 @@ +### [CVE-2000-0380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0380) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0388.md b/2000/CVE-2000-0388.md index 80acd8c0c6..9549e4aa04 100644 --- a/2000/CVE-2000-0388.md +++ b/2000/CVE-2000-0388.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/joscanoga/Reto-python-CRM +- https://github.com/riik-db/cc_hw diff --git a/2000/CVE-2000-0700.md b/2000/CVE-2000-0700.md new file mode 100644 index 0000000000..a3480b478a --- /dev/null +++ b/2000/CVE-2000-0700.md @@ -0,0 +1,17 @@ +### [CVE-2000-0700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0700) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0984.md b/2000/CVE-2000-0984.md index 0cd2ba716f..6af8e87853 100644 --- a/2000/CVE-2000-0984.md +++ b/2000/CVE-2000-0984.md @@ -10,7 +10,7 @@ The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a den ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2000/CVE-2000-1022.md b/2000/CVE-2000-1022.md new file mode 100644 index 0000000000..5034cf17a7 --- /dev/null +++ b/2000/CVE-2000-1022.md @@ -0,0 +1,17 @@ +### [CVE-2000-1022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1022) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-1054.md b/2000/CVE-2000-1054.md new file mode 100644 index 0000000000..1c4270b6f6 --- /dev/null +++ b/2000/CVE-2000-1054.md @@ -0,0 +1,17 @@ +### [CVE-2000-1054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1054) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-1055.md b/2000/CVE-2000-1055.md new file mode 100644 index 0000000000..574bd0272a --- /dev/null +++ b/2000/CVE-2000-1055.md @@ -0,0 +1,17 @@ +### [CVE-2000-1055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1055) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-1056.md b/2000/CVE-2000-1056.md new file mode 100644 index 0000000000..b728aeb99e --- /dev/null +++ b/2000/CVE-2000-1056.md @@ -0,0 +1,17 @@ +### [CVE-2000-1056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1056) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0019.md b/2001/CVE-2001-0019.md new file mode 100644 index 0000000000..38a6c567d3 --- /dev/null +++ b/2001/CVE-2001-0019.md @@ -0,0 +1,17 @@ +### [CVE-2001-0019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0019) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0020.md b/2001/CVE-2001-0020.md new file mode 100644 index 0000000000..2e00917567 --- /dev/null +++ b/2001/CVE-2001-0020.md @@ -0,0 +1,17 @@ +### [CVE-2001-0020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0020) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0041.md b/2001/CVE-2001-0041.md new file mode 100644 index 0000000000..b8efef698c --- /dev/null +++ b/2001/CVE-2001-0041.md @@ -0,0 +1,17 @@ +### [CVE-2001-0041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0041) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0055.md b/2001/CVE-2001-0055.md new file mode 100644 index 0000000000..dbbb00842e --- /dev/null +++ b/2001/CVE-2001-0055.md @@ -0,0 +1,17 @@ +### [CVE-2001-0055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0055) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0056.md b/2001/CVE-2001-0056.md new file mode 100644 index 0000000000..7b6e084c86 --- /dev/null +++ b/2001/CVE-2001-0056.md @@ -0,0 +1,17 @@ +### [CVE-2001-0056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0056) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0057.md b/2001/CVE-2001-0057.md new file mode 100644 index 0000000000..df14ac93b1 --- /dev/null +++ b/2001/CVE-2001-0057.md @@ -0,0 +1,17 @@ +### [CVE-2001-0057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0057) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0058.md b/2001/CVE-2001-0058.md new file mode 100644 index 0000000000..c674fda06d --- /dev/null +++ b/2001/CVE-2001-0058.md @@ -0,0 +1,17 @@ +### [CVE-2001-0058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0058) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0288.md b/2001/CVE-2001-0288.md new file mode 100644 index 0000000000..5d30ea9e32 --- /dev/null +++ b/2001/CVE-2001-0288.md @@ -0,0 +1,17 @@ +### [CVE-2001-0288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0288) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0375.md b/2001/CVE-2001-0375.md new file mode 100644 index 0000000000..e5f6b54dcf --- /dev/null +++ b/2001/CVE-2001-0375.md @@ -0,0 +1,17 @@ +### [CVE-2001-0375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0375) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0412.md b/2001/CVE-2001-0412.md new file mode 100644 index 0000000000..b5ffd74c57 --- /dev/null +++ b/2001/CVE-2001-0412.md @@ -0,0 +1,17 @@ +### [CVE-2001-0412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0412) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0427.md b/2001/CVE-2001-0427.md new file mode 100644 index 0000000000..097e50da30 --- /dev/null +++ b/2001/CVE-2001-0427.md @@ -0,0 +1,17 @@ +### [CVE-2001-0427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0427) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0428.md b/2001/CVE-2001-0428.md new file mode 100644 index 0000000000..0dfbdf484b --- /dev/null +++ b/2001/CVE-2001-0428.md @@ -0,0 +1,17 @@ +### [CVE-2001-0428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0428) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0429.md b/2001/CVE-2001-0429.md new file mode 100644 index 0000000000..72737fe1aa --- /dev/null +++ b/2001/CVE-2001-0429.md @@ -0,0 +1,17 @@ +### [CVE-2001-0429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0429) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0455.md b/2001/CVE-2001-0455.md new file mode 100644 index 0000000000..800948dfef --- /dev/null +++ b/2001/CVE-2001-0455.md @@ -0,0 +1,17 @@ +### [CVE-2001-0455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0455) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Aironet340-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0537.md b/2001/CVE-2001-0537.md index f318d62117..10d7cd1c0c 100644 --- a/2001/CVE-2001-0537.md +++ b/2001/CVE-2001-0537.md @@ -10,7 +10,7 @@ HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2001/CVE-2001-0554.md b/2001/CVE-2001-0554.md index c84e4cabad..ca75158696 100644 --- a/2001/CVE-2001-0554.md +++ b/2001/CVE-2001-0554.md @@ -10,6 +10,7 @@ Buffer overflow in BSD-based telnetd telnet daemon on various operating systems ### POC #### Reference +- http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml - http://www.redhat.com/support/errata/RHSA-2001-099.html #### Github diff --git a/2001/CVE-2001-0621.md b/2001/CVE-2001-0621.md new file mode 100644 index 0000000000..40edb1b9ba --- /dev/null +++ b/2001/CVE-2001-0621.md @@ -0,0 +1,17 @@ +### [CVE-2001-0621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0621) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0622.md b/2001/CVE-2001-0622.md new file mode 100644 index 0000000000..42ce037da2 --- /dev/null +++ b/2001/CVE-2001-0622.md @@ -0,0 +1,17 @@ +### [CVE-2001-0622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0622) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0650.md b/2001/CVE-2001-0650.md new file mode 100644 index 0000000000..c4bc8b7c3c --- /dev/null +++ b/2001/CVE-2001-0650.md @@ -0,0 +1,17 @@ +### [CVE-2001-0650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0650) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0669.md b/2001/CVE-2001-0669.md new file mode 100644 index 0000000000..e399de4364 --- /dev/null +++ b/2001/CVE-2001-0669.md @@ -0,0 +1,17 @@ +### [CVE-2001-0669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0669) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0711.md b/2001/CVE-2001-0711.md new file mode 100644 index 0000000000..74a93e7d1e --- /dev/null +++ b/2001/CVE-2001-0711.md @@ -0,0 +1,17 @@ +### [CVE-2001-0711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0711) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0748.md b/2001/CVE-2001-0748.md new file mode 100644 index 0000000000..6f004d199a --- /dev/null +++ b/2001/CVE-2001-0748.md @@ -0,0 +1,17 @@ +### [CVE-2001-0748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0748) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0750.md b/2001/CVE-2001-0750.md new file mode 100644 index 0000000000..f431a4dbac --- /dev/null +++ b/2001/CVE-2001-0750.md @@ -0,0 +1,17 @@ +### [CVE-2001-0750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0750) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0751.md b/2001/CVE-2001-0751.md new file mode 100644 index 0000000000..c1efae4f00 --- /dev/null +++ b/2001/CVE-2001-0751.md @@ -0,0 +1,17 @@ +### [CVE-2001-0751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0751) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0752.md b/2001/CVE-2001-0752.md new file mode 100644 index 0000000000..acbc3ab979 --- /dev/null +++ b/2001/CVE-2001-0752.md @@ -0,0 +1,17 @@ +### [CVE-2001-0752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0752) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0753.md b/2001/CVE-2001-0753.md new file mode 100644 index 0000000000..b7c3ffe0cc --- /dev/null +++ b/2001/CVE-2001-0753.md @@ -0,0 +1,17 @@ +### [CVE-2001-0753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0753) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0754.md b/2001/CVE-2001-0754.md new file mode 100644 index 0000000000..0d39b60bcd --- /dev/null +++ b/2001/CVE-2001-0754.md @@ -0,0 +1,17 @@ +### [CVE-2001-0754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0754) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0757.md b/2001/CVE-2001-0757.md new file mode 100644 index 0000000000..8c917f32b7 --- /dev/null +++ b/2001/CVE-2001-0757.md @@ -0,0 +1,17 @@ +### [CVE-2001-0757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0757) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0817.md b/2001/CVE-2001-0817.md new file mode 100644 index 0000000000..2879e5d392 --- /dev/null +++ b/2001/CVE-2001-0817.md @@ -0,0 +1,17 @@ +### [CVE-2001-0817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0817) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bigb0x/CVE-2024-6387 + diff --git a/2001/CVE-2001-0861.md b/2001/CVE-2001-0861.md new file mode 100644 index 0000000000..e1353d20c4 --- /dev/null +++ b/2001/CVE-2001-0861.md @@ -0,0 +1,17 @@ +### [CVE-2001-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0861) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0862.md b/2001/CVE-2001-0862.md new file mode 100644 index 0000000000..27b1379b14 --- /dev/null +++ b/2001/CVE-2001-0862.md @@ -0,0 +1,17 @@ +### [CVE-2001-0862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0862) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0863.md b/2001/CVE-2001-0863.md new file mode 100644 index 0000000000..0b0b5432c4 --- /dev/null +++ b/2001/CVE-2001-0863.md @@ -0,0 +1,17 @@ +### [CVE-2001-0863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0863) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0864.md b/2001/CVE-2001-0864.md new file mode 100644 index 0000000000..d27eadecac --- /dev/null +++ b/2001/CVE-2001-0864.md @@ -0,0 +1,17 @@ +### [CVE-2001-0864](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0864) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0865.md b/2001/CVE-2001-0865.md new file mode 100644 index 0000000000..dcbb5e21fe --- /dev/null +++ b/2001/CVE-2001-0865.md @@ -0,0 +1,17 @@ +### [CVE-2001-0865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0865) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0866.md b/2001/CVE-2001-0866.md new file mode 100644 index 0000000000..6f4b512ad9 --- /dev/null +++ b/2001/CVE-2001-0866.md @@ -0,0 +1,17 @@ +### [CVE-2001-0866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0866) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0867.md b/2001/CVE-2001-0867.md new file mode 100644 index 0000000000..5e2af5ced7 --- /dev/null +++ b/2001/CVE-2001-0867.md @@ -0,0 +1,17 @@ +### [CVE-2001-0867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0867) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0895.md b/2001/CVE-2001-0895.md new file mode 100644 index 0000000000..f5b0af419b --- /dev/null +++ b/2001/CVE-2001-0895.md @@ -0,0 +1,17 @@ +### [CVE-2001-0895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0895) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0929.md b/2001/CVE-2001-0929.md new file mode 100644 index 0000000000..726d1909ab --- /dev/null +++ b/2001/CVE-2001-0929.md @@ -0,0 +1,17 @@ +### [CVE-2001-0929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0929) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1037.md b/2001/CVE-2001-1037.md new file mode 100644 index 0000000000..af8e332eff --- /dev/null +++ b/2001/CVE-2001-1037.md @@ -0,0 +1,17 @@ +### [CVE-2001-1037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-kernel-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1038.md b/2001/CVE-2001-1038.md new file mode 100644 index 0000000000..46e8f4669c --- /dev/null +++ b/2001/CVE-2001-1038.md @@ -0,0 +1,17 @@ +### [CVE-2001-1038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1038) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-kernel-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1064.md b/2001/CVE-2001-1064.md new file mode 100644 index 0000000000..d0c39e6866 --- /dev/null +++ b/2001/CVE-2001-1064.md @@ -0,0 +1,17 @@ +### [CVE-2001-1064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1064) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1065.md b/2001/CVE-2001-1065.md new file mode 100644 index 0000000000..24a0a08d2b --- /dev/null +++ b/2001/CVE-2001-1065.md @@ -0,0 +1,17 @@ +### [CVE-2001-1065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1065) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1105.md b/2001/CVE-2001-1105.md new file mode 100644 index 0000000000..ca2d1650ec --- /dev/null +++ b/2001/CVE-2001-1105.md @@ -0,0 +1,17 @@ +### [CVE-2001-1105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SSL-J-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1183.md b/2001/CVE-2001-1183.md new file mode 100644 index 0000000000..170ba41f87 --- /dev/null +++ b/2001/CVE-2001-1183.md @@ -0,0 +1,17 @@ +### [CVE-2001-1183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1183) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1434.md b/2001/CVE-2001-1434.md new file mode 100644 index 0000000000..8aa8b92e42 --- /dev/null +++ b/2001/CVE-2001-1434.md @@ -0,0 +1,17 @@ +### [CVE-2001-1434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1434) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0071.md b/2002/CVE-2002-0071.md new file mode 100644 index 0000000000..5d0cdc8802 --- /dev/null +++ b/2002/CVE-2002-0071.md @@ -0,0 +1,17 @@ +### [CVE-2002-0071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0071) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0072.md b/2002/CVE-2002-0072.md new file mode 100644 index 0000000000..8e7c367978 --- /dev/null +++ b/2002/CVE-2002-0072.md @@ -0,0 +1,17 @@ +### [CVE-2002-0072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0072) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0073.md b/2002/CVE-2002-0073.md index b2dbcede74..a3d43adbc8 100644 --- a/2002/CVE-2002-0073.md +++ b/2002/CVE-2002-0073.md @@ -11,6 +11,7 @@ The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows att #### Reference - http://marc.info/?l=bugtraq&m=101901273810598&w=2 +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml #### Github No PoCs found on GitHub currently. diff --git a/2002/CVE-2002-0074.md b/2002/CVE-2002-0074.md new file mode 100644 index 0000000000..b1d9d3b846 --- /dev/null +++ b/2002/CVE-2002-0074.md @@ -0,0 +1,17 @@ +### [CVE-2002-0074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0074) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0075.md b/2002/CVE-2002-0075.md new file mode 100644 index 0000000000..3ec81dd6ac --- /dev/null +++ b/2002/CVE-2002-0075.md @@ -0,0 +1,17 @@ +### [CVE-2002-0075](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0075) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0079.md b/2002/CVE-2002-0079.md new file mode 100644 index 0000000000..7f2d474739 --- /dev/null +++ b/2002/CVE-2002-0079.md @@ -0,0 +1,17 @@ +### [CVE-2002-0079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0079) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0083.md b/2002/CVE-2002-0083.md new file mode 100644 index 0000000000..9862e4f363 --- /dev/null +++ b/2002/CVE-2002-0083.md @@ -0,0 +1,17 @@ +### [CVE-2002-0083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bigb0x/CVE-2024-6387 + diff --git a/2002/CVE-2002-0147.md b/2002/CVE-2002-0147.md new file mode 100644 index 0000000000..6c0662f247 --- /dev/null +++ b/2002/CVE-2002-0147.md @@ -0,0 +1,17 @@ +### [CVE-2002-0147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0147) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0148.md b/2002/CVE-2002-0148.md index 3eb9ab0afb..d15e26d076 100644 --- a/2002/CVE-2002-0148.md +++ b/2002/CVE-2002-0148.md @@ -10,6 +10,7 @@ Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 ### POC #### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92 #### Github diff --git a/2002/CVE-2002-0149.md b/2002/CVE-2002-0149.md index 236158970d..f897848bb8 100644 --- a/2002/CVE-2002-0149.md +++ b/2002/CVE-2002-0149.md @@ -10,6 +10,7 @@ Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allo ### POC #### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95 #### Github diff --git a/2002/CVE-2002-0150.md b/2002/CVE-2002-0150.md new file mode 100644 index 0000000000..b76a361378 --- /dev/null +++ b/2002/CVE-2002-0150.md @@ -0,0 +1,17 @@ +### [CVE-2002-0150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0150) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0159.md b/2002/CVE-2002-0159.md new file mode 100644 index 0000000000..654ccec709 --- /dev/null +++ b/2002/CVE-2002-0159.md @@ -0,0 +1,17 @@ +### [CVE-2002-0159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0159) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0160.md b/2002/CVE-2002-0160.md new file mode 100644 index 0000000000..15ab2550af --- /dev/null +++ b/2002/CVE-2002-0160.md @@ -0,0 +1,17 @@ +### [CVE-2002-0160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0339.md b/2002/CVE-2002-0339.md new file mode 100644 index 0000000000..e93304534f --- /dev/null +++ b/2002/CVE-2002-0339.md @@ -0,0 +1,17 @@ +### [CVE-2002-0339](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0339) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0505.md b/2002/CVE-2002-0505.md new file mode 100644 index 0000000000..f08cd6abed --- /dev/null +++ b/2002/CVE-2002-0505.md @@ -0,0 +1,17 @@ +### [CVE-2002-0505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0505) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0545.md b/2002/CVE-2002-0545.md new file mode 100644 index 0000000000..a576f87dca --- /dev/null +++ b/2002/CVE-2002-0545.md @@ -0,0 +1,17 @@ +### [CVE-2002-0545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0545) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0769.md b/2002/CVE-2002-0769.md new file mode 100644 index 0000000000..4365d108e3 --- /dev/null +++ b/2002/CVE-2002-0769.md @@ -0,0 +1,17 @@ +### [CVE-2002-0769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0769) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0778.md b/2002/CVE-2002-0778.md new file mode 100644 index 0000000000..db6dd12d5b --- /dev/null +++ b/2002/CVE-2002-0778.md @@ -0,0 +1,17 @@ +### [CVE-2002-0778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0778) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0792.md b/2002/CVE-2002-0792.md new file mode 100644 index 0000000000..18dffe876d --- /dev/null +++ b/2002/CVE-2002-0792.md @@ -0,0 +1,17 @@ +### [CVE-2002-0792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0792) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/css-http-post-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0813.md b/2002/CVE-2002-0813.md index 12c6c837a5..9f9ccdc0c2 100644 --- a/2002/CVE-2002-0813.md +++ b/2002/CVE-2002-0813.md @@ -11,6 +11,7 @@ Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2 #### Reference - http://marc.info/?l=bugtraq&m=103002169829669&w=2 +- http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml #### Github No PoCs found on GitHub currently. diff --git a/2002/CVE-2002-0848.md b/2002/CVE-2002-0848.md new file mode 100644 index 0000000000..f7f17e9316 --- /dev/null +++ b/2002/CVE-2002-0848.md @@ -0,0 +1,17 @@ +### [CVE-2002-0848](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0848) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0852.md b/2002/CVE-2002-0852.md new file mode 100644 index 0000000000..0c2e00770f --- /dev/null +++ b/2002/CVE-2002-0852.md @@ -0,0 +1,17 @@ +### [CVE-2002-0852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0852) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0853.md b/2002/CVE-2002-0853.md new file mode 100644 index 0000000000..9470c2f51f --- /dev/null +++ b/2002/CVE-2002-0853.md @@ -0,0 +1,17 @@ +### [CVE-2002-0853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0853) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0870.md b/2002/CVE-2002-0870.md new file mode 100644 index 0000000000..cdd55d9d9f --- /dev/null +++ b/2002/CVE-2002-0870.md @@ -0,0 +1,17 @@ +### [CVE-2002-0870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0870) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0880.md b/2002/CVE-2002-0880.md new file mode 100644 index 0000000000..830004ae36 --- /dev/null +++ b/2002/CVE-2002-0880.md @@ -0,0 +1,17 @@ +### [CVE-2002-0880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0880) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0881.md b/2002/CVE-2002-0881.md new file mode 100644 index 0000000000..e7871d4f56 --- /dev/null +++ b/2002/CVE-2002-0881.md @@ -0,0 +1,17 @@ +### [CVE-2002-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0881) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0882.md b/2002/CVE-2002-0882.md new file mode 100644 index 0000000000..c0c47d9b5b --- /dev/null +++ b/2002/CVE-2002-0882.md @@ -0,0 +1,17 @@ +### [CVE-2002-0882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0882) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0886.md b/2002/CVE-2002-0886.md new file mode 100644 index 0000000000..b21d8c5701 --- /dev/null +++ b/2002/CVE-2002-0886.md @@ -0,0 +1,17 @@ +### [CVE-2002-0886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0886) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-DoS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0952.md b/2002/CVE-2002-0952.md new file mode 100644 index 0000000000..c6422d81da --- /dev/null +++ b/2002/CVE-2002-0952.md @@ -0,0 +1,17 @@ +### [CVE-2002-0952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0952) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1024.md b/2002/CVE-2002-1024.md index e9d59c20ba..e1ff8f72ba 100644 --- a/2002/CVE-2002-1024.md +++ b/2002/CVE-2002-1024.md @@ -10,7 +10,7 @@ Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cau ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/SSH-scanning.shtml #### Github - https://github.com/phx/cvescan diff --git a/2002/CVE-2002-1092.md b/2002/CVE-2002-1092.md new file mode 100644 index 0000000000..e1da84d25d --- /dev/null +++ b/2002/CVE-2002-1092.md @@ -0,0 +1,17 @@ +### [CVE-2002-1092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1092) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1093.md b/2002/CVE-2002-1093.md new file mode 100644 index 0000000000..031510209c --- /dev/null +++ b/2002/CVE-2002-1093.md @@ -0,0 +1,17 @@ +### [CVE-2002-1093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1093) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1094.md b/2002/CVE-2002-1094.md new file mode 100644 index 0000000000..758cda27be --- /dev/null +++ b/2002/CVE-2002-1094.md @@ -0,0 +1,17 @@ +### [CVE-2002-1094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1094) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1095.md b/2002/CVE-2002-1095.md new file mode 100644 index 0000000000..3fb206c6cb --- /dev/null +++ b/2002/CVE-2002-1095.md @@ -0,0 +1,17 @@ +### [CVE-2002-1095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1095) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1096.md b/2002/CVE-2002-1096.md new file mode 100644 index 0000000000..4e940826c2 --- /dev/null +++ b/2002/CVE-2002-1096.md @@ -0,0 +1,17 @@ +### [CVE-2002-1096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1096) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1097.md b/2002/CVE-2002-1097.md new file mode 100644 index 0000000000..94da33dc31 --- /dev/null +++ b/2002/CVE-2002-1097.md @@ -0,0 +1,17 @@ +### [CVE-2002-1097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1097) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1098.md b/2002/CVE-2002-1098.md new file mode 100644 index 0000000000..8f3020a6d2 --- /dev/null +++ b/2002/CVE-2002-1098.md @@ -0,0 +1,17 @@ +### [CVE-2002-1098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1098) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1099.md b/2002/CVE-2002-1099.md new file mode 100644 index 0000000000..3930d45554 --- /dev/null +++ b/2002/CVE-2002-1099.md @@ -0,0 +1,17 @@ +### [CVE-2002-1099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1099) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1100.md b/2002/CVE-2002-1100.md new file mode 100644 index 0000000000..a32d98d4b6 --- /dev/null +++ b/2002/CVE-2002-1100.md @@ -0,0 +1,17 @@ +### [CVE-2002-1100](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1100) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1101.md b/2002/CVE-2002-1101.md new file mode 100644 index 0000000000..051d7cddb5 --- /dev/null +++ b/2002/CVE-2002-1101.md @@ -0,0 +1,17 @@ +### [CVE-2002-1101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1101) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1102.md b/2002/CVE-2002-1102.md new file mode 100644 index 0000000000..e121cdcae2 --- /dev/null +++ b/2002/CVE-2002-1102.md @@ -0,0 +1,17 @@ +### [CVE-2002-1102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1102) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1103.md b/2002/CVE-2002-1103.md new file mode 100644 index 0000000000..000515bf2a --- /dev/null +++ b/2002/CVE-2002-1103.md @@ -0,0 +1,17 @@ +### [CVE-2002-1103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1103) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1104.md b/2002/CVE-2002-1104.md new file mode 100644 index 0000000000..c99c9c8d30 --- /dev/null +++ b/2002/CVE-2002-1104.md @@ -0,0 +1,17 @@ +### [CVE-2002-1104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1104) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1105.md b/2002/CVE-2002-1105.md new file mode 100644 index 0000000000..6ec27a3b68 --- /dev/null +++ b/2002/CVE-2002-1105.md @@ -0,0 +1,17 @@ +### [CVE-2002-1105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1106.md b/2002/CVE-2002-1106.md new file mode 100644 index 0000000000..5cdfee0661 --- /dev/null +++ b/2002/CVE-2002-1106.md @@ -0,0 +1,17 @@ +### [CVE-2002-1106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1106) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1107.md b/2002/CVE-2002-1107.md new file mode 100644 index 0000000000..fe8a14938c --- /dev/null +++ b/2002/CVE-2002-1107.md @@ -0,0 +1,17 @@ +### [CVE-2002-1107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1107) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1108.md b/2002/CVE-2002-1108.md new file mode 100644 index 0000000000..99103c62f4 --- /dev/null +++ b/2002/CVE-2002-1108.md @@ -0,0 +1,17 @@ +### [CVE-2002-1108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1108) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1131.md b/2002/CVE-2002-1131.md index 3e96f1d1a9..2f194bbeb6 100644 --- a/2002/CVE-2002-1131.md +++ b/2002/CVE-2002-1131.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/0xget/cve-2001-1473 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/POORVAJA-195/Nuclei-Analysis-main +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2002/CVE-2002-1137.md b/2002/CVE-2002-1137.md new file mode 100644 index 0000000000..36599db0ad --- /dev/null +++ b/2002/CVE-2002-1137.md @@ -0,0 +1,17 @@ +### [CVE-2002-1137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1137) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1145.md b/2002/CVE-2002-1145.md new file mode 100644 index 0000000000..4eeec0aec4 --- /dev/null +++ b/2002/CVE-2002-1145.md @@ -0,0 +1,17 @@ +### [CVE-2002-1145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1145) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1189.md b/2002/CVE-2002-1189.md new file mode 100644 index 0000000000..a92919ccd5 --- /dev/null +++ b/2002/CVE-2002-1189.md @@ -0,0 +1,17 @@ +### [CVE-2002-1189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1189) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1190.md b/2002/CVE-2002-1190.md new file mode 100644 index 0000000000..ea5030599b --- /dev/null +++ b/2002/CVE-2002-1190.md @@ -0,0 +1,17 @@ +### [CVE-2002-1190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1190) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1222.md b/2002/CVE-2002-1222.md new file mode 100644 index 0000000000..74a01ffedb --- /dev/null +++ b/2002/CVE-2002-1222.md @@ -0,0 +1,17 @@ +### [CVE-2002-1222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1222) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1447.md b/2002/CVE-2002-1447.md new file mode 100644 index 0000000000..2be9548691 --- /dev/null +++ b/2002/CVE-2002-1447.md @@ -0,0 +1,17 @@ +### [CVE-2002-1447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1447) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1491.md b/2002/CVE-2002-1491.md new file mode 100644 index 0000000000..b47b1ac6df --- /dev/null +++ b/2002/CVE-2002-1491.md @@ -0,0 +1,17 @@ +### [CVE-2002-1491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1491) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1492.md b/2002/CVE-2002-1492.md new file mode 100644 index 0000000000..47addc5a7f --- /dev/null +++ b/2002/CVE-2002-1492.md @@ -0,0 +1,17 @@ +### [CVE-2002-1492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1492) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1553.md b/2002/CVE-2002-1553.md new file mode 100644 index 0000000000..fe64066e38 --- /dev/null +++ b/2002/CVE-2002-1553.md @@ -0,0 +1,17 @@ +### [CVE-2002-1553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1553) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1554.md b/2002/CVE-2002-1554.md new file mode 100644 index 0000000000..12ae7d57ce --- /dev/null +++ b/2002/CVE-2002-1554.md @@ -0,0 +1,17 @@ +### [CVE-2002-1554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1554) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1555.md b/2002/CVE-2002-1555.md new file mode 100644 index 0000000000..88f9b98848 --- /dev/null +++ b/2002/CVE-2002-1555.md @@ -0,0 +1,17 @@ +### [CVE-2002-1555](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1555) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1556.md b/2002/CVE-2002-1556.md new file mode 100644 index 0000000000..2d3447cb88 --- /dev/null +++ b/2002/CVE-2002-1556.md @@ -0,0 +1,17 @@ +### [CVE-2002-1556](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1556) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1557.md b/2002/CVE-2002-1557.md new file mode 100644 index 0000000000..8f7f6b6216 --- /dev/null +++ b/2002/CVE-2002-1557.md @@ -0,0 +1,17 @@ +### [CVE-2002-1557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1557) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1558.md b/2002/CVE-2002-1558.md new file mode 100644 index 0000000000..24899bcaf8 --- /dev/null +++ b/2002/CVE-2002-1558.md @@ -0,0 +1,17 @@ +### [CVE-2002-1558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1558) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1595.md b/2002/CVE-2002-1595.md new file mode 100644 index 0000000000..bfd87e8b56 --- /dev/null +++ b/2002/CVE-2002-1595.md @@ -0,0 +1,17 @@ +### [CVE-2002-1595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1595) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1596.md b/2002/CVE-2002-1596.md new file mode 100644 index 0000000000..23026cc442 --- /dev/null +++ b/2002/CVE-2002-1596.md @@ -0,0 +1,17 @@ +### [CVE-2002-1596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1596) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1597.md b/2002/CVE-2002-1597.md new file mode 100644 index 0000000000..b06530dba2 --- /dev/null +++ b/2002/CVE-2002-1597.md @@ -0,0 +1,17 @@ +### [CVE-2002-1597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1597) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1706.md b/2002/CVE-2002-1706.md new file mode 100644 index 0000000000..e894d6e06a --- /dev/null +++ b/2002/CVE-2002-1706.md @@ -0,0 +1,17 @@ +### [CVE-2002-1706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1706) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2037.md b/2002/CVE-2002-2037.md new file mode 100644 index 0000000000..33f6019c47 --- /dev/null +++ b/2002/CVE-2002-2037.md @@ -0,0 +1,17 @@ +### [CVE-2002-2037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Solaris-for-MGC-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2139.md b/2002/CVE-2002-2139.md new file mode 100644 index 0000000000..7c8db1f1fe --- /dev/null +++ b/2002/CVE-2002-2139.md @@ -0,0 +1,17 @@ +### [CVE-2002-2139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2139) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2140.md b/2002/CVE-2002-2140.md new file mode 100644 index 0000000000..fae2e96ec6 --- /dev/null +++ b/2002/CVE-2002-2140.md @@ -0,0 +1,17 @@ +### [CVE-2002-2140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2140) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2208.md b/2002/CVE-2002-2208.md new file mode 100644 index 0000000000..87d5f8f530 --- /dev/null +++ b/2002/CVE-2002-2208.md @@ -0,0 +1,17 @@ +### [CVE-2002-2208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2208) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/eigrp_issue.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2239.md b/2002/CVE-2002-2239.md new file mode 100644 index 0000000000..d4e9f57975 --- /dev/null +++ b/2002/CVE-2002-2239.md @@ -0,0 +1,17 @@ +### [CVE-2002-2239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2239) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/osm-lc-ios-pkt-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0190.md b/2003/CVE-2003-0190.md index e7a97819d7..bea1b32bc1 100644 --- a/2003/CVE-2003-0190.md +++ b/2003/CVE-2003-0190.md @@ -19,5 +19,6 @@ OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediat - https://github.com/0xdea/exploits - https://github.com/Live-Hack-CVE/CVE-2003-0190 - https://github.com/Live-Hack-CVE/CVE-2003-1562 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/octane23/CASE-STUDY-1 diff --git a/2003/CVE-2003-0210.md b/2003/CVE-2003-0210.md new file mode 100644 index 0000000000..f5f025adb1 --- /dev/null +++ b/2003/CVE-2003-0210.md @@ -0,0 +1,17 @@ +### [CVE-2003-0210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0210) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0216.md b/2003/CVE-2003-0216.md new file mode 100644 index 0000000000..cb09059e41 --- /dev/null +++ b/2003/CVE-2003-0216.md @@ -0,0 +1,17 @@ +### [CVE-2003-0216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0216) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml. + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0258.md b/2003/CVE-2003-0258.md new file mode 100644 index 0000000000..b226a01676 --- /dev/null +++ b/2003/CVE-2003-0258.md @@ -0,0 +1,17 @@ +### [CVE-2003-0258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0258) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0259.md b/2003/CVE-2003-0259.md new file mode 100644 index 0000000000..83c51c08bb --- /dev/null +++ b/2003/CVE-2003-0259.md @@ -0,0 +1,17 @@ +### [CVE-2003-0259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0259) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0260.md b/2003/CVE-2003-0260.md new file mode 100644 index 0000000000..de8499645c --- /dev/null +++ b/2003/CVE-2003-0260.md @@ -0,0 +1,17 @@ +### [CVE-2003-0260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0260) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0305.md b/2003/CVE-2003-0305.md new file mode 100644 index 0000000000..79011f0a72 --- /dev/null +++ b/2003/CVE-2003-0305.md @@ -0,0 +1,17 @@ +### [CVE-2003-0305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0305) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0511.md b/2003/CVE-2003-0511.md new file mode 100644 index 0000000000..13bb8a7fb2 --- /dev/null +++ b/2003/CVE-2003-0511.md @@ -0,0 +1,17 @@ +### [CVE-2003-0511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0511) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0512.md b/2003/CVE-2003-0512.md new file mode 100644 index 0000000000..4d8c017c22 --- /dev/null +++ b/2003/CVE-2003-0512.md @@ -0,0 +1,17 @@ +### [CVE-2003-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0512) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0567.md b/2003/CVE-2003-0567.md index 17239bf5ae..3d43140613 100644 --- a/2003/CVE-2003-0567.md +++ b/2003/CVE-2003-0567.md @@ -11,6 +11,7 @@ Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial o #### Reference - http://www.cert.org/advisories/CA-2003-17.html +- http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml #### Github No PoCs found on GitHub currently. diff --git a/2003/CVE-2003-0647.md b/2003/CVE-2003-0647.md new file mode 100644 index 0000000000..b13c57f072 --- /dev/null +++ b/2003/CVE-2003-0647.md @@ -0,0 +1,17 @@ +### [CVE-2003-0647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0647) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0731.md b/2003/CVE-2003-0731.md new file mode 100644 index 0000000000..35f703ec65 --- /dev/null +++ b/2003/CVE-2003-0731.md @@ -0,0 +1,17 @@ +### [CVE-2003-0731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0731) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0732.md b/2003/CVE-2003-0732.md new file mode 100644 index 0000000000..9b7998f01f --- /dev/null +++ b/2003/CVE-2003-0732.md @@ -0,0 +1,17 @@ +### [CVE-2003-0732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0732) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0812.md b/2003/CVE-2003-0812.md index fad57bdd9f..70adf262da 100644 --- a/2003/CVE-2003-0812.md +++ b/2003/CVE-2003-0812.md @@ -11,6 +11,7 @@ Stack-based buffer overflow in a logging function for Windows Workstation Servic #### Reference - http://marc.info/?l=bugtraq&m=106865197102041&w=2 +- http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml - http://www.kb.cert.org/vuls/id/567620 #### Github diff --git a/2003/CVE-2003-0851.md b/2003/CVE-2003-0851.md index 52402d9cce..ba6baa70a4 100644 --- a/2003/CVE-2003-0851.md +++ b/2003/CVE-2003-0851.md @@ -10,7 +10,7 @@ OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via l ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2003/CVE-2003-0982.md b/2003/CVE-2003-0982.md new file mode 100644 index 0000000000..9900807fbb --- /dev/null +++ b/2003/CVE-2003-0982.md @@ -0,0 +1,17 @@ +### [CVE-2003-0982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0982) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1001.md b/2003/CVE-2003-1001.md new file mode 100644 index 0000000000..57dfb8cac7 --- /dev/null +++ b/2003/CVE-2003-1001.md @@ -0,0 +1,17 @@ +### [CVE-2003-1001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1001) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1002.md b/2003/CVE-2003-1002.md new file mode 100644 index 0000000000..9492d5f4d1 --- /dev/null +++ b/2003/CVE-2003-1002.md @@ -0,0 +1,17 @@ +### [CVE-2003-1002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1002) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1003.md b/2003/CVE-2003-1003.md new file mode 100644 index 0000000000..58a678e5ea --- /dev/null +++ b/2003/CVE-2003-1003.md @@ -0,0 +1,17 @@ +### [CVE-2003-1003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1003) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1004.md b/2003/CVE-2003-1004.md new file mode 100644 index 0000000000..3100d36338 --- /dev/null +++ b/2003/CVE-2003-1004.md @@ -0,0 +1,17 @@ +### [CVE-2003-1004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1004) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1096.md b/2003/CVE-2003-1096.md new file mode 100644 index 0000000000..12c52941a6 --- /dev/null +++ b/2003/CVE-2003-1096.md @@ -0,0 +1,17 @@ +### [CVE-2003-1096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1096) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1109.md b/2003/CVE-2003-1109.md new file mode 100644 index 0000000000..a2d397fb98 --- /dev/null +++ b/2003/CVE-2003-1109.md @@ -0,0 +1,17 @@ +### [CVE-2003-1109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1109) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1132.md b/2003/CVE-2003-1132.md new file mode 100644 index 0000000000..2c688e50ae --- /dev/null +++ b/2003/CVE-2003-1132.md @@ -0,0 +1,17 @@ +### [CVE-2003-1132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1132) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1418.md b/2003/CVE-2003-1418.md index 86be8558b3..bf880424b1 100644 --- a/2003/CVE-2003-1418.md +++ b/2003/CVE-2003-1418.md @@ -13,5 +13,6 @@ Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to o - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html #### Github +- https://github.com/EzeTauil/Maquina-Vacaciones - https://github.com/KINGSABRI/nessus-search diff --git a/2004/CVE-2004-0044.md b/2004/CVE-2004-0044.md new file mode 100644 index 0000000000..95fee17096 --- /dev/null +++ b/2004/CVE-2004-0044.md @@ -0,0 +1,17 @@ +### [CVE-2004-0044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0044) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0054.md b/2004/CVE-2004-0054.md new file mode 100644 index 0000000000..944215c19c --- /dev/null +++ b/2004/CVE-2004-0054.md @@ -0,0 +1,17 @@ +### [CVE-2004-0054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0054) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0077.md b/2004/CVE-2004-0077.md index 8a9bd15421..6b3637a005 100644 --- a/2004/CVE-2004-0077.md +++ b/2004/CVE-2004-0077.md @@ -34,6 +34,7 @@ The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2004/CVE-2004-0079.md b/2004/CVE-2004-0079.md index b872cddaf4..10644a9264 100644 --- a/2004/CVE-2004-0079.md +++ b/2004/CVE-2004-0079.md @@ -10,6 +10,7 @@ The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0. ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779 diff --git a/2004/CVE-2004-0081.md b/2004/CVE-2004-0081.md index cc3fea93ad..0a9de38c8c 100644 --- a/2004/CVE-2004-0081.md +++ b/2004/CVE-2004-0081.md @@ -10,6 +10,7 @@ OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, whic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902 #### Github diff --git a/2004/CVE-2004-0112.md b/2004/CVE-2004-0112.md index 918110b7ff..1b47efb084 100644 --- a/2004/CVE-2004-0112.md +++ b/2004/CVE-2004-0112.md @@ -10,6 +10,7 @@ The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using K ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580 diff --git a/2004/CVE-2004-0230.md b/2004/CVE-2004-0230.md index b91b3bdfc8..8e1d218919 100644 --- a/2004/CVE-2004-0230.md +++ b/2004/CVE-2004-0230.md @@ -10,6 +10,7 @@ TCP, when using a large Window Size, makes it easier for remote attackers to gue ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml - http://www.kb.cert.org/vuls/id/415294 - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019 diff --git a/2004/CVE-2004-0244.md b/2004/CVE-2004-0244.md new file mode 100644 index 0000000000..50ece48f61 --- /dev/null +++ b/2004/CVE-2004-0244.md @@ -0,0 +1,17 @@ +### [CVE-2004-0244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0244) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0306.md b/2004/CVE-2004-0306.md new file mode 100644 index 0000000000..20761a0339 --- /dev/null +++ b/2004/CVE-2004-0306.md @@ -0,0 +1,17 @@ +### [CVE-2004-0306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0306) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0307.md b/2004/CVE-2004-0307.md new file mode 100644 index 0000000000..88f441f546 --- /dev/null +++ b/2004/CVE-2004-0307.md @@ -0,0 +1,17 @@ +### [CVE-2004-0307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0307) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0308.md b/2004/CVE-2004-0308.md new file mode 100644 index 0000000000..82cb664c93 --- /dev/null +++ b/2004/CVE-2004-0308.md @@ -0,0 +1,17 @@ +### [CVE-2004-0308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0308) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0352.md b/2004/CVE-2004-0352.md new file mode 100644 index 0000000000..c2005f599c --- /dev/null +++ b/2004/CVE-2004-0352.md @@ -0,0 +1,17 @@ +### [CVE-2004-0352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0352) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0391.md b/2004/CVE-2004-0391.md new file mode 100644 index 0000000000..9a5cc58299 --- /dev/null +++ b/2004/CVE-2004-0391.md @@ -0,0 +1,17 @@ +### [CVE-2004-0391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0391) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0519.md b/2004/CVE-2004-0519.md index 7677fbdbab..2679f7d685 100644 --- a/2004/CVE-2004-0519.md +++ b/2004/CVE-2004-0519.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/POORVAJA-195/Nuclei-Analysis-main +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2004/CVE-2004-0551.md b/2004/CVE-2004-0551.md new file mode 100644 index 0000000000..67d3b57a80 --- /dev/null +++ b/2004/CVE-2004-0551.md @@ -0,0 +1,17 @@ +### [CVE-2004-0551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0551) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0589.md b/2004/CVE-2004-0589.md index b20654eb65..0d4bccb7d2 100644 --- a/2004/CVE-2004-0589.md +++ b/2004/CVE-2004-0589.md @@ -10,7 +10,7 @@ Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured f ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml #### Github - https://github.com/Live-Hack-CVE/CVE-2004-0589 diff --git a/2004/CVE-2004-0650.md b/2004/CVE-2004-0650.md new file mode 100644 index 0000000000..aaf2f349bd --- /dev/null +++ b/2004/CVE-2004-0650.md @@ -0,0 +1,17 @@ +### [CVE-2004-0650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0650) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0710.md b/2004/CVE-2004-0710.md new file mode 100644 index 0000000000..3dfabc1eac --- /dev/null +++ b/2004/CVE-2004-0710.md @@ -0,0 +1,17 @@ +### [CVE-2004-0710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0710) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040408-vpnsm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0714.md b/2004/CVE-2004-0714.md new file mode 100644 index 0000000000..b350da5806 --- /dev/null +++ b/2004/CVE-2004-0714.md @@ -0,0 +1,17 @@ +### [CVE-2004-0714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0714) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1060.md b/2004/CVE-2004-1060.md index 095bc96697..aa485a4b1b 100644 --- a/2004/CVE-2004-1060.md +++ b/2004/CVE-2004-1060.md @@ -11,6 +11,7 @@ Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery ( #### Reference - http://securityreason.com/securityalert/57 +- http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019 #### Github diff --git a/2004/CVE-2004-1099.md b/2004/CVE-2004-1099.md new file mode 100644 index 0000000000..307653f346 --- /dev/null +++ b/2004/CVE-2004-1099.md @@ -0,0 +1,17 @@ +### [CVE-2004-1099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1099) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1111.md b/2004/CVE-2004-1111.md new file mode 100644 index 0000000000..e8a95a9baa --- /dev/null +++ b/2004/CVE-2004-1111.md @@ -0,0 +1,17 @@ +### [CVE-2004-1111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1111) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1112.md b/2004/CVE-2004-1112.md new file mode 100644 index 0000000000..c397250726 --- /dev/null +++ b/2004/CVE-2004-1112.md @@ -0,0 +1,17 @@ +### [CVE-2004-1112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1112) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1235.md b/2004/CVE-2004-1235.md index 063e6081e3..0f710224f1 100644 --- a/2004/CVE-2004-1235.md +++ b/2004/CVE-2004-1235.md @@ -31,6 +31,7 @@ Race condition in the (1) load_elf_library and (2) binfmt_aout function calls fo - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2004/CVE-2004-1322.md b/2004/CVE-2004-1322.md new file mode 100644 index 0000000000..49f2b4d95e --- /dev/null +++ b/2004/CVE-2004-1322.md @@ -0,0 +1,17 @@ +### [CVE-2004-1322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1322) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1432.md b/2004/CVE-2004-1432.md new file mode 100644 index 0000000000..10a4dd0f0c --- /dev/null +++ b/2004/CVE-2004-1432.md @@ -0,0 +1,17 @@ +### [CVE-2004-1432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1432) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1433.md b/2004/CVE-2004-1433.md new file mode 100644 index 0000000000..d60d12371c --- /dev/null +++ b/2004/CVE-2004-1433.md @@ -0,0 +1,17 @@ +### [CVE-2004-1433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1433) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1434.md b/2004/CVE-2004-1434.md new file mode 100644 index 0000000000..5d16c4bb27 --- /dev/null +++ b/2004/CVE-2004-1434.md @@ -0,0 +1,17 @@ +### [CVE-2004-1434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1434) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1435.md b/2004/CVE-2004-1435.md new file mode 100644 index 0000000000..cc20ca5ce7 --- /dev/null +++ b/2004/CVE-2004-1435.md @@ -0,0 +1,17 @@ +### [CVE-2004-1435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1435) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with an invalid response instead of the final ACK (TCP-ACK). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1436.md b/2004/CVE-2004-1436.md new file mode 100644 index 0000000000..fa9d5d1605 --- /dev/null +++ b/2004/CVE-2004-1436.md @@ -0,0 +1,17 @@ +### [CVE-2004-1436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1436) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1454.md b/2004/CVE-2004-1454.md new file mode 100644 index 0000000000..0cbb945315 --- /dev/null +++ b/2004/CVE-2004-1454.md @@ -0,0 +1,17 @@ +### [CVE-2004-1454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1454) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1458.md b/2004/CVE-2004-1458.md new file mode 100644 index 0000000000..ea7963cdd5 --- /dev/null +++ b/2004/CVE-2004-1458.md @@ -0,0 +1,17 @@ +### [CVE-2004-1458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1458) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1459.md b/2004/CVE-2004-1459.md new file mode 100644 index 0000000000..7dad0b7276 --- /dev/null +++ b/2004/CVE-2004-1459.md @@ -0,0 +1,17 @@ +### [CVE-2004-1459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1459) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1460.md b/2004/CVE-2004-1460.md new file mode 100644 index 0000000000..efad8ad2cf --- /dev/null +++ b/2004/CVE-2004-1460.md @@ -0,0 +1,17 @@ +### [CVE-2004-1460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1460) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1461.md b/2004/CVE-2004-1461.md new file mode 100644 index 0000000000..981218ce13 --- /dev/null +++ b/2004/CVE-2004-1461.md @@ -0,0 +1,17 @@ +### [CVE-2004-1461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1461) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1464.md b/2004/CVE-2004-1464.md index 666723ad1b..1263f52450 100644 --- a/2004/CVE-2004-1464.md +++ b/2004/CVE-2004-1464.md @@ -10,7 +10,7 @@ Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of serv ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml #### Github - https://github.com/Ostorlab/KEV diff --git a/2004/CVE-2004-1759.md b/2004/CVE-2004-1759.md new file mode 100644 index 0000000000..c77765a69b --- /dev/null +++ b/2004/CVE-2004-1759.md @@ -0,0 +1,17 @@ +### [CVE-2004-1759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1759) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1760.md b/2004/CVE-2004-1760.md new file mode 100644 index 0000000000..19ab47f85a --- /dev/null +++ b/2004/CVE-2004-1760.md @@ -0,0 +1,17 @@ +### [CVE-2004-1760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1760) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1775.md b/2004/CVE-2004-1775.md new file mode 100644 index 0000000000..1fedc5cebe --- /dev/null +++ b/2004/CVE-2004-1775.md @@ -0,0 +1,17 @@ +### [CVE-2004-1775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1775) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1776.md b/2004/CVE-2004-1776.md new file mode 100644 index 0000000000..19c5d8edeb --- /dev/null +++ b/2004/CVE-2004-1776.md @@ -0,0 +1,17 @@ +### [CVE-2004-1776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-2687.md b/2004/CVE-2004-2687.md index a56a108f0a..e50183686e 100644 --- a/2004/CVE-2004-2687.md +++ b/2004/CVE-2004-2687.md @@ -19,7 +19,9 @@ No PoCs from references. - https://github.com/CVEDB/awesome-cve-repo - https://github.com/H3xL00m/distccd_rce_CVE-2004-2687 - https://github.com/Kr1tz3x3/HTB-Writeups +- https://github.com/Patrick122333/4240project - https://github.com/SecGen/SecGen +- https://github.com/Sp3c73rSh4d0w/distccd_rce_CVE-2004-2687 - https://github.com/angelpimentell/distcc_cve_2004-2687_exploit - https://github.com/c0d3cr4f73r/distccd_rce_CVE-2004-2687 - https://github.com/crypticdante/distccd_rce_CVE-2004-2687 @@ -30,6 +32,7 @@ No PoCs from references. - https://github.com/k4miyo/CVE-2004-2687 - https://github.com/k4u5h41/distccd_rce_CVE-2004-2687 - https://github.com/marcocastro100/Intrusion_Detection_System-Python +- https://github.com/mrhunter7/SecGen - https://github.com/n3ov4n1sh/distccd_rce_CVE-2004-2687 - https://github.com/ss0wl/CVE-2004-2687_distcc_v1 - https://github.com/sukraken/distcc_exploit.py diff --git a/2005/CVE-2005-0186.md b/2005/CVE-2005-0186.md new file mode 100644 index 0000000000..5c5fe8026d --- /dev/null +++ b/2005/CVE-2005-0186.md @@ -0,0 +1,17 @@ +### [CVE-2005-0186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0186) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0195.md b/2005/CVE-2005-0195.md new file mode 100644 index 0000000000..8ae893d3f6 --- /dev/null +++ b/2005/CVE-2005-0195.md @@ -0,0 +1,17 @@ +### [CVE-2005-0195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0195) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0197.md b/2005/CVE-2005-0197.md new file mode 100644 index 0000000000..8bacb85a82 --- /dev/null +++ b/2005/CVE-2005-0197.md @@ -0,0 +1,17 @@ +### [CVE-2005-0197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0197) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0356.md b/2005/CVE-2005-0356.md new file mode 100644 index 0000000000..ac109e7f3e --- /dev/null +++ b/2005/CVE-2005-0356.md @@ -0,0 +1,17 @@ +### [CVE-2005-0356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0356) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0736.md b/2005/CVE-2005-0736.md index fafe3b146a..3f6f06ac65 100644 --- a/2005/CVE-2005-0736.md +++ b/2005/CVE-2005-0736.md @@ -31,6 +31,7 @@ Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2005/CVE-2005-0943.md b/2005/CVE-2005-0943.md new file mode 100644 index 0000000000..bfcd502d47 --- /dev/null +++ b/2005/CVE-2005-0943.md @@ -0,0 +1,17 @@ +### [CVE-2005-0943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0943) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1020.md b/2005/CVE-2005-1020.md new file mode 100644 index 0000000000..c365d21ba9 --- /dev/null +++ b/2005/CVE-2005-1020.md @@ -0,0 +1,17 @@ +### [CVE-2005-1020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1020) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1021.md b/2005/CVE-2005-1021.md new file mode 100644 index 0000000000..650843fa5d --- /dev/null +++ b/2005/CVE-2005-1021.md @@ -0,0 +1,17 @@ +### [CVE-2005-1021](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1021) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1057.md b/2005/CVE-2005-1057.md new file mode 100644 index 0000000000..26289ba48f --- /dev/null +++ b/2005/CVE-2005-1057.md @@ -0,0 +1,17 @@ +### [CVE-2005-1057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1057) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1058.md b/2005/CVE-2005-1058.md new file mode 100644 index 0000000000..f15a712746 --- /dev/null +++ b/2005/CVE-2005-1058.md @@ -0,0 +1,17 @@ +### [CVE-2005-1058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1058) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1263.md b/2005/CVE-2005-1263.md index f8c5c2fd28..a4685d3988 100644 --- a/2005/CVE-2005-1263.md +++ b/2005/CVE-2005-1263.md @@ -30,6 +30,7 @@ The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2005/CVE-2005-1942.md b/2005/CVE-2005-1942.md new file mode 100644 index 0000000000..deb4f87c5c --- /dev/null +++ b/2005/CVE-2005-1942.md @@ -0,0 +1,17 @@ +### [CVE-2005-1942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1942) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2105.md b/2005/CVE-2005-2105.md new file mode 100644 index 0000000000..84783a60b0 --- /dev/null +++ b/2005/CVE-2005-2105.md @@ -0,0 +1,17 @@ +### [CVE-2005-2105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2241.md b/2005/CVE-2005-2241.md new file mode 100644 index 0000000000..e392523123 --- /dev/null +++ b/2005/CVE-2005-2241.md @@ -0,0 +1,17 @@ +### [CVE-2005-2241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2241) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2242.md b/2005/CVE-2005-2242.md new file mode 100644 index 0000000000..0da6640aed --- /dev/null +++ b/2005/CVE-2005-2242.md @@ -0,0 +1,17 @@ +### [CVE-2005-2242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2242) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2243.md b/2005/CVE-2005-2243.md new file mode 100644 index 0000000000..fbd531aa9f --- /dev/null +++ b/2005/CVE-2005-2243.md @@ -0,0 +1,17 @@ +### [CVE-2005-2243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2243) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2244.md b/2005/CVE-2005-2244.md new file mode 100644 index 0000000000..61cf14c059 --- /dev/null +++ b/2005/CVE-2005-2244.md @@ -0,0 +1,17 @@ +### [CVE-2005-2244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2244) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2279.md b/2005/CVE-2005-2279.md new file mode 100644 index 0000000000..8e3d2df794 --- /dev/null +++ b/2005/CVE-2005-2279.md @@ -0,0 +1,17 @@ +### [CVE-2005-2279](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2279) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2280.md b/2005/CVE-2005-2280.md new file mode 100644 index 0000000000..d1f33b28f8 --- /dev/null +++ b/2005/CVE-2005-2280.md @@ -0,0 +1,17 @@ +### [CVE-2005-2280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2280) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2428.md b/2005/CVE-2005-2428.md index d1a3ea10bb..ffe1b4069a 100644 --- a/2005/CVE-2005-2428.md +++ b/2005/CVE-2005-2428.md @@ -21,6 +21,7 @@ Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, sto - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/POORVAJA-195/Nuclei-Analysis-main - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/gojhonny/Pentesting-Scripts - https://github.com/jobroche/Pentesting-Scripts - https://github.com/merlinepedra/nuclei-templates diff --git a/2005/CVE-2005-2451.md b/2005/CVE-2005-2451.md new file mode 100644 index 0000000000..41bec36be5 --- /dev/null +++ b/2005/CVE-2005-2451.md @@ -0,0 +1,17 @@ +### [CVE-2005-2451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2451) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2631.md b/2005/CVE-2005-2631.md new file mode 100644 index 0000000000..194e12fccc --- /dev/null +++ b/2005/CVE-2005-2631.md @@ -0,0 +1,17 @@ +### [CVE-2005-2631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2631) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2681.md b/2005/CVE-2005-2681.md new file mode 100644 index 0000000000..fa4f66b8d2 --- /dev/null +++ b/2005/CVE-2005-2681.md @@ -0,0 +1,17 @@ +### [CVE-2005-2681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2681) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050824-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2695.md b/2005/CVE-2005-2695.md new file mode 100644 index 0000000000..402494e2f9 --- /dev/null +++ b/2005/CVE-2005-2695.md @@ -0,0 +1,17 @@ +### [CVE-2005-2695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2695) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2841.md b/2005/CVE-2005-2841.md new file mode 100644 index 0000000000..1302f52482 --- /dev/null +++ b/2005/CVE-2005-2841.md @@ -0,0 +1,17 @@ +### [CVE-2005-2841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2841) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2969.md b/2005/CVE-2005-2969.md index cd450838b6..4b305b1c5d 100644 --- a/2005/CVE-2005-2969.md +++ b/2005/CVE-2005-2969.md @@ -10,7 +10,7 @@ The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 befor ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2005/CVE-2005-3299.md b/2005/CVE-2005-3299.md index 30b65509a2..7f48515d4f 100644 --- a/2005/CVE-2005-3299.md +++ b/2005/CVE-2005-3299.md @@ -16,5 +16,6 @@ PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and - https://github.com/ARPSyndicate/cvemon - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/Cr0w-ui/-CVE-2005-3299- - https://github.com/RizeKishimaro/CVE-2005-3299 diff --git a/2005/CVE-2005-3426.md b/2005/CVE-2005-3426.md new file mode 100644 index 0000000000..86812ce56e --- /dev/null +++ b/2005/CVE-2005-3426.md @@ -0,0 +1,17 @@ +### [CVE-2005-3426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3426) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051019-css.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3427.md b/2005/CVE-2005-3427.md index 891a1ea709..7ae4029bdb 100644 --- a/2005/CVE-2005-3427.md +++ b/2005/CVE-2005-3427.md @@ -11,6 +11,7 @@ The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port fiel #### Reference - http://securityreason.com/securityalert/137 +- http://www.cisco.com/warp/public/707/cisco-sa-20051101-ipsmc.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-3481.md b/2005/CVE-2005-3481.md new file mode 100644 index 0000000000..c08bd5d599 --- /dev/null +++ b/2005/CVE-2005-3481.md @@ -0,0 +1,17 @@ +### [CVE-2005-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3481) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3482.md b/2005/CVE-2005-3482.md index 083a32eb8b..e167547843 100644 --- a/2005/CVE-2005-3482.md +++ b/2005/CVE-2005-3482.md @@ -11,6 +11,7 @@ Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight A #### Reference - http://securityreason.com/securityalert/139 +- http://www.cisco.com/warp/public/707/cisco-sa-20051102-lwapp.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-3669.md b/2005/CVE-2005-3669.md new file mode 100644 index 0000000000..d8daa022ff --- /dev/null +++ b/2005/CVE-2005-3669.md @@ -0,0 +1,17 @@ +### [CVE-2005-3669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3669) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3774.md b/2005/CVE-2005-3774.md new file mode 100644 index 0000000000..6521283d39 --- /dev/null +++ b/2005/CVE-2005-3774.md @@ -0,0 +1,17 @@ +### [CVE-2005-3774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3774) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3803.md b/2005/CVE-2005-3803.md new file mode 100644 index 0000000000..07c7532faf --- /dev/null +++ b/2005/CVE-2005-3803.md @@ -0,0 +1,17 @@ +### [CVE-2005-3803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3803) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3804.md b/2005/CVE-2005-3804.md new file mode 100644 index 0000000000..0e9ed7f348 --- /dev/null +++ b/2005/CVE-2005-3804.md @@ -0,0 +1,17 @@ +### [CVE-2005-3804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3804) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3886.md b/2005/CVE-2005-3886.md new file mode 100644 index 0000000000..00cf9da7f8 --- /dev/null +++ b/2005/CVE-2005-3886.md @@ -0,0 +1,17 @@ +### [CVE-2005-3886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3886) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3921.md b/2005/CVE-2005-3921.md index 0fb77dc463..38055dba5b 100644 --- a/2005/CVE-2005-3921.md +++ b/2005/CVE-2005-3921.md @@ -11,6 +11,7 @@ Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a #### Reference - http://securityreason.com/securityalert/227 +- http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-4332.md b/2005/CVE-2005-4332.md index e4036be6e9..b101c98856 100644 --- a/2005/CVE-2005-4332.md +++ b/2005/CVE-2005-4332.md @@ -11,6 +11,7 @@ Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote a #### Reference - http://securityreason.com/securityalert/265 +- http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-4385.md b/2005/CVE-2005-4385.md index 750eb0a2c5..af01f2266e 100644 --- a/2005/CVE-2005-4385.md +++ b/2005/CVE-2005-4385.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2005/CVE-2005-4442.md b/2005/CVE-2005-4442.md index ac227c1049..dbdf4e6293 100644 --- a/2005/CVE-2005-4442.md +++ b/2005/CVE-2005-4442.md @@ -13,6 +13,7 @@ Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2005/CVE-2005-4794.md b/2005/CVE-2005-4794.md new file mode 100644 index 0000000000..1e0d8caa53 --- /dev/null +++ b/2005/CVE-2005-4794.md @@ -0,0 +1,17 @@ +### [CVE-2005-4794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4794) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-4825.md b/2005/CVE-2005-4825.md new file mode 100644 index 0000000000..c6a1150d79 --- /dev/null +++ b/2005/CVE-2005-4825.md @@ -0,0 +1,17 @@ +### [CVE-2005-4825](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4825) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0181.md b/2006/CVE-2006-0181.md new file mode 100644 index 0000000000..b12aac97ec --- /dev/null +++ b/2006/CVE-2006-0181.md @@ -0,0 +1,17 @@ +### [CVE-2006-0181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0181) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0340.md b/2006/CVE-2006-0340.md index d844932d96..951b783d64 100644 --- a/2006/CVE-2006-0340.md +++ b/2006/CVE-2006-0340.md @@ -11,6 +11,7 @@ Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisc #### Reference - http://securityreason.com/securityalert/358 +- http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml #### Github No PoCs found on GitHub currently. diff --git a/2006/CVE-2006-0354.md b/2006/CVE-2006-0354.md new file mode 100644 index 0000000000..04ad2e5660 --- /dev/null +++ b/2006/CVE-2006-0354.md @@ -0,0 +1,17 @@ +### [CVE-2006-0354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0354) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0367.md b/2006/CVE-2006-0367.md new file mode 100644 index 0000000000..e131f40598 --- /dev/null +++ b/2006/CVE-2006-0367.md @@ -0,0 +1,17 @@ +### [CVE-2006-0367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0367) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0368.md b/2006/CVE-2006-0368.md new file mode 100644 index 0000000000..0a6259611d --- /dev/null +++ b/2006/CVE-2006-0368.md @@ -0,0 +1,17 @@ +### [CVE-2006-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0368) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0483.md b/2006/CVE-2006-0483.md new file mode 100644 index 0000000000..227d7519be --- /dev/null +++ b/2006/CVE-2006-0483.md @@ -0,0 +1,17 @@ +### [CVE-2006-0483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0483) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0485.md b/2006/CVE-2006-0485.md new file mode 100644 index 0000000000..7cc53aaaba --- /dev/null +++ b/2006/CVE-2006-0485.md @@ -0,0 +1,17 @@ +### [CVE-2006-0485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0485) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0486.md b/2006/CVE-2006-0486.md new file mode 100644 index 0000000000..752ba1c57a --- /dev/null +++ b/2006/CVE-2006-0486.md @@ -0,0 +1,17 @@ +### [CVE-2006-0486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0486) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0561.md b/2006/CVE-2006-0561.md new file mode 100644 index 0000000000..17875a9a23 --- /dev/null +++ b/2006/CVE-2006-0561.md @@ -0,0 +1,17 @@ +### [CVE-2006-0561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0561) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1631.md b/2006/CVE-2006-1631.md new file mode 100644 index 0000000000..4ef20d6f75 --- /dev/null +++ b/2006/CVE-2006-1631.md @@ -0,0 +1,17 @@ +### [CVE-2006-1631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1631) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1670.md b/2006/CVE-2006-1670.md new file mode 100644 index 0000000000..b3ed7ad12f --- /dev/null +++ b/2006/CVE-2006-1670.md @@ -0,0 +1,17 @@ +### [CVE-2006-1670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1670) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1671.md b/2006/CVE-2006-1671.md new file mode 100644 index 0000000000..89902b2aa0 --- /dev/null +++ b/2006/CVE-2006-1671.md @@ -0,0 +1,17 @@ +### [CVE-2006-1671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1671) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1672.md b/2006/CVE-2006-1672.md new file mode 100644 index 0000000000..5ed6dfefb7 --- /dev/null +++ b/2006/CVE-2006-1672.md @@ -0,0 +1,17 @@ +### [CVE-2006-1672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1672) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1888.md b/2006/CVE-2006-1888.md new file mode 100644 index 0000000000..2c2deecded --- /dev/null +++ b/2006/CVE-2006-1888.md @@ -0,0 +1,17 @@ +### [CVE-2006-1888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1888) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. + +### POC + +#### Reference +- http://securityreason.com/securityalert/733 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1927.md b/2006/CVE-2006-1927.md new file mode 100644 index 0000000000..c05bba8ab7 --- /dev/null +++ b/2006/CVE-2006-1927.md @@ -0,0 +1,17 @@ +### [CVE-2006-1927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1927) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1928.md b/2006/CVE-2006-1928.md new file mode 100644 index 0000000000..d35b93fe2e --- /dev/null +++ b/2006/CVE-2006-1928.md @@ -0,0 +1,17 @@ +### [CVE-2006-1928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1928) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1960.md b/2006/CVE-2006-1960.md new file mode 100644 index 0000000000..27da0eec15 --- /dev/null +++ b/2006/CVE-2006-1960.md @@ -0,0 +1,17 @@ +### [CVE-2006-1960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1960) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1961.md b/2006/CVE-2006-1961.md new file mode 100644 index 0000000000..91a575c9e2 --- /dev/null +++ b/2006/CVE-2006-1961.md @@ -0,0 +1,18 @@ +### [CVE-2006-1961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1961) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml +- http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-2322.md b/2006/CVE-2006-2322.md new file mode 100644 index 0000000000..b893b50702 --- /dev/null +++ b/2006/CVE-2006-2322.md @@ -0,0 +1,17 @@ +### [CVE-2006-2322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2322) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-2369.md b/2006/CVE-2006-2369.md index 8e2729d01e..1467a7a484 100644 --- a/2006/CVE-2006-2369.md +++ b/2006/CVE-2006-2369.md @@ -12,6 +12,7 @@ RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisc #### Reference - http://seclists.org/fulldisclosure/2022/May/29 - http://securityreason.com/securityalert/8355 +- http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml - http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html #### Github diff --git a/2006/CVE-2006-2393.md b/2006/CVE-2006-2393.md index 44d25d4dc9..f10f75add4 100644 --- a/2006/CVE-2006-2393.md +++ b/2006/CVE-2006-2393.md @@ -11,6 +11,7 @@ The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to c #### Reference - http://aluigi.altervista.org/adv/empiredos-adv.txt +- http://securityreason.com/securityalert/896 #### Github No PoCs found on GitHub currently. diff --git a/2006/CVE-2006-2451.md b/2006/CVE-2006-2451.md index 20a26eeda2..e2089ce662 100644 --- a/2006/CVE-2006-2451.md +++ b/2006/CVE-2006-2451.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2006/CVE-2006-2754.md b/2006/CVE-2006-2754.md index 5d3a397d4c..fa4d7d344c 100644 --- a/2006/CVE-2006-2754.md +++ b/2006/CVE-2006-2754.md @@ -13,6 +13,7 @@ Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might a No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2006/CVE-2006-2842.md b/2006/CVE-2006-2842.md index 80cfc18ef5..429f9ba249 100644 --- a/2006/CVE-2006-2842.md +++ b/2006/CVE-2006-2842.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/CVEDB/awesome-cve-repo - https://github.com/Cappricio-Securities/CVE-2021-20323 +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/karthi-the-hacker/CVE-2006-2842 diff --git a/2006/CVE-2006-2937.md b/2006/CVE-2006-2937.md index 9d0dcf75a2..45db30c808 100644 --- a/2006/CVE-2006-2937.md +++ b/2006/CVE-2006-2937.md @@ -10,6 +10,7 @@ OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to c ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-2940.md b/2006/CVE-2006-2940.md index b3064d2697..e3424419ed 100644 --- a/2006/CVE-2006-2940.md +++ b/2006/CVE-2006-2940.md @@ -10,6 +10,7 @@ OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows at ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-3073.md b/2006/CVE-2006-3073.md new file mode 100644 index 0000000000..e7e67adca6 --- /dev/null +++ b/2006/CVE-2006-3073.md @@ -0,0 +1,17 @@ +### [CVE-2006-3073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3073) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3285.md b/2006/CVE-2006-3285.md new file mode 100644 index 0000000000..c7e9181bb6 --- /dev/null +++ b/2006/CVE-2006-3285.md @@ -0,0 +1,17 @@ +### [CVE-2006-3285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3285) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3286.md b/2006/CVE-2006-3286.md new file mode 100644 index 0000000000..02dec5a2d7 --- /dev/null +++ b/2006/CVE-2006-3286.md @@ -0,0 +1,17 @@ +### [CVE-2006-3286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3286) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3287.md b/2006/CVE-2006-3287.md new file mode 100644 index 0000000000..ddfd3b1c8d --- /dev/null +++ b/2006/CVE-2006-3287.md @@ -0,0 +1,17 @@ +### [CVE-2006-3287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3287) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3288.md b/2006/CVE-2006-3288.md new file mode 100644 index 0000000000..a862d1ea75 --- /dev/null +++ b/2006/CVE-2006-3288.md @@ -0,0 +1,17 @@ +### [CVE-2006-3288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3288) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3289.md b/2006/CVE-2006-3289.md new file mode 100644 index 0000000000..d89f13e149 --- /dev/null +++ b/2006/CVE-2006-3289.md @@ -0,0 +1,17 @@ +### [CVE-2006-3289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3289) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3290.md b/2006/CVE-2006-3290.md new file mode 100644 index 0000000000..b2031bd97c --- /dev/null +++ b/2006/CVE-2006-3290.md @@ -0,0 +1,17 @@ +### [CVE-2006-3290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3290) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3291.md b/2006/CVE-2006-3291.md new file mode 100644 index 0000000000..8589af1459 --- /dev/null +++ b/2006/CVE-2006-3291.md @@ -0,0 +1,17 @@ +### [CVE-2006-3291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3291) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3592.md b/2006/CVE-2006-3592.md index caee75c0db..8cf5018c23 100644 --- a/2006/CVE-2006-3592.md +++ b/2006/CVE-2006-3592.md @@ -10,7 +10,7 @@ Unspecified vulnerability in the command line interface (CLI) in Cisco Unified C ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2006/CVE-2006-3594.md b/2006/CVE-2006-3594.md new file mode 100644 index 0000000000..19b5e40a2e --- /dev/null +++ b/2006/CVE-2006-3594.md @@ -0,0 +1,17 @@ +### [CVE-2006-3594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3594) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3595.md b/2006/CVE-2006-3595.md new file mode 100644 index 0000000000..fddca37faf --- /dev/null +++ b/2006/CVE-2006-3595.md @@ -0,0 +1,17 @@ +### [CVE-2006-3595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3595) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3596.md b/2006/CVE-2006-3596.md new file mode 100644 index 0000000000..6518e0954e --- /dev/null +++ b/2006/CVE-2006-3596.md @@ -0,0 +1,17 @@ +### [CVE-2006-3596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3596) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3626.md b/2006/CVE-2006-3626.md index 67a857a9cc..031ad671de 100644 --- a/2006/CVE-2006-3626.md +++ b/2006/CVE-2006-3626.md @@ -30,6 +30,7 @@ Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain r - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2006/CVE-2006-3633.md b/2006/CVE-2006-3633.md new file mode 100644 index 0000000000..f02f6083ab --- /dev/null +++ b/2006/CVE-2006-3633.md @@ -0,0 +1,17 @@ +### [CVE-2006-3633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3633) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed. + +### POC + +#### Reference +- http://www.sourcefire.com/services/advisories/sa072506.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3732.md b/2006/CVE-2006-3732.md new file mode 100644 index 0000000000..a9a4ec5b11 --- /dev/null +++ b/2006/CVE-2006-3732.md @@ -0,0 +1,17 @@ +### [CVE-2006-3732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3732) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3733.md b/2006/CVE-2006-3733.md new file mode 100644 index 0000000000..d9d6b1f9f6 --- /dev/null +++ b/2006/CVE-2006-3733.md @@ -0,0 +1,17 @@ +### [CVE-2006-3733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3733) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3734.md b/2006/CVE-2006-3734.md new file mode 100644 index 0000000000..f307767cfc --- /dev/null +++ b/2006/CVE-2006-3734.md @@ -0,0 +1,17 @@ +### [CVE-2006-3734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3734) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3738.md b/2006/CVE-2006-3738.md index 6d3cea3e0c..8b11ca02e7 100644 --- a/2006/CVE-2006-3738.md +++ b/2006/CVE-2006-3738.md @@ -10,6 +10,7 @@ Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0 ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370 diff --git a/2006/CVE-2006-4032.md b/2006/CVE-2006-4032.md index 94d6280d35..1eff1dade4 100644 --- a/2006/CVE-2006-4032.md +++ b/2006/CVE-2006-4032.md @@ -11,6 +11,7 @@ Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote a #### Reference - http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Endler +- http://www.cisco.com/warp/public/707/cisco-sr-20060802-sip.shtml #### Github No PoCs found on GitHub currently. diff --git a/2006/CVE-2006-4097.md b/2006/CVE-2006-4097.md new file mode 100644 index 0000000000..b9eae251f4 --- /dev/null +++ b/2006/CVE-2006-4097.md @@ -0,0 +1,17 @@ +### [CVE-2006-4097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4097) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4098.md b/2006/CVE-2006-4098.md new file mode 100644 index 0000000000..c3120f246c --- /dev/null +++ b/2006/CVE-2006-4098.md @@ -0,0 +1,17 @@ +### [CVE-2006-4098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4098) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4304.md b/2006/CVE-2006-4304.md index 8f689695d3..598ba49050 100644 --- a/2006/CVE-2006-4304.md +++ b/2006/CVE-2006-4304.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/DjPopol/EZ-PPPwn-Bin-Loader - https://github.com/DjPopol/Ez-PPPwn - https://github.com/DjPopol/EzPPPwn +- https://github.com/Marketgame99/Pppwn-LM - https://github.com/Naughtyangel103/PS4 - https://github.com/SUIJUNG/PPPwn - https://github.com/Sammylol69/Sammylol69 diff --git a/2006/CVE-2006-4312.md b/2006/CVE-2006-4312.md new file mode 100644 index 0000000000..7dfa114c07 --- /dev/null +++ b/2006/CVE-2006-4312.md @@ -0,0 +1,17 @@ +### [CVE-2006-4312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4312) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4313.md b/2006/CVE-2006-4313.md new file mode 100644 index 0000000000..5e8365b3cb --- /dev/null +++ b/2006/CVE-2006-4313.md @@ -0,0 +1,17 @@ +### [CVE-2006-4313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4313) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4339.md b/2006/CVE-2006-4339.md index 0d555e6113..3a30f458ce 100644 --- a/2006/CVE-2006-4339.md +++ b/2006/CVE-2006-4339.md @@ -10,6 +10,7 @@ OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using a ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.redhat.com/support/errata/RHSA-2007-0073.html - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-4343.md b/2006/CVE-2006-4343.md index 54d190106b..de44f9674a 100644 --- a/2006/CVE-2006-4343.md +++ b/2006/CVE-2006-4343.md @@ -10,6 +10,7 @@ The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0 ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-4352.md b/2006/CVE-2006-4352.md new file mode 100644 index 0000000000..13290c2ccf --- /dev/null +++ b/2006/CVE-2006-4352.md @@ -0,0 +1,17 @@ +### [CVE-2006-4352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4352) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/117/AP_cookies.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4774.md b/2006/CVE-2006-4774.md new file mode 100644 index 0000000000..10417a9a13 --- /dev/null +++ b/2006/CVE-2006-4774.md @@ -0,0 +1,17 @@ +### [CVE-2006-4774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4774) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4775.md b/2006/CVE-2006-4775.md new file mode 100644 index 0000000000..4cca919d21 --- /dev/null +++ b/2006/CVE-2006-4775.md @@ -0,0 +1,17 @@ +### [CVE-2006-4775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4775) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4776.md b/2006/CVE-2006-4776.md new file mode 100644 index 0000000000..95747e0c7b --- /dev/null +++ b/2006/CVE-2006-4776.md @@ -0,0 +1,17 @@ +### [CVE-2006-4776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4776) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4909.md b/2006/CVE-2006-4909.md new file mode 100644 index 0000000000..49cd49d378 --- /dev/null +++ b/2006/CVE-2006-4909.md @@ -0,0 +1,17 @@ +### [CVE-2006-4909](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4909) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-guardxss.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4910.md b/2006/CVE-2006-4910.md new file mode 100644 index 0000000000..c1a2fb1a88 --- /dev/null +++ b/2006/CVE-2006-4910.md @@ -0,0 +1,17 @@ +### [CVE-2006-4910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4910) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4911.md b/2006/CVE-2006-4911.md new file mode 100644 index 0000000000..c6579d9c9a --- /dev/null +++ b/2006/CVE-2006-4911.md @@ -0,0 +1,17 @@ +### [CVE-2006-4911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4911) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4950.md b/2006/CVE-2006-4950.md new file mode 100644 index 0000000000..4e23dbb1e6 --- /dev/null +++ b/2006/CVE-2006-4950.md @@ -0,0 +1,17 @@ +### [CVE-2006-4950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4950) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5051.md b/2006/CVE-2006-5051.md index 977e838efa..bebe4b55c0 100644 --- a/2006/CVE-2006-5051.md +++ b/2006/CVE-2006-5051.md @@ -13,5 +13,13 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - http://www.ubuntu.com/usn/usn-355-1 #### Github -No PoCs found on GitHub currently. +- https://github.com/David-M-Berry/openssh-cve-discovery +- https://github.com/Passyed/regreSSHion-Fix +- https://github.com/TAM-K592/CVE-2024-6387 +- https://github.com/ThemeHackers/CVE-2024-6387 +- https://github.com/azurejoga/CVE-2024-6387-how-to-fix +- https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sardine-web/CVE-2024-6387_Check diff --git a/2006/CVE-2006-5277.md b/2006/CVE-2006-5277.md new file mode 100644 index 0000000000..1ca4184eb5 --- /dev/null +++ b/2006/CVE-2006-5277.md @@ -0,0 +1,17 @@ +### [CVE-2006-5277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5277) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5278.md b/2006/CVE-2006-5278.md new file mode 100644 index 0000000000..ed658e8fb1 --- /dev/null +++ b/2006/CVE-2006-5278.md @@ -0,0 +1,17 @@ +### [CVE-2006-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5278) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5465.md b/2006/CVE-2006-5465.md index 1341a82d11..59ecba6756 100644 --- a/2006/CVE-2006-5465.md +++ b/2006/CVE-2006-5465.md @@ -10,7 +10,7 @@ Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml #### Github - https://github.com/mudongliang/LinuxFlaw diff --git a/2006/CVE-2006-5750.md b/2006/CVE-2006-5750.md index 5cd5963d88..7c18bfbbc5 100644 --- a/2006/CVE-2006-5750.md +++ b/2006/CVE-2006-5750.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/dudek-marcin/Poc-Exp - https://github.com/enomothem/PenTestNote - https://github.com/fupinglee/JavaTools +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2006/CVE-2006-5779.md b/2006/CVE-2006-5779.md index 7ccc1056f2..9e5d58c78c 100644 --- a/2006/CVE-2006-5779.md +++ b/2006/CVE-2006-5779.md @@ -13,6 +13,7 @@ OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (dae - http://securityreason.com/securityalert/1831 #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2006/CVE-2006-5806.md b/2006/CVE-2006-5806.md new file mode 100644 index 0000000000..5ce04f5297 --- /dev/null +++ b/2006/CVE-2006-5806.md @@ -0,0 +1,17 @@ +### [CVE-2006-5806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5806) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5807.md b/2006/CVE-2006-5807.md new file mode 100644 index 0000000000..d8115377b7 --- /dev/null +++ b/2006/CVE-2006-5807.md @@ -0,0 +1,17 @@ +### [CVE-2006-5807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5807) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5808.md b/2006/CVE-2006-5808.md new file mode 100644 index 0000000000..de432af0d0 --- /dev/null +++ b/2006/CVE-2006-5808.md @@ -0,0 +1,17 @@ +### [CVE-2006-5808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5808) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-6493.md b/2006/CVE-2006-6493.md index 1a5b9ba1d9..579b460016 100644 --- a/2006/CVE-2006-6493.md +++ b/2006/CVE-2006-6493.md @@ -13,6 +13,7 @@ Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in O No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2006/CVE-2006-6548.md b/2006/CVE-2006-6548.md new file mode 100644 index 0000000000..a2b9fb13d5 --- /dev/null +++ b/2006/CVE-2006-6548.md @@ -0,0 +1,17 @@ +### [CVE-2006-6548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6548) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. + +### POC + +#### Reference +- http://securityreason.com/securityalert/2027 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0057.md b/2007/CVE-2007-0057.md new file mode 100644 index 0000000000..e674a5f761 --- /dev/null +++ b/2007/CVE-2007-0057.md @@ -0,0 +1,17 @@ +### [CVE-2007-0057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0057) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0058.md b/2007/CVE-2007-0058.md new file mode 100644 index 0000000000..40973feef8 --- /dev/null +++ b/2007/CVE-2007-0058.md @@ -0,0 +1,17 @@ +### [CVE-2007-0058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0058) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0105.md b/2007/CVE-2007-0105.md new file mode 100644 index 0000000000..2838cb6ebd --- /dev/null +++ b/2007/CVE-2007-0105.md @@ -0,0 +1,17 @@ +### [CVE-2007-0105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0198.md b/2007/CVE-2007-0198.md new file mode 100644 index 0000000000..3e11023fec --- /dev/null +++ b/2007/CVE-2007-0198.md @@ -0,0 +1,17 @@ +### [CVE-2007-0198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0198) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0199.md b/2007/CVE-2007-0199.md new file mode 100644 index 0000000000..1b3da4460f --- /dev/null +++ b/2007/CVE-2007-0199.md @@ -0,0 +1,17 @@ +### [CVE-2007-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0199) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0648.md b/2007/CVE-2007-0648.md new file mode 100644 index 0000000000..1a32c2a939 --- /dev/null +++ b/2007/CVE-2007-0648.md @@ -0,0 +1,18 @@ +### [CVE-2007-0648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0648) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0885.md b/2007/CVE-2007-0885.md index 54b10a9fd0..5377622de1 100644 --- a/2007/CVE-2007-0885.md +++ b/2007/CVE-2007-0885.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2007/CVE-2007-1036.md b/2007/CVE-2007-1036.md index e85c4c722f..7bb7838119 100644 --- a/2007/CVE-2007-1036.md +++ b/2007/CVE-2007-1036.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/dudek-marcin/Poc-Exp - https://github.com/enomothem/PenTestNote - https://github.com/fupinglee/JavaTools +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2007/CVE-2007-1062.md b/2007/CVE-2007-1062.md new file mode 100644 index 0000000000..d52f4d36fd --- /dev/null +++ b/2007/CVE-2007-1062.md @@ -0,0 +1,18 @@ +### [CVE-2007-1062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1062) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1063.md b/2007/CVE-2007-1063.md new file mode 100644 index 0000000000..d965287c89 --- /dev/null +++ b/2007/CVE-2007-1063.md @@ -0,0 +1,18 @@ +### [CVE-2007-1063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1063) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1064.md b/2007/CVE-2007-1064.md new file mode 100644 index 0000000000..25c4c5b5df --- /dev/null +++ b/2007/CVE-2007-1064.md @@ -0,0 +1,17 @@ +### [CVE-2007-1064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1064) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1065.md b/2007/CVE-2007-1065.md new file mode 100644 index 0000000000..65e96ffa77 --- /dev/null +++ b/2007/CVE-2007-1065.md @@ -0,0 +1,17 @@ +### [CVE-2007-1065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1065) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1066.md b/2007/CVE-2007-1066.md new file mode 100644 index 0000000000..988b5da8c4 --- /dev/null +++ b/2007/CVE-2007-1066.md @@ -0,0 +1,17 @@ +### [CVE-2007-1066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1066) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1067.md b/2007/CVE-2007-1067.md new file mode 100644 index 0000000000..3215dabb36 --- /dev/null +++ b/2007/CVE-2007-1067.md @@ -0,0 +1,17 @@ +### [CVE-2007-1067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1067) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1068.md b/2007/CVE-2007-1068.md new file mode 100644 index 0000000000..b2955fbc54 --- /dev/null +++ b/2007/CVE-2007-1068.md @@ -0,0 +1,17 @@ +### [CVE-2007-1068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1068) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1072.md b/2007/CVE-2007-1072.md new file mode 100644 index 0000000000..8336e2ae39 --- /dev/null +++ b/2007/CVE-2007-1072.md @@ -0,0 +1,18 @@ +### [CVE-2007-1072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1072) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1257.md b/2007/CVE-2007-1257.md new file mode 100644 index 0000000000..3991be60df --- /dev/null +++ b/2007/CVE-2007-1257.md @@ -0,0 +1,17 @@ +### [CVE-2007-1257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1257) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1258.md b/2007/CVE-2007-1258.md new file mode 100644 index 0000000000..2e81d16b1c --- /dev/null +++ b/2007/CVE-2007-1258.md @@ -0,0 +1,17 @@ +### [CVE-2007-1258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1258) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1826.md b/2007/CVE-2007-1826.md new file mode 100644 index 0000000000..f16ba39e8c --- /dev/null +++ b/2007/CVE-2007-1826.md @@ -0,0 +1,17 @@ +### [CVE-2007-1826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1826) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1833.md b/2007/CVE-2007-1833.md new file mode 100644 index 0000000000..b2c7b1375b --- /dev/null +++ b/2007/CVE-2007-1833.md @@ -0,0 +1,17 @@ +### [CVE-2007-1833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1833) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1834.md b/2007/CVE-2007-1834.md new file mode 100644 index 0000000000..2f9987c8c9 --- /dev/null +++ b/2007/CVE-2007-1834.md @@ -0,0 +1,17 @@ +### [CVE-2007-1834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1834) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2032.md b/2007/CVE-2007-2032.md new file mode 100644 index 0000000000..153413f3bc --- /dev/null +++ b/2007/CVE-2007-2032.md @@ -0,0 +1,17 @@ +### [CVE-2007-2032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2032) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2033.md b/2007/CVE-2007-2033.md new file mode 100644 index 0000000000..dd16e37fa5 --- /dev/null +++ b/2007/CVE-2007-2033.md @@ -0,0 +1,17 @@ +### [CVE-2007-2033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2033) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2034.md b/2007/CVE-2007-2034.md new file mode 100644 index 0000000000..e5d20a5273 --- /dev/null +++ b/2007/CVE-2007-2034.md @@ -0,0 +1,17 @@ +### [CVE-2007-2034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2034) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2035.md b/2007/CVE-2007-2035.md new file mode 100644 index 0000000000..03a9126cd9 --- /dev/null +++ b/2007/CVE-2007-2035.md @@ -0,0 +1,17 @@ +### [CVE-2007-2035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2035) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2036.md b/2007/CVE-2007-2036.md new file mode 100644 index 0000000000..5ac1cd4311 --- /dev/null +++ b/2007/CVE-2007-2036.md @@ -0,0 +1,17 @@ +### [CVE-2007-2036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2036) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2037.md b/2007/CVE-2007-2037.md new file mode 100644 index 0000000000..2690f93b67 --- /dev/null +++ b/2007/CVE-2007-2037.md @@ -0,0 +1,17 @@ +### [CVE-2007-2037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2038.md b/2007/CVE-2007-2038.md new file mode 100644 index 0000000000..4c11698e1b --- /dev/null +++ b/2007/CVE-2007-2038.md @@ -0,0 +1,17 @@ +### [CVE-2007-2038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2038) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2039.md b/2007/CVE-2007-2039.md new file mode 100644 index 0000000000..4a70eb3d04 --- /dev/null +++ b/2007/CVE-2007-2039.md @@ -0,0 +1,17 @@ +### [CVE-2007-2039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2039) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2040.md b/2007/CVE-2007-2040.md new file mode 100644 index 0000000000..3cded4cb18 --- /dev/null +++ b/2007/CVE-2007-2040.md @@ -0,0 +1,17 @@ +### [CVE-2007-2040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2040) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2041.md b/2007/CVE-2007-2041.md new file mode 100644 index 0000000000..020a5f7ca8 --- /dev/null +++ b/2007/CVE-2007-2041.md @@ -0,0 +1,17 @@ +### [CVE-2007-2041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2041) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2447.md b/2007/CVE-2007-2447.md index 82465278c0..e3b57c0e4b 100644 --- a/2007/CVE-2007-2447.md +++ b/2007/CVE-2007-2447.md @@ -34,6 +34,7 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote - https://github.com/GaloisInc/msf-haskell - https://github.com/H3xL00m/CVE-2007-2447 - https://github.com/HerculesRD/PyUsernameMapScriptRCE +- https://github.com/IamLucif3r/CVE-2007-2447-Exploit - https://github.com/JoseBarrios/CVE-2007-2447 - https://github.com/Juantos/cve-2007-2447 - https://github.com/Ki11i0n4ir3/CVE-2007-2447 @@ -41,8 +42,10 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote - https://github.com/Kr1tz3x3/HTB-Writeups - https://github.com/MikeRega7/CVE-2007-2447-RCE - https://github.com/Nosferatuvjr/Samba-Usermap-exploit +- https://github.com/Patrick122333/4240project - https://github.com/SamHackingArticles/CVE-2007-2447 - https://github.com/ShivamDey/Samba-CVE-2007-2447-Exploit +- https://github.com/Sp3c73rSh4d0w/CVE-2007-2447 - https://github.com/Tamie13/Penetration-Testing-Week-16 - https://github.com/Unix13/metasploitable2 - https://github.com/WildfootW/CVE-2007-2447_Samba_3.0.25rc3 diff --git a/2007/CVE-2007-3698.md b/2007/CVE-2007-3698.md new file mode 100644 index 0000000000..adb5052167 --- /dev/null +++ b/2007/CVE-2007-3698.md @@ -0,0 +1,17 @@ +### [CVE-2007-3698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-3775.md b/2007/CVE-2007-3775.md new file mode 100644 index 0000000000..4b7c846ae8 --- /dev/null +++ b/2007/CVE-2007-3775.md @@ -0,0 +1,17 @@ +### [CVE-2007-3775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3775) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-3776.md b/2007/CVE-2007-3776.md new file mode 100644 index 0000000000..7747c00ca4 --- /dev/null +++ b/2007/CVE-2007-3776.md @@ -0,0 +1,17 @@ +### [CVE-2007-3776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3776) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-3923.md b/2007/CVE-2007-3923.md new file mode 100644 index 0000000000..d21e08ea62 --- /dev/null +++ b/2007/CVE-2007-3923.md @@ -0,0 +1,17 @@ +### [CVE-2007-3923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3923) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4263.md b/2007/CVE-2007-4263.md new file mode 100644 index 0000000000..44282db08c --- /dev/null +++ b/2007/CVE-2007-4263.md @@ -0,0 +1,17 @@ +### [CVE-2007-4263](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4263) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4414.md b/2007/CVE-2007-4414.md new file mode 100644 index 0000000000..49335e7384 --- /dev/null +++ b/2007/CVE-2007-4414.md @@ -0,0 +1,17 @@ +### [CVE-2007-4414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4414) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4415.md b/2007/CVE-2007-4415.md new file mode 100644 index 0000000000..aab86bd859 --- /dev/null +++ b/2007/CVE-2007-4415.md @@ -0,0 +1,17 @@ +### [CVE-2007-4415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4415) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4459.md b/2007/CVE-2007-4459.md new file mode 100644 index 0000000000..2de358314a --- /dev/null +++ b/2007/CVE-2007-4459.md @@ -0,0 +1,17 @@ +### [CVE-2007-4459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4459) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4504.md b/2007/CVE-2007-4504.md index 5491fb4c31..8eaca521a5 100644 --- a/2007/CVE-2007-4504.md +++ b/2007/CVE-2007-4504.md @@ -13,5 +13,6 @@ Directory traversal vulnerability in index.php in the RSfiles component (com_rsf - https://www.exploit-db.com/exploits/4307 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2007/CVE-2007-4559.md b/2007/CVE-2007-4559.md index ddab58a47e..832b9ab13a 100644 --- a/2007/CVE-2007-4559.md +++ b/2007/CVE-2007-4559.md @@ -25,5 +25,6 @@ No PoCs from references. - https://github.com/davidholiday/CVE-2007-4559 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/luigigubello/trellix-tarslip-patch-bypass +- https://github.com/snyk/zip-slip-vulnerability - https://github.com/woniwory/woniwory diff --git a/2007/CVE-2007-4788.md b/2007/CVE-2007-4788.md new file mode 100644 index 0000000000..58e1f458bb --- /dev/null +++ b/2007/CVE-2007-4788.md @@ -0,0 +1,17 @@ +### [CVE-2007-4788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4788) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics, aka CSCsd27478. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4789.md b/2007/CVE-2007-4789.md new file mode 100644 index 0000000000..af50ebf514 --- /dev/null +++ b/2007/CVE-2007-4789.md @@ -0,0 +1,17 @@ +### [CVE-2007-4789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4789) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5134.md b/2007/CVE-2007-5134.md new file mode 100644 index 0000000000..ea63cd7e5e --- /dev/null +++ b/2007/CVE-2007-5134.md @@ -0,0 +1,17 @@ +### [CVE-2007-5134](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5134) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20070926-lb.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5581.md b/2007/CVE-2007-5581.md new file mode 100644 index 0000000000..db0e860d60 --- /dev/null +++ b/2007/CVE-2007-5581.md @@ -0,0 +1,17 @@ +### [CVE-2007-5581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5581) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5582.md b/2007/CVE-2007-5582.md new file mode 100644 index 0000000000..79e36b8572 --- /dev/null +++ b/2007/CVE-2007-5582.md @@ -0,0 +1,17 @@ +### [CVE-2007-5582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5582) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5707.md b/2007/CVE-2007-5707.md index 4c2e861001..10710bca7a 100644 --- a/2007/CVE-2007-5707.md +++ b/2007/CVE-2007-5707.md @@ -13,6 +13,7 @@ OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (sla No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2007/CVE-2007-5708.md b/2007/CVE-2007-5708.md index d3386737bd..bd1bf41c2a 100644 --- a/2007/CVE-2007-5708.md +++ b/2007/CVE-2007-5708.md @@ -13,6 +13,7 @@ slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when runnin No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2007/CVE-2007-5728.md b/2007/CVE-2007-5728.md index 24cb1f2be2..3c5a65036a 100644 --- a/2007/CVE-2007-5728.md +++ b/2007/CVE-2007-5728.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2007/CVE-2007-6750.md b/2007/CVE-2007-6750.md index 02807b04f9..4d61fb953d 100644 --- a/2007/CVE-2007-6750.md +++ b/2007/CVE-2007-6750.md @@ -29,10 +29,12 @@ No PoCs from references. - https://github.com/MrFrozenPepe/Pentest-Cheetsheet - https://github.com/NikulinMS/13-01-hw - https://github.com/PierreChrd/py-projet-tut +- https://github.com/PradhapRam/Vulner-Reports - https://github.com/RoliSoft/ReconScan - https://github.com/SebSundin/THM-Nmap - https://github.com/SecureAxom/strike - https://github.com/SexyBeast233/SecBooks +- https://github.com/SinghNanak/apache-dos - https://github.com/Zhivarev/13-01-hw - https://github.com/adamziaja/vulnerability-check - https://github.com/binglansky/Slowloris-DOS-Attack @@ -42,12 +44,14 @@ No PoCs from references. - https://github.com/hktalent/bug-bounty - https://github.com/issdp/test - https://github.com/jaiderospina/NMAP +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/le37/slowloris - https://github.com/marcocastro100/Intrusion_Detection_System-Python - https://github.com/matoweb/Enumeration-Script - https://github.com/murilofurlan/trabalho-seguranca-redes - https://github.com/nsdhanoa/apache-dos +- https://github.com/oscaar90/nmap-scan - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems - https://github.com/vshaliii/Basic-Pentesting-1-Vulnhub-Walkthrough - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough diff --git a/2008/CVE-2008-0028.md b/2008/CVE-2008-0028.md new file mode 100644 index 0000000000..0742f28a74 --- /dev/null +++ b/2008/CVE-2008-0028.md @@ -0,0 +1,17 @@ +### [CVE-2008-0028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0028) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-0029.md b/2008/CVE-2008-0029.md new file mode 100644 index 0000000000..2f1ad8bcc4 --- /dev/null +++ b/2008/CVE-2008-0029.md @@ -0,0 +1,17 @@ +### [CVE-2008-0029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0029) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-0537.md b/2008/CVE-2008-0537.md new file mode 100644 index 0000000000..199eb3087e --- /dev/null +++ b/2008/CVE-2008-0537.md @@ -0,0 +1,17 @@ +### [CVE-2008-0537](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0537) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-0600.md b/2008/CVE-2008-0600.md index ee01001d17..165cd10e2c 100644 --- a/2008/CVE-2008-0600.md +++ b/2008/CVE-2008-0600.md @@ -32,6 +32,7 @@ The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not v - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2008/CVE-2008-0900.md b/2008/CVE-2008-0900.md index 9048e00e24..2509c33cc5 100644 --- a/2008/CVE-2008-0900.md +++ b/2008/CVE-2008-0900.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/fei9747/LinuxEelvation - https://github.com/hktalent/bug-bounty diff --git a/2008/CVE-2008-0960.md b/2008/CVE-2008-0960.md index ea2f7f1b29..919f8ecf87 100644 --- a/2008/CVE-2008-0960.md +++ b/2008/CVE-2008-0960.md @@ -11,6 +11,7 @@ SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3. #### Reference - http://securityreason.com/securityalert/3933 +- http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml - http://www.ubuntu.com/usn/usn-685-1 - https://bugzilla.redhat.com/show_bug.cgi?id=447974 - https://www.exploit-db.com/exploits/5790 diff --git a/2008/CVE-2008-1153.md b/2008/CVE-2008-1153.md new file mode 100644 index 0000000000..7554e444f5 --- /dev/null +++ b/2008/CVE-2008-1153.md @@ -0,0 +1,17 @@ +### [CVE-2008-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1153) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-1157.md b/2008/CVE-2008-1157.md new file mode 100644 index 0000000000..1bbb7bf1c6 --- /dev/null +++ b/2008/CVE-2008-1157.md @@ -0,0 +1,17 @@ +### [CVE-2008-1157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1157) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-2398.md b/2008/CVE-2008-2398.md index 208d640ad9..d028c1d3cc 100644 --- a/2008/CVE-2008-2398.md +++ b/2008/CVE-2008-2398.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2008/CVE-2008-2441.md b/2008/CVE-2008-2441.md index ed6a9312c3..433bf7ef03 100644 --- a/2008/CVE-2008-2441.md +++ b/2008/CVE-2008-2441.md @@ -11,6 +11,7 @@ Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) #### Reference - http://securityreason.com/securityalert/4216 +- http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4109.md b/2008/CVE-2008-4109.md index 88ea0abaeb..70e3fa76ad 100644 --- a/2008/CVE-2008-4109.md +++ b/2008/CVE-2008-4109.md @@ -13,5 +13,10 @@ A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 o - http://www.ubuntu.com/usn/usn-649-1 #### Github -No PoCs found on GitHub currently. +- https://github.com/David-M-Berry/openssh-cve-discovery +- https://github.com/Passyed/regreSSHion-Fix +- https://github.com/TAM-K592/CVE-2024-6387 +- https://github.com/azurejoga/CVE-2024-6387-how-to-fix +- https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- diff --git a/2008/CVE-2008-4210.md b/2008/CVE-2008-4210.md index a1d766c76b..6728ffb434 100644 --- a/2008/CVE-2008-4210.md +++ b/2008/CVE-2008-4210.md @@ -30,6 +30,7 @@ fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and s - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2008/CVE-2008-4250.md b/2008/CVE-2008-4250.md index 52d24116c6..004d7e2e59 100644 --- a/2008/CVE-2008-4250.md +++ b/2008/CVE-2008-4250.md @@ -33,7 +33,9 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP - https://github.com/Kuromesi/Py4CSKG - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API - https://github.com/SexyBeast233/SecBooks +- https://github.com/Sp3c73rSh4d0w/MS08-067 - https://github.com/TheLastochka/pentest +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Y2FuZXBh/exploits - https://github.com/c0d3cr4f73r/MS08-067 - https://github.com/crypticdante/MS08-067 @@ -51,6 +53,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP - https://github.com/nitishbadole/oscp-note-2 - https://github.com/notsag-dev/htb-legacy - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/rmsbpro/rmsbpro - https://github.com/shashihacks/OSCP - https://github.com/shashihacks/OSWE diff --git a/2008/CVE-2008-5161.md b/2008/CVE-2008-5161.md index 5dfc5d73fa..afd1f370cc 100644 --- a/2008/CVE-2008-5161.md +++ b/2008/CVE-2008-5161.md @@ -27,6 +27,7 @@ Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Conne - https://github.com/VictorSum/13.1 - https://github.com/Wernigerode23/Uiazvimosty - https://github.com/Zhivarev/13-01-hw +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/ekiojp/hanase - https://github.com/joshgarlandreese/WordPressRedTeam_BlueTeam - https://github.com/kaio6fellipe/ssh-enum diff --git a/2008/CVE-2008-5587.md b/2008/CVE-2008-5587.md index d857b377ee..d4039278c6 100644 --- a/2008/CVE-2008-5587.md +++ b/2008/CVE-2008-5587.md @@ -15,4 +15,5 @@ Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 a #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2008/CVE-2008-6222.md b/2008/CVE-2008-6222.md index 7ee6c4b303..f2918183af 100644 --- a/2008/CVE-2008-6222.md +++ b/2008/CVE-2008-6222.md @@ -13,5 +13,6 @@ Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) - https://www.exploit-db.com/exploits/6980 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2008/CVE-2008-6465.md b/2008/CVE-2008-6465.md index 6c0e2b2025..397b771298 100644 --- a/2008/CVE-2008-6465.md +++ b/2008/CVE-2008-6465.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2008/CVE-2008-6982.md b/2008/CVE-2008-6982.md index e53e1ab224..e38f8aa8d0 100644 --- a/2008/CVE-2008-6982.md +++ b/2008/CVE-2008-6982.md @@ -15,4 +15,5 @@ Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows re #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2009/CVE-2009-0079.md b/2009/CVE-2009-0079.md index dcdfa481ed..652a06556e 100644 --- a/2009/CVE-2009-0079.md +++ b/2009/CVE-2009-0079.md @@ -17,5 +17,6 @@ No PoCs from references. - https://github.com/Ascotbe/Kernelhub - https://github.com/Cruxer8Mech/Idk - https://github.com/fei9747/WindowsElevation +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2009/CVE-2009-0545.md b/2009/CVE-2009-0545.md index a09a336b5e..f27295eec4 100644 --- a/2009/CVE-2009-0545.md +++ b/2009/CVE-2009-0545.md @@ -17,4 +17,5 @@ cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to e - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2009/CVE-2009-0932.md b/2009/CVE-2009-0932.md index 136e111da5..cbe18e962c 100644 --- a/2009/CVE-2009-0932.md +++ b/2009/CVE-2009-0932.md @@ -15,5 +15,6 @@ Directory traversal vulnerability in framework/Image/Image.php in Horde before 3 #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/afzalbin64/accuknox-policy-temp +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/kubearmor/policy-templates diff --git a/2009/CVE-2009-1151.md b/2009/CVE-2009-1151.md index 3b548dce8d..a0508e8949 100644 --- a/2009/CVE-2009-1151.md +++ b/2009/CVE-2009-1151.md @@ -25,6 +25,7 @@ Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.1 - https://github.com/adpast/pocs - https://github.com/duckstroms/Web-CTF-Cheatsheet - https://github.com/e-Thug/PhpMyAdmin +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/pagvac/pocs - https://github.com/w181496/Web-CTF-Cheatsheet diff --git a/2009/CVE-2009-1185.md b/2009/CVE-2009-1185.md index 6084daaea4..79d92e7247 100644 --- a/2009/CVE-2009-1185.md +++ b/2009/CVE-2009-1185.md @@ -33,6 +33,7 @@ udev before 1.4.1 does not verify whether a NETLINK message originates from kern - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amane312/Linux_menthor @@ -48,6 +49,7 @@ udev before 1.4.1 does not verify whether a NETLINK message originates from kern - https://github.com/hussien-almalki/Hack_lame - https://github.com/ismailvc1111/Linux_Privilege - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/maririn312/Linux_menthor - https://github.com/moorejacob2017/Simple-Metasploitable2-RootKit diff --git a/2009/CVE-2009-1337.md b/2009/CVE-2009-1337.md index 72eb333c9e..7c17696db7 100644 --- a/2009/CVE-2009-1337.md +++ b/2009/CVE-2009-1337.md @@ -31,6 +31,7 @@ The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2009/CVE-2009-2265.md b/2009/CVE-2009-2265.md index 3c3692f511..c700c99c90 100644 --- a/2009/CVE-2009-2265.md +++ b/2009/CVE-2009-2265.md @@ -25,6 +25,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/H3xL00m/CVE-2009-2265 +- https://github.com/Sp3c73rSh4d0w/CVE-2009-2265 - https://github.com/c0d3cr4f73r/CVE-2009-2265 - https://github.com/crypticdante/CVE-2009-2265 - https://github.com/k4u5h41/CVE-2009-2265 diff --git a/2009/CVE-2009-2692.md b/2009/CVE-2009-2692.md index 16f6ab08f0..b7f1afa943 100644 --- a/2009/CVE-2009-2692.md +++ b/2009/CVE-2009-2692.md @@ -36,6 +36,7 @@ The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not in - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/cloudsec/exploit diff --git a/2009/CVE-2009-2698.md b/2009/CVE-2009-2698.md index c69dbede6d..dbb49d84e5 100644 --- a/2009/CVE-2009-2698.md +++ b/2009/CVE-2009-2698.md @@ -36,6 +36,7 @@ The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) - https://github.com/YgorAlberto/Ethical-Hacker - https://github.com/YgorAlberto/ygoralberto.github.io - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/cloudsec/exploit diff --git a/2009/CVE-2009-2890.md b/2009/CVE-2009-2890.md index 94d21adb24..3b1d9a8a9b 100644 --- a/2009/CVE-2009-2890.md +++ b/2009/CVE-2009-2890.md @@ -13,6 +13,7 @@ Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddl - http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2009/CVE-2009-2929.md b/2009/CVE-2009-2929.md new file mode 100644 index 0000000000..a1a809cfa1 --- /dev/null +++ b/2009/CVE-2009-2929.md @@ -0,0 +1,17 @@ +### [CVE-2009-2929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2929) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CarlosMeyreles/Network-Vulnerability-Assessment + diff --git a/2009/CVE-2009-3547.md b/2009/CVE-2009-3547.md index 6fd82fa74f..a8bd8521a5 100644 --- a/2009/CVE-2009-3547.md +++ b/2009/CVE-2009-3547.md @@ -32,6 +32,7 @@ Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allo - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2009/CVE-2009-3555.md b/2009/CVE-2009-3555.md index 25f2a1d08a..7f49fda980 100644 --- a/2009/CVE-2009-3555.md +++ b/2009/CVE-2009-3555.md @@ -51,5 +51,6 @@ The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Micr - https://github.com/pyllyukko/user.js - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems - https://github.com/withdk/pulse-secure-vpn-mitm-research +- https://github.com/ziezeeshan/Networksecurity - https://github.com/zzzWTF/db-13-01 diff --git a/2009/CVE-2009-4223.md b/2009/CVE-2009-4223.md index d98adda110..fa3172d83b 100644 --- a/2009/CVE-2009-4223.md +++ b/2009/CVE-2009-4223.md @@ -13,5 +13,6 @@ PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and e - http://www.exploit-db.com/exploits/10216 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2010/CVE-2010-0738.md b/2010/CVE-2010-0738.md index 7169e9d8ef..521dedbc75 100644 --- a/2010/CVE-2010-0738.md +++ b/2010/CVE-2010-0738.md @@ -26,6 +26,7 @@ The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Applicati - https://github.com/fupinglee/JavaTools - https://github.com/gitcollect/jboss-autopwn - https://github.com/hatRiot/clusterd +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2010/CVE-2010-1122.md b/2010/CVE-2010-1122.md index f2c10d8ba9..f7875cba72 100644 --- a/2010/CVE-2010-1122.md +++ b/2010/CVE-2010-1122.md @@ -13,5 +13,6 @@ Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote a - https://bugzilla.mozilla.org/show_bug.cgi?id=552216 #### Github +- https://github.com/Jaideep1997/inspector-checker - https://github.com/nicolaurech/inspector-checker diff --git a/2010/CVE-2010-1146.md b/2010/CVE-2010-1146.md index ef1afd8ed1..a445d9d6d2 100644 --- a/2010/CVE-2010-1146.md +++ b/2010/CVE-2010-1146.md @@ -32,6 +32,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-1871.md b/2010/CVE-2010-1871.md index 2a8e613aca..19607f1783 100644 --- a/2010/CVE-2010-1871.md +++ b/2010/CVE-2010-1871.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/dudek-marcin/Poc-Exp - https://github.com/fupinglee/JavaTools +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/My-CTF-Web-Challenges - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research diff --git a/2010/CVE-2010-2075.md b/2010/CVE-2010-2075.md index 17c667f5d2..6daeae166e 100644 --- a/2010/CVE-2010-2075.md +++ b/2010/CVE-2010-2075.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/JoseLRC97/UnrealIRCd-3.2.8.1-Backdoor-Command-Execution - https://github.com/MFernstrom/OffensivePascal-CVE-2010-2075 - https://github.com/Okarn/TP_securite_EDOU_JACQUEMONT +- https://github.com/Patrick122333/4240project - https://github.com/Sh4dowX404/UnrealIRCD-3.2.8.1-Backdoor - https://github.com/VoitenkoAN/13.1 - https://github.com/XorgX304/UnrealIRCd-3.2.8.1-RCE diff --git a/2010/CVE-2010-2333.md b/2010/CVE-2010-2333.md new file mode 100644 index 0000000000..c3f730afee --- /dev/null +++ b/2010/CVE-2010-2333.md @@ -0,0 +1,17 @@ +### [CVE-2010-2333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/PradhapRam/Vulner-Reports + diff --git a/2010/CVE-2010-2554.md b/2010/CVE-2010-2554.md index 5c8cbbf9b4..16da211a16 100644 --- a/2010/CVE-2010-2554.md +++ b/2010/CVE-2010-2554.md @@ -17,5 +17,6 @@ No PoCs from references. - https://github.com/Ascotbe/Kernelhub - https://github.com/Cruxer8Mech/Idk - https://github.com/fei9747/WindowsElevation +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2010/CVE-2010-2795.md b/2010/CVE-2010-2795.md index 9d55ce2417..6a8ab1e969 100644 --- a/2010/CVE-2010-2795.md +++ b/2010/CVE-2010-2795.md @@ -11,6 +11,7 @@ phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a q #### Reference - https://issues.jasig.org/browse/PHPCAS-61 +- https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog #### Github No PoCs found on GitHub currently. diff --git a/2010/CVE-2010-2796.md b/2010/CVE-2010-2796.md index 279254f597..a764374f02 100644 --- a/2010/CVE-2010-2796.md +++ b/2010/CVE-2010-2796.md @@ -11,6 +11,7 @@ Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode #### Reference - https://issues.jasig.org/browse/PHPCAS-67 +- https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog #### Github No PoCs found on GitHub currently. diff --git a/2010/CVE-2010-2959.md b/2010/CVE-2010-2959.md index f616f78eeb..1ad24b4456 100644 --- a/2010/CVE-2010-2959.md +++ b/2010/CVE-2010-2959.md @@ -47,6 +47,7 @@ No PoCs from references. - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/akr3ch/OSCP-Survival-Guide - https://github.com/aktechnohacker/OSCP-Notes - https://github.com/albinjoshy03/linux-kernel-exploits diff --git a/2010/CVE-2010-3081.md b/2010/CVE-2010-3081.md index aab71e7a5e..1a8928004b 100644 --- a/2010/CVE-2010-3081.md +++ b/2010/CVE-2010-3081.md @@ -36,6 +36,7 @@ The compat_alloc_user_space functions in include/asm/compat.h files in the Linux - https://github.com/SteinsGatep001/Binary - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-3301.md b/2010/CVE-2010-3301.md index 9f8858b164..953af55d07 100644 --- a/2010/CVE-2010-3301.md +++ b/2010/CVE-2010-3301.md @@ -35,6 +35,7 @@ The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-3904.md b/2010/CVE-2010-3904.md index 624aa00127..93a2460ba5 100644 --- a/2010/CVE-2010-3904.md +++ b/2010/CVE-2010-3904.md @@ -30,6 +30,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke - https://github.com/CCIEVoice2009/oscp-survival - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/DhivaKD/OSCP-Notes - https://github.com/DictionaryHouse/The-Security-Handbook-Kali-Linux @@ -56,6 +57,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/T3b0g025/PWK-CheatSheet - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/akr3ch/OSCP-Survival-Guide - https://github.com/aktechnohacker/OSCP-Notes - https://github.com/albinjoshy03/linux-kernel-exploits @@ -89,6 +91,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke - https://github.com/k0mi-tg/OSCP - https://github.com/k0mi-tg/OSCP-note - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/make0day/pentest - https://github.com/manas3c/OSCP-note diff --git a/2010/CVE-2010-4073.md b/2010/CVE-2010-4073.md index ff6bc75a36..fea6a3eea0 100644 --- a/2010/CVE-2010-4073.md +++ b/2010/CVE-2010-4073.md @@ -34,6 +34,7 @@ The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize cert - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-4258.md b/2010/CVE-2010-4258.md index eaae0c5ae0..1bc0a0a398 100644 --- a/2010/CVE-2010-4258.md +++ b/2010/CVE-2010-4258.md @@ -18,6 +18,7 @@ The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does n - https://github.com/Al1ex/LinuxEelvation - https://github.com/C0dak/linux-kernel-exploits - https://github.com/C0dak/local-root-exploit- +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/Feng4/linux-kernel-exploits - https://github.com/HUSTSeclab/Kernel-Exploits @@ -34,6 +35,7 @@ The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does n - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-4347.md b/2010/CVE-2010-4347.md index 3271367891..335c27bff5 100644 --- a/2010/CVE-2010-4347.md +++ b/2010/CVE-2010-4347.md @@ -32,6 +32,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2011/CVE-2011-0049.md b/2011/CVE-2011-0049.md index b38b53792a..b23f56d685 100644 --- a/2011/CVE-2011-0049.md +++ b/2011/CVE-2011-0049.md @@ -16,4 +16,5 @@ Directory traversal vulnerability in the _list_file_get function in lib/Majordom #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2011/CVE-2011-1002.md b/2011/CVE-2011-1002.md index 1bae41a3fd..0a6809b186 100644 --- a/2011/CVE-2011-1002.md +++ b/2011/CVE-2011-1002.md @@ -15,11 +15,14 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/DButter/whitehat_public +- https://github.com/Howertx/avahi-dos - https://github.com/NikolayAntipov/DB_13-01 +- https://github.com/berradiginamic/32123BC7-Securite-Informatique - https://github.com/csk/unisecbarber - https://github.com/kaanyeniyol/python-nmap - https://github.com/lucasljk1/NMAP - https://github.com/namhikelo/Symfonos1-Vulnhub-CEH - https://github.com/odolezal/D-Link-DIR-655 +- https://github.com/oscaar90/nmap-scan - https://github.com/polarbeargo/Security-Engineer-Nanodegree-Program-Adversarial-Resilience-Assessing-Infrastructure-Security diff --git a/2011/CVE-2011-1249.md b/2011/CVE-2011-1249.md index 0d968b8b64..61a3d67cc2 100644 --- a/2011/CVE-2011-1249.md +++ b/2011/CVE-2011-1249.md @@ -22,6 +22,7 @@ The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and S - https://github.com/Cruxer8Mech/Idk - https://github.com/H3xL00m/CVE-2011-1249 - https://github.com/Madusanka99/OHTS +- https://github.com/Sp3c73rSh4d0w/CVE-2011-1249 - https://github.com/c0d3cr4f73r/CVE-2011-1249 - https://github.com/crypticdante/CVE-2011-1249 - https://github.com/fei9747/WindowsElevation diff --git a/2011/CVE-2011-2523.md b/2011/CVE-2011-2523.md index 38b9da29b8..22483b52be 100644 --- a/2011/CVE-2011-2523.md +++ b/2011/CVE-2011-2523.md @@ -22,6 +22,8 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/4m3rr0r/CVE-2011-2523-poc - https://github.com/5k1pp/Red-Team-Engagement-Simulation - https://github.com/ARPSyndicate/cvemon +- https://github.com/AhmedIrfan198/Penetration-Test-of-Metasploitable-2 +- https://github.com/AnugiArrawwala/CVE-Research - https://github.com/Atiwitch15101/vsftpd-2.3.4-Exploit - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo @@ -33,6 +35,7 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/Hellsender01/vsftpd_2.3.4_Exploit - https://github.com/HerculesRD/vsftpd2.3.4PyExploit - https://github.com/JFPineda79/Red-Team-Engagement-Simulation +- https://github.com/KennuC/PentestLab - https://github.com/Kr1tz3x3/HTB-Writeups - https://github.com/Lynk4/CVE-2011-2523 - https://github.com/MFernstrom/OffensivePascal-CVE-2011-2523 @@ -41,9 +44,11 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/NikolayAntipov/DB_13-01 - https://github.com/NnickSecurity/vsftpd_backdoor_exploit - https://github.com/NullBrunk/CVE-2011-2523 +- https://github.com/Patrick122333/4240project - https://github.com/Prachi-Sharma-git/Exploit_FTP - https://github.com/Shubham-2k1/Exploit-CVE-2011-2523 - https://github.com/Tenor-Z/SmileySploit +- https://github.com/Uno13x/Uno13x - https://github.com/VoitenkoAN/13.1 - https://github.com/WanShannn/Exploit-vsftpd - https://github.com/Wanderwille/13.01 diff --git a/2011/CVE-2011-2678.md b/2011/CVE-2011-2678.md new file mode 100644 index 0000000000..dfa0172476 --- /dev/null +++ b/2011/CVE-2011-2678.md @@ -0,0 +1,17 @@ +### [CVE-2011-2678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2678) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2011/CVE-2011-2780.md b/2011/CVE-2011-2780.md index bcc92ab781..7c2289f56d 100644 --- a/2011/CVE-2011-2780.md +++ b/2011/CVE-2011-2780.md @@ -16,4 +16,5 @@ Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlie #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2011/CVE-2011-3298.md b/2011/CVE-2011-3298.md index 20d7dcb1b9..88ac1e49cb 100644 --- a/2011/CVE-2011-3298.md +++ b/2011/CVE-2011-3298.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3299.md b/2011/CVE-2011-3299.md index e15b7439f9..361d053328 100644 --- a/2011/CVE-2011-3299.md +++ b/2011/CVE-2011-3299.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3300.md b/2011/CVE-2011-3300.md index 983c9c23e4..450d1d2b4e 100644 --- a/2011/CVE-2011-3300.md +++ b/2011/CVE-2011-3300.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3301.md b/2011/CVE-2011-3301.md index 060a5eda2c..71087c1734 100644 --- a/2011/CVE-2011-3301.md +++ b/2011/CVE-2011-3301.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3302.md b/2011/CVE-2011-3302.md index 42faf211ec..a9c2b41f40 100644 --- a/2011/CVE-2011-3302.md +++ b/2011/CVE-2011-3302.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3303.md b/2011/CVE-2011-3303.md index cab117bb3b..c418c9059e 100644 --- a/2011/CVE-2011-3303.md +++ b/2011/CVE-2011-3303.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3304.md b/2011/CVE-2011-3304.md new file mode 100644 index 0000000000..4a64fb043a --- /dev/null +++ b/2011/CVE-2011-3304.md @@ -0,0 +1,17 @@ +### [CVE-2011-3304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3304) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2), and 8.5 before 8.5(1.1) allow remote attackers to cause a denial of service (device reload) via crafted MSN Instant Messenger traffic, aka Bug ID CSCtl67486. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2011/CVE-2011-3305.md b/2011/CVE-2011-3305.md new file mode 100644 index 0000000000..3115260d22 --- /dev/null +++ b/2011/CVE-2011-3305.md @@ -0,0 +1,17 @@ +### [CVE-2011-3305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3305) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2011/CVE-2011-3315.md b/2011/CVE-2011-3315.md index a3cae26bf6..65eb94666c 100644 --- a/2011/CVE-2011-3315.md +++ b/2011/CVE-2011-3315.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2011/CVE-2011-4079.md b/2011/CVE-2011-4079.md index 84009250c0..67271851aa 100644 --- a/2011/CVE-2011-4079.md +++ b/2011/CVE-2011-4079.md @@ -13,6 +13,7 @@ Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earl No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2012/CVE-2012-0056.md b/2012/CVE-2012-0056.md index e80131bdd7..491adfef9e 100644 --- a/2012/CVE-2012-0056.md +++ b/2012/CVE-2012-0056.md @@ -28,6 +28,7 @@ No PoCs from references. - https://github.com/CCIEVoice2009/oscp-survival - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/DhivaKD/OSCP-Notes - https://github.com/DictionaryHouse/The-Security-Handbook-Kali-Linux @@ -57,6 +58,7 @@ No PoCs from references. - https://github.com/T3b0g025/PWK-CheatSheet - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/akr3ch/OSCP-Survival-Guide - https://github.com/aktechnohacker/OSCP-Notes - https://github.com/albinjoshy03/linux-kernel-exploits @@ -104,6 +106,7 @@ No PoCs from references. - https://github.com/kicku6/Opensource88888 - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/make0day/pentest - https://github.com/manas3c/OSCP-note diff --git a/2012/CVE-2012-0814.md b/2012/CVE-2012-0814.md index 90135a5b1c..1d53d57396 100644 --- a/2012/CVE-2012-0814.md +++ b/2012/CVE-2012-0814.md @@ -25,6 +25,7 @@ No PoCs from references. - https://github.com/VictorSum/13.1 - https://github.com/Wernigerode23/Uiazvimosty - https://github.com/Zhivarev/13-01-hw +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/kaio6fellipe/ssh-enum - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems diff --git a/2012/CVE-2012-0816.md b/2012/CVE-2012-0816.md new file mode 100644 index 0000000000..d2d330ac66 --- /dev/null +++ b/2012/CVE-2012-0816.md @@ -0,0 +1,17 @@ +### [CVE-2012-0816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0816) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bigb0x/CVE-2024-6387 + diff --git a/2012/CVE-2012-1182.md b/2012/CVE-2012-1182.md index 734fbd4538..d7540cb12c 100644 --- a/2012/CVE-2012-1182.md +++ b/2012/CVE-2012-1182.md @@ -22,6 +22,7 @@ The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6. - https://github.com/Kiosec/Windows-Exploitation - https://github.com/Qftm/Information_Collection_Handbook - https://github.com/amishamunjal-az/Week16-Homework +- https://github.com/casohub/multinmap - https://github.com/esteban0477/RedTeamPlaybook - https://github.com/jlashay/Penetration-Testing-1 - https://github.com/joneswu456/rt-n56u diff --git a/2012/CVE-2012-2122.md b/2012/CVE-2012-2122.md index e6e93be9ad..eb884f4df2 100644 --- a/2012/CVE-2012-2122.md +++ b/2012/CVE-2012-2122.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/0day666/Vulnerability-verification - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/4ARMED/nmap-nse-scripts - https://github.com/7hang/cyber-security-interview - https://github.com/ARPSyndicate/cvemon diff --git a/2012/CVE-2012-2459.md b/2012/CVE-2012-2459.md index 5514070eb4..bfcb4fde7a 100644 --- a/2012/CVE-2012-2459.md +++ b/2012/CVE-2012-2459.md @@ -18,5 +18,6 @@ No PoCs from references. - https://github.com/akircanski/coinbugs - https://github.com/dmp1ce/eloipool-docker - https://github.com/fmerg/pymerkle +- https://github.com/slowmist/Cryptocurrency-Security-Audit-Guide - https://github.com/uvhw/conchimgiangnang diff --git a/2012/CVE-2012-3524.md b/2012/CVE-2012-3524.md index 4a76464c86..21c276076b 100644 --- a/2012/CVE-2012-3524.md +++ b/2012/CVE-2012-3524.md @@ -30,6 +30,7 @@ libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2012/CVE-2012-4253.md b/2012/CVE-2012-4253.md index 179bfaaaf8..ad574b3c87 100644 --- a/2012/CVE-2012-4253.md +++ b/2012/CVE-2012-4253.md @@ -14,4 +14,5 @@ Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2012/CVE-2012-4273.md b/2012/CVE-2012-4273.md index 00c091e7cf..548cf7ba90 100644 --- a/2012/CVE-2012-4273.md +++ b/2012/CVE-2012-4273.md @@ -14,4 +14,5 @@ Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2012/CVE-2012-4547.md b/2012/CVE-2012-4547.md index 15ffde0b40..a360137a75 100644 --- a/2012/CVE-2012-4547.md +++ b/2012/CVE-2012-4547.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2012/CVE-2012-5568.md b/2012/CVE-2012-5568.md index 2e7d5e0b49..ca19cc12c4 100644 --- a/2012/CVE-2012-5568.md +++ b/2012/CVE-2012-5568.md @@ -13,6 +13,7 @@ Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service No PoCs from references. #### Github +- https://github.com/SinghNanak/apache-dos - https://github.com/h0ussni/pwnloris - https://github.com/nsdhanoa/apache-dos diff --git a/2013/CVE-2013-0268.md b/2013/CVE-2013-0268.md index b02aa84dd4..5c66969eee 100644 --- a/2013/CVE-2013-0268.md +++ b/2013/CVE-2013-0268.md @@ -30,6 +30,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2013/CVE-2013-1763.md b/2013/CVE-2013-1763.md index 8a87080401..95dc7edf5d 100644 --- a/2013/CVE-2013-1763.md +++ b/2013/CVE-2013-1763.md @@ -34,6 +34,7 @@ Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2013/CVE-2013-1858.md b/2013/CVE-2013-1858.md index 8f423f5ff1..a5ad38a2ee 100644 --- a/2013/CVE-2013-1858.md +++ b/2013/CVE-2013-1858.md @@ -30,6 +30,7 @@ The clone system-call implementation in the Linux kernel before 3.8.3 does not p - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2013/CVE-2013-1959.md b/2013/CVE-2013-1959.md index 5d29fc0c2d..e75494a7b9 100644 --- a/2013/CVE-2013-1959.md +++ b/2013/CVE-2013-1959.md @@ -15,4 +15,5 @@ kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropria #### Github - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits diff --git a/2013/CVE-2013-2094.md b/2013/CVE-2013-2094.md index 4918877257..e8864b1710 100644 --- a/2013/CVE-2013-2094.md +++ b/2013/CVE-2013-2094.md @@ -47,6 +47,7 @@ The perf_swevent_init function in kernel/events/core.c in the Linux kernel befor - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amane312/Linux_menthor @@ -75,6 +76,7 @@ The perf_swevent_init function in kernel/events/core.c in the Linux kernel befor - https://github.com/khanhnd123/linux-kernel-exploitation - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/lushtree-cn-honeyzhao/awesome-c - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/maririn312/Linux_menthor diff --git a/2013/CVE-2013-2251.md b/2013/CVE-2013-2251.md index 7c75003448..1aac479965 100644 --- a/2013/CVE-2013-2251.md +++ b/2013/CVE-2013-2251.md @@ -20,6 +20,7 @@ Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary - https://github.com/0day666/Vulnerability-verification - https://github.com/0xh4di/PayloadsAllTheThings - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite3 - https://github.com/3vikram/Application-Vulnerabilities-Payloads - https://github.com/84KaliPleXon3/Payloads_All_The_Things @@ -29,6 +30,7 @@ Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/GuynnR/Payloads - https://github.com/HimmelAward/Goby_POC +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MelanyRoob/Goby - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings diff --git a/2013/CVE-2013-4548.md b/2013/CVE-2013-4548.md index eadc736f12..800ac1be05 100644 --- a/2013/CVE-2013-4548.md +++ b/2013/CVE-2013-4548.md @@ -13,5 +13,5 @@ The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6 - https://hackerone.com/reports/500 #### Github -No PoCs found on GitHub currently. +- https://github.com/bigb0x/CVE-2024-6387 diff --git a/2013/CVE-2013-4810.md b/2013/CVE-2013-4810.md index 04c4148ee5..13aac86623 100644 --- a/2013/CVE-2013-4810.md +++ b/2013/CVE-2013-4810.md @@ -24,6 +24,7 @@ HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manag - https://github.com/enomothem/PenTestNote - https://github.com/fupinglee/JavaTools - https://github.com/jiangsir404/POC-S +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2013/CVE-2013-7282.md b/2013/CVE-2013-7282.md new file mode 100644 index 0000000000..28abf3680c --- /dev/null +++ b/2013/CVE-2013-7282.md @@ -0,0 +1,18 @@ +### [CVE-2013-7282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7282) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. + +### POC + +#### Reference +- http://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txt +- http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2014/CVE-2014-0018.md b/2014/CVE-2014-0018.md index 76c0c07897..fe7fbb00ab 100644 --- a/2014/CVE-2014-0018.md +++ b/2014/CVE-2014-0018.md @@ -13,6 +13,7 @@ Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Ap No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/auditt7708/rhsecapi - https://github.com/bharatsunny/dagda diff --git a/2014/CVE-2014-0038.md b/2014/CVE-2014-0038.md index 37ba9b5ac0..7b9cc0593b 100644 --- a/2014/CVE-2014-0038.md +++ b/2014/CVE-2014-0038.md @@ -40,6 +40,7 @@ The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/ambynotcoder/C-libraries diff --git a/2014/CVE-2014-0107.md b/2014/CVE-2014-0107.md index dcacdd8884..cc14349997 100644 --- a/2014/CVE-2014-0107.md +++ b/2014/CVE-2014-0107.md @@ -16,6 +16,7 @@ The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restr - https://www.oracle.com/security-alerts/cpuoct2021.html #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/4depcheck diff --git a/2014/CVE-2014-0160.md b/2014/CVE-2014-0160.md index 161b0b3de0..2874265e9c 100644 --- a/2014/CVE-2014-0160.md +++ b/2014/CVE-2014-0160.md @@ -134,6 +134,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p - https://github.com/Live-Hack-CVE/CVE-2014-0160 - https://github.com/LucaFilipozzi/ssl-heartbleed.nse - https://github.com/MHM5000/starred +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Mehedi-Babu/ethical_hacking_cyber - https://github.com/MiChuan/PenTesting - https://github.com/Miraitowa70/POC-Notes diff --git a/2014/CVE-2014-0196.md b/2014/CVE-2014-0196.md index adc2cf9650..a8540ff3e8 100644 --- a/2014/CVE-2014-0196.md +++ b/2014/CVE-2014-0196.md @@ -38,6 +38,7 @@ The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14 - https://github.com/SunRain/CVE-2014-0196 - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2014/CVE-2014-10037.md b/2014/CVE-2014-10037.md index 2ec5fbd866..c62d860cfc 100644 --- a/2014/CVE-2014-10037.md +++ b/2014/CVE-2014-10037.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2014/CVE-2014-1203.md b/2014/CVE-2014-1203.md index 47e5d39c7b..120a9d304f 100644 --- a/2014/CVE-2014-1203.md +++ b/2014/CVE-2014-1203.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2014/CVE-2014-2024.md b/2014/CVE-2014-2024.md index 9fc8231a23..6b76da7629 100644 --- a/2014/CVE-2014-2024.md +++ b/2014/CVE-2014-2024.md @@ -14,4 +14,5 @@ Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open #### Github - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2014/CVE-2014-2527.md b/2014/CVE-2014-2527.md new file mode 100644 index 0000000000..907fde71a5 --- /dev/null +++ b/2014/CVE-2014-2527.md @@ -0,0 +1,17 @@ +### [CVE-2014-2527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2527) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528. + +### POC + +#### Reference +- https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2014/CVE-2014-2528.md b/2014/CVE-2014-2528.md new file mode 100644 index 0000000000..e988245bd3 --- /dev/null +++ b/2014/CVE-2014-2528.md @@ -0,0 +1,17 @@ +### [CVE-2014-2528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2528) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527. + +### POC + +#### Reference +- https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2014/CVE-2014-2532.md b/2014/CVE-2014-2532.md index 0c0e54a74c..e5c96a0255 100644 --- a/2014/CVE-2014-2532.md +++ b/2014/CVE-2014-2532.md @@ -16,5 +16,6 @@ sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv line #### Github - https://github.com/averyth3archivist/nmap-network-reconnaissance +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough diff --git a/2014/CVE-2014-3120.md b/2014/CVE-2014-3120.md index 36f1963fd4..734c1141b9 100644 --- a/2014/CVE-2014-3120.md +++ b/2014/CVE-2014-3120.md @@ -17,6 +17,7 @@ The default configuration in Elasticsearch before 1.2 enables dynamic scripting, - https://github.com/0ps/pocassistdb - https://github.com/189569400/fofa - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite - https://github.com/ACIC-Africa/metasploitable3 - https://github.com/ARPSyndicate/cvemon @@ -32,6 +33,7 @@ The default configuration in Elasticsearch before 1.2 enables dynamic scripting, - https://github.com/GhostTroops/myhktools - https://github.com/Hackinfinity/Honey-Pots- - https://github.com/HimmelAward/Goby_POC +- https://github.com/JE2Se/AssetScan - https://github.com/Karma47/Cybersecurity_base_project_2 - https://github.com/LubyRuffy/fofa - https://github.com/Mehedi-Babu/honeypots_cyber @@ -44,6 +46,7 @@ The default configuration in Elasticsearch before 1.2 enables dynamic scripting, - https://github.com/Pasyware/Honeypot_Projects - https://github.com/SexyBeast233/SecBooks - https://github.com/ToonyLoony/OpenVAS_Project +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/ZTK-009/RedTeamer - https://github.com/ahm3dhany/IDS-Evasion diff --git a/2014/CVE-2014-3146.md b/2014/CVE-2014-3146.md index a1c55abfe4..ee7f30137a 100644 --- a/2014/CVE-2014-3146.md +++ b/2014/CVE-2014-3146.md @@ -14,6 +14,7 @@ Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before - http://seclists.org/fulldisclosure/2014/Apr/319 #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/ARPSyndicate/cvemon - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda diff --git a/2014/CVE-2014-3153.md b/2014/CVE-2014-3153.md index 230df76172..3481c42675 100644 --- a/2014/CVE-2014-3153.md +++ b/2014/CVE-2014-3153.md @@ -45,6 +45,7 @@ No PoCs from references. - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/ambynotcoder/C-libraries diff --git a/2014/CVE-2014-4014.md b/2014/CVE-2014-4014.md index 518daa452c..98ad6145d9 100644 --- a/2014/CVE-2014-4014.md +++ b/2014/CVE-2014-4014.md @@ -32,6 +32,7 @@ The capabilities implementation in the Linux kernel before 3.14.8 does not prope - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2014/CVE-2014-4113.md b/2014/CVE-2014-4113.md index f4056aec3d..b771ed4520 100644 --- a/2014/CVE-2014-4113.md +++ b/2014/CVE-2014-4113.md @@ -42,6 +42,7 @@ win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Wind - https://github.com/HacTF/poc--exp - https://github.com/HackOvert/awesome-bugs - https://github.com/JERRY123S/all-poc +- https://github.com/JennieXLisa/awe-win-expx - https://github.com/LegendSaber/exp - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources diff --git a/2014/CVE-2014-4210.md b/2014/CVE-2014-4210.md index 76beeef56f..9ef2f3e1a0 100644 --- a/2014/CVE-2014-4210.md +++ b/2014/CVE-2014-4210.md @@ -23,6 +23,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/1120362990/vulnerability-list - https://github.com/189569400/Meppo - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates @@ -86,6 +87,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ronoski/j2ee-rscan - https://github.com/skyblueflag/WebSecurityStudy - https://github.com/superfish9/pt diff --git a/2014/CVE-2014-4544.md b/2014/CVE-2014-4544.md index e6f4421914..bc8859735a 100644 --- a/2014/CVE-2014-4544.md +++ b/2014/CVE-2014-4544.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2014/CVE-2014-4699.md b/2014/CVE-2014-4699.md index 38716a4e91..dddf53dc68 100644 --- a/2014/CVE-2014-4699.md +++ b/2014/CVE-2014-4699.md @@ -36,6 +36,7 @@ The Linux kernel before 3.15.4 on Intel processors does not properly restrict us - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2014/CVE-2014-5284.md b/2014/CVE-2014-5284.md index 77f1e3b399..67e6cb3efc 100644 --- a/2014/CVE-2014-5284.md +++ b/2014/CVE-2014-5284.md @@ -30,6 +30,7 @@ host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable fi - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2014/CVE-2014-5461.md b/2014/CVE-2014-5461.md index 6fc9ffa9ba..f0eac25bed 100644 --- a/2014/CVE-2014-5461.md +++ b/2014/CVE-2014-5461.md @@ -13,6 +13,7 @@ Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/andir/nixos-issue-db-example - https://github.com/bharatsunny/dagda diff --git a/2014/CVE-2014-6271.md b/2014/CVE-2014-6271.md index 78e0fbe55e..6aa6f24f5b 100644 --- a/2014/CVE-2014-6271.md +++ b/2014/CVE-2014-6271.md @@ -173,6 +173,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/Ly0nt4r/OSCP - https://github.com/Ly0nt4r/ShellShock - https://github.com/MY7H404/CVE-2014-6271-Shellshock +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Mehedi-Babu/enumeration_cheat_sht - https://github.com/Mehedi-Babu/ethical_hacking_cyber - https://github.com/Meowmycks/OSCPprep-SickOs1.1 diff --git a/2014/CVE-2014-8122.md b/2014/CVE-2014-8122.md index 22f327468d..9d50227b1e 100644 --- a/2014/CVE-2014-8122.md +++ b/2014/CVE-2014-8122.md @@ -13,6 +13,7 @@ Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows rem No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2014/CVE-2014-9322.md b/2014/CVE-2014-9322.md index a9c406db97..30d6019c93 100644 --- a/2014/CVE-2014-9322.md +++ b/2014/CVE-2014-9322.md @@ -20,6 +20,7 @@ arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly h - https://github.com/R0B1NL1N/linux-kernel-exploitation - https://github.com/RKX1209/CVE-2014-9322 - https://github.com/Technoashofficial/kernel-exploitation-linux +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/cranelab/exploit-development - https://github.com/dyjakan/exploit-development-case-studies - https://github.com/kdn111/linux-kernel-exploitation diff --git a/2014/CVE-2014-9709.md b/2014/CVE-2014-9709.md index 680f0f21fd..5ef08ecabd 100644 --- a/2014/CVE-2014-9709.md +++ b/2014/CVE-2014-9709.md @@ -12,6 +12,7 @@ The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP bef #### Reference - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html - http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html +- https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 #### Github - https://github.com/Live-Hack-CVE/CVE-2014-9709 diff --git a/2015/CVE-2015-0057.md b/2015/CVE-2015-0057.md index d4ba3f81de..3765ced850 100644 --- a/2015/CVE-2015-0057.md +++ b/2015/CVE-2015-0057.md @@ -29,6 +29,7 @@ win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Wind - https://github.com/Flerov/WindowsExploitDev - https://github.com/GhostTroops/TOP - https://github.com/JERRY123S/all-poc +- https://github.com/JennieXLisa/awe-win-expx - https://github.com/Karneades/awesome-vulnerabilities - https://github.com/LegendSaber/exp - https://github.com/NitroA/windowsexpoitationresources diff --git a/2015/CVE-2015-0204.md b/2015/CVE-2015-0204.md index 68ffab3848..8e69990788 100644 --- a/2015/CVE-2015-0204.md +++ b/2015/CVE-2015-0204.md @@ -74,4 +74,5 @@ The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 - https://github.com/thekondrashov/stuff - https://github.com/vitaliivakhr/NETOLOGY - https://github.com/yellownine/netology-DevOps +- https://github.com/ziezeeshan/Networksecurity diff --git a/2015/CVE-2015-1328.md b/2015/CVE-2015-1328.md index 6bb25624da..9a4ad01be9 100644 --- a/2015/CVE-2015-1328.md +++ b/2015/CVE-2015-1328.md @@ -39,6 +39,7 @@ The overlayfs implementation in the linux (aka Linux kernel) package before 3.19 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amtzespinosa/tr0ll-walkthrough diff --git a/2015/CVE-2015-1345.md b/2015/CVE-2015-1345.md index a21ad22ddd..c5b16ee376 100644 --- a/2015/CVE-2015-1345.md +++ b/2015/CVE-2015-1345.md @@ -13,6 +13,7 @@ The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local user - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2015/CVE-2015-1427.md b/2015/CVE-2015-1427.md index dd09a93446..850635908e 100644 --- a/2015/CVE-2015-1427.md +++ b/2015/CVE-2015-1427.md @@ -32,6 +32,7 @@ The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 - https://github.com/GhostTroops/myhktools - https://github.com/HimmelAward/Goby_POC - https://github.com/IsmailSoltakhanov17/Monkey +- https://github.com/JE2Se/AssetScan - https://github.com/JERRY123S/all-poc - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Makare06/Monkey @@ -41,6 +42,7 @@ The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 - https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Xcod3bughunt3r/ExploitsTools - https://github.com/XiphosResearch/exploits - https://github.com/YrenWu/Elhackstic diff --git a/2015/CVE-2015-1503.md b/2015/CVE-2015-1503.md index ccca44528d..ed2cb4dc91 100644 --- a/2015/CVE-2015-1503.md +++ b/2015/CVE-2015-1503.md @@ -17,4 +17,5 @@ Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2015/CVE-2015-1701.md b/2015/CVE-2015-1701.md index d2cc2fa7e4..ffe9ad3068 100644 --- a/2015/CVE-2015-1701.md +++ b/2015/CVE-2015-1701.md @@ -62,6 +62,7 @@ Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vist - https://github.com/pr0code/https-github.com-ExpLife0011-awesome-windows-kernel-security-development - https://github.com/pravinsrc/NOTES-windows-kernel-links - https://github.com/puckiestyle/A-Red-Teamer-diaries +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/tronghieu220403/Common-Vulnerabilities-and-Exposures-Reports - https://github.com/tufanturhan/Red-Teamer-Diaries - https://github.com/weeka10/-hktalent-TOP diff --git a/2015/CVE-2015-1880.md b/2015/CVE-2015-1880.md index 707fd95e20..49b2acc96a 100644 --- a/2015/CVE-2015-1880.md +++ b/2015/CVE-2015-1880.md @@ -13,6 +13,7 @@ Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet Fo No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2015/CVE-2015-4852.md b/2015/CVE-2015-4852.md index d6325a9aad..9c3380eefd 100644 --- a/2015/CVE-2015-4852.md +++ b/2015/CVE-2015-4852.md @@ -64,6 +64,7 @@ The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3. - https://github.com/nex1less/CVE-2015-4852 - https://github.com/nihaohello/N-MiddlewareScan - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/psadmin-io/weblogic-patching-scripts - https://github.com/qiqiApink/apkRepair diff --git a/2015/CVE-2015-5600.md b/2015/CVE-2015-5600.md index 058bbb58de..3a5e379c54 100644 --- a/2015/CVE-2015-5600.md +++ b/2015/CVE-2015-5600.md @@ -22,6 +22,7 @@ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 #### Github - https://github.com/Live-Hack-CVE/CVE-2015-5600 - https://github.com/ahm3dhany/IDS-Evasion +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/pboonman196/Final_Project_CyberBootcamp - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/sjourdan/clair-lab diff --git a/2015/CVE-2015-6563.md b/2015/CVE-2015-6563.md index 6b7690e0af..971a4401a3 100644 --- a/2015/CVE-2015-6563.md +++ b/2015/CVE-2015-6563.md @@ -18,6 +18,7 @@ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms acc - https://github.com/ARPSyndicate/cvemon - https://github.com/CyCognito/manual-detection - https://github.com/Live-Hack-CVE/CVE-2015-6563 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough diff --git a/2015/CVE-2015-6564.md b/2015/CVE-2015-6564.md index f88de6faf5..e271b0157e 100644 --- a/2015/CVE-2015-6564.md +++ b/2015/CVE-2015-6564.md @@ -17,6 +17,7 @@ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c #### Github - https://github.com/CyCognito/manual-detection - https://github.com/Live-Hack-CVE/CVE-2015-6564 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough diff --git a/2015/CVE-2015-6927.md b/2015/CVE-2015-6927.md new file mode 100644 index 0000000000..21e1717e58 --- /dev/null +++ b/2015/CVE-2015-6927.md @@ -0,0 +1,17 @@ +### [CVE-2015-6927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6927) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. + +### POC + +#### Reference +- https://src.openvz.org/projects/OVZL/repos/vzctl/commits/9e98ea630ac0e88b44e3e23c878a5166aeb74e1c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2015/CVE-2015-7450.md b/2015/CVE-2015-7450.md index 0eacdfb5e8..ce1c56b111 100644 --- a/2015/CVE-2015-7450.md +++ b/2015/CVE-2015-7450.md @@ -28,6 +28,7 @@ Serialized-object interfaces in certain IBM analytics, business solutions, cogni - https://github.com/Delishsploits/PayloadsAndMethodology - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/GuynnR/Payloads +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/Ostorlab/KEV diff --git a/2015/CVE-2015-7501.md b/2015/CVE-2015-7501.md index b3c16f6404..75c6412ad3 100644 --- a/2015/CVE-2015-7501.md +++ b/2015/CVE-2015-7501.md @@ -37,6 +37,7 @@ Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/GuynnR/Payloads - https://github.com/HimmelAward/Goby_POC +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MrE-Fog/jbossScan - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings @@ -81,6 +82,7 @@ Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/password520/RedTeamer - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2015/CVE-2015-7547.md b/2015/CVE-2015-7547.md index 8929d95d23..f59149e262 100644 --- a/2015/CVE-2015-7547.md +++ b/2015/CVE-2015-7547.md @@ -66,6 +66,7 @@ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functio - https://github.com/Vxer-Lee/Hack_Tools - https://github.com/ZTK-009/linux-kernel-exploits - https://github.com/ZiDuNet/Note +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/alanmeyer/CVE-glibc - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alex-bender/links diff --git a/2015/CVE-2015-7780.md b/2015/CVE-2015-7780.md index 1d1d5022e9..2ffd5b1d74 100644 --- a/2015/CVE-2015-7780.md +++ b/2015/CVE-2015-7780.md @@ -13,5 +13,6 @@ Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2015/CVE-2015-8103.md b/2015/CVE-2015-8103.md index 4ddb33c11a..536ae36744 100644 --- a/2015/CVE-2015-8103.md +++ b/2015/CVE-2015-8103.md @@ -30,6 +30,7 @@ The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/GuynnR/Payloads - https://github.com/KayCHENvip/vulnerability-poc +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Miraitowa70/POC-Notes - https://github.com/Muhammd/Awesome-Payloads - https://github.com/NCSU-DANCE-Research-Group/CDL @@ -63,6 +64,7 @@ The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/r00t4dm/Jenkins-CVE-2015-8103 - https://github.com/ranjan-prp/PayloadsAllTheThings diff --git a/2015/CVE-2015-8550.md b/2015/CVE-2015-8550.md index 84c1fae437..669ba343b1 100644 --- a/2015/CVE-2015-8550.md +++ b/2015/CVE-2015-8550.md @@ -16,6 +16,7 @@ Xen, when used on a system providing PV backends, allows local guest OS administ - https://github.com/Al1ex/LinuxEelvation - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/jfbastien/no-sane-compiler diff --git a/2015/CVE-2015-8660.md b/2015/CVE-2015-8660.md index ad62a57abb..0c0df43c57 100644 --- a/2015/CVE-2015-8660.md +++ b/2015/CVE-2015-8660.md @@ -22,6 +22,7 @@ The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3 - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Live-Hack-CVE/CVE-2015-8660 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/chorankates/Irked - https://github.com/nhamle2/CVE-2015-8660 - https://github.com/nhamle2/nhamle2 diff --git a/2016/CVE-2016-0099.md b/2016/CVE-2016-0099.md index 60ce59c50f..fd0558ffa0 100644 --- a/2016/CVE-2016-0099.md +++ b/2016/CVE-2016-0099.md @@ -31,6 +31,7 @@ The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 - https://github.com/hktalent/TOP - https://github.com/jenriquezv/OSCP-Cheat-Sheets-Windows - https://github.com/lyshark/Windows-exploits +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/readloud/Awesome-Stars - https://github.com/taielab/awesome-hacking-lists - https://github.com/xbl2022/awesome-hacking-lists diff --git a/2016/CVE-2016-0638.md b/2016/CVE-2016-0638.md index 85cde6095d..e3ff9e5c7f 100644 --- a/2016/CVE-2016-0638.md +++ b/2016/CVE-2016-0638.md @@ -54,11 +54,13 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/koutto/jok3r-pocs - https://github.com/langu-xyz/JavaVulnMap - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/password520/RedTeamer - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/safe6Sec/WeblogicVuln - https://github.com/safe6Sec/wlsEnv - https://github.com/sp4zcmd/WeblogicExploit-GUI diff --git a/2016/CVE-2016-0728.md b/2016/CVE-2016-0728.md index 763ae5cdd1..bfa0692ba2 100644 --- a/2016/CVE-2016-0728.md +++ b/2016/CVE-2016-0728.md @@ -40,6 +40,7 @@ The join_session_keyring function in security/keys/process_keys.c in the Linux k - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/ainannurizzaman/zabbix - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits diff --git a/2016/CVE-2016-0777.md b/2016/CVE-2016-0777.md index 9214eed9d6..8605825e81 100644 --- a/2016/CVE-2016-0777.md +++ b/2016/CVE-2016-0777.md @@ -25,6 +25,7 @@ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, - https://github.com/RedHatSatellite/satellite-host-cve - https://github.com/WinstonN/fabric2 - https://github.com/akshayprasad/Linux_command_crash_course +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/chuongvuvan/awesome-ssh - https://github.com/cpcloudnl/ssh-config - https://github.com/dblume/dotfiles diff --git a/2016/CVE-2016-0788.md b/2016/CVE-2016-0788.md index b9408b4c87..a5a0a46fcd 100644 --- a/2016/CVE-2016-0788.md +++ b/2016/CVE-2016-0788.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/klausware/Java-Deserialization-Cheat-Sheet - https://github.com/lnick2023/nicenice - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet +- https://github.com/onewinner/VulToolsKit - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-0792.md b/2016/CVE-2016-0792.md index f717b26a14..ad8b18dd5c 100644 --- a/2016/CVE-2016-0792.md +++ b/2016/CVE-2016-0792.md @@ -30,6 +30,7 @@ Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642. - https://github.com/GuynnR/Payloads - https://github.com/JERRY123S/all-poc - https://github.com/KayCHENvip/vulnerability-poc +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Miraitowa70/POC-Notes - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings @@ -62,6 +63,7 @@ Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642. - https://github.com/lp008/Hack-readme - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/ranjan-prp/PayloadsAllTheThings diff --git a/2016/CVE-2016-1000109.md b/2016/CVE-2016-1000109.md index 0b4cf91e68..371415bad4 100644 --- a/2016/CVE-2016-1000109.md +++ b/2016/CVE-2016-1000109.md @@ -32,6 +32,7 @@ HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-1000110.md b/2016/CVE-2016-1000110.md index 57232937ac..af8079a491 100644 --- a/2016/CVE-2016-1000110.md +++ b/2016/CVE-2016-1000110.md @@ -33,6 +33,7 @@ The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_P - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-1000216.md b/2016/CVE-2016-1000216.md new file mode 100644 index 0000000000..26a99d8aaa --- /dev/null +++ b/2016/CVE-2016-1000216.md @@ -0,0 +1,17 @@ +### [CVE-2016-1000216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000216) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Ruckus Wireless H500 web management interface authenticated command injection + +### POC + +#### Reference +- https://bitbucket.org/dudux/ruckus-rootshell + +#### Github +No PoCs found on GitHub currently. + diff --git a/2016/CVE-2016-10009.md b/2016/CVE-2016-10009.md index af1bca5b80..a64c272967 100644 --- a/2016/CVE-2016-10009.md +++ b/2016/CVE-2016-10009.md @@ -15,6 +15,7 @@ Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH befor - https://www.exploit-db.com/exploits/40963/ #### Github +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/biswajitde/dsm_ips - https://github.com/gabrieljcs/ips-assessment-reports diff --git a/2016/CVE-2016-10012.md b/2016/CVE-2016-10012.md index 4c3a035498..1fad6ddc9c 100644 --- a/2016/CVE-2016-10012.md +++ b/2016/CVE-2016-10012.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/phx/cvescan - https://github.com/retr0-13/cveScannerV2 diff --git a/2016/CVE-2016-2384.md b/2016/CVE-2016-2384.md index ff3a231f43..44f360f56e 100644 --- a/2016/CVE-2016-2384.md +++ b/2016/CVE-2016-2384.md @@ -37,6 +37,7 @@ Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2016/CVE-2016-3088.md b/2016/CVE-2016-3088.md index 515ab3dd2b..32af1b79ea 100644 --- a/2016/CVE-2016-3088.md +++ b/2016/CVE-2016-3088.md @@ -36,6 +36,7 @@ The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remot - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/YutuSec/ActiveMQ_Crack - https://github.com/Z0fhack/Goby_POC - https://github.com/bakery312/Vulhub-Reproduce diff --git a/2016/CVE-2016-3115.md b/2016/CVE-2016-3115.md index fa842bdc6f..7a10fdb624 100644 --- a/2016/CVE-2016-3115.md +++ b/2016/CVE-2016-3115.md @@ -22,6 +22,7 @@ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/RedHatSatellite/satellite-host-cve +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/biswajitde/dsm_ips - https://github.com/gabrieljcs/ips-assessment-reports diff --git a/2016/CVE-2016-3309.md b/2016/CVE-2016-3309.md index 116de094ec..7fab3296bd 100644 --- a/2016/CVE-2016-3309.md +++ b/2016/CVE-2016-3309.md @@ -50,6 +50,7 @@ The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 - https://github.com/nobiusmallyu/kehai - https://github.com/pravinsrc/NOTES-windows-kernel-links - https://github.com/qazbnm456/awesome-cve-poc +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/sensepost/ms16-098 - https://github.com/siberas/CVE-2016-3309_Reloaded - https://github.com/slimdaddy/RedTeam diff --git a/2016/CVE-2016-3510.md b/2016/CVE-2016-3510.md index 8514477c66..01fc4b82e0 100644 --- a/2016/CVE-2016-3510.md +++ b/2016/CVE-2016-3510.md @@ -38,6 +38,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/JERRY123S/all-poc - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/KimJun1010/WeblogicTool +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MacAsure/WL_Scan_GO - https://github.com/Miraitowa70/POC-Notes - https://github.com/Muhammd/Awesome-Payloads @@ -84,11 +85,13 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/password520/RedTeamer - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ranjan-prp/PayloadsAllTheThings - https://github.com/ravijainpro/payloads_xss - https://github.com/safe6Sec/WeblogicVuln diff --git a/2016/CVE-2016-4437.md b/2016/CVE-2016-4437.md index f2070d5b27..0a664949a6 100644 --- a/2016/CVE-2016-4437.md +++ b/2016/CVE-2016-4437.md @@ -16,6 +16,7 @@ Apache Shiro before 1.2.5, when a cipher key has not been configured for the "re #### Github - https://github.com/0day404/vulnerability-poc - https://github.com/0day666/Vulnerability-verification +- https://github.com/0x727/FingerprintHub - https://github.com/20142995/Goby - https://github.com/4nth0ny1130/shisoserial - https://github.com/ARPSyndicate/cvemon diff --git a/2016/CVE-2016-4557.md b/2016/CVE-2016-4557.md index a50a32cc58..e35c2c741a 100644 --- a/2016/CVE-2016-4557.md +++ b/2016/CVE-2016-4557.md @@ -16,6 +16,7 @@ The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux k - https://github.com/ARPSyndicate/cvemon - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/chreniuc/CTF - https://github.com/dylandreimerink/gobpfld - https://github.com/kkamagui/linux-kernel-exploits diff --git a/2016/CVE-2016-4997.md b/2016/CVE-2016-4997.md index 3649b3fc9c..fd276c8fc4 100644 --- a/2016/CVE-2016-4997.md +++ b/2016/CVE-2016-4997.md @@ -18,4 +18,5 @@ The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations #### Github - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits diff --git a/2016/CVE-2016-5195.md b/2016/CVE-2016-5195.md index b4b4b0aa1a..4d6c656398 100644 --- a/2016/CVE-2016-5195.md +++ b/2016/CVE-2016-5195.md @@ -67,6 +67,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/Cham0i/SecPlus - https://github.com/DanielEbert/CVE-2016-5195 - https://github.com/DanielEbert/dirtycow-vdso @@ -152,6 +153,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/Ygodsec/- - https://github.com/ZTK-009/RedTeamer - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/acidburnmi/CVE-2016-5195-master - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground @@ -284,6 +286,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits - https://github.com/kwxk/Rutgers_Cyber_Range +- https://github.com/kyuna312/Linux_menthor - https://github.com/kzwkt/lkrt - https://github.com/l2dy/stars - https://github.com/ldenevi/CVE-2016-5195 diff --git a/2016/CVE-2016-5385.md b/2016/CVE-2016-5385.md index 2f7fc2cce6..c69e91d6a5 100644 --- a/2016/CVE-2016-5385.md +++ b/2016/CVE-2016-5385.md @@ -43,6 +43,7 @@ PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-5386.md b/2016/CVE-2016-5386.md index 29e4eeb330..7d6ef6558b 100644 --- a/2016/CVE-2016-5386.md +++ b/2016/CVE-2016-5386.md @@ -36,6 +36,7 @@ The net/http package in Go through 1.6 does not attempt to address RFC 3875 sect - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-5387.md b/2016/CVE-2016-5387.md index 60185f9638..d95b5b4548 100644 --- a/2016/CVE-2016-5387.md +++ b/2016/CVE-2016-5387.md @@ -46,6 +46,7 @@ The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and theref - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/firatesatoglu/shodanSearch - https://github.com/gabomasi/reverse-proxy diff --git a/2016/CVE-2016-5388.md b/2016/CVE-2016-5388.md index 97af8c0f44..0e59baa4f4 100644 --- a/2016/CVE-2016-5388.md +++ b/2016/CVE-2016-5388.md @@ -36,6 +36,7 @@ Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-6210.md b/2016/CVE-2016-6210.md index ae38597702..108b691846 100644 --- a/2016/CVE-2016-6210.md +++ b/2016/CVE-2016-6210.md @@ -17,6 +17,7 @@ sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password has - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Live-Hack-CVE/CVE-2016-6210 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/cocomelonc/vulnexipy - https://github.com/eric-conrad/enumer8 diff --git a/2016/CVE-2016-7067.md b/2016/CVE-2016-7067.md new file mode 100644 index 0000000000..7113878952 --- /dev/null +++ b/2016/CVE-2016-7067.md @@ -0,0 +1,17 @@ +### [CVE-2016-7067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7067) +![](https://img.shields.io/static/v1?label=Product&message=monit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352&color=brighgreen) + +### Description + +Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service. + +### POC + +#### Reference +- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master + +#### Github +No PoCs found on GitHub currently. + diff --git a/2016/CVE-2016-7124.md b/2016/CVE-2016-7124.md index e0eca31098..7cf2f24bb5 100644 --- a/2016/CVE-2016-7124.md +++ b/2016/CVE-2016-7124.md @@ -16,6 +16,7 @@ ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 misha #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/Fa1c0n35/Web-CTF-Cheatshee +- https://github.com/ProbiusOfficial/PHPSerialize-labs - https://github.com/Zxser/Web-CTF-Cheatsheet - https://github.com/duckstroms/Web-CTF-Cheatsheet - https://github.com/fine-1/php-SER-libs diff --git a/2016/CVE-2016-8527.md b/2016/CVE-2016-8527.md index e8023aa7e6..ed852ed572 100644 --- a/2016/CVE-2016-8527.md +++ b/2016/CVE-2016-8527.md @@ -13,6 +13,7 @@ Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a - https://www.exploit-db.com/exploits/41482/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2016/CVE-2016-8655.md b/2016/CVE-2016-8655.md index 757c4c92a2..fbfe1fa361 100644 --- a/2016/CVE-2016-8655.md +++ b/2016/CVE-2016-8655.md @@ -33,6 +33,7 @@ Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allo - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/The-Z-Labs/linux-exploit-suggester - https://github.com/TheJoyOfHacking/mzet-linux-exploit-suggester +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/agkunkle/chocobo - https://github.com/anoaghost/Localroot_Compile - https://github.com/bcoles/kernel-exploits diff --git a/2016/CVE-2016-9793.md b/2016/CVE-2016-9793.md index 4b23acc387..4939b692a2 100644 --- a/2016/CVE-2016-9793.md +++ b/2016/CVE-2016-9793.md @@ -31,6 +31,7 @@ The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.1 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amrelsadane123/Ecploit-kernel-4.10-linux-local diff --git a/2016/CVE-2016-9957.md b/2016/CVE-2016-9957.md index 59d3ef0bc6..21666334bd 100644 --- a/2016/CVE-2016-9957.md +++ b/2016/CVE-2016-9957.md @@ -10,6 +10,7 @@ Stack-based buffer overflow in game-music-emu before 0.6.1. ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9958.md b/2016/CVE-2016-9958.md index ecb5e443d5..c01ebec9ea 100644 --- a/2016/CVE-2016-9958.md +++ b/2016/CVE-2016-9958.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9959.md b/2016/CVE-2016-9959.md index e2f3febfe7..3b30e1bb96 100644 --- a/2016/CVE-2016-9959.md +++ b/2016/CVE-2016-9959.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8- ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9960.md b/2016/CVE-2016-9960.md index c8ba9f1be4..4c314b3db3 100644 --- a/2016/CVE-2016-9960.md +++ b/2016/CVE-2016-9960.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 allows local users to cause a denial of service (div ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9961.md b/2016/CVE-2016-9961.md index 10b4a68906..0dc4d0ddc0 100644 --- a/2016/CVE-2016-9961.md +++ b/2016/CVE-2016-9961.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 mishandles unspecified integer values. ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.cz/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2017/CVE-2017-0143.md b/2017/CVE-2017-0143.md index fd18249527..df4d77f805 100644 --- a/2017/CVE-2017-0143.md +++ b/2017/CVE-2017-0143.md @@ -110,6 +110,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/liorsivan/hackthebox-machines - https://github.com/lnick2023/nicenice - https://github.com/lyshark/Windows-exploits +- https://github.com/mchklt/PFE - https://github.com/merlinepedra/SCAN4LL - https://github.com/merlinepedra25/SCAN4ALL-1 - https://github.com/mishmashclone/infosecn1nja-AD-Attack-Defense diff --git a/2017/CVE-2017-0144.md b/2017/CVE-2017-0144.md index 80555f69b4..ab26f84770 100644 --- a/2017/CVE-2017-0144.md +++ b/2017/CVE-2017-0144.md @@ -23,6 +23,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/61106960/adPEAS - https://github.com/ARPSyndicate/cvemon - https://github.com/Ali-Imangholi/EternalBlueTrojan +- https://github.com/AnugiArrawwala/CVE-Research - https://github.com/Astrogeorgeonethree/Starred - https://github.com/Astrogeorgeonethree/Starred2 - https://github.com/Atem1988/Starred @@ -128,6 +129,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/peterpt/eternal_scanner - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/quynhold/Detect-CVE-2017-0144-attack +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/retr0-13/AD-Attack-Defense - https://github.com/revanmalang/OSCP - https://github.com/rvsvishnuv/rvsvishnuv.github.io diff --git a/2017/CVE-2017-0199.md b/2017/CVE-2017-0199.md index 6012e461cb..4d9708ce28 100644 --- a/2017/CVE-2017-0199.md +++ b/2017/CVE-2017-0199.md @@ -185,6 +185,7 @@ Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, - https://github.com/securi3ytalent/Red-Teaming-documentation - https://github.com/severnake/Pentest-Tools - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/stealth-ronin/CVE-2017-0199-PY-KIT - https://github.com/sv3nbeast/Attack-Notes @@ -197,6 +198,7 @@ Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, - https://github.com/triw0lf/Security-Matters-22 - https://github.com/twensoo/PersistentThreat - https://github.com/txuswashere/OSCP +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/viethdgit/CVE-2017-0199 - https://github.com/vysecurity/RedTips diff --git a/2017/CVE-2017-0213.md b/2017/CVE-2017-0213.md index 2724b5698f..b780f86997 100644 --- a/2017/CVE-2017-0213.md +++ b/2017/CVE-2017-0213.md @@ -94,6 +94,7 @@ Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qiantu88/cve - https://github.com/rakjong/WindowsElvation +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/redteampa1/Windows - https://github.com/renzu0/Windows-exp - https://github.com/reph0r/Poc-Exp-Tools diff --git a/2017/CVE-2017-1000112.md b/2017/CVE-2017-1000112.md index bd9562d168..05e3122fe0 100644 --- a/2017/CVE-2017-1000112.md +++ b/2017/CVE-2017-1000112.md @@ -74,6 +74,7 @@ Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. W - https://github.com/kkamagui/linux-kernel-exploits - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/lnick2023/nicenice - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/maririn312/Linux_menthor diff --git a/2017/CVE-2017-1000253.md b/2017/CVE-2017-1000253.md index 8e21e1e66f..bee568b6ae 100644 --- a/2017/CVE-2017-1000253.md +++ b/2017/CVE-2017-1000253.md @@ -17,6 +17,7 @@ Linux distributions that have not patched their long-term kernels with https://g - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/RicterZ/PIE-Stack-Clash-CVE-2017-1000253 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/kaosagnt/ansible-everyday - https://github.com/sxlmnwb/CVE-2017-1000253 diff --git a/2017/CVE-2017-1000353.md b/2017/CVE-2017-1000353.md index 9cfaf38708..515a72d315 100644 --- a/2017/CVE-2017-1000353.md +++ b/2017/CVE-2017-1000353.md @@ -60,6 +60,7 @@ Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerab - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nixawk/labs - https://github.com/oneplus-x/MS17-010 +- https://github.com/onewinner/VulToolsKit - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/r00t4dm/Jenkins-CVE-2017-1000353 - https://github.com/reph0r/poc-exp diff --git a/2017/CVE-2017-1000367.md b/2017/CVE-2017-1000367.md index 1b4882a904..c7aa8542db 100644 --- a/2017/CVE-2017-1000367.md +++ b/2017/CVE-2017-1000367.md @@ -36,6 +36,7 @@ Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validati - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhaleShark-Team/murasame - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2017/CVE-2017-1001000.md b/2017/CVE-2017-1001000.md index e4bbcf3727..48d7083cbc 100644 --- a/2017/CVE-2017-1001000.md +++ b/2017/CVE-2017-1001000.md @@ -15,6 +15,7 @@ The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-pos #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/FishyStix12/BH.py-CharCyCon2024 +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/Vayel/docker-wordpress-content-injection - https://github.com/YemiBeshe/Codepath-WP1 - https://github.com/hom3r/wordpress-4.7 diff --git a/2017/CVE-2017-10271.md b/2017/CVE-2017-10271.md index a3ea7a4bb0..3c92b0c5a4 100644 --- a/2017/CVE-2017-10271.md +++ b/2017/CVE-2017-10271.md @@ -73,6 +73,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/KimJun1010/WeblogicTool - https://github.com/Luffin/CVE-2017-10271 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MacAsure/WL_Scan_GO - https://github.com/Mehedi-Babu/honeypots_cyber - https://github.com/Mehedi-Babu/pentest_tools_repo @@ -98,6 +99,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/SuperHacker-liuan/cve-2017-10271-poc - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Waseem27-art/ART-TOOLKIT - https://github.com/Weik1/Artillery - https://github.com/WingsSec/Meppo @@ -189,6 +191,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/nitishbadole/Pentest_Tools - https://github.com/oneplus-x/Sn1per - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/papa-anniekey/CustomSignatures - https://github.com/paralax/awesome-honeypots @@ -209,6 +212,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/r4b3rt/CVE-2017-10271 - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/rambleZzz/weblogic_CVE_2017_10271 - https://github.com/ranjan-prp/PayloadsAllTheThings - https://github.com/ravijainpro/payloads_xss diff --git a/2017/CVE-2017-11176.md b/2017/CVE-2017-11176.md index 5f494ed155..e5557b8190 100644 --- a/2017/CVE-2017-11176.md +++ b/2017/CVE-2017-11176.md @@ -27,6 +27,7 @@ The mq_notify function in the Linux kernel through 4.11.9 does not set the sock - https://github.com/Lexterl33t/Exploit-Kernel - https://github.com/Norido/kernel - https://github.com/Sama-Ayman-Mokhtar/CVE-2017-11176 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/ahpaleus/ahp_cheatsheet - https://github.com/anoaghost/Localroot_Compile - https://github.com/bsauce/kernel-exploit-factory diff --git a/2017/CVE-2017-11882.md b/2017/CVE-2017-11882.md index f8323e0b34..9cdd76e1ba 100644 --- a/2017/CVE-2017-11882.md +++ b/2017/CVE-2017-11882.md @@ -87,6 +87,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/Ridter/RTF_11882_0802 - https://github.com/Rory33160/Phishing-Prevention - https://github.com/RxXwx3x/Redteam +- https://github.com/S3N4T0R-0X0/Ember-Bear-APT - https://github.com/Saidul-M-Khan/Red-Teaming-Toolkit - https://github.com/SewellDinG/Search - https://github.com/SexyBeast233/SecBooks @@ -96,6 +97,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/StrangerealIntel/DeltaFlare - https://github.com/Sunqiz/CVE-2017-11882-reproduction - https://github.com/Th3k33n/RedTeam +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Ygodsec/- - https://github.com/ZTK-009/RedTeamer - https://github.com/ZtczGrowtopia/2500-OPEN-SOURCE-RAT @@ -182,6 +184,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/rxwx/CVE-2018-0802 - https://github.com/scriptsboy/Red-Teaming-Toolkit - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/starnightcyber/CVE-2017-11882 - https://github.com/sumas/APT_CyberCriminal_Campagin_Collections @@ -194,6 +197,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/triw0lf/Security-Matters-22 - https://github.com/twensoo/PersistentThreat - https://github.com/tzwlhack/CVE-2017-11882 +- https://github.com/u53r55/Security-Tools-List - https://github.com/unamer/CVE-2017-11882 - https://github.com/unusualwork/red-team-tools - https://github.com/wateroot/poc-exp diff --git a/2017/CVE-2017-12149.md b/2017/CVE-2017-12149.md index b07e2645fa..ce41b07532 100644 --- a/2017/CVE-2017-12149.md +++ b/2017/CVE-2017-12149.md @@ -56,6 +56,7 @@ In Jboss Application Server as shipped with Red Hat Enterprise Application Platf - https://github.com/TSY244/scan_node - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/VVeakee/CVE-2017-12149 - https://github.com/Weik1/Artillery @@ -101,6 +102,7 @@ In Jboss Application Server as shipped with Red Hat Enterprise Application Platf - https://github.com/merlinepedra25/JavaDeserH2HC - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/ozkanbilge/Java-Reverse-Shell - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer diff --git a/2017/CVE-2017-12615.md b/2017/CVE-2017-12615.md index d569134811..928d22bfcd 100644 --- a/2017/CVE-2017-12615.md +++ b/2017/CVE-2017-12615.md @@ -84,6 +84,7 @@ When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e. - https://github.com/mefulton/cve-2017-12615 - https://github.com/nixawk/labs - https://github.com/oneplus-x/MS17-010 +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer - https://github.com/qazbnm456/awesome-cve-poc diff --git a/2017/CVE-2017-12617.md b/2017/CVE-2017-12617.md index 79981f4cb4..b605e64c98 100644 --- a/2017/CVE-2017-12617.md +++ b/2017/CVE-2017-12617.md @@ -42,6 +42,7 @@ When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC - https://github.com/Kaizhe/attacker - https://github.com/Lodoelama/Offensive-Security-CTF-Project - https://github.com/LongWayHomie/CVE-2017-12617 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/Ostorlab/KEV diff --git a/2017/CVE-2017-12637.md b/2017/CVE-2017-12637.md index e494b9617f..25f9078298 100644 --- a/2017/CVE-2017-12637.md +++ b/2017/CVE-2017-12637.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2017/CVE-2017-12794.md b/2017/CVE-2017-12794.md index 3701dc1eae..28714e3a79 100644 --- a/2017/CVE-2017-12794.md +++ b/2017/CVE-2017-12794.md @@ -21,6 +21,7 @@ No PoCs from references. - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/bakery312/Vulhub-Reproduce +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hktalent/bug-bounty - https://github.com/hxysaury/saury-vulnhub - https://github.com/kenuosec/youzai diff --git a/2017/CVE-2017-12972.md b/2017/CVE-2017-12972.md new file mode 100644 index 0000000000..23f1dac08b --- /dev/null +++ b/2017/CVE-2017-12972.md @@ -0,0 +1,19 @@ +### [CVE-2017-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12972) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-12973.md b/2017/CVE-2017-12973.md new file mode 100644 index 0000000000..54de5b2cbe --- /dev/null +++ b/2017/CVE-2017-12973.md @@ -0,0 +1,19 @@ +### [CVE-2017-12973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12973) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-12974.md b/2017/CVE-2017-12974.md new file mode 100644 index 0000000000..db668a6427 --- /dev/null +++ b/2017/CVE-2017-12974.md @@ -0,0 +1,19 @@ +### [CVE-2017-12974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12974) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13698.md b/2017/CVE-2017-13698.md new file mode 100644 index 0000000000..1a1dc5d60a --- /dev/null +++ b/2017/CVE-2017-13698.md @@ -0,0 +1,17 @@ +### [CVE-2017-13698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13698) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. + +### POC + +#### Reference +- https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13699.md b/2017/CVE-2017-13699.md new file mode 100644 index 0000000000..c77b9520cf --- /dev/null +++ b/2017/CVE-2017-13699.md @@ -0,0 +1,17 @@ +### [CVE-2017-13699](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13699) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. + +### POC + +#### Reference +- https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13700.md b/2017/CVE-2017-13700.md new file mode 100644 index 0000000000..0a33a272f3 --- /dev/null +++ b/2017/CVE-2017-13700.md @@ -0,0 +1,17 @@ +### [CVE-2017-13700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13700) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. + +### POC + +#### Reference +- https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13701.md b/2017/CVE-2017-13701.md new file mode 100644 index 0000000000..08bfcd6619 --- /dev/null +++ b/2017/CVE-2017-13701.md @@ -0,0 +1,17 @@ +### [CVE-2017-13701](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13701) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. + +### POC + +#### Reference +- https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13702.md b/2017/CVE-2017-13702.md new file mode 100644 index 0000000000..01810df971 --- /dev/null +++ b/2017/CVE-2017-13702.md @@ -0,0 +1,17 @@ +### [CVE-2017-13702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13702) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. + +### POC + +#### Reference +- https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13703.md b/2017/CVE-2017-13703.md new file mode 100644 index 0000000000..85181dc933 --- /dev/null +++ b/2017/CVE-2017-13703.md @@ -0,0 +1,17 @@ +### [CVE-2017-13703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13703) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. + +### POC + +#### Reference +- https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-15906.md b/2017/CVE-2017-15906.md index 4cc4196cfb..d1755f9b7f 100644 --- a/2017/CVE-2017-15906.md +++ b/2017/CVE-2017-15906.md @@ -14,6 +14,7 @@ The process_open function in sftp-server.c in OpenSSH before 7.6 does not proper #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/Milkad0/DC-4_VulnHub - https://github.com/ProTechEx/asn - https://github.com/bioly230/THM_Skynet diff --git a/2017/CVE-2017-16939.md b/2017/CVE-2017-16939.md index af6d0e468c..a10dcfcdef 100644 --- a/2017/CVE-2017-16939.md +++ b/2017/CVE-2017-16939.md @@ -24,6 +24,7 @@ No PoCs from references. - https://github.com/SecWiki/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/distance-vector/linux-kernel-exploits diff --git a/2017/CVE-2017-16995.md b/2017/CVE-2017-16995.md index b124792526..ac77bcd541 100644 --- a/2017/CVE-2017-16995.md +++ b/2017/CVE-2017-16995.md @@ -36,6 +36,7 @@ The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4 - https://github.com/Lumindu/CVE-2017-16995-Linux-Kernel---BPF-Sign-Extension-Local-Privilege-Escalation- - https://github.com/Metarget/metarget - https://github.com/Micr067/linux-kernel-exploits +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/PhoenixCreation/resources - https://github.com/QChiLan/linux-exp - https://github.com/R0B1NL1N/Linux-Kernal-Exploits-m- @@ -55,6 +56,7 @@ The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4 - https://github.com/ZTK-009/RedTeamer - https://github.com/ZTK-009/linux-kernel-exploits - https://github.com/ZhiQiAnSecFork/cve-2017-16995 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anldori/CVE-2017-16995 diff --git a/2017/CVE-2017-18640.md b/2017/CVE-2017-18640.md index b219e30b5b..cba6854144 100644 --- a/2017/CVE-2017-18640.md +++ b/2017/CVE-2017-18640.md @@ -10,6 +10,8 @@ The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load ### POC #### Reference +- https://bitbucket.org/snakeyaml/snakeyaml/issues/377 +- https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes - https://www.oracle.com/security-alerts/cpuApr2021.html #### Github diff --git a/2017/CVE-2017-20066.md b/2017/CVE-2017-20066.md index 793f4b60a2..a75938fbe2 100644 --- a/2017/CVE-2017-20066.md +++ b/2017/CVE-2017-20066.md @@ -11,6 +11,7 @@ A vulnerability has been found in Adminer Login 1.4.4 and classified as problema #### Reference - https://sumofpwn.nl/advisory/2016/wordpress_adminer_plugin_allows_public__local__database_login.html +- https://vuldb.com/?id.97384 #### Github No PoCs found on GitHub currently. diff --git a/2017/CVE-2017-20073.md b/2017/CVE-2017-20073.md index 69cc097aa0..66906456a5 100644 --- a/2017/CVE-2017-20073.md +++ b/2017/CVE-2017-20073.md @@ -10,6 +10,7 @@ A vulnerability has been found in Hindu Matrimonial Script and classified as cri ### POC #### Reference +- https://vuldb.com/?id.95413 - https://www.exploit-db.com/exploits/41044/ #### Github diff --git a/2017/CVE-2017-20117.md b/2017/CVE-2017-20117.md index 3e70f11a8e..7ffde745b2 100644 --- a/2017/CVE-2017-20117.md +++ b/2017/CVE-2017-20117.md @@ -10,6 +10,7 @@ A vulnerability was found in TrueConf Server 4.3.7. It has been declared as prob ### POC #### Reference +- https://vuldb.com/?id.96631 - https://www.exploit-db.com/exploits/41184/ #### Github diff --git a/2017/CVE-2017-3248.md b/2017/CVE-2017-3248.md index 84d4e8eff8..24dbf52833 100644 --- a/2017/CVE-2017-3248.md +++ b/2017/CVE-2017-3248.md @@ -63,12 +63,14 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nihaohello/N-MiddlewareScan - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go - https://github.com/quentinhardy/scriptsAndExploits - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/rockmelodies/rocComExpRce - https://github.com/rudinyu/KB - https://github.com/safe6Sec/WeblogicVuln diff --git a/2017/CVE-2017-3506.md b/2017/CVE-2017-3506.md index 2e814226ac..f2d1aa5664 100644 --- a/2017/CVE-2017-3506.md +++ b/2017/CVE-2017-3506.md @@ -84,6 +84,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/safe6Sec/WeblogicVuln - https://github.com/safe6Sec/wlsEnv - https://github.com/sahabrifki/erpscan diff --git a/2017/CVE-2017-5123.md b/2017/CVE-2017-5123.md index 73418bdb86..4f01afaa53 100644 --- a/2017/CVE-2017-5123.md +++ b/2017/CVE-2017-5123.md @@ -37,6 +37,7 @@ Insufficient data validation in waitid allowed an user to escape sandboxes on Li - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/WinMin/awesome-vm-exploit - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/albinjoshy03/linux-kernel-exploits diff --git a/2017/CVE-2017-5638.md b/2017/CVE-2017-5638.md index 1d94aab6f3..0b46b8d985 100644 --- a/2017/CVE-2017-5638.md +++ b/2017/CVE-2017-5638.md @@ -74,6 +74,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be - https://github.com/Kaizhe/attacker - https://github.com/KarzsGHR/S2-046_S2-045_POC - https://github.com/Lawrence-Dean/awesome-stars +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve - https://github.com/MelanyRoob/Goby - https://github.com/Meowmycks/OSCPprep-BlueSky @@ -104,6 +105,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/UNC1739/awesome-vulnerability-research +- https://github.com/Well-Neri/Simulado-L-gica-de-programa-o - https://github.com/XPR1M3/Payloads_All_The_Things - https://github.com/Xhendos/CVE-2017-5638 - https://github.com/Z0fhack/Goby_POC diff --git a/2017/CVE-2017-5992.md b/2017/CVE-2017-5992.md index 0ec85d6aab..a01681410e 100644 --- a/2017/CVE-2017-5992.md +++ b/2017/CVE-2017-5992.md @@ -10,6 +10,7 @@ Openpyxl 2.4.1 resolves external entities by default, which allows remote attack ### POC #### Reference +- https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442 #### Github diff --git a/2017/CVE-2017-6074.md b/2017/CVE-2017-6074.md index ab4f43078a..c04b036bfc 100644 --- a/2017/CVE-2017-6074.md +++ b/2017/CVE-2017-6074.md @@ -44,6 +44,7 @@ The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel thro - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/WhaleShark-Team/murasame - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/alsmadi/Parse_CVE_Details diff --git a/2017/CVE-2017-7264.md b/2017/CVE-2017-7264.md index 9ec89381c5..827a4c24b5 100644 --- a/2017/CVE-2017-7264.md +++ b/2017/CVE-2017-7264.md @@ -5,7 +5,7 @@ ### Description -Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. +Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. ### POC diff --git a/2017/CVE-2017-7308.md b/2017/CVE-2017-7308.md index c6de4c247b..71b8fb01ab 100644 --- a/2017/CVE-2017-7308.md +++ b/2017/CVE-2017-7308.md @@ -38,6 +38,7 @@ The packet_set_ring function in net/packet/af_packet.c in the Linux kernel throu - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amrelsadane123/Ecploit-kernel-4.10-linux-local diff --git a/2017/CVE-2017-7391.md b/2017/CVE-2017-7391.md index fa186b8f0a..302137ef34 100644 --- a/2017/CVE-2017-7391.md +++ b/2017/CVE-2017-7391.md @@ -16,6 +16,7 @@ A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2017/CVE-2017-7494.md b/2017/CVE-2017-7494.md index a8b77aaab1..bd6041e431 100644 --- a/2017/CVE-2017-7494.md +++ b/2017/CVE-2017-7494.md @@ -106,6 +106,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r - https://github.com/YellowVeN0m/Pentesters-toolbox - https://github.com/ZTK-009/linux-kernel-exploits - https://github.com/Zer0d0y/Samba-CVE-2017-7494 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/abhinavkakku/Ethical-Hacking-Tutorials - https://github.com/acidonper/openshift4-advanced-cluster-security - https://github.com/adjaliya/-CVE-2017-7494-Samba-Exploit-POC @@ -127,6 +128,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r - https://github.com/brianwrf/SambaHunter - https://github.com/brimstone/damnvulnerable-sambacry - https://github.com/caique-garbim/CVE-2017-7494_SambaCry +- https://github.com/casohub/multinmap - https://github.com/chzerv/ansible-role-samba - https://github.com/clout86/Navi - https://github.com/clout86/the-read-team diff --git a/2017/CVE-2017-7504.md b/2017/CVE-2017-7504.md index 743e318943..5937334b29 100644 --- a/2017/CVE-2017-7504.md +++ b/2017/CVE-2017-7504.md @@ -58,6 +58,7 @@ No PoCs from references. - https://github.com/merlinepedra/JavaDeserH2HC - https://github.com/merlinepedra25/JavaDeserH2HC - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet +- https://github.com/onewinner/VulToolsKit - https://github.com/ozkanbilge/Java-Reverse-Shell - https://github.com/password520/RedTeamer - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2017/CVE-2017-8464.md b/2017/CVE-2017-8464.md index 175d2a7d63..dc8367b8da 100644 --- a/2017/CVE-2017-8464.md +++ b/2017/CVE-2017-8464.md @@ -50,6 +50,7 @@ Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi - https://github.com/SomUrim/windows-kernel-exploits-clone - https://github.com/TieuLong21Prosper/Detect-CVE-2017-8464 - https://github.com/TrG-1999/DetectPacket-CVE-2017-8464 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/X-Vector/usbhijacking - https://github.com/Ygodsec/- - https://github.com/ZTK-009/windows-kernel-exploits diff --git a/2017/CVE-2017-8570.md b/2017/CVE-2017-8570.md index 27784943ff..87e0694d58 100644 --- a/2017/CVE-2017-8570.md +++ b/2017/CVE-2017-8570.md @@ -106,6 +106,7 @@ Microsoft Office allows a remote code execution vulnerability due to the way tha - https://github.com/tezukanice/Office8570 - https://github.com/thezimtex/red-team - https://github.com/twensoo/PersistentThreat +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/weeka10/-hktalent-TOP - https://github.com/winterwolf32/Red-teaming diff --git a/2017/CVE-2017-8625.md b/2017/CVE-2017-8625.md index 9f5da92ae6..23e3f48698 100644 --- a/2017/CVE-2017-8625.md +++ b/2017/CVE-2017-8625.md @@ -73,6 +73,7 @@ Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 - https://github.com/lnick2023/nicenice - https://github.com/maurotedesco/RedTeam - https://github.com/mishmashclone/yeyintminthuhtut-Awesome-Red-Teaming +- https://github.com/mrhunter7/Awesome-Red-Teaming - https://github.com/mynameiskaleb/Coder-Everyday-Resource-Pack- - https://github.com/neonoatmeal/Coder-Everyday-Resource-Pack- - https://github.com/nitishbadole/PENTESTING-BIBLE diff --git a/2017/CVE-2017-8759.md b/2017/CVE-2017-8759.md index e967e2679d..f8a7688264 100644 --- a/2017/CVE-2017-8759.md +++ b/2017/CVE-2017-8759.md @@ -116,6 +116,7 @@ Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow - https://github.com/scriptsboy/Red-Teaming-Toolkit - https://github.com/securi3ytalent/Red-Teaming-documentation - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/smashinu/CVE-2017-8759Expoit - https://github.com/sumas/APT_CyberCriminal_Campagin_Collections @@ -124,6 +125,7 @@ Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow - https://github.com/t31m0/Red-Teaming-Toolkit - https://github.com/thezimtex/red-team - https://github.com/twensoo/PersistentThreat +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/varunsaru/SNP - https://github.com/vysecurity/CVE-2017-8759 diff --git a/2017/CVE-2017-8890.md b/2017/CVE-2017-8890.md index d1d5a30599..f1bf509d66 100644 --- a/2017/CVE-2017-8890.md +++ b/2017/CVE-2017-8890.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Al1ex/LinuxEelvation - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/beraphin/CVE-2017-8890 - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2017/CVE-2017-9791.md b/2017/CVE-2017-9791.md index 44ab2465f8..914a3ca6eb 100644 --- a/2017/CVE-2017-9791.md +++ b/2017/CVE-2017-9791.md @@ -15,6 +15,7 @@ The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code exe #### Github - https://github.com/0day666/Vulnerability-verification +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite3 - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon diff --git a/2017/CVE-2017-9805.md b/2017/CVE-2017-9805.md index c5e8026c59..5d34e779ee 100644 --- a/2017/CVE-2017-9805.md +++ b/2017/CVE-2017-9805.md @@ -50,6 +50,7 @@ The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x bef - https://github.com/Jean-Francois-C/Windows-Penetration-Testing - https://github.com/LearnGolang/LearnGolang - https://github.com/Lone-Ranger/apache-struts-pwn_CVE-2017-9805 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/NikolaKostadinov01/Cyber-Security-Base-project-two diff --git a/2018/CVE-2018-0127.md b/2018/CVE-2018-0127.md index 8eb2ea854f..2f8d9a4bc8 100644 --- a/2018/CVE-2018-0127.md +++ b/2018/CVE-2018-0127.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2018/CVE-2018-0296.md b/2018/CVE-2018-0296.md index bc0d81850a..ac98d50297 100644 --- a/2018/CVE-2018-0296.md +++ b/2018/CVE-2018-0296.md @@ -38,6 +38,7 @@ A vulnerability in the web interface of the Cisco Adaptive Security Appliance (A - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dk47os3r/hongduiziliao +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hasee2018/Safety-net-information - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP diff --git a/2018/CVE-2018-1000001.md b/2018/CVE-2018-1000001.md index 88f1b81ac5..0c17cd5758 100644 --- a/2018/CVE-2018-1000001.md +++ b/2018/CVE-2018-1000001.md @@ -31,6 +31,7 @@ In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpat - https://github.com/SecWiki/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2018/CVE-2018-1000036.md b/2018/CVE-2018-1000036.md index 4cf611a41b..3473b009db 100644 --- a/2018/CVE-2018-1000036.md +++ b/2018/CVE-2018-1000036.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. ### POC diff --git a/2018/CVE-2018-1000037.md b/2018/CVE-2018-1000037.md index 8b50876028..46b4faba12 100644 --- a/2018/CVE-2018-1000037.md +++ b/2018/CVE-2018-1000037.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. ### POC diff --git a/2018/CVE-2018-1000038.md b/2018/CVE-2018-1000038.md index 374e60485b..4c037c65df 100644 --- a/2018/CVE-2018-1000038.md +++ b/2018/CVE-2018-1000038.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. ### POC diff --git a/2018/CVE-2018-1000039.md b/2018/CVE-2018-1000039.md index 172d87ce3c..a5a90d3c6a 100644 --- a/2018/CVE-2018-1000039.md +++ b/2018/CVE-2018-1000039.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. ### POC diff --git a/2018/CVE-2018-1000040.md b/2018/CVE-2018-1000040.md index def0011419..80cf61c1bd 100644 --- a/2018/CVE-2018-1000040.md +++ b/2018/CVE-2018-1000040.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. ### POC diff --git a/2018/CVE-2018-1000600.md b/2018/CVE-2018-1000600.md index 2397be4a97..a5e1c3e975 100644 --- a/2018/CVE-2018-1000600.md +++ b/2018/CVE-2018-1000600.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/TheBeastofwar/JenkinsExploit-GUI - https://github.com/assetnote/blind-ssrf-chains +- https://github.com/onewinner/VulToolsKit - https://github.com/zan8in/afrog diff --git a/2018/CVE-2018-1000861.md b/2018/CVE-2018-1000861.md index 8711efe38c..8e983ed79c 100644 --- a/2018/CVE-2018-1000861.md +++ b/2018/CVE-2018-1000861.md @@ -30,6 +30,7 @@ A code execution vulnerability exists in the Stapler web framework used by Jenki - https://github.com/EchoGin404/gongkaishouji - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/FishyStix12/BH.py-CharCyCon2024 +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/MelanyRoob/Goby - https://github.com/Miraitowa70/POC-Notes @@ -67,6 +68,7 @@ A code execution vulnerability exists in the Stapler web framework used by Jenki - https://github.com/koutto/jok3r-pocs - https://github.com/langu-xyz/JavaVulnMap - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/awesome-jenkins-rce-2019 - https://github.com/password520/Penetration_PoC - https://github.com/reph0r/poc-exp diff --git a/2018/CVE-2018-10933.md b/2018/CVE-2018-10933.md index e793171440..8791af832f 100644 --- a/2018/CVE-2018-10933.md +++ b/2018/CVE-2018-10933.md @@ -56,6 +56,7 @@ A vulnerability was found in libssh's server-side state machine before versions - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Virgula0/POC-CVE-2018-10933 - https://github.com/VladimirFogel/PRO4 - https://github.com/a-n-n-a-c-g/advanced-pentesting diff --git a/2018/CVE-2018-11776.md b/2018/CVE-2018-11776.md index 2ce0873f07..531ece2e80 100644 --- a/2018/CVE-2018-11776.md +++ b/2018/CVE-2018-11776.md @@ -60,6 +60,7 @@ Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo - https://github.com/Ivan1ee/struts2-057-exp - https://github.com/JERRY123S/all-poc - https://github.com/LightC0der/Apache-Struts-0Day-Exploit +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/Ondrik8/RED-Team @@ -122,6 +123,7 @@ Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo - https://github.com/ice0bear14h/struts2scan - https://github.com/iflody/codeql-workshop - https://github.com/iqrok/myhktools +- https://github.com/jamoski3112/strut - https://github.com/jas502n/St2-057 - https://github.com/jbmihoub/all-poc - https://github.com/jiguangsdf/CVE-2018-11776 diff --git a/2018/CVE-2018-1207.md b/2018/CVE-2018-1207.md index 1efa826741..78ffe4e8cd 100644 --- a/2018/CVE-2018-1207.md +++ b/2018/CVE-2018-1207.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/chnzzh/iDRAC-CVE-lib +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/huimzjty/vulwiki - https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling - https://github.com/lnick2023/nicenice diff --git a/2018/CVE-2018-12634.md b/2018/CVE-2018-12634.md index 4695dbc603..eec3e8d2b7 100644 --- a/2018/CVE-2018-12634.md +++ b/2018/CVE-2018-12634.md @@ -14,6 +14,7 @@ CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive informat - https://www.exploit-db.com/exploits/45384/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2018/CVE-2018-1273.md b/2018/CVE-2018-1273.md index ab53000975..8f5cfbaf18 100644 --- a/2018/CVE-2018-1273.md +++ b/2018/CVE-2018-1273.md @@ -65,6 +65,7 @@ Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older - https://github.com/merlinepedra25/nuclei-templates - https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities - https://github.com/nBp1Ng/SpringFramework-Vul +- https://github.com/onewinner/VulToolsKit - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/ronoski/j2ee-rscan - https://github.com/seal-community/patches diff --git a/2018/CVE-2018-13390.md b/2018/CVE-2018-13390.md new file mode 100644 index 0000000000..268a4f1fb2 --- /dev/null +++ b/2018/CVE-2018-13390.md @@ -0,0 +1,17 @@ +### [CVE-2018-13390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13390) +![](https://img.shields.io/static/v1?label=Product&message=cloudtoken&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Restriction%20of%20Communication%20Channel%20to%20Intended%20Endpoints&color=brighgreen) + +### Description + +Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. + +### POC + +#### Reference +- https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-14013.md b/2018/CVE-2018-14013.md index 093fecb097..638c6b864e 100644 --- a/2018/CVE-2018-14013.md +++ b/2018/CVE-2018-14013.md @@ -15,5 +15,6 @@ Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJ - http://www.openwall.com/lists/oss-security/2019/01/30/1 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2018/CVE-2018-15126.md b/2018/CVE-2018-15126.md index dd47b0e60b..5a1664de59 100644 --- a/2018/CVE-2018-15126.md +++ b/2018/CVE-2018-15126.md @@ -11,6 +11,7 @@ LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-15127.md b/2018/CVE-2018-15127.md index 3dcc0426bf..f2f8b86580 100644 --- a/2018/CVE-2018-15127.md +++ b/2018/CVE-2018-15127.md @@ -11,6 +11,7 @@ LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-15473.md b/2018/CVE-2018-15473.md index f40a78faec..eb4be04950 100644 --- a/2018/CVE-2018-15473.md +++ b/2018/CVE-2018-15473.md @@ -74,6 +74,7 @@ OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not dela - https://github.com/angry-bender/SUOPE - https://github.com/ba56789/WebMap - https://github.com/bakery312/Vulhub-Reproduce +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/coollce/CVE-2018-15473_burte - https://github.com/cved-sources/cve-2018-15473 diff --git a/2018/CVE-2018-15685.md b/2018/CVE-2018-15685.md index 36592d5cd8..69c20eb488 100644 --- a/2018/CVE-2018-15685.md +++ b/2018/CVE-2018-15685.md @@ -17,6 +17,7 @@ GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios inv - https://github.com/SexyBeast233/SecBooks - https://github.com/cranelab/webapp-tech - https://github.com/doyensec/awesome-electronjs-hacking +- https://github.com/jamoski3112/Electron_RCE - https://github.com/lnick2023/nicenice - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/rahulr311295/Electron_RCE diff --git a/2018/CVE-2018-15892.md b/2018/CVE-2018-15892.md new file mode 100644 index 0000000000..9e8cd52b4d --- /dev/null +++ b/2018/CVE-2018-15892.md @@ -0,0 +1,17 @@ +### [CVE-2018-15892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15892) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page. + +### POC + +#### Reference +- https://wiki.freepbx.org/display/FOP/2018-09-11+DISA+SQL+Injection + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-15982.md b/2018/CVE-2018-15982.md index 9fd51f11d5..9d9f097a2b 100644 --- a/2018/CVE-2018-15982.md +++ b/2018/CVE-2018-15982.md @@ -50,6 +50,7 @@ Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qiantu88/2018-cve - https://github.com/scanfsec/CVE-2018-15982 +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/tdcoming/Vulnerability-engine - https://github.com/touchmycrazyredhat/myhktools - https://github.com/trhacknon/myhktools diff --git a/2018/CVE-2018-17066.md b/2018/CVE-2018-17066.md index 1b27f59c8f..2542903539 100644 --- a/2018/CVE-2018-17066.md +++ b/2018/CVE-2018-17066.md @@ -13,5 +13,6 @@ An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request p - https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_0 #### Github +- https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/PAGalaxyLab/VulInfo diff --git a/2018/CVE-2018-17182.md b/2018/CVE-2018-17182.md index f52c97794b..b6cb3861a9 100644 --- a/2018/CVE-2018-17182.md +++ b/2018/CVE-2018-17182.md @@ -30,6 +30,7 @@ An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_a - https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Ondrik8/RED-Team +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/dk47os3r/hongduiziliao - https://github.com/fei9747/LinuxEelvation - https://github.com/hasee2018/Safety-net-information diff --git a/2018/CVE-2018-17199.md b/2018/CVE-2018-17199.md index 7f109249f7..8a023f8afb 100644 --- a/2018/CVE-2018-17199.md +++ b/2018/CVE-2018-17199.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/PawanKumarPandit/Shodan-nrich - https://github.com/RoseSecurity-Research/Red-Teaming-TTPs - https://github.com/RoseSecurity/Red-Teaming-TTPs diff --git a/2018/CVE-2018-17463.md b/2018/CVE-2018-17463.md index cf316a5097..c90d64033f 100644 --- a/2018/CVE-2018-17463.md +++ b/2018/CVE-2018-17463.md @@ -23,6 +23,7 @@ Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 al - https://github.com/jhalon/CVE-2018-17463 - https://github.com/kdmarti2/CVE-2018-17463 - https://github.com/rycbar77/V8Exploits +- https://github.com/rycbar77/rycbar77 - https://github.com/tunz/js-vuln-db - https://github.com/w0lfzhang/browser_pwn_learning diff --git a/2018/CVE-2018-18506.md b/2018/CVE-2018-18506.md index b7ff2d0553..158cd89c56 100644 --- a/2018/CVE-2018-18506.md +++ b/2018/CVE-2018-18506.md @@ -10,6 +10,7 @@ When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Config ### POC #### Reference +- https://access.redhat.com/errata/RHSA-2019:0622 - https://usn.ubuntu.com/3874-1/ #### Github diff --git a/2018/CVE-2018-18955.md b/2018/CVE-2018-18955.md index 0df86ca3b1..6ae5735a81 100644 --- a/2018/CVE-2018-18955.md +++ b/2018/CVE-2018-18955.md @@ -25,6 +25,7 @@ In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/u - https://github.com/QChiLan/linux-exp - https://github.com/SecWiki/linux-kernel-exploits - https://github.com/ShehanSanjula/Linux-Kernel-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2018/CVE-2018-1999002.md b/2018/CVE-2018-1999002.md index ea1690bf07..8429d4d462 100644 --- a/2018/CVE-2018-1999002.md +++ b/2018/CVE-2018-1999002.md @@ -32,6 +32,7 @@ A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 - https://github.com/hktalent/TOP - https://github.com/huimzjty/vulwiki - https://github.com/jbmihoub/all-poc +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins - https://github.com/superfish9/pt diff --git a/2018/CVE-2018-20019.md b/2018/CVE-2018-20019.md index c12598973c..fdaeaf76c0 100644 --- a/2018/CVE-2018-20019.md +++ b/2018/CVE-2018-20019.md @@ -11,6 +11,7 @@ LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20020.md b/2018/CVE-2018-20020.md index 75e4504d21..fda273f859 100644 --- a/2018/CVE-2018-20020.md +++ b/2018/CVE-2018-20020.md @@ -11,6 +11,7 @@ LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20021.md b/2018/CVE-2018-20021.md index 1e905f591a..4bfae40195 100644 --- a/2018/CVE-2018-20021.md +++ b/2018/CVE-2018-20021.md @@ -11,6 +11,7 @@ LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835 #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20022.md b/2018/CVE-2018-20022.md index 8807b23425..b7d5cb45e4 100644 --- a/2018/CVE-2018-20022.md +++ b/2018/CVE-2018-20022.md @@ -11,6 +11,7 @@ LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknes #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20023.md b/2018/CVE-2018-20023.md index 43e0a3d563..5b1b49bcea 100644 --- a/2018/CVE-2018-20023.md +++ b/2018/CVE-2018-20023.md @@ -11,6 +11,7 @@ LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Imprope #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20024.md b/2018/CVE-2018-20024.md index 159295831b..d1473e6c19 100644 --- a/2018/CVE-2018-20024.md +++ b/2018/CVE-2018-20024.md @@ -11,6 +11,7 @@ LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null poin #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20250.md b/2018/CVE-2018-20250.md index 1b7b6deef5..26fa2f5786 100644 --- a/2018/CVE-2018-20250.md +++ b/2018/CVE-2018-20250.md @@ -133,6 +133,7 @@ In WinRAR versions prior to and including 5.61, There is path traversal vulnerab - https://github.com/thezimtex/red-team - https://github.com/twensoo/PersistentThreat - https://github.com/tzwlhack/CVE-2018-20250 +- https://github.com/u53r55/Security-Tools-List - https://github.com/v3nt4n1t0/DetectWinRARaceVulnDomain.ps1 - https://github.com/wateroot/poc-exp - https://github.com/weeka10/-hktalent-TOP diff --git a/2018/CVE-2018-20748.md b/2018/CVE-2018-20748.md index 2cee33d13c..1b156b3ba9 100644 --- a/2018/CVE-2018-20748.md +++ b/2018/CVE-2018-20748.md @@ -11,6 +11,7 @@ LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities #### Reference - https://github.com/LibVNC/libvncserver/issues/273 +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20749.md b/2018/CVE-2018-20749.md index 16caa3b321..2ab5f2ab62 100644 --- a/2018/CVE-2018-20749.md +++ b/2018/CVE-2018-20749.md @@ -11,6 +11,7 @@ LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvnc #### Reference - https://github.com/LibVNC/libvncserver/issues/273 +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20750.md b/2018/CVE-2018-20750.md index b21d1deacf..a7c1d7758f 100644 --- a/2018/CVE-2018-20750.md +++ b/2018/CVE-2018-20750.md @@ -11,6 +11,7 @@ LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvn #### Reference - https://github.com/LibVNC/libvncserver/issues/273 +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-25031.md b/2018/CVE-2018-25031.md index dd82312fc3..6a283a4ef5 100644 --- a/2018/CVE-2018-25031.md +++ b/2018/CVE-2018-25031.md @@ -5,7 +5,7 @@ ### Description -Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. +Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others. ### POC diff --git a/2018/CVE-2018-2628.md b/2018/CVE-2018-2628.md index 037284d0fe..19922797f4 100644 --- a/2018/CVE-2018-2628.md +++ b/2018/CVE-2018-2628.md @@ -102,11 +102,13 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/mmioimm/weblogic_test - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/reph0r/Poc-Exp-Tools - https://github.com/reph0r/poc-exp - https://github.com/reph0r/poc-exp-tools diff --git a/2018/CVE-2018-2893.md b/2018/CVE-2018-2893.md index 7fd8d3079e..453cd65006 100644 --- a/2018/CVE-2018-2893.md +++ b/2018/CVE-2018-2893.md @@ -83,6 +83,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/nihaohello/N-MiddlewareScan - https://github.com/nobiusmallyu/kehai - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/pyn3rd/CVE-2018-2893 - https://github.com/pyn3rd/CVE-2018-3245 @@ -91,6 +92,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qianl0ng/CVE-2018-2893 - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ryanInf/CVE-2018-2893 - https://github.com/safe6Sec/WeblogicVuln - https://github.com/shengqi158/CVE-2018-2628 diff --git a/2018/CVE-2018-2894.md b/2018/CVE-2018-2894.md index 9b3ca31ffc..a91cfdb3c8 100644 --- a/2018/CVE-2018-2894.md +++ b/2018/CVE-2018-2894.md @@ -45,6 +45,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/JERRY123S/all-poc - https://github.com/KimJun1010/WeblogicTool - https://github.com/LandGrey/CVE-2018-2894 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MacAsure/WL_Scan_GO - https://github.com/Mehedi-Babu/pentest_tools_repo - https://github.com/Muhammd/Awesome-Payloads @@ -115,6 +116,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings - https://github.com/nitishbadole/Pentest_Tools +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/pathakabhi24/Pentest-Tools - https://github.com/pjgmonteiro/Pentest-tools @@ -123,6 +125,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ranjan-prp/PayloadsAllTheThings - https://github.com/ravijainpro/payloads_xss - https://github.com/retr0-13/Pentest-Tools diff --git a/2018/CVE-2018-3191.md b/2018/CVE-2018-3191.md index 71176f1519..03adca7117 100644 --- a/2018/CVE-2018-3191.md +++ b/2018/CVE-2018-3191.md @@ -70,6 +70,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mackleadmire/CVE-2018-3191-Rce-Exploit - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nobiusmallyu/kehai +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/password520/RedTeamer - https://github.com/pyn3rd/CVE-2018-3191 diff --git a/2018/CVE-2018-3245.md b/2018/CVE-2018-3245.md index cdade06bb3..727fd9e188 100644 --- a/2018/CVE-2018-3245.md +++ b/2018/CVE-2018-3245.md @@ -62,6 +62,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/lp008/Hack-readme - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nobiusmallyu/kehai +- https://github.com/onewinner/VulToolsKit - https://github.com/pyn3rd/CVE-2018-3245 - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go diff --git a/2018/CVE-2018-3252.md b/2018/CVE-2018-3252.md index e73db250d1..878596037e 100644 --- a/2018/CVE-2018-3252.md +++ b/2018/CVE-2018-3252.md @@ -46,6 +46,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/jbmihoub/all-poc - https://github.com/klausware/Java-Deserialization-Cheat-Sheet - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet +- https://github.com/onewinner/VulToolsKit - https://github.com/pyn3rd/CVE-2018-3252 - https://github.com/qi4L/WeblogicScan.go - https://github.com/readloud/Awesome-Stars diff --git a/2018/CVE-2018-4241.md b/2018/CVE-2018-4241.md index e84bfa997d..7663fd212c 100644 --- a/2018/CVE-2018-4241.md +++ b/2018/CVE-2018-4241.md @@ -17,6 +17,7 @@ An issue was discovered in certain Apple products. iOS before 11.4 is affected. - https://github.com/0xT11/CVE-POC - https://github.com/ARPSyndicate/cvemon - https://github.com/ExploitsJB/multi_path +- https://github.com/FeelTheFonk/Maze-CTF - https://github.com/GeoSn0w/Osiris-Jailbreak - https://github.com/Jailbreaks/multi_path - https://github.com/SeaJae/GeoSn0w-Osiris-Jailbreak diff --git a/2018/CVE-2018-4878.md b/2018/CVE-2018-4878.md index 08051fbe12..31b152a360 100644 --- a/2018/CVE-2018-4878.md +++ b/2018/CVE-2018-4878.md @@ -116,6 +116,7 @@ A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0. - https://github.com/r3volved/CVEAggregate - https://github.com/scriptsboy/Red-Teaming-Toolkit - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/sung3r/CobaltStrike - https://github.com/svbjdbk123/- @@ -124,6 +125,7 @@ A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0. - https://github.com/thezimtex/red-team - https://github.com/tomoyamachi/gocarts - https://github.com/twensoo/PersistentThreat +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/vysecurity/CVE-2018-4878 - https://github.com/wateroot/poc-exp diff --git a/2018/CVE-2018-5230.md b/2018/CVE-2018-5230.md index 07b47ed6e4..cf2c1cfb06 100644 --- a/2018/CVE-2018-5230.md +++ b/2018/CVE-2018-5230.md @@ -13,6 +13,7 @@ The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 b No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2018/CVE-2018-5333.md b/2018/CVE-2018-5333.md index 3ec3169bb1..8daa8cb465 100644 --- a/2018/CVE-2018-5333.md +++ b/2018/CVE-2018-5333.md @@ -19,6 +19,7 @@ In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdm - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bcoles/kernel-exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2018/CVE-2018-5389.md b/2018/CVE-2018-5389.md index 87de7bc417..2794993621 100644 --- a/2018/CVE-2018-5389.md +++ b/2018/CVE-2018-5389.md @@ -1,7 +1,8 @@ ### [CVE-2018-5389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5389) -![](https://img.shields.io/static/v1?label=Product&message=Internet%20Key%20Exchange%20Protocol&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=Version%201Version%201%20Main%20Mode%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-323&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Strongswan&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-323%20Reusing%20a%20Nonce%2C%20Key%20Pair%20in%20Encryption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-521%20Weak%20Password%20Requirements&color=brighgreen) ### Description diff --git a/2018/CVE-2018-6307.md b/2018/CVE-2018-6307.md index e9aee1610d..fbe9306360 100644 --- a/2018/CVE-2018-6307.md +++ b/2018/CVE-2018-6307.md @@ -11,6 +11,7 @@ LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-7600.md b/2018/CVE-2018-7600.md index 5d76ba23eb..8fffb3930b 100644 --- a/2018/CVE-2018-7600.md +++ b/2018/CVE-2018-7600.md @@ -73,6 +73,7 @@ Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 - https://github.com/JERRY123S/all-poc - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups - https://github.com/Jean-Francois-C/Windows-Penetration-Testing +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Mehedi-Babu/pentest_tools_repo - https://github.com/MelanyRoob/Goby - https://github.com/Muhammd/Awesome-Payloads diff --git a/2018/CVE-2018-8174.md b/2018/CVE-2018-8174.md index a5d584410a..8041896084 100644 --- a/2018/CVE-2018-8174.md +++ b/2018/CVE-2018-8174.md @@ -52,6 +52,7 @@ A remote code execution vulnerability exists in the way that the VBScript engine - https://github.com/Panopticon-Project/panopticon-DarkHotel - https://github.com/RingLcy/VulnerabilityAnalysisAndExploit - https://github.com/SyFi/CVE-2018-8174 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Yt1g3r/CVE-2018-8174_EXP - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/avboy1337/Vulnerabilities diff --git a/2018/CVE-2018-8438.md b/2018/CVE-2018-8438.md new file mode 100644 index 0000000000..17fe3533ef --- /dev/null +++ b/2018/CVE-2018-8438.md @@ -0,0 +1,22 @@ +### [CVE-2018-8438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8438) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Servers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%208.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20RT%208.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen) + +### Description + +A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CarlosMeyreles/Network-Vulnerability-Assessment + diff --git a/2018/CVE-2018-8440.md b/2018/CVE-2018-8440.md index 02a1c990c4..5ac51f9c6f 100644 --- a/2018/CVE-2018-8440.md +++ b/2018/CVE-2018-8440.md @@ -49,6 +49,7 @@ An elevation of privilege vulnerability exists when Windows improperly handles c - https://github.com/paramint/windows-kernel-exploits - https://github.com/playerKe0402/Metasploit-Note - https://github.com/qazbnm456/awesome-cve-poc +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/rdoix/Red-Team-Cheat-Sheet - https://github.com/renzu0/Windows-exp - https://github.com/root26/bug diff --git a/2018/CVE-2018-9230.md b/2018/CVE-2018-9230.md index c6402fb0c8..77b2ab50d7 100644 --- a/2018/CVE-2018-9230.md +++ b/2018/CVE-2018-9230.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- - https://github.com/xuetusummer/Penetration_Testing_POC diff --git a/2019/CVE-2019-0193.md b/2019/CVE-2019-0193.md index 8583773cc9..6d88b181ff 100644 --- a/2019/CVE-2019-0193.md +++ b/2019/CVE-2019-0193.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/ZTK-009/RedTeamer - https://github.com/amcai/myscan - https://github.com/apachecn-archive/Middleware-Vulnerability-detection diff --git a/2019/CVE-2019-0211.md b/2019/CVE-2019-0211.md index 64bb19c81b..4306c52e8d 100644 --- a/2019/CVE-2019-0211.md +++ b/2019/CVE-2019-0211.md @@ -23,6 +23,8 @@ In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or p - https://github.com/0xbigshaq/php7-internals - https://github.com/ARPSyndicate/cvemon - https://github.com/Awrrays/FrameVul +- https://github.com/FishyStix12/WHPython_v1.02 +- https://github.com/Madbat2024/Penetration-test - https://github.com/MicahFleming/Risk-Assessment-Cap-Stone- - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors diff --git a/2019/CVE-2019-0230.md b/2019/CVE-2019-0230.md index c4c448752e..3b59d610ad 100644 --- a/2019/CVE-2019-0230.md +++ b/2019/CVE-2019-0230.md @@ -20,6 +20,7 @@ Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on r - https://github.com/0day666/Vulnerability-verification - https://github.com/0xT11/CVE-POC - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/360quake/papers - https://github.com/ARPSyndicate/cvemon @@ -35,6 +36,7 @@ Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on r - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/Zero094/Vulnerability-verification - https://github.com/alphaSeclab/sec-daily-2020 diff --git a/2019/CVE-2019-0708.md b/2019/CVE-2019-0708.md index 30cf712eff..78f2ffc64d 100644 --- a/2019/CVE-2019-0708.md +++ b/2019/CVE-2019-0708.md @@ -96,6 +96,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - https://github.com/HynekPetrak/detect_bluekeep.py - https://github.com/Iamgublin/0708Test - https://github.com/Idoit-z/python_nmap +- https://github.com/JE2Se/AssetScan - https://github.com/JERRY123S/all-poc - https://github.com/JSec1337/Scanner-CVE-2019-0708 - https://github.com/Jaky5155/cve-2019-0708-exp @@ -149,6 +150,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - https://github.com/TinToSer/bluekeep-exploit - https://github.com/Tk369/Rdp0708 - https://github.com/Tracehowler/Bible +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/UraSecTeam/CVE-2019-0708 - https://github.com/Wh1teZe/solo-blog @@ -372,6 +374,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - https://github.com/syriusbughunt/CVE-2019-0708 - https://github.com/t31m0/PENTESTING-BIBLE - https://github.com/taielab/awesome-hacking-lists +- https://github.com/tanjiti/sec_profile - https://github.com/tataev/Security - https://github.com/tdcoming/Vulnerability-engine - https://github.com/temp-user-2014/CVE-2019-0708 diff --git a/2019/CVE-2019-1003000.md b/2019/CVE-2019-1003000.md index 4029a2d4a2..d247637647 100644 --- a/2019/CVE-2019-1003000.md +++ b/2019/CVE-2019-1003000.md @@ -46,6 +46,7 @@ A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier - https://github.com/huimzjty/vulwiki - https://github.com/jaychouzzk/- - https://github.com/jbmihoub/all-poc +- https://github.com/onewinner/VulToolsKit - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/purple-WL/Jenkins_CVE-2019-1003000 - https://github.com/reph0r/poc-exp diff --git a/2019/CVE-2019-1003005.md b/2019/CVE-2019-1003005.md index 8714edc6cb..a69b925140 100644 --- a/2019/CVE-2019-1003005.md +++ b/2019/CVE-2019-1003005.md @@ -27,6 +27,7 @@ A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and - https://github.com/hasee2018/Penetration_Testing_POC - https://github.com/huike007/penetration_poc - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/awesome-jenkins-rce-2019 - https://github.com/password520/Penetration_PoC - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- diff --git a/2019/CVE-2019-1003029.md b/2019/CVE-2019-1003029.md index d90f0eb924..01ec78a4d0 100644 --- a/2019/CVE-2019-1003029.md +++ b/2019/CVE-2019-1003029.md @@ -35,6 +35,7 @@ A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and - https://github.com/hasee2018/Penetration_Testing_POC - https://github.com/huike007/penetration_poc - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/awesome-jenkins-rce-2019 - https://github.com/password520/Penetration_PoC - https://github.com/retr0-13/pwn_jenkins diff --git a/2019/CVE-2019-1010268.md b/2019/CVE-2019-1010268.md index 437730ad5b..d659b74754 100644 --- a/2019/CVE-2019-1010268.md +++ b/2019/CVE-2019-1010268.md @@ -10,6 +10,7 @@ Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected b ### POC #### Reference +- https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688 - https://www.exploit-db.com/exploits/43113 #### Github diff --git a/2019/CVE-2019-10392.md b/2019/CVE-2019-10392.md index 508214795c..9144f639d9 100644 --- a/2019/CVE-2019-10392.md +++ b/2019/CVE-2019-10392.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Rajchowdhury420/Secure-or-Break-Jenkins - https://github.com/Retr0-ll/2023-littleTerm - https://github.com/Retr0-ll/littleterm +- https://github.com/TrojanAZhen/Self_Back - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/ftk-sostupid/CVE-2019-10392_EXP - https://github.com/gquere/pwn_jenkins diff --git a/2019/CVE-2019-10758.md b/2019/CVE-2019-10758.md index 02549fb650..b7b270a605 100644 --- a/2019/CVE-2019-10758.md +++ b/2019/CVE-2019-10758.md @@ -30,6 +30,7 @@ mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/Z0fhack/Goby_POC diff --git a/2019/CVE-2019-10936.md b/2019/CVE-2019-10936.md index 142b95a3ce..1096df78ac 100644 --- a/2019/CVE-2019-10936.md +++ b/2019/CVE-2019-10936.md @@ -1,31 +1,30 @@ ### [CVE-2019-10936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10936) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20414-3%20PN%2FDP%20V7&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20414F-3%20PN%2FDP%20V7&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20416-3%20PN%2FDP%20V7&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20416F-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Development%2FEvaluation%20Kits%20for%20PROFINET%20IO%3A%20DK%20Standard%20Ethernet%20Controller&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Development%2FEvaluation%20Kits%20for%20PROFINET%20IO%3A%20EK-ERTEC%20200&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Development%2FEvaluation%20Kits%20for%20PROFINET%20IO%3A%20EK-ERTEC%20200P&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20CFU%20PA&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200AL%20IM%20157-1%20PN&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200M%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20ST&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20ST%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20ST&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F2%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F3%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20Open%20Controller%20CPU%201515SP%20PC%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8FX%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200AL&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200M%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20BA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20ST%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-3%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-4%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8FX%20PN%2FDP%20CPU&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200S%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20BA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HS%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20ST%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F2%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F3%20HF%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%2016DI%2C%20DC24V%2C%208xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%2016DO%20DC24V%2F1%2C3A%2C%208xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%204AO%20U%2FI%204xM12&color=blue) @@ -39,9 +38,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%208DO%2C%20DC24V%2F1%2C3A%2C%204xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%208DO%2C%20DC24V%2F1%2C3A%2C%208xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%3A%20IO-Link%20Master&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200pro&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Outdoor%20Panels%207%22%20%26%2015%22%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Panels%204%22%20-%2022%22%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Outdoor%20Panels%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Panels%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20KTP%20Mobile%20Panels&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PN%2FPN%20Coupler&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PROFINET%20Driver&color=blue) @@ -59,6 +57,10 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319F-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20412-2%20PN%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20414-3%20PN%2FDP%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20414F-3%20PN%2FDP%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20416-3%20PN%2FDP%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20416F-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20H%20V6%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20PN%2FDP%20V6%20and%20below%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-410%20V8%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) @@ -82,8 +84,19 @@ ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20SM120%20V4.7%20Control%20Unit&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINUMERIK%20828D&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINUMERIK%20840D%20sl&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20ST%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20ST&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST%20BA%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20NET%20PN%2FPN%20Coupler&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20314C-2%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20315-2%20PN%2FDP&color=blue) @@ -93,9 +106,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-400%20CPU%20414-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-400%20CPU%20416-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%204.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.1.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.1.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.2.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.2.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.5%20HF1%20&color=brighgreen) @@ -104,25 +114,32 @@ ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V2010%20SP3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.2.17%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.3.17%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.2.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.2.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.3.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.4.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.6%20Patch%2001%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.7%20HF33%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.7%20SP10%20HF5%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.8%20SP5%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.8%20SP6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V6.0.9%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V7.0.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V8.2.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.1.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V6.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V7.0.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) ### Description -A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. +Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. ### POC diff --git a/2019/CVE-2019-11043.md b/2019/CVE-2019-11043.md index f59759ce04..b917127d9a 100644 --- a/2019/CVE-2019-11043.md +++ b/2019/CVE-2019-11043.md @@ -48,6 +48,7 @@ In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 4b5cb4a970..000f1069dd 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -448,6 +448,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Brickwolves/LR20 - https://github.com/Brickwolves/LR24 - https://github.com/BrokeProgramer/FtcRobotController-master +- https://github.com/Broswei/centerStage-7571 - https://github.com/Broswei/powerPlay-7571 - https://github.com/BrowningUltro-10539/FF_Offseason_Control_Theory - https://github.com/BrowningUltro-10539/Tutoring-Code @@ -459,6 +460,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/BuffaloWings-5015/FtcRobotController1 - https://github.com/BuffaloWings-5015/VCS_TEST - https://github.com/Build-For-Change/2023-Power-Play +- https://github.com/Build-For-Change/2023-Power-Play-FIRST-ROBOTICS - https://github.com/BurntSpaghetti28/FTC-Robot-Controller - https://github.com/BurritoBandit28/REV-Bot-Controller - https://github.com/BuweiChen/GitGud_Teamcode_Team_5 @@ -867,6 +869,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/FRCTeam4069/FTC2020 - https://github.com/FTC-10195/FTC-10195-2021-2022 - https://github.com/FTC-10195/FTC-10195-FreightFrenzy +- https://github.com/FTC-10195/FTC10195-Centerstage - https://github.com/FTC-10195/FTC10195-Powerplay - https://github.com/FTC-10862-Nebula/10862CenterStage - https://github.com/FTC-10862-Nebula/10862_2021 @@ -895,6 +898,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/FTC-6093/Powerplay6093 - https://github.com/FTC-6183/FTC6183-Powerplay - https://github.com/FTC-6901-Phantom/6901 +- https://github.com/FTC-6901-Phantom/6901-CenterStage - https://github.com/FTC-6901-Phantom/6901PowerPlay - https://github.com/FTC-6901-Phantom/69901FTCFreightFrenzy - https://github.com/FTC-6901-Phantom/Compitition-3-6901 @@ -1017,6 +1021,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/FTCPlanB-5309/Freight-Frenzy - https://github.com/FTCRoboJunkies/origin-https-github.com-DominicGallegos-FtcRobotController-Centerstage - https://github.com/FTCTeam10298/2022-23-code +- https://github.com/FTCTeam10298/2023-24-code - https://github.com/FTCTeam11531/FTC_11531_PowerPlay_Competition - https://github.com/FTCTeam11531/TechnoTrojanTraining_Drivetrain_Differential - https://github.com/FTCTeam11531/TechnoTrojanTraining_Drivetrain_Mecanum @@ -1811,6 +1816,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/PortledgeFTC/2023Centerstage8818 - https://github.com/PotentialEnergyRobotics/23-24-tests - https://github.com/PotentialEnergyRobotics/JebSource +- https://github.com/Powercube7/CenterStage2023 - https://github.com/PranavGundu1729/Centerstage-Robot-Controller - https://github.com/PrecisionGuessworks/UltimateGoal - https://github.com/Pro2typw/Pro2type-Powerplay-Offseason @@ -1860,6 +1866,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/RambaMamba/FTCSTALLIONS - https://github.com/Ramos42069/FTC101 - https://github.com/RandomPythonProgrammer/FtcRobotControllerTest +- https://github.com/Randome-Stuff/FtcRobotController-master - https://github.com/RapidRobots/FtcRobotController - https://github.com/RaresLiscan/freight-frenzy - https://github.com/RaresLiscan/ftc-ultimate-goal @@ -1883,6 +1890,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Reedy-Creek-Robotics/BionicBulldogs-2023 - https://github.com/Reedy-Creek-Robotics/Entropic-2022 - https://github.com/Reedy-Creek-Robotics/RobyteBulldogs-2023 +- https://github.com/Reet-Sinha/FTC - https://github.com/RepComm/robotctrlr - https://github.com/RepublicOfDanube/RODRobotController - https://github.com/ReverendRhyme/FTCTutorial @@ -1907,6 +1915,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Robert007-23/2020UG - https://github.com/Robin-924/SV6990FF - https://github.com/Robo-AS/CenterStage +- https://github.com/Robo-Dojo/rd1 - https://github.com/Robo-Lobos/FtcRobotController24 - https://github.com/RoboDilbert/2020UltimateGoal - https://github.com/RoboDilbert/2021FreightFrenzy @@ -2296,6 +2305,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/ToothbrushB/FtcRobotController - https://github.com/TopGgg/BlackBeardFTC - https://github.com/TopGgg/BlackBeardLib +- https://github.com/TopGgg/CenterStageCode - https://github.com/TopGgg/FtcRobotController-BlackBeard2 - https://github.com/TopGgg/FtcRobotController-BlackBeard3 - https://github.com/TopGgg/LastFtcMissionTraining @@ -2332,6 +2342,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Umesh-9248/FtcRobotController-master - https://github.com/Unbeastable/differentialswerve - https://github.com/UnionRobotics/ftc6559_ultimategoal +- https://github.com/Unknown-Element-FTC-10635/CenterStage - https://github.com/Unknown-Element-FTC-10635/FreightFrenzy - https://github.com/Unknown-Element-FTC-10635/PowerPlay - https://github.com/UpliftRobotics/UltimateGoal18172 @@ -2349,6 +2360,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Vasil789/ftc - https://github.com/VasuBanga12/FTCTest - https://github.com/Vault-FTC/FTC-Command-System +- https://github.com/Vault-FTC/Mg-2023-2024 - https://github.com/Vault-FTC/MgCode2 - https://github.com/Vault-FTC/MoleMotion - https://github.com/Vector5233/UltimateGoal2 @@ -2761,6 +2773,8 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/charliegarfield/Controllerv1 - https://github.com/charliespy/Repository-3517 - https://github.com/chasemike/FtcRobotController-master +- https://github.com/chene0/rizzlords-robotics +- https://github.com/chene0/swagbots - https://github.com/chhu0830/ctf - https://github.com/chlohal/Robotics_2021_2022 - https://github.com/chrismlemoine/FtcBasic @@ -2815,6 +2829,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/cyborg48/UltimateGoal - https://github.com/dandominicstaicu/SoftHoardersUG - https://github.com/dandominicstaicu/SoftHoardersUG2 +- https://github.com/daria-lzr/RoboAs-CenterStage - https://github.com/darkhanakh/BalgaMenShege_Program - https://github.com/darmthealarm/FtcRobotController-master - https://github.com/darmthealarm/VEGA @@ -2985,6 +3000,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/ftc-16244/IL_FTC_Minibots - https://github.com/ftc-16244/MiniBotOpenCVTest - https://github.com/ftc-16244/Power-Play +- https://github.com/ftc-16244/_OLD_IL-FTC-Minibots - https://github.com/ftc-18650/powerplay - https://github.com/ftc-2939/powerplay-2022 - https://github.com/ftc-9773/UltimateGoal @@ -3425,9 +3441,11 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/markosnarinian/PovDriveAdvancedNarinian - https://github.com/marsh135/12091 - https://github.com/marsh135/FTC_RET +- https://github.com/martin-esparragoza/DrivetrainTest - https://github.com/mateicrainiceanu/unplugged24 - https://github.com/mattchew015/FTC-12993-repository - https://github.com/mattchew15/FTC-12993-repository +- https://github.com/mattchew15/FTC-12993-repository-centerstage - https://github.com/mattchew15/FTC-12993-repository-powerplay - https://github.com/maxgao123456/FtcRobotController-master - https://github.com/maxthegray/FTCRobotics diff --git a/2019/CVE-2019-11454.md b/2019/CVE-2019-11454.md new file mode 100644 index 0000000000..6567b25598 --- /dev/null +++ b/2019/CVE-2019-11454.md @@ -0,0 +1,18 @@ +### [CVE-2019-11454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11454) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. + +### POC + +#### Reference +- https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3 +- https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-11455.md b/2019/CVE-2019-11455.md index 785e134f70..9de7af2670 100644 --- a/2019/CVE-2019-11455.md +++ b/2019/CVE-2019-11455.md @@ -10,6 +10,7 @@ A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 ### POC #### Reference +- https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a - https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py #### Github diff --git a/2019/CVE-2019-12581.md b/2019/CVE-2019-12581.md index 3608f29ec8..86ac274fcc 100644 --- a/2019/CVE-2019-12581.md +++ b/2019/CVE-2019-12581.md @@ -14,4 +14,5 @@ A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cg #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2019/CVE-2019-12593.md b/2019/CVE-2019-12593.md index e9a2f154b9..5c5eaef246 100644 --- a/2019/CVE-2019-12593.md +++ b/2019/CVE-2019-12593.md @@ -17,6 +17,7 @@ IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerabil - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2019/CVE-2019-12968.md b/2019/CVE-2019-12968.md new file mode 100644 index 0000000000..2b830de88d --- /dev/null +++ b/2019/CVE-2019-12968.md @@ -0,0 +1,19 @@ +### [CVE-2019-12968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12968) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin. + +### POC + +#### Reference +- https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555 +- https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278 +- https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-13272.md b/2019/CVE-2019-13272.md index a594161a7a..3693783ffc 100644 --- a/2019/CVE-2019-13272.md +++ b/2019/CVE-2019-13272.md @@ -63,6 +63,7 @@ In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability - https://github.com/Tharana/vulnerability-exploitation +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Waseem27-art/ART-TOOLKIT - https://github.com/Whiteh4tWolf/xcoderootsploit @@ -70,6 +71,7 @@ In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the - https://github.com/YellowVeN0m/Pentesters-toolbox - https://github.com/ZTK-009/Penetration_PoC - https://github.com/ZTK-009/RedTeamer +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/anoaghost/Localroot_Compile - https://github.com/asepsaepdin/CVE-2019-13272 diff --git a/2019/CVE-2019-13343.md b/2019/CVE-2019-13343.md index c7724b9cf7..1997bb216f 100644 --- a/2019/CVE-2019-13343.md +++ b/2019/CVE-2019-13343.md @@ -10,6 +10,10 @@ Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading ### POC #### Reference +- https://bitbucket.org/account/user/butor-team/projects/PROJ +- https://bitbucket.org/butor-team/portal/commits/all +- https://bitbucket.org/butor-team/portal/commits/cd7055d33e194fcf530100ee1d8d13aa9cde230b +- https://bitbucket.org/butor-team/portal/src/cd7055d33e194fcf530100ee1d8d13aa9cde230b/src/main/java/com/butor/portal/web/servlet/WhiteLabelingServlet.java?at=master - https://www.gosecure.net/blog/2019/09/30/butor-portal-arbitrary-file-download-vulnerability-cve-2019-13343 #### Github diff --git a/2019/CVE-2019-13392.md b/2019/CVE-2019-13392.md index ba79e4071b..d5c50e5cf6 100644 --- a/2019/CVE-2019-13392.md +++ b/2019/CVE-2019-13392.md @@ -13,5 +13,6 @@ A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0 No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2019/CVE-2019-13462.md b/2019/CVE-2019-13462.md index f3f162f0df..1636d8edf0 100644 --- a/2019/CVE-2019-13462.md +++ b/2019/CVE-2019-13462.md @@ -13,6 +13,7 @@ Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. - https://www.lansweeper.com/forum/yaf_topics33_Announcements.aspx #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/StarCrossPortal/scalpel diff --git a/2019/CVE-2019-1388.md b/2019/CVE-2019-1388.md index 160bc5ae28..b34ad2668c 100644 --- a/2019/CVE-2019-1388.md +++ b/2019/CVE-2019-1388.md @@ -45,6 +45,7 @@ No PoCs from references. - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/TCM-Course-Resources/Windows-Privilege-Escalation-Resources +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-14234.md b/2019/CVE-2019-14234.md index c6d692c1d9..edfddd41b7 100644 --- a/2019/CVE-2019-14234.md +++ b/2019/CVE-2019-14234.md @@ -20,6 +20,7 @@ No PoCs from references. - https://github.com/SurfRid3r/Django_vulnerability_analysis - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/hktalent/bug-bounty - https://github.com/hxysaury/saury-vulnhub @@ -33,4 +34,5 @@ No PoCs from references. - https://github.com/reph0r/poc-exp-tools - https://github.com/t0m4too/t0m4to - https://github.com/xbl3/awesome-cve-poc_qazbnm456 +- https://github.com/yihong0618/Python365 diff --git a/2019/CVE-2019-14287.md b/2019/CVE-2019-14287.md index f9d74f9cf0..95907d0ff1 100644 --- a/2019/CVE-2019-14287.md +++ b/2019/CVE-2019-14287.md @@ -61,6 +61,7 @@ In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can - https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources - https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability - https://github.com/Tharana/vulnerability-exploitation +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet - https://github.com/a-nonymou-s/Agent-Sudo @@ -107,6 +108,7 @@ In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can - https://github.com/oscpname/OSCP_cheat - https://github.com/python-nerd-git/Sudo-Security-Bypass - https://github.com/ra1nb0rn/search_vulns +- https://github.com/redcountryroad/OSCP-shortsheet - https://github.com/retr0-13/Linux-Privilege-Escalation-Basics - https://github.com/revanmalang/OSCP - https://github.com/sRussBahari/Capture_The_Flag_Offensive_Security diff --git a/2019/CVE-2019-14322.md b/2019/CVE-2019-14322.md index 2e1136fc57..2aaf07c092 100644 --- a/2019/CVE-2019-14322.md +++ b/2019/CVE-2019-14322.md @@ -13,6 +13,7 @@ In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names ( - http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2019/CVE-2019-15107.md b/2019/CVE-2019-15107.md index 0a34b0ee96..682d1957e6 100644 --- a/2019/CVE-2019-15107.md +++ b/2019/CVE-2019-15107.md @@ -61,6 +61,7 @@ An issue was discovered in Webmin <=1.920. The parameter old in password_change. - https://github.com/TheAlpha19/MiniExploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tuz-Wwsd/CVE-2019-15107_detection - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-15666.md b/2019/CVE-2019-15666.md index 91dd88dbaf..51b5605078 100644 --- a/2019/CVE-2019-15666.md +++ b/2019/CVE-2019-15666.md @@ -18,6 +18,7 @@ An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bo - https://github.com/DrewSC13/Linpeas - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/go-bi/go-bi-soft diff --git a/2019/CVE-2019-16097.md b/2019/CVE-2019-16097.md index 484ac54130..1cf2fb0de2 100644 --- a/2019/CVE-2019-16097.md +++ b/2019/CVE-2019-16097.md @@ -29,6 +29,7 @@ core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create - https://github.com/SexyBeast233/SecBooks - https://github.com/TeraSecTeam/ary - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/apachecn-archive/Middleware-Vulnerability-detection diff --git a/2019/CVE-2019-16759.md b/2019/CVE-2019-16759.md index 290aa551b5..8ba5129106 100644 --- a/2019/CVE-2019-16759.md +++ b/2019/CVE-2019-16759.md @@ -38,6 +38,7 @@ vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/VengfullSecurityOperations/BTCMixingBowl - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-17003.md b/2019/CVE-2019-17003.md index 48f63ffba2..2fccf3c2ef 100644 --- a/2019/CVE-2019-17003.md +++ b/2019/CVE-2019-17003.md @@ -29,6 +29,7 @@ Scanning a QR code that contained a javascript: URL would have resulted in the J - https://github.com/abuzafarhaqq/bugBounty - https://github.com/ajino2k/Awesome-Bugbounty-Writeups - https://github.com/alexbieber/Bug_Bounty_writeups +- https://github.com/arijitdirghangi/100DaysofLearning - https://github.com/arijitdirghanji/100DaysofLearning - https://github.com/blitz-cmd/Bugbounty-writeups - https://github.com/bot8080/awesomeBugbounty diff --git a/2019/CVE-2019-17195.md b/2019/CVE-2019-17195.md index 55108f6059..add318b084 100644 --- a/2019/CVE-2019-17195.md +++ b/2019/CVE-2019-17195.md @@ -10,6 +10,7 @@ Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions whi ### POC #### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt - https://www.oracle.com//security-alerts/cpujul2021.html - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpuapr2020.html diff --git a/2019/CVE-2019-17564.md b/2019/CVE-2019-17564.md index 762114f9c9..83967e9cb9 100644 --- a/2019/CVE-2019-17564.md +++ b/2019/CVE-2019-17564.md @@ -32,6 +32,7 @@ No PoCs from references. - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Whoopsunix/PPPRASP - https://github.com/Whoopsunix/PPPVULNS diff --git a/2019/CVE-2019-17567.md b/2019/CVE-2019-17567.md index b0ac9d01bc..4f05efa2ec 100644 --- a/2019/CVE-2019-17567.md +++ b/2019/CVE-2019-17567.md @@ -19,4 +19,5 @@ Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2019/CVE-2019-17671.md b/2019/CVE-2019-17671.md index 695310d3ba..0c90c2c7cb 100644 --- a/2019/CVE-2019-17671.md +++ b/2019/CVE-2019-17671.md @@ -19,6 +19,7 @@ In WordPress before 5.2.4, unauthenticated viewing of certain content is possibl - https://github.com/El-Palomo/DerpNStink - https://github.com/El-Palomo/SYMFONOS - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dkohli23/WordPressLab7and8 - https://github.com/hectorgie/PoC-in-GitHub diff --git a/2019/CVE-2019-18393.md b/2019/CVE-2019-18393.md index 01afe846bd..d884533175 100644 --- a/2019/CVE-2019-18393.md +++ b/2019/CVE-2019-18393.md @@ -13,6 +13,7 @@ PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure tha No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/StarCrossPortal/scalpel diff --git a/2019/CVE-2019-19300.md b/2019/CVE-2019-19300.md index 3d51aa59ca..92d0d5f57d 100644 --- a/2019/CVE-2019-19300.md +++ b/2019/CVE-2019-19300.md @@ -5,20 +5,20 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIDOOR%20ATD430W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIDOOR%20ATE530S%20COATED&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIDOOR%20ATE531S&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200AL%20IM%20157-1%20PN&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20MF%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F2%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F3%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20Open%20Controller%20CPU%201515SP%20PC%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20Open%20Controller%20CPU%201515SP%20PC2%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8FX%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200AL%20IM157-1%20PN&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20MF%20HF&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F2%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F3%20HF%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8FX%20PN%2FDP%20CPU&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20AI%208xRTD%2FTC%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%204x%20IO-Link%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%208x%20IO-Link%2C%20M12-L&color=blue) @@ -43,7 +43,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20317TF-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319F-3%20PN%2FDP&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20H%20V6%20CPU%20family%20and%20below%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20H%20V6%C2%A0and%20below%C2%A0CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20PN%2FDP%20V7%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-410%20V10%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-410%20V8%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) @@ -52,8 +52,13 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinAC%20RTX%202010&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinAC%20RTX%20F%202010&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20S%2FG%20Control%20Unit%20w.%20PROFINET&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20NET%20PN%2FPN%20Coupler&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20314C-2%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20315-2%20PN%2FDP&color=blue) @@ -67,13 +72,14 @@ ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=V4.2.0%3C%20*%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) ### Description -A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. +A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. ### POC diff --git a/2019/CVE-2019-19551.md b/2019/CVE-2019-19551.md new file mode 100644 index 0000000000..c28a1c7b26 --- /dev/null +++ b/2019/CVE-2019-19551.md @@ -0,0 +1,17 @@ +### [CVE-2019-19551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19551) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. + +### POC + +#### Reference +- https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-19552.md b/2019/CVE-2019-19552.md new file mode 100644 index 0000000000..4754922000 --- /dev/null +++ b/2019/CVE-2019-19552.md @@ -0,0 +1,17 @@ +### [CVE-2019-19552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19552) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. + +### POC + +#### Reference +- https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-20141.md b/2019/CVE-2019-20141.md index b4ea27c724..c4523c0f22 100644 --- a/2019/CVE-2019-20141.md +++ b/2019/CVE-2019-20141.md @@ -13,6 +13,7 @@ An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via th No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/Live-Hack-CVE/CVE-2019-20141 diff --git a/2019/CVE-2019-20375.md b/2019/CVE-2019-20375.md new file mode 100644 index 0000000000..946b332994 --- /dev/null +++ b/2019/CVE-2019-20375.md @@ -0,0 +1,17 @@ +### [CVE-2019-20375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20375) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c. + +### POC + +#### Reference +- https://bitbucket.org/ritt/elog/commits/eefdabb714f26192f585083ef96c8413e459a1d1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-20376.md b/2019/CVE-2019-20376.md new file mode 100644 index 0000000000..d2e9db79bd --- /dev/null +++ b/2019/CVE-2019-20376.md @@ -0,0 +1,17 @@ +### [CVE-2019-20376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20376) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c. + +### POC + +#### Reference +- https://bitbucket.org/ritt/elog/commits/993bed4923c88593cc6b1186e0d1b9564994a25a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-2725.md b/2019/CVE-2019-2725.md index ea01e44001..0eed8fdbb9 100644 --- a/2019/CVE-2019-2725.md +++ b/2019/CVE-2019-2725.md @@ -24,6 +24,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/0xn0ne/weblogicScanner - https://github.com/1120362990/vulnerability-list - https://github.com/189569400/Meppo +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite - https://github.com/20142995/pocsuite3 - https://github.com/20142995/sectool @@ -80,6 +81,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/Soundaryakambhampati/test-6 - https://github.com/Threekiii/Awesome-POC - https://github.com/TopScrew/CVE-2019-2725 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Waseem27-art/ART-TOOLKIT - https://github.com/Weik1/Artillery @@ -175,6 +177,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/r0eXpeR/redteam_vul - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/retr0-13/Pentest-Tools - https://github.com/rockmelodies/rocComExpRce - https://github.com/safe6Sec/WeblogicVuln diff --git a/2019/CVE-2019-2729.md b/2019/CVE-2019-2729.md index 16505af292..a8196a34c6 100644 --- a/2019/CVE-2019-2729.md +++ b/2019/CVE-2019-2729.md @@ -74,6 +74,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qtgavc/list - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/rockmelodies/rocComExpRce - https://github.com/ruthlezs/CVE-2019-2729-Exploit - https://github.com/safe6Sec/wlsEnv diff --git a/2019/CVE-2019-3394.md b/2019/CVE-2019-3394.md index 639da23355..73077701fd 100644 --- a/2019/CVE-2019-3394.md +++ b/2019/CVE-2019-3394.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Awrrays/FrameVul - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/goddemondemongod/Sec-Interview - https://github.com/hectorgie/PoC-in-GitHub diff --git a/2019/CVE-2019-5418.md b/2019/CVE-2019-5418.md index 30c0d9f7d6..625315f863 100644 --- a/2019/CVE-2019-5418.md +++ b/2019/CVE-2019-5418.md @@ -37,6 +37,7 @@ There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6 - https://github.com/Soundaryakambhampati/test-6 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/W01fh4cker/Serein - https://github.com/Zenika/kubernetes-security-workshop - https://github.com/albinowax/ActiveScanPlusPlus diff --git a/2019/CVE-2019-5475.md b/2019/CVE-2019-5475.md index 5f39431d7f..5b5fbf4478 100644 --- a/2019/CVE-2019-5475.md +++ b/2019/CVE-2019-5475.md @@ -21,6 +21,7 @@ The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution whe - https://github.com/HimmelAward/Goby_POC - https://github.com/SexyBeast233/SecBooks - https://github.com/TesterCC/exp_poc_library +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hectorgie/PoC-in-GitHub diff --git a/2019/CVE-2019-6111.md b/2019/CVE-2019-6111.md index 8d72b0ac95..c3b93f75ae 100644 --- a/2019/CVE-2019-6111.md +++ b/2019/CVE-2019-6111.md @@ -25,6 +25,7 @@ An issue was discovered in OpenSSH 7.9. Due to the scp implementation being deri - https://github.com/KorayAgaya/TrivyWeb - https://github.com/Mohzeela/external-secret - https://github.com/TommasoBilotta/public +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/firatesatoglu/iot-searchengine diff --git a/2019/CVE-2019-6977.md b/2019/CVE-2019-6977.md index c92d885553..9c3e997700 100644 --- a/2019/CVE-2019-6977.md +++ b/2019/CVE-2019-6977.md @@ -18,6 +18,7 @@ gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/FishyStix12/BH.py-CharCyCon2024 +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/SexyBeast233/SecBooks - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/ozkanbilge/Apache-Exploit-2019 diff --git a/2019/CVE-2019-7238.md b/2019/CVE-2019-7238.md index 2fface8a8b..61bfc6a4da 100644 --- a/2019/CVE-2019-7238.md +++ b/2019/CVE-2019-7238.md @@ -37,6 +37,7 @@ Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WingsSec/Meppo - https://github.com/Z0fhack/Goby_POC - https://github.com/alphaSeclab/sec-daily-2019 diff --git a/2019/CVE-2019-7256.md b/2019/CVE-2019-7256.md index 6fb2d0cfce..588d3a46c7 100644 --- a/2019/CVE-2019-7256.md +++ b/2019/CVE-2019-7256.md @@ -16,6 +16,7 @@ Linear eMerge E3-Series devices allow Command Injections. - http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2019/CVE-2019-7304.md b/2019/CVE-2019-7304.md index ad5a0e22ca..d35bc906e3 100644 --- a/2019/CVE-2019-7304.md +++ b/2019/CVE-2019-7304.md @@ -24,12 +24,14 @@ Canonical snapd before version 2.37.1 incorrectly performed socket owner validat - https://github.com/Dhayalanb/Snapd-V2 - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Ly0nt4r/OSCP +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/SecuritySi/CVE-2019-7304_DirtySock - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/VieVaWaldi/DirtySock - https://github.com/WalterEhren/DirtySock - https://github.com/WalterEren/DirtySock +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/anoaghost/Localroot_Compile - https://github.com/bgrewell/SockPuppet - https://github.com/blkdevcon/awesome-starz diff --git a/2019/CVE-2019-7609.md b/2019/CVE-2019-7609.md index 1750f0275f..53a2f074e2 100644 --- a/2019/CVE-2019-7609.md +++ b/2019/CVE-2019-7609.md @@ -41,6 +41,7 @@ Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2019/CVE-2019-8451.md b/2019/CVE-2019-8451.md index 43cd747aeb..0b70dc95a4 100644 --- a/2019/CVE-2019-8451.md +++ b/2019/CVE-2019-8451.md @@ -34,6 +34,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/Soundaryakambhampati/test-6 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting - https://github.com/Z0fhack/Goby_POC - https://github.com/alex14324/Eagel diff --git a/2019/CVE-2019-8761.md b/2019/CVE-2019-8761.md index 9ece80fd14..7754a23a09 100644 --- a/2019/CVE-2019-8761.md +++ b/2019/CVE-2019-8761.md @@ -10,7 +10,7 @@ This issue was addressed with improved checks. This issue is fixed in macOS Cata ### POC #### Reference -No PoCs from references. +- https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html #### Github - https://github.com/houjingyi233/macOS-iOS-system-security diff --git a/2019/CVE-2019-9193.md b/2019/CVE-2019-9193.md index 62df9baa92..d994f23bba 100644 --- a/2019/CVE-2019-9193.md +++ b/2019/CVE-2019-9193.md @@ -24,6 +24,7 @@ - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Yang8miao/prov_navigator - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/b4keSn4ke/CVE-2019-9193 diff --git a/2020/CVE-2020-0554.md b/2020/CVE-2020-0554.md index 7908ffd74b..b03fea7d21 100644 --- a/2020/CVE-2020-0554.md +++ b/2020/CVE-2020-0554.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/EchoGin404/- - https://github.com/EchoGin404/gongkaishouji - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-0601.md b/2020/CVE-2020-0601.md index 1f99fd8b2b..3cd9cef263 100644 --- a/2020/CVE-2020-0601.md +++ b/2020/CVE-2020-0601.md @@ -71,6 +71,7 @@ A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) valid - https://github.com/ShayNehmad/twoplustwo - https://github.com/SherlockSec/CVE-2020-0601 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2020/CVE-2020-0618.md b/2020/CVE-2020-0618.md index 2a9f22ad39..0b7c59539f 100644 --- a/2020/CVE-2020-0618.md +++ b/2020/CVE-2020-0618.md @@ -40,6 +40,7 @@ A remote code execution vulnerability exists in Microsoft SQL Server Reporting S - https://github.com/Saidul-M-Khan/PENTESTING-BIBLE - https://github.com/SexyBeast233/SecBooks - https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-0688.md b/2020/CVE-2020-0688.md index 4000fa47ed..309026bf1c 100644 --- a/2020/CVE-2020-0688.md +++ b/2020/CVE-2020-0688.md @@ -69,6 +69,7 @@ A remote code execution vulnerability exists in Microsoft Exchange software when - https://github.com/ShawnDEvans/smbmap - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/TheKickPuncher/CVE-2020-0688-Python3 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/ViperXSecurity/OpenResearch - https://github.com/W01fh4cker/CVE-2020-0688-GUI diff --git a/2020/CVE-2020-0796.md b/2020/CVE-2020-0796.md index 12e82e88d8..40e664102a 100644 --- a/2020/CVE-2020-0796.md +++ b/2020/CVE-2020-0796.md @@ -149,6 +149,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve - https://github.com/Threekiii/Awesome-POC - https://github.com/TinToSer/CVE-2020-0796-LPE - https://github.com/TinToSer/cve2020-0796 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/UraSecTeam/smbee - https://github.com/WinMin/Protocol-Vul diff --git a/2020/CVE-2020-10021.md b/2020/CVE-2020-10021.md index 2f8ecd2130..2af8492547 100644 --- a/2020/CVE-2020-10021.md +++ b/2020/CVE-2020-10021.md @@ -15,4 +15,5 @@ Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned S #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/CBackyx/CVE-Reproduction +- https://github.com/Moh3nsalehi/AutoPatchCode diff --git a/2020/CVE-2020-10580.md b/2020/CVE-2020-10580.md index ad91512a6e..636906502f 100644 --- a/2020/CVE-2020-10580.md +++ b/2020/CVE-2020-10580.md @@ -10,7 +10,7 @@ A command injection on the /admin/broadcast.php script of Invigo Automatic Devic ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-10580 diff --git a/2020/CVE-2020-11023.md b/2020/CVE-2020-11023.md index 4bc64c4509..afe799a562 100644 --- a/2020/CVE-2020-11023.md +++ b/2020/CVE-2020-11023.md @@ -36,6 +36,7 @@ In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML - https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023 - https://github.com/alphaSeclab/sec-daily-2020 - https://github.com/andreassundstrom/cve-2020-11023-demonstration +- https://github.com/arijitdirghangi/100DaysofLearning - https://github.com/arijitdirghanji/100DaysofLearning - https://github.com/ctcpip/jquery-security - https://github.com/cve-sandbox/jquery diff --git a/2020/CVE-2020-11651.md b/2020/CVE-2020-11651.md index 8806ea75a7..aaf15f1abc 100644 --- a/2020/CVE-2020-11651.md +++ b/2020/CVE-2020-11651.md @@ -47,6 +47,7 @@ An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2 - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/Z0fhack/Goby_POC diff --git a/2020/CVE-2020-11989.md b/2020/CVE-2020-11989.md index fdb9d1e26c..92c8525b9e 100644 --- a/2020/CVE-2020-11989.md +++ b/2020/CVE-2020-11989.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/HackJava/HackShiro - https://github.com/HackJava/Shiro - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Zero094/Vulnerability-verification - https://github.com/apachecn-archive/Middleware-Vulnerability-detection - https://github.com/bfengj/CTF diff --git a/2020/CVE-2020-12127.md b/2020/CVE-2020-12127.md index 432b28722b..e7e6a2b815 100644 --- a/2020/CVE-2020-12127.md +++ b/2020/CVE-2020-12127.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-12145.md b/2020/CVE-2020-12145.md index 2252c777a6..c1b989f0f7 100644 --- a/2020/CVE-2020-12145.md +++ b/2020/CVE-2020-12145.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-12146.md b/2020/CVE-2020-12146.md new file mode 100644 index 0000000000..dde350893d --- /dev/null +++ b/2020/CVE-2020-12146.md @@ -0,0 +1,18 @@ +### [CVE-2020-12146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12146) +![](https://img.shields.io/static/v1?label=Product&message=Unity%20Orchestrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CVE-2020-12147&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gnarkill78/CSA_S2_2024 + diff --git a/2020/CVE-2020-12720.md b/2020/CVE-2020-12720.md index ed36742d34..7d62f6b0d3 100644 --- a/2020/CVE-2020-12720.md +++ b/2020/CVE-2020-12720.md @@ -25,6 +25,7 @@ vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has - https://github.com/Z0fhack/Goby_POC - https://github.com/cocomelonc/vulnexipy - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2020/CVE-2020-13111.md b/2020/CVE-2020-13111.md new file mode 100644 index 0000000000..5350a36c41 --- /dev/null +++ b/2020/CVE-2020-13111.md @@ -0,0 +1,17 @@ +### [CVE-2020-13111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13111) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. + +### POC + +#### Reference +- https://bitbucket.org/naviserver/naviserver/commits/a5c3079f1d8996d5f34c9384a440acf3519ca3bb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-1350.md b/2020/CVE-2020-1350.md index 99fbe81968..685c171fdd 100644 --- a/2020/CVE-2020-1350.md +++ b/2020/CVE-2020-1350.md @@ -41,6 +41,7 @@ A remote code execution vulnerability exists in Windows Domain Name System serve - https://github.com/T13nn3s/CVE-2020-1350 - https://github.com/TheCyberViking/Insider_Threat_Bait - https://github.com/TrinityCryptx/OSCP-Resources +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/WinMin/Protocol-Vul - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2020/CVE-2020-13942.md b/2020/CVE-2020-13942.md index 08b9962cde..34b0dfc3c7 100644 --- a/2020/CVE-2020-13942.md +++ b/2020/CVE-2020-13942.md @@ -35,6 +35,7 @@ No PoCs from references. - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/eugenebmx/CVE-2020-13942 +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hoanx4/apche_unomi_rce - https://github.com/litt1eb0yy/One-Liner-Scripts diff --git a/2020/CVE-2020-13950.md b/2020/CVE-2020-13950.md index 4c7a0a0a63..9283d9d651 100644 --- a/2020/CVE-2020-13950.md +++ b/2020/CVE-2020-13950.md @@ -16,4 +16,5 @@ Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash - https://github.com/ARPSyndicate/cvemon - https://github.com/PierreChrd/py-projet-tut - https://github.com/Totes5706/TotesHTB +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2020/CVE-2020-13957.md b/2020/CVE-2020-13957.md index c12818305e..048d6bae96 100644 --- a/2020/CVE-2020-13957.md +++ b/2020/CVE-2020-13957.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Miraitowa70/POC-Notes - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/apachecn-archive/Middleware-Vulnerability-detection - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/errorecho/CVEs-Collection diff --git a/2020/CVE-2020-14179.md b/2020/CVE-2020-14179.md index 69e2e8e167..63ff04d4e7 100644 --- a/2020/CVE-2020-14179.md +++ b/2020/CVE-2020-14179.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/c0brabaghdad1/CVE-2020-14179 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hackerhackrat/R-poc - https://github.com/imhunterand/JiraCVE - https://github.com/merlinepedra/nuclei-templates diff --git a/2020/CVE-2020-14645.md b/2020/CVE-2020-14645.md index 0a0ec95659..4de14f9857 100644 --- a/2020/CVE-2020-14645.md +++ b/2020/CVE-2020-14645.md @@ -31,6 +31,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/Schira4396/CVE-2020-14645 - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Y4er/CVE-2020-14645 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2020/CVE-2020-1472.md b/2020/CVE-2020-1472.md index 5bccfbb201..39ef38c14b 100644 --- a/2020/CVE-2020-1472.md +++ b/2020/CVE-2020-1472.md @@ -163,6 +163,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu - https://github.com/Thomashighbaugh/stars - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Tobey123/CVE-2020-1472-visualizer +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/Zerologon - https://github.com/VK9D/ZeroLogon - https://github.com/VK9D/ZeroLogon-FullChain diff --git a/2020/CVE-2020-14750.md b/2020/CVE-2020-14750.md index a905a5ac3e..699f9f1486 100644 --- a/2020/CVE-2020-14750.md +++ b/2020/CVE-2020-14750.md @@ -33,6 +33,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/djytmdj/Tool_Summary +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/jas502n/CVE-2020-14882 diff --git a/2020/CVE-2020-14815.md b/2020/CVE-2020-14815.md index f57c37ca39..aae7f5287e 100644 --- a/2020/CVE-2020-14815.md +++ b/2020/CVE-2020-14815.md @@ -13,6 +13,7 @@ Vulnerability in the Oracle Business Intelligence Enterprise Edition product of - https://www.oracle.com/security-alerts/cpuoct2020.html #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/EdgeSecurityTeam/Vulnerability diff --git a/2020/CVE-2020-14825.md b/2020/CVE-2020-14825.md index 4edfdc420a..2958375ef2 100644 --- a/2020/CVE-2020-14825.md +++ b/2020/CVE-2020-14825.md @@ -19,6 +19,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/SexyBeast233/SecBooks - https://github.com/SouthWind0/southwind0.github.io +- https://github.com/TrojanAZhen/Self_Back - https://github.com/gobysec/Weblogic - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/superlink996/chunqiuyunjingbachang diff --git a/2020/CVE-2020-14882.md b/2020/CVE-2020-14882.md index a6ab5d9907..b5bd2101bf 100644 --- a/2020/CVE-2020-14882.md +++ b/2020/CVE-2020-14882.md @@ -53,6 +53,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/LucasPDiniz/CVE-2020-14882 - https://github.com/LucasPDiniz/StudyRoom - https://github.com/MacAsure/WL_Scan_GO +- https://github.com/Madbat2024/Penetration-test - https://github.com/Manor99/CVE-2020-14882- - https://github.com/MicahFleming/Risk-Assessment-Cap-Stone- - https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence @@ -72,6 +73,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Umarovm/-Patched-McMaster-University-Blind-Command-Injection - https://github.com/Weik1/Artillery - https://github.com/XTeam-Wing/CVE-2020-14882 @@ -107,6 +109,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/fei9747/Awesome-CobaltStrike - https://github.com/ferreirasc/redteam-arsenal - https://github.com/forhub2021/weblogicScanner +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hanc00l/some_pocsuite - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP @@ -142,6 +145,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/nik0nz7/CVE-2020-14882 - https://github.com/niudaii/go-crack - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/ovProphet/CVE-2020-14882-checker - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2020/CVE-2020-14883.md b/2020/CVE-2020-14883.md index 6157270e5e..4e9c898763 100644 --- a/2020/CVE-2020-14883.md +++ b/2020/CVE-2020-14883.md @@ -17,6 +17,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/0day666/Vulnerability-verification - https://github.com/0xn0ne/weblogicScanner - https://github.com/1n7erface/PocList +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2020/CVE-2020-14974.md b/2020/CVE-2020-14974.md index 8f2a5d25b2..af77d9e93b 100644 --- a/2020/CVE-2020-14974.md +++ b/2020/CVE-2020-14974.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/12brendon34/IObit-Unlocker-CSharp - https://github.com/Aterror2be/CVE-2020-14974 +- https://github.com/gmh5225/awesome-game-security diff --git a/2020/CVE-2020-15257.md b/2020/CVE-2020-15257.md index 6e37bffd75..cc3932122b 100644 --- a/2020/CVE-2020-15257.md +++ b/2020/CVE-2020-15257.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/PercussiveElbow/docker-security-checklist - https://github.com/SexyBeast233/SecBooks - https://github.com/SouthWind0/southwind0.github.io +- https://github.com/TrojanAZhen/Self_Back - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/alphaSeclab/sec-daily-2020 diff --git a/2020/CVE-2020-15505.md b/2020/CVE-2020-15505.md index 7c30051a02..5c3953e299 100644 --- a/2020/CVE-2020-15505.md +++ b/2020/CVE-2020-15505.md @@ -15,6 +15,7 @@ A remote code execution vulnerability in MobileIron Core & Connector versions 10 #### Github - https://github.com/0xMrNiko/Awesome-Red-Teaming +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet diff --git a/2020/CVE-2020-15778.md b/2020/CVE-2020-15778.md index d61d21893b..b186cc86be 100644 --- a/2020/CVE-2020-15778.md +++ b/2020/CVE-2020-15778.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/TarikVUT/secure-fedora38 - https://github.com/Threekiii/Awesome-POC - https://github.com/Totes5706/TotesHTB +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-16846.md b/2020/CVE-2020-16846.md index ec5ad02673..242cfc8395 100644 --- a/2020/CVE-2020-16846.md +++ b/2020/CVE-2020-16846.md @@ -34,6 +34,7 @@ An issue was discovered in SaltStack Salt through 3002. Sending crafted web requ - https://github.com/Z0fhack/Goby_POC - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hamza-boudouche/projet-secu - https://github.com/huimzjty/vulwiki - https://github.com/jweny/pocassistdb diff --git a/2020/CVE-2020-16875.md b/2020/CVE-2020-16875.md index 4fbe18dc1f..fbfed4e4d5 100644 --- a/2020/CVE-2020-16875.md +++ b/2020/CVE-2020-16875.md @@ -25,6 +25,7 @@ - https://github.com/FDlucifer/Proxy-Attackchain - https://github.com/HackingCost/AD_Pentest - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/alphaSeclab/sec-daily-2020 - https://github.com/hktalent/bug-bounty diff --git a/2020/CVE-2020-16898.md b/2020/CVE-2020-16898.md index da27c463f4..01aae718c9 100644 --- a/2020/CVE-2020-16898.md +++ b/2020/CVE-2020-16898.md @@ -46,6 +46,7 @@ No PoCs from references. - https://github.com/Rayyan-appsec/ALL-PENTESTING-BIBLE - https://github.com/Saidul-M-Khan/PENTESTING-BIBLE - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WinMin/Protocol-Vul - https://github.com/ZephrFish/CVE-2020-16898 - https://github.com/advanced-threat-research/CVE-2020-16898 diff --git a/2020/CVE-2020-17049.md b/2020/CVE-2020-17049.md index 4d92955851..a935ae6fa5 100644 --- a/2020/CVE-2020-17049.md +++ b/2020/CVE-2020-17049.md @@ -75,6 +75,7 @@ No PoCs from references. - https://github.com/pwnlog/PurpAD - https://github.com/qobil7681/Password-cracker - https://github.com/retr0-13/AD-Attack-Defense +- https://github.com/santan2020/ck2 - https://github.com/select-ldl/word_select - https://github.com/suzi007/RedTeam_Note - https://github.com/svbjdbk123/ReadTeam diff --git a/2020/CVE-2020-17496.md b/2020/CVE-2020-17496.md index 1b06d861a7..4e2d24929d 100644 --- a/2020/CVE-2020-17496.md +++ b/2020/CVE-2020-17496.md @@ -14,6 +14,7 @@ vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWid #### Github - https://github.com/0xT11/CVE-POC +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-17518.md b/2020/CVE-2020-17518.md index b8a8652026..97eee2f722 100644 --- a/2020/CVE-2020-17518.md +++ b/2020/CVE-2020-17518.md @@ -34,6 +34,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/bigblackhat/oFx diff --git a/2020/CVE-2020-17519.md b/2020/CVE-2020-17519.md index 401091a116..783cfd0fc4 100644 --- a/2020/CVE-2020-17519.md +++ b/2020/CVE-2020-17519.md @@ -48,6 +48,7 @@ A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/anonymous364872/Rapier_Tool - https://github.com/apif-review/APIF_tool_2024 diff --git a/2020/CVE-2020-17530.md b/2020/CVE-2020-17530.md index acd7db35fa..607a328899 100644 --- a/2020/CVE-2020-17530.md +++ b/2020/CVE-2020-17530.md @@ -44,6 +44,7 @@ Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/Wrin9/CVE-2021-31805 - https://github.com/Xuyan-cmd/Network-security-attack-and-defense-practice diff --git a/2020/CVE-2020-18048.md b/2020/CVE-2020-18048.md index 38d48d2fd2..5ebf3b041c 100644 --- a/2020/CVE-2020-18048.md +++ b/2020/CVE-2020-18048.md @@ -10,7 +10,7 @@ An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrar ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-18048 diff --git a/2020/CVE-2020-18885.md b/2020/CVE-2020-18885.md index e9bd530c37..7e66f8b8e4 100644 --- a/2020/CVE-2020-18885.md +++ b/2020/CVE-2020-18885.md @@ -10,7 +10,7 @@ Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-18885 diff --git a/2020/CVE-2020-19001.md b/2020/CVE-2020-19001.md index 6ded6cdee8..daadfd048b 100644 --- a/2020/CVE-2020-19001.md +++ b/2020/CVE-2020-19001.md @@ -10,7 +10,7 @@ Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execut ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-19001 diff --git a/2020/CVE-2020-1938.md b/2020/CVE-2020-1938.md index f628a710ae..bc84c687e7 100644 --- a/2020/CVE-2020-1938.md +++ b/2020/CVE-2020-1938.md @@ -79,6 +79,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Umesh2807/Ghostcat - https://github.com/Warelock/cve-2020-1938 @@ -162,6 +163,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc - https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC - https://github.com/nitishbadole/Pentest_Tools - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer - https://github.com/pathakabhi24/Pentest-Tools diff --git a/2020/CVE-2020-1947.md b/2020/CVE-2020-1947.md index e8ef53ed89..3ce2843941 100644 --- a/2020/CVE-2020-1947.md +++ b/2020/CVE-2020-1947.md @@ -31,6 +31,7 @@ No PoCs from references. - https://github.com/PalindromeLabs/Java-Deserialization-CVEs - https://github.com/SexyBeast233/SecBooks - https://github.com/StarkChristmas/CVE-2020-1947 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-1948.md b/2020/CVE-2020-1948.md index 925f8ca35c..f84a5e5e9a 100644 --- a/2020/CVE-2020-1948.md +++ b/2020/CVE-2020-1948.md @@ -30,6 +30,7 @@ No PoCs from references. - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/PalindromeLabs/Java-Deserialization-CVEs - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Whoopsunix/PPPRASP - https://github.com/Whoopsunix/PPPVULNS diff --git a/2020/CVE-2020-20982.md b/2020/CVE-2020-20982.md index fd94d7dcc4..96d6829e08 100644 --- a/2020/CVE-2020-20982.md +++ b/2020/CVE-2020-20982.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-2109.md b/2020/CVE-2020-2109.md index 2dd7103f65..8ecf25e952 100644 --- a/2020/CVE-2020-2109.md +++ b/2020/CVE-2020-2109.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-24312.md b/2020/CVE-2020-24312.md index efd53fd3b8..7b9150c6a7 100644 --- a/2020/CVE-2020-24312.md +++ b/2020/CVE-2020-24312.md @@ -13,6 +13,7 @@ mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/StarCrossPortal/scalpel diff --git a/2020/CVE-2020-25217.md b/2020/CVE-2020-25217.md index 32a0b6523b..82d7b39744 100644 --- a/2020/CVE-2020-25217.md +++ b/2020/CVE-2020-25217.md @@ -10,7 +10,7 @@ Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Co ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-25217 diff --git a/2020/CVE-2020-2551.md b/2020/CVE-2020-2551.md index 20cfab3b93..07692da0a2 100644 --- a/2020/CVE-2020-2551.md +++ b/2020/CVE-2020-2551.md @@ -135,6 +135,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/netveil/Awesome-List - https://github.com/nitishbadole/Pentest_Tools - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/pathakabhi24/Pentest-Tools - https://github.com/pinkieli/GitHub-Chinese-Top-Charts diff --git a/2020/CVE-2020-25540.md b/2020/CVE-2020-25540.md index 5d6a5b50e1..70e1c466c2 100644 --- a/2020/CVE-2020-25540.md +++ b/2020/CVE-2020-25540.md @@ -24,6 +24,7 @@ ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorize - https://github.com/Schira4396/CVE-2020-25540 - https://github.com/SexyBeast233/SecBooks - https://github.com/SouthWind0/southwind0.github.io +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dudek-marcin/Poc-Exp diff --git a/2020/CVE-2020-2555.md b/2020/CVE-2020-2555.md index 9bcc7e735f..d201013a67 100644 --- a/2020/CVE-2020-2555.md +++ b/2020/CVE-2020-2555.md @@ -75,6 +75,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo - https://github.com/R0ser1/GadgetInspector - https://github.com/SexyBeast233/SecBooks - https://github.com/TacticsTeam/sg_ysoserial +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Uvemode/CVE-2020-2555 - https://github.com/Weik1/Artillery @@ -128,6 +129,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo - https://github.com/nu11secur1ty/CVE-mitre - https://github.com/nu11secur1ty/CVE-nu11secur1ty - https://github.com/nu11secur1ty/Windows10Exploits +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/pinkieli/GitHub-Chinese-Top-Charts - https://github.com/qazbnm456/awesome-cve-poc diff --git a/2020/CVE-2020-26258.md b/2020/CVE-2020-26258.md index 83cd90dd67..c6b9f6c6bc 100644 --- a/2020/CVE-2020-26258.md +++ b/2020/CVE-2020-26258.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Veraxy00/XStream-vul-poc - https://github.com/Whoopsunix/PPPVULNS - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2020/CVE-2020-27130.md b/2020/CVE-2020-27130.md index 58fbed3825..267195446b 100644 --- a/2020/CVE-2020-27130.md +++ b/2020/CVE-2020-27130.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/alphaSeclab/sec-daily-2020 +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-27131.md b/2020/CVE-2020-27131.md index c648af58ce..5782bab0d0 100644 --- a/2020/CVE-2020-27131.md +++ b/2020/CVE-2020-27131.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/EdgeSecurityTeam/Vulnerability - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/SexyBeast233/SecBooks +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/tzwlhack/Vulnerability diff --git a/2020/CVE-2020-27194.md b/2020/CVE-2020-27194.md index 83e8806eaa..577d91121f 100644 --- a/2020/CVE-2020-27194.md +++ b/2020/CVE-2020-27194.md @@ -19,6 +19,7 @@ An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or i - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/OrangeGzY/security-research-learning - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/developer3000S/PoC-in-GitHub diff --git a/2020/CVE-2020-27982.md b/2020/CVE-2020-27982.md index 62d5aceabf..28ebfa97ce 100644 --- a/2020/CVE-2020-27982.md +++ b/2020/CVE-2020-27982.md @@ -14,6 +14,7 @@ IceWarp 11.4.5.0 allows XSS via the language parameter. - https://cxsecurity.com/issue/WLB-2020100161 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-2883.md b/2020/CVE-2020-2883.md index d53dd42b89..9a4ab02470 100644 --- a/2020/CVE-2020-2883.md +++ b/2020/CVE-2020-2883.md @@ -96,6 +96,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/neilzhang1/Chinese-Charts - https://github.com/netveil/Awesome-List - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/pinkieli/GitHub-Chinese-Top-Charts - https://github.com/qi4L/WeblogicScan.go diff --git a/2020/CVE-2020-35121.md b/2020/CVE-2020-35121.md new file mode 100644 index 0000000000..c8fa6832aa --- /dev/null +++ b/2020/CVE-2020-35121.md @@ -0,0 +1,17 @@ +### [CVE-2020-35121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35121) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. + +### POC + +#### Reference +- https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-35122.md b/2020/CVE-2020-35122.md new file mode 100644 index 0000000000..f31dc4e81d --- /dev/null +++ b/2020/CVE-2020-35122.md @@ -0,0 +1,17 @@ +### [CVE-2020-35122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35122) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. + +### POC + +#### Reference +- https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-35452.md b/2020/CVE-2020-35452.md index d438805541..16cb576259 100644 --- a/2020/CVE-2020-35452.md +++ b/2020/CVE-2020-35452.md @@ -19,4 +19,5 @@ Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2020/CVE-2020-36541.md b/2020/CVE-2020-36541.md index d1d0842baf..362657b095 100644 --- a/2020/CVE-2020-36541.md +++ b/2020/CVE-2020-36541.md @@ -11,6 +11,7 @@ A vulnerability was found in Demokratian. It has been rated as critical. Affecte #### Reference - https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian +- https://bitbucket.org/csalgadow/demokratian_votaciones/commits/b56c48b519fc52efa65404c312ea9bbde320e3fa - https://vuldb.com/?id.159434 #### Github diff --git a/2020/CVE-2020-36542.md b/2020/CVE-2020-36542.md index 4dfcfc48c2..0254b9eba2 100644 --- a/2020/CVE-2020-36542.md +++ b/2020/CVE-2020-36542.md @@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in Demokratian. This affec #### Reference - https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian +- https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3 - https://vuldb.com/?id.159435 #### Github diff --git a/2020/CVE-2020-5902.md b/2020/CVE-2020-5902.md index 73c23ca4eb..e56f213c97 100644 --- a/2020/CVE-2020-5902.md +++ b/2020/CVE-2020-5902.md @@ -102,6 +102,7 @@ In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12. - https://github.com/TheCyberViking/CVE-2020-5902-Vuln-Checker - https://github.com/TheCyberViking/TheCyberViking - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Un4gi/CVE-2020-5902 - https://github.com/Waseem27-art/ART-TOOLKIT diff --git a/2020/CVE-2020-6383.md b/2020/CVE-2020-6383.md index 022981ad54..51c187597f 100644 --- a/2020/CVE-2020-6383.md +++ b/2020/CVE-2020-6383.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/anvbis/chrome_v8_ndays +- https://github.com/ernestang98/win-exploits - https://github.com/tianstcht/v8-exploit - https://github.com/ulexec/Exploits - https://github.com/wh1ant/vulnjs diff --git a/2020/CVE-2020-7471.md b/2020/CVE-2020-7471.md index 225f2f9d8d..690978f4a4 100644 --- a/2020/CVE-2020-7471.md +++ b/2020/CVE-2020-7471.md @@ -29,6 +29,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/SurfRid3r/Django_vulnerability_analysis - https://github.com/Tempuss/CTF_CVE-2020-7471 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-7799.md b/2020/CVE-2020-7799.md index 10e8b317ff..3415c043f6 100644 --- a/2020/CVE-2020-7799.md +++ b/2020/CVE-2020-7799.md @@ -18,6 +18,7 @@ An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allo - https://github.com/ARPSyndicate/cvemon - https://github.com/Pikaqi/cve-2020-7799 - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/apachecn-archive/Middleware-Vulnerability-detection - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/huimzjty/vulwiki diff --git a/2020/CVE-2020-7931.md b/2020/CVE-2020-7931.md index 3f7b0ca484..606fa72c08 100644 --- a/2020/CVE-2020-7931.md +++ b/2020/CVE-2020-7931.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/0xT11/CVE-POC - https://github.com/ARPSyndicate/cvemon +- https://github.com/TrojanAZhen/Self_Back - https://github.com/anquanscan/sec-tools - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/gquere/CVE-2020-7931 diff --git a/2020/CVE-2020-8191.md b/2020/CVE-2020-8191.md index 04c1cd4b38..4d361eefe7 100644 --- a/2020/CVE-2020-8191.md +++ b/2020/CVE-2020-8191.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/0ps/pocassistdb +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-8209.md b/2020/CVE-2020-8209.md index c7fda63142..de059c4b33 100644 --- a/2020/CVE-2020-8209.md +++ b/2020/CVE-2020-8209.md @@ -34,6 +34,7 @@ No PoCs from references. - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dudek-marcin/Poc-Exp +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/merlinepedra/nuclei-templates diff --git a/2020/CVE-2020-8515.md b/2020/CVE-2020-8515.md index 20b440455f..2f210071d7 100644 --- a/2020/CVE-2020-8515.md +++ b/2020/CVE-2020-8515.md @@ -17,6 +17,7 @@ DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1. - https://github.com/0day404/vulnerability-poc - https://github.com/0xT11/CVE-POC - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite - https://github.com/20142995/pocsuite3 - https://github.com/3gstudent/Homework-of-Python diff --git a/2020/CVE-2020-8835.md b/2020/CVE-2020-8835.md index 6ec3d19cfe..e783818c00 100644 --- a/2020/CVE-2020-8835.md +++ b/2020/CVE-2020-8835.md @@ -26,6 +26,7 @@ In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) di - https://github.com/Prabhashaka/IT19147192-CVE-2020-8835 - https://github.com/SplendidSky/CVE-2020-8835 - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/developer3000S/PoC-in-GitHub diff --git a/2020/CVE-2020-8982.md b/2020/CVE-2020-8982.md index f7f10d10e9..2390e7a878 100644 --- a/2020/CVE-2020-8982.md +++ b/2020/CVE-2020-8982.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/0xT11/CVE-POC +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/DimitriNL/CTX-CVE-2020-7473 diff --git a/2020/CVE-2020-9484.md b/2020/CVE-2020-9484.md index ff393b1cb0..a622bc3a8a 100644 --- a/2020/CVE-2020-9484.md +++ b/2020/CVE-2020-9484.md @@ -56,6 +56,7 @@ When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8. - https://github.com/RepublicR0K/CVE-2020-9484 - https://github.com/SexyBeast233/SecBooks - https://github.com/Spacial/awesome-csirt +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/VICXOR/CVE-2020-9484 - https://github.com/Xslover/CVE-2020-9484-Scanner diff --git a/2020/CVE-2020-9490.md b/2020/CVE-2020-9490.md index e97430037e..490b9df21a 100644 --- a/2020/CVE-2020-9490.md +++ b/2020/CVE-2020-9490.md @@ -25,6 +25,7 @@ Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the - https://github.com/Totes5706/TotesHTB - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/hound672/BlackBox-CI-CD-script +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/vshaliii/Funbox2-rookie - https://github.com/vshaliii/Vegeta1-Vulhub-Walkthrough diff --git a/2020/CVE-2020-9496.md b/2020/CVE-2020-9496.md index c8baefff19..33d6147b67 100644 --- a/2020/CVE-2020-9496.md +++ b/2020/CVE-2020-9496.md @@ -18,6 +18,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin - https://github.com/0xT11/CVE-POC - https://github.com/0xaniketB/HackTheBox-Monitors - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/360quake/papers - https://github.com/ARPSyndicate/cvemon diff --git a/2020/CVE-2020-9757.md b/2020/CVE-2020-9757.md index 140666c4bc..aa2689e1aa 100644 --- a/2020/CVE-2020-9757.md +++ b/2020/CVE-2020-9757.md @@ -13,6 +13,7 @@ The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template In No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2021/CVE-2021-1675.md b/2021/CVE-2021-1675.md index 020480aa11..d37ef9eb5e 100644 --- a/2021/CVE-2021-1675.md +++ b/2021/CVE-2021-1675.md @@ -50,6 +50,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html #### Github +- https://github.com/0housefly0/Printnightmare - https://github.com/0x727/usefull-elevation-of-privilege - https://github.com/0xHunterr/OSCP-Study-Notes - https://github.com/0xHunterr/OSCP-Studying-Notes @@ -91,6 +92,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - https://github.com/G0urmetD/PJPT-Notes - https://github.com/Getshell/CobaltStrike - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/Hatcat123/my_stars @@ -132,6 +134,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - https://github.com/TheLastochka/pentest - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Tomparte/PrintNightmare +- https://github.com/TrojanAZhen/Self_Back - https://github.com/VK9D/PrintNightmare - https://github.com/WhooAmii/POC_to_review - https://github.com/WidespreadPandemic/CVE-2021-34527_ACL_mitigation diff --git a/2021/CVE-2021-1732.md b/2021/CVE-2021-1732.md index c78db65251..811cd272ac 100644 --- a/2021/CVE-2021-1732.md +++ b/2021/CVE-2021-1732.md @@ -63,6 +63,7 @@ Windows Win32k Elevation of Privilege Vulnerability - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/Spacial/awesome-csirt - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/YOunGWebER/cve_2021_1732 - https://github.com/YangSirrr/YangsirStudyPlan diff --git a/2021/CVE-2021-20050.md b/2021/CVE-2021-20050.md index 1f6e2dc010..cb6e0bb24d 100644 --- a/2021/CVE-2021-20050.md +++ b/2021/CVE-2021-20050.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/InfoSecPolkCounty/CVE2021-40444-document-Scanner - https://github.com/Live-Hack-CVE/CVE-2021-20050 - https://github.com/RedTeamExp/CVE-2021-22005_PoC +- https://github.com/TrojanAZhen/Self_Back diff --git a/2021/CVE-2021-2109.md b/2021/CVE-2021-2109.md index 0261d4d752..678c9ea23d 100644 --- a/2021/CVE-2021-2109.md +++ b/2021/CVE-2021-2109.md @@ -47,6 +47,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/SexyBeast233/SecBooks - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109 - https://github.com/WhooAmii/POC_to_review - https://github.com/WingsSec/Meppo @@ -57,6 +58,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dinosn/CVE-2021-2109 - https://github.com/fardeen-ahmed/Bug-bounty-Writeups +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hktalent/bug-bounty - https://github.com/huike007/penetration_poc - https://github.com/k0mi-tg/CVE-POC diff --git a/2021/CVE-2021-21300.md b/2021/CVE-2021-21300.md index f8f4f130fa..9fd21897ee 100644 --- a/2021/CVE-2021-21300.md +++ b/2021/CVE-2021-21300.md @@ -34,6 +34,7 @@ Git is an open-source distributed revision control system. In affected versions - https://github.com/Saboor-Hakimi-23/CVE-2021-21300 - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/bollwarm/SecToolSet - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2021/CVE-2021-21479.md b/2021/CVE-2021-21479.md index 8bf514debe..0cd24addc1 100644 --- a/2021/CVE-2021-21479.md +++ b/2021/CVE-2021-21479.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2021/CVE-2021-21799.md b/2021/CVE-2021-21799.md index 34c1568d96..f046c0ed3f 100644 --- a/2021/CVE-2021-21799.md +++ b/2021/CVE-2021-21799.md @@ -16,4 +16,5 @@ Cross-site scripting vulnerabilities exist in the telnet_form.php script functio - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Live-Hack-CVE/CVE-2021-21799 +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2021/CVE-2021-21972.md b/2021/CVE-2021-21972.md index 86709af1ab..aa0f8f2495 100644 --- a/2021/CVE-2021-21972.md +++ b/2021/CVE-2021-21972.md @@ -66,6 +66,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v - https://github.com/SouthWind0/southwind0.github.io - https://github.com/TaroballzChen/CVE-2021-21972 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/CVE-2021-21972 - https://github.com/Vulnmachines/VmWare-vCenter-vulnerability - https://github.com/W01fh4cker/VcenterKit @@ -123,6 +124,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v - https://github.com/n1sh1th/CVE-POC - https://github.com/nitishbadole/oscp-note-3 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/orangmuda/CVE-2021-21972 - https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document - https://github.com/oscpname/OSCP_cheat diff --git a/2021/CVE-2021-21975.md b/2021/CVE-2021-21975.md index a5b228d610..ec23b895ce 100644 --- a/2021/CVE-2021-21975.md +++ b/2021/CVE-2021-21975.md @@ -45,6 +45,7 @@ Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) - https://github.com/TheTh1nk3r/exp_hub - https://github.com/Threekiii/Awesome-POC - https://github.com/Timirepo/CVE_Exploits +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/VMWare-CVE-2021-21975 - https://github.com/Vulnmachines/VmWare-vCenter-vulnerability - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-21978.md b/2021/CVE-2021-21978.md index 05cc2eea0c..699af9bfb8 100644 --- a/2021/CVE-2021-21978.md +++ b/2021/CVE-2021-21978.md @@ -28,6 +28,7 @@ VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code exe - https://github.com/SYRTI/POC_to_review - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/Z0fhack/Goby_POC - https://github.com/bhassani/Recent-CVE diff --git a/2021/CVE-2021-21985.md b/2021/CVE-2021-21985.md index be332d258b..71d877a5bb 100644 --- a/2021/CVE-2021-21985.md +++ b/2021/CVE-2021-21985.md @@ -35,6 +35,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability due to - https://github.com/SexyBeast233/SecBooks - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/Spacial/awesome-csirt +- https://github.com/TrojanAZhen/Self_Back - https://github.com/W01fh4cker/VcenterKit - https://github.com/WhooAmii/POC_to_review - https://github.com/Z0fhack/Goby_POC @@ -64,6 +65,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability due to - https://github.com/n1sh1th/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/onSec-fr/CVE-2021-21985-Checker +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2021/CVE-2021-22005.md b/2021/CVE-2021-22005.md index 65f061d45c..00e46984b2 100644 --- a/2021/CVE-2021-22005.md +++ b/2021/CVE-2021-22005.md @@ -43,6 +43,7 @@ The vCenter Server contains an arbitrary file upload vulnerability in the Analyt - https://github.com/Threekiii/Awesome-POC - https://github.com/TiagoSergio/CVE-2021-22005 - https://github.com/Timirepo/CVE_Exploits +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/VmWare-vCenter-vulnerability - https://github.com/W01fh4cker/VcenterKit - https://github.com/WhooAmii/POC_to_review @@ -67,6 +68,7 @@ The vCenter Server contains an arbitrary file upload vulnerability in the Analyt - https://github.com/manas3c/CVE-POC - https://github.com/nday-ldgz/ZoomEye-dork - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research diff --git a/2021/CVE-2021-22214.md b/2021/CVE-2021-22214.md index 1d92a672ce..2c3d721dc5 100644 --- a/2021/CVE-2021-22214.md +++ b/2021/CVE-2021-22214.md @@ -26,6 +26,7 @@ When requests to the internal network for webhooks are enabled, a server-side re - https://github.com/SYRTI/POC_to_review - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/gitlab-cve-2021-22214 - https://github.com/WhooAmii/POC_to_review - https://github.com/YuraveON/YuraveON diff --git a/2021/CVE-2021-22555.md b/2021/CVE-2021-22555.md index de85fe6560..8e643c6fb8 100644 --- a/2021/CVE-2021-22555.md +++ b/2021/CVE-2021-22555.md @@ -46,9 +46,11 @@ A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in n - https://github.com/PIG-007/kernelAll - https://github.com/SYRTI/POC_to_review - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording - https://github.com/YunDingLab/struct_sanitizer +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/arttnba3/D3CTF2023_d3kcache diff --git a/2021/CVE-2021-22986.md b/2021/CVE-2021-22986.md index 14e84a1dd3..288aea0502 100644 --- a/2021/CVE-2021-22986.md +++ b/2021/CVE-2021-22986.md @@ -18,6 +18,7 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before - https://github.com/189569400/Meppo - https://github.com/1n7erface/PocList - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates @@ -48,6 +49,7 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before - https://github.com/SouthWind0/southwind0.github.io - https://github.com/Tas9er/CVE-2021-22986 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/CVE-2021-22986-SSRF2RCE - https://github.com/WhooAmii/POC_to_review - https://github.com/WingsSec/Meppo diff --git a/2021/CVE-2021-2394.md b/2021/CVE-2021-2394.md index cea8b0a804..43d420e6ab 100644 --- a/2021/CVE-2021-2394.md +++ b/2021/CVE-2021-2394.md @@ -23,6 +23,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/fasanhlieu/CVE-2021-2394 - https://github.com/freeide/CVE-2021-2394 diff --git a/2021/CVE-2021-25646.md b/2021/CVE-2021-25646.md index f33f13e8bf..a3e4620e27 100644 --- a/2021/CVE-2021-25646.md +++ b/2021/CVE-2021-25646.md @@ -45,6 +45,7 @@ Apache Druid includes the ability to execute user-provided JavaScript code embed - https://github.com/SpiritixCS/ToolBox - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/Apache-Druid-CVE-2021-25646 - https://github.com/W4nde3/toolkits - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-26084.md b/2021/CVE-2021-26084.md index 01a5ac1700..50de71aede 100644 --- a/2021/CVE-2021-26084.md +++ b/2021/CVE-2021-26084.md @@ -144,6 +144,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/nizarbamida/CVE-2021-26084-patch- - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/numencyber/atlassian_pbkdf2_dehash +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/orangmuda/CVE-2021-26084 - https://github.com/orgTestCodacy11KRepos110MB/repo-5222-ShuiZe_0x727 diff --git a/2021/CVE-2021-26295.md b/2021/CVE-2021-26295.md index 9e3e0a8d23..66b746b7ee 100644 --- a/2021/CVE-2021-26295.md +++ b/2021/CVE-2021-26295.md @@ -42,6 +42,7 @@ Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated at - https://github.com/TheTh1nk3r/exp_hub - https://github.com/Threekiii/Awesome-POC - https://github.com/Timirepo/CVE_Exploits +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/YinWC/2021hvv_vul - https://github.com/Z0fhack/Goby_POC diff --git a/2021/CVE-2021-26690.md b/2021/CVE-2021-26690.md index ad9feb85f3..480d305a45 100644 --- a/2021/CVE-2021-26690.md +++ b/2021/CVE-2021-26690.md @@ -20,4 +20,5 @@ Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header ha - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch - https://github.com/fkm75P8YjLkb/CVE-2021-26690 +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-26691.md b/2021/CVE-2021-26691.md index 9cef7f67e4..63066ffeb2 100644 --- a/2021/CVE-2021-26691.md +++ b/2021/CVE-2021-26691.md @@ -22,5 +22,6 @@ In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader - https://github.com/firatesatoglu/shodanSearch - https://github.com/fkm75P8YjLkb/CVE-2021-26691 - https://github.com/hound672/BlackBox-CI-CD-script +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/rmtec/modeswitcher diff --git a/2021/CVE-2021-26708.md b/2021/CVE-2021-26708.md index 5eda063b40..9e3884b6dd 100644 --- a/2021/CVE-2021-26708.md +++ b/2021/CVE-2021-26708.md @@ -24,6 +24,7 @@ A local privilege escalation was discovered in the Linux kernel before 5.10.13. - https://github.com/bsauce/kernel-security-learning - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hancp2016/news - https://github.com/hardenedvault/vault_range_poc diff --git a/2021/CVE-2021-26855.md b/2021/CVE-2021-26855.md index 7db4953715..70535492ba 100644 --- a/2021/CVE-2021-26855.md +++ b/2021/CVE-2021-26855.md @@ -80,6 +80,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/LearnGolang/LearnGolang - https://github.com/M-AAS/CSIRT - https://github.com/MacAsure/cve-2021-26855 +- https://github.com/Madbat2024/Penetration-test - https://github.com/MicahFleming/Risk-Assessment-Cap-Stone- - https://github.com/Mr-xn/CVE-2021-26855-d - https://github.com/Mr-xn/Penetration_Testing_POC @@ -87,6 +88,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/NarbehJackson/python-flask-ssrfpdf-to-lfi - https://github.com/Nick-Yin12/106362522 +- https://github.com/NoTsPepino/Shodan-Dorking - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/PEASEC/msexchange-server-cti-dataset @@ -103,6 +105,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit - https://github.com/Th3eCrow/CVE-2021-26855-SSRF-Exchange - https://github.com/TheDudeD6/ExchangeSmash +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/Proxylogon - https://github.com/WhooAmii/POC_to_review - https://github.com/WiredPulse/Invoke-HAFNIUMCheck.ps1 diff --git a/2021/CVE-2021-27330.md b/2021/CVE-2021-27330.md index 5846262a3e..3192204ce7 100644 --- a/2021/CVE-2021-27330.md +++ b/2021/CVE-2021-27330.md @@ -14,6 +14,7 @@ Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) i - https://www.exploit-db.com/exploits/49597 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2021/CVE-2021-27363.md b/2021/CVE-2021-27363.md index 68e4f050b8..9ad8f83ce5 100644 --- a/2021/CVE-2021-27363.md +++ b/2021/CVE-2021-27363.md @@ -20,6 +20,7 @@ An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer lea - https://github.com/bollwarm/SecToolSet - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/kdn111/linux-kernel-exploitation - https://github.com/khanhdn111/linux-kernel-exploitation - https://github.com/khanhdz-06/linux-kernel-exploitation diff --git a/2021/CVE-2021-27364.md b/2021/CVE-2021-27364.md index a24d277925..59be2b265a 100644 --- a/2021/CVE-2021-27364.md +++ b/2021/CVE-2021-27364.md @@ -21,6 +21,7 @@ An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_tr - https://github.com/bollwarm/SecToolSet - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/kdn111/linux-kernel-exploitation - https://github.com/khanhdn111/linux-kernel-exploitation - https://github.com/khanhdz-06/linux-kernel-exploitation diff --git a/2021/CVE-2021-27365.md b/2021/CVE-2021-27365.md index 2e50d93cbd..771a90d892 100644 --- a/2021/CVE-2021-27365.md +++ b/2021/CVE-2021-27365.md @@ -21,10 +21,12 @@ An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data s - https://github.com/EGI-Federation/SVG-advisories - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aaronxie55/Presentation2_Markdown - https://github.com/bollwarm/SecToolSet - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/eeenvik1/scripts_for_YouTrack - https://github.com/gipi/cve-cemetery - https://github.com/kdn111/linux-kernel-exploitation diff --git a/2021/CVE-2021-28153.md b/2021/CVE-2021-28153.md index 038bded8f3..3ab89b67fc 100644 --- a/2021/CVE-2021-28153.md +++ b/2021/CVE-2021-28153.md @@ -14,4 +14,5 @@ An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is us #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/vulsio/goval-dictionary diff --git a/2021/CVE-2021-29442.md b/2021/CVE-2021-29442.md index 29274e0af0..86f204104b 100644 --- a/2021/CVE-2021-29442.md +++ b/2021/CVE-2021-29442.md @@ -16,6 +16,7 @@ Nacos is a platform designed for dynamic service discovery and configuration and - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/Threekiii/Awesome-POC - https://github.com/afzalbin64/accuknox-policy-temp - https://github.com/kubearmor/policy-templates diff --git a/2021/CVE-2021-29505.md b/2021/CVE-2021-29505.md index ae043b839d..bf9008956d 100644 --- a/2021/CVE-2021-29505.md +++ b/2021/CVE-2021-29505.md @@ -27,6 +27,7 @@ XStream is software for serializing Java objects to XML and back again. A vulner - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/Whoopsunix/PPPVULNS - https://github.com/apachecn-archive/Middleware-Vulnerability-detection diff --git a/2021/CVE-2021-30179.md b/2021/CVE-2021-30179.md index 959771daa3..71219ae8ac 100644 --- a/2021/CVE-2021-30179.md +++ b/2021/CVE-2021-30179.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Armandhe-China/ApacheDubboSerialVuln - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Whoopsunix/PPPVULNS - https://github.com/lz2y/DubboPOC diff --git a/2021/CVE-2021-3019.md b/2021/CVE-2021-3019.md index f4ec2592d0..67911648f9 100644 --- a/2021/CVE-2021-3019.md +++ b/2021/CVE-2021-3019.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/TesterCC/exp_poc_library - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/WingsSec/Meppo - https://github.com/Z0fhack/Goby_POC diff --git a/2021/CVE-2021-30641.md b/2021/CVE-2021-30641.md index bcaed3e201..8f1b518a47 100644 --- a/2021/CVE-2021-30641.md +++ b/2021/CVE-2021-30641.md @@ -17,4 +17,5 @@ Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with ' - https://github.com/PierreChrd/py-projet-tut - https://github.com/Totes5706/TotesHTB - https://github.com/fkm75P8YjLkb/CVE-2021-30641 +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-30860.md b/2021/CVE-2021-30860.md index 1cd8852f26..79473335d9 100644 --- a/2021/CVE-2021-30860.md +++ b/2021/CVE-2021-30860.md @@ -31,6 +31,7 @@ An integer overflow was addressed with improved input validation. This issue is - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/SYRTI/POC_to_review +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/ex0dus-0x/awesome-rust-security - https://github.com/houjingyi233/macOS-iOS-system-security diff --git a/2021/CVE-2021-3129.md b/2021/CVE-2021-3129.md index b401c0a75c..e8acb76224 100644 --- a/2021/CVE-2021-3129.md +++ b/2021/CVE-2021-3129.md @@ -61,6 +61,7 @@ Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/W-zrd/UniXploit - https://github.com/WhooAmii/POC_to_review - https://github.com/XuCcc/VulEnv @@ -115,6 +116,7 @@ Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic - https://github.com/pen4uin/vulnerability-research-list - https://github.com/qingchenhh/Tools-collection - https://github.com/r3volved/CVEAggregate +- https://github.com/ramimac/aws-customer-security-incidents - https://github.com/randolphcyg/nuclei-plus - https://github.com/revanmalang/OSCP - https://github.com/shadowabi/Laravel-CVE-2021-3129 diff --git a/2021/CVE-2021-31440.md b/2021/CVE-2021-31440.md index b7b25f50d1..b66b675f00 100644 --- a/2021/CVE-2021-31440.md +++ b/2021/CVE-2021-31440.md @@ -19,6 +19,7 @@ This vulnerability allows local attackers to escalate privileges on affected ins - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/bsauce/kernel-exploit-factory diff --git a/2021/CVE-2021-3156.md b/2021/CVE-2021-3156.md index 8fbe08faef..c744f62a4f 100644 --- a/2021/CVE-2021-3156.md +++ b/2021/CVE-2021-3156.md @@ -118,11 +118,13 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based - https://github.com/Timirepo/CVE_Exploits - https://github.com/Toufupi/CVE_Collection - https://github.com/Trivialcorgi/Proyecto-Prueba-PPS +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Whiteh4tWolf/Sudo-1.8.31-Root-Exploit - https://github.com/Whiteh4tWolf/xcoderootsploit - https://github.com/WhooAmii/POC_to_review - https://github.com/Y3A/CVE-2021-3156 - https://github.com/ZTK-009/CVE-2021-3156 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aasphixie/aasphixie.github.io - https://github.com/abedra/securing_security_software - https://github.com/ajtech-hue/CVE-2021-3156-Mitigation-ShellScript-Build diff --git a/2021/CVE-2021-33193.md b/2021/CVE-2021-33193.md index b6bc4f5ccf..2de3e9b9d3 100644 --- a/2021/CVE-2021-33193.md +++ b/2021/CVE-2021-33193.md @@ -21,6 +21,7 @@ A crafted method sent through HTTP/2 will bypass validation and be forwarded by - https://github.com/Totes5706/TotesHTB - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/bioly230/THM_Skynet +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/soosmile/POC diff --git a/2021/CVE-2021-3377.md b/2021/CVE-2021-3377.md index 5626abda4c..7e07a38d0b 100644 --- a/2021/CVE-2021-3377.md +++ b/2021/CVE-2021-3377.md @@ -13,6 +13,7 @@ The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANS No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2021/CVE-2021-34429.md b/2021/CVE-2021-34429.md index 1ddeaaed4a..bd32c96df4 100644 --- a/2021/CVE-2021-34429.md +++ b/2021/CVE-2021-34429.md @@ -25,6 +25,7 @@ For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs ca - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/anquanscan/sec-tools - https://github.com/bakery312/Vulhub-Reproduce diff --git a/2021/CVE-2021-34527.md b/2021/CVE-2021-34527.md index 40aea3cac8..7c2263047b 100644 --- a/2021/CVE-2021-34527.md +++ b/2021/CVE-2021-34527.md @@ -49,6 +49,7 @@ - http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html #### Github +- https://github.com/0housefly0/Printnightmare - https://github.com/0x6d69636b/windows_hardening - https://github.com/0x727/usefull-elevation-of-privilege - https://github.com/0xMarcio/cve @@ -87,6 +88,7 @@ - https://github.com/Eutectico/Printnightmare - https://github.com/GhostTroops/TOP - https://github.com/Gokul-C/CIS-Hardening-Windows-L1 +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/Hatcat123/my_stars @@ -129,6 +131,7 @@ - https://github.com/Threekiii/Awesome-Redteam - https://github.com/TieuLong21Prosper/detect_bruteforce - https://github.com/Tomparte/PrintNightmare +- https://github.com/TrojanAZhen/Self_Back - https://github.com/VK9D/PrintNightmare - https://github.com/Vertrauensstellung/PoshME - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-34798.md b/2021/CVE-2021-34798.md index ae1c2797ec..a6ab027425 100644 --- a/2021/CVE-2021-34798.md +++ b/2021/CVE-2021-34798.md @@ -20,5 +20,6 @@ Malformed requests may cause the server to dereference a NULL pointer. This issu - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2021/CVE-2021-3490.md b/2021/CVE-2021-3490.md index dfce8c8408..a08f81af61 100644 --- a/2021/CVE-2021-3490.md +++ b/2021/CVE-2021-3490.md @@ -27,6 +27,7 @@ The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux ke - https://github.com/Whiteh4tWolf/xcoderootsploit - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490 diff --git a/2021/CVE-2021-3493.md b/2021/CVE-2021-3493.md index 2a3e779fce..a22532bfe9 100644 --- a/2021/CVE-2021-3493.md +++ b/2021/CVE-2021-3493.md @@ -56,7 +56,9 @@ The overlayfs implementation in the linux kernel did not properly validate with - https://github.com/SrcVme50/Analytics - https://github.com/SrcVme50/Hospital - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/abylinjohnson/linux-kernel-exploits - https://github.com/anquanscan/sec-tools - https://github.com/beruangsalju/LocalPrivelegeEscalation diff --git a/2021/CVE-2021-35464.md b/2021/CVE-2021-35464.md index c29a0fbdf1..6a3322636d 100644 --- a/2021/CVE-2021-35464.md +++ b/2021/CVE-2021-35464.md @@ -25,6 +25,7 @@ ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the j - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/PwnAwan/MindMaps2 - https://github.com/StarCrossPortal/scalpel +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Y4er/openam-CVE-2021-35464 - https://github.com/Z0fhack/Goby_POC - https://github.com/anonymous364872/Rapier_Tool diff --git a/2021/CVE-2021-36160.md b/2021/CVE-2021-36160.md index e1adadedf7..251bdbfbb0 100644 --- a/2021/CVE-2021-36160.md +++ b/2021/CVE-2021-36160.md @@ -17,4 +17,5 @@ A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the - https://github.com/ARPSyndicate/cvemon - https://github.com/PierreChrd/py-projet-tut - https://github.com/Totes5706/TotesHTB +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-36934.md b/2021/CVE-2021-36934.md index 86b6b8b9aa..d3395626dd 100644 --- a/2021/CVE-2021-36934.md +++ b/2021/CVE-2021-36934.md @@ -59,6 +59,7 @@ - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Sp00p64/PyNightmare +- https://github.com/TrojanAZhen/Self_Back - https://github.com/VertigoRay/CVE-2021-36934 - https://github.com/Wh04m1001/VSSCopy - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-39275.md b/2021/CVE-2021-39275.md index 895a832d09..9463b6c2ee 100644 --- a/2021/CVE-2021-39275.md +++ b/2021/CVE-2021-39275.md @@ -20,5 +20,6 @@ ap_escape_quotes() may write beyond the end of a buffer when given malicious inp - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2021/CVE-2021-4034.md b/2021/CVE-2021-4034.md index d19eb949b0..1507a65d68 100644 --- a/2021/CVE-2021-4034.md +++ b/2021/CVE-2021-4034.md @@ -111,6 +111,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/Meowmycks/OSCPprep-Cute - https://github.com/Meowmycks/OSCPprep-Sar - https://github.com/Meowmycks/OSCPprep-hackme1 +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/N1et/CVE-2021-4034 - https://github.com/NSeither/WITCOE @@ -174,6 +175,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/YgorAlberto/ygoralberto.github.io - https://github.com/ZWDeJun/ZWDeJun - https://github.com/Zeyad-Azima/Remedy4me +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aimebertrand/Socat - https://github.com/al4xs/polkit-pwnkit - https://github.com/amirexsploit/serverscanner @@ -188,6 +190,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/ashishlaxkar16/vulnerabilities - https://github.com/ashutoshrohilla/CVE-2021-4034 - https://github.com/aus-mate/CVE-2021-4034-POC +- https://github.com/ayoub-elbouzi/CVE-2021-4034-Pwnkit - https://github.com/ayypril/CVE-2021-4034 - https://github.com/azazelm3dj3d/CVE-2021-4034 - https://github.com/azminawwar/CVE-2021-4034 diff --git a/2021/CVE-2021-40438.md b/2021/CVE-2021-40438.md index 858dae0d13..024cdd0739 100644 --- a/2021/CVE-2021-40438.md +++ b/2021/CVE-2021-40438.md @@ -52,6 +52,7 @@ A crafted request uri-path can cause mod_proxy to forward the request to an orig - https://github.com/gassara-kys/CVE-2021-40438 - https://github.com/ginoah/My-CTF-Challenges - https://github.com/harsh-bothra/learn365 +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/litt1eb0yy/One-Liner-Scripts - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2021/CVE-2021-40444.md b/2021/CVE-2021-40444.md index fb31f65464..5379bca57e 100644 --- a/2021/CVE-2021-40444.md +++ b/2021/CVE-2021-40444.md @@ -98,6 +98,7 @@ - https://github.com/SirElmard/ethical_hacking - https://github.com/Spacial/awesome-csirt - https://github.com/TiagoSergio/CVE-2021-40444 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/CVE-2021-40444-CAB - https://github.com/Udyz/CVE-2021-40444-Sample - https://github.com/VilNE-Scanner/VilNE diff --git a/2021/CVE-2021-41037.md b/2021/CVE-2021-41037.md index 98fe4fd3dc..55d722b98e 100644 --- a/2021/CVE-2021-41037.md +++ b/2021/CVE-2021-41037.md @@ -1,6 +1,6 @@ ### [CVE-2021-41037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41037) ![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20Equinox%20p2&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%201.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%204.28%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-829&color=brighgreen) ### Description diff --git a/2021/CVE-2021-41073.md b/2021/CVE-2021-41073.md index 94cdd917b6..22a91ca4a2 100644 --- a/2021/CVE-2021-41073.md +++ b/2021/CVE-2021-41073.md @@ -23,6 +23,7 @@ loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows loc - https://github.com/SYRTI/POC_to_review - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/chompie1337/Linux_LPE_io_uring_CVE-2021-41073 diff --git a/2021/CVE-2021-41174.md b/2021/CVE-2021-41174.md index d12705d49f..74cd4a673c 100644 --- a/2021/CVE-2021-41174.md +++ b/2021/CVE-2021-41174.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/HimmelAward/Goby_POC diff --git a/2021/CVE-2021-41293.md b/2021/CVE-2021-41293.md index 923760021a..8a1d1f1fd8 100644 --- a/2021/CVE-2021-41293.md +++ b/2021/CVE-2021-41293.md @@ -19,6 +19,7 @@ ECOA BAS controller suffers from a path traversal vulnerability, causing arbitra No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2021/CVE-2021-4154.md b/2021/CVE-2021-4154.md index ee1539d1cd..df7db40e12 100644 --- a/2021/CVE-2021-4154.md +++ b/2021/CVE-2021-4154.md @@ -22,6 +22,7 @@ A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/a8stract-lab/SeaK - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2021/CVE-2021-41773.md b/2021/CVE-2021-41773.md index ac671851ba..cfe27f02a1 100644 --- a/2021/CVE-2021-41773.md +++ b/2021/CVE-2021-41773.md @@ -123,6 +123,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/TishcaTpx/POC-CVE-2021-41773 - https://github.com/Trivialcorgi/Proyecto-Prueba-PPS +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Undefind404/cve_2021_41773 - https://github.com/Vulnmachines/cve-2021-41773 - https://github.com/WhooAmii/POC_to_review @@ -266,6 +267,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/retr0-13/apachrot - https://github.com/retrymp3/apache2.4.49VulnerableLabSetup - https://github.com/revanmalang/OSCP +- https://github.com/samglish/ServerSide - https://github.com/scarmandef/CVE-2021-41773 - https://github.com/seeu-inspace/easyg - https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50 diff --git a/2021/CVE-2021-42008.md b/2021/CVE-2021-42008.md index fc67273ee1..011b18f27b 100644 --- a/2021/CVE-2021-42008.md +++ b/2021/CVE-2021-42008.md @@ -23,6 +23,7 @@ The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel bef - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bcoles/kasld - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2021/CVE-2021-42013.md b/2021/CVE-2021-42013.md index afa4bc87ea..393bfa72a8 100644 --- a/2021/CVE-2021-42013.md +++ b/2021/CVE-2021-42013.md @@ -28,6 +28,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - https://github.com/0xZipp0/OSCP - https://github.com/0xsyr0/OSCP - https://github.com/12345qwert123456/CVE-2021-42013 +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite3 - https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013 - https://github.com/ARPSyndicate/cvemon @@ -152,6 +153,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - https://github.com/revanmalang/OSCP - https://github.com/rnsss/CVE-2021-42013 - https://github.com/robotsense1337/CVE-2021-42013 +- https://github.com/samglish/ServerSide - https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50 - https://github.com/skentagon/CVE-2021-41773 - https://github.com/soosmile/POC diff --git a/2021/CVE-2021-42278.md b/2021/CVE-2021-42278.md index 2814cbc09c..bc39ab7a44 100644 --- a/2021/CVE-2021-42278.md +++ b/2021/CVE-2021-42278.md @@ -56,6 +56,7 @@ No PoCs from references. - https://github.com/DanielBodnar/my-awesome-stars - https://github.com/EvilAnne/2021-Read-article - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/IAMinZoho/sAMAccountName-Spoofing @@ -84,6 +85,7 @@ No PoCs from references. - https://github.com/Singhsanjeev617/A-Red-Teamer-diaries - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-Redteam +- https://github.com/TrojanAZhen/Self_Back - https://github.com/TryA9ain/noPac - https://github.com/WazeHell/sam-the-admin - https://github.com/Whiteh4tWolf/Attack-Defense diff --git a/2021/CVE-2021-42287.md b/2021/CVE-2021-42287.md index cad9e7a8ad..6a6b15f22e 100644 --- a/2021/CVE-2021-42287.md +++ b/2021/CVE-2021-42287.md @@ -55,6 +55,7 @@ No PoCs from references. - https://github.com/EvilAnne/2021-Read-article - https://github.com/GhostPack/Rubeus - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/IAMinZoho/sAMAccountName-Spoofing @@ -82,6 +83,7 @@ No PoCs from references. - https://github.com/SirElmard/ethical_hacking - https://github.com/Strokekilla/Rubeus - https://github.com/Threekiii/Awesome-Redteam +- https://github.com/TrojanAZhen/Self_Back - https://github.com/TryA9ain/noPac - https://github.com/WazeHell/sam-the-admin - https://github.com/Whiteh4tWolf/Attack-Defense @@ -152,6 +154,7 @@ No PoCs from references. - https://github.com/rumputliar/Active-Directory-Exploitation-Cheat-Sheet - https://github.com/s3mPr1linux/JUST_WALKING_DOG - https://github.com/safebuffer/sam-the-admin +- https://github.com/santan2020/ck2 - https://github.com/sdogancesur/log4j_github_repository - https://github.com/securi3ytalent/bugbounty-CVE-Report - https://github.com/shengshengli/GetDomainAdmin diff --git a/2021/CVE-2021-42321.md b/2021/CVE-2021-42321.md index 309e37fb22..8c7c490a6d 100644 --- a/2021/CVE-2021-42321.md +++ b/2021/CVE-2021-42321.md @@ -39,6 +39,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/SYRTI/POC_to_review - https://github.com/SirElmard/ethical_hacking - https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UNC1739/awesome-vulnerability-research - https://github.com/WhooAmii/POC_to_review - https://github.com/Y4er/dotnet-deserialization diff --git a/2021/CVE-2021-43267.md b/2021/CVE-2021-43267.md index dd4b1a08d8..30ab03be8d 100644 --- a/2021/CVE-2021-43267.md +++ b/2021/CVE-2021-43267.md @@ -19,6 +19,7 @@ An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. - https://github.com/DarkSprings/CVE-2021-43267-POC - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aixcc-public/challenge-001-exemplar - https://github.com/bcoles/kasld - https://github.com/bsauce/kernel-exploit-factory diff --git a/2021/CVE-2021-44224.md b/2021/CVE-2021-44224.md index b78fbf8169..995f9a3783 100644 --- a/2021/CVE-2021-44224.md +++ b/2021/CVE-2021-44224.md @@ -19,4 +19,5 @@ A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-44228.md b/2021/CVE-2021-44228.md index e7f698fc6b..7b5fcf4777 100644 --- a/2021/CVE-2021-44228.md +++ b/2021/CVE-2021-44228.md @@ -103,6 +103,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/Aschen/log4j-patched - https://github.com/Astrogeorgeonethree/Starred - https://github.com/Astrogeorgeonethree/Starred2 +- https://github.com/Astrosp/Awesome-OSINT-For-Everything - https://github.com/Atem1988/Starred - https://github.com/Aviral18/log4j2-exploit-detect - https://github.com/Awisefew/Lof4j @@ -473,6 +474,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/Toolsec/log4j-scan - https://github.com/TotallyNotAHaxxer/f-for-java - https://github.com/ToxicEnvelope/XSYS-Log4J2Shell-Ex +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyasarlar/tea - https://github.com/Tyasarlar/the_tea - https://github.com/UltraVanilla/LogJackFix diff --git a/2021/CVE-2021-4440.md b/2021/CVE-2021-4440.md new file mode 100644 index 0000000000..e1955fc9ce --- /dev/null +++ b/2021/CVE-2021-4440.md @@ -0,0 +1,17 @@ +### [CVE-2021-4440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4440) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=cea750c99d8f%3C%201424ab4bb386%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:x86/xen: Drop USERGS_SYSRET64 paravirt callcommit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream.USERGS_SYSRET64 is used to return from a syscall via SYSRET, buta Xen PV guest will nevertheless use the IRET hypercall, as thereis no sysret PV hypercall defined.So instead of testing all the prerequisites for doing a sysret andthen mangling the stack for Xen PV again for doing an iret just usethe iret exit from the beginning.This can easily be done via an ALTERNATIVE like it is done for thesysenter compat case already.It should be noted that this drops the optimization in Xen for notrestoring a few registers when returning to user mode, but it seemsas if the saved instructions in the kernel more than compensate forthis drop (a kernel build in a Xen PV guest was slightly faster withthis patch applied).While at it remove the stale sysret32 remnants. [ pawan: Brad Spengler and Salvatore Bonaccorso reported a problem with the 5.10 backport commit edc702b4a820 ("x86/entry_64: Add VERW just before userspace transition"). When CONFIG_PARAVIRT_XXL=y, CLEAR_CPU_BUFFERS is not executed in syscall_return_via_sysret path as USERGS_SYSRET64 is runtime patched to: .cpu_usergs_sysret64 = { 0x0f, 0x01, 0xf8, 0x48, 0x0f, 0x07 }, // swapgs; sysretq which is missing CLEAR_CPU_BUFFERS. It turns out dropping USERGS_SYSRET64 simplifies the code, allowing CLEAR_CPU_BUFFERS to be explicitly added to syscall_return_via_sysret path. Below is with CONFIG_PARAVIRT_XXL=y and this patch applied: syscall_return_via_sysret: ... <+342>: swapgs <+345>: xchg %ax,%ax <+347>: verw -0x1a2(%rip) <------ <+354>: sysretq ] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2021/CVE-2021-44790.md b/2021/CVE-2021-44790.md index 6788bf7d7f..749835a5c1 100644 --- a/2021/CVE-2021-44790.md +++ b/2021/CVE-2021-44790.md @@ -24,6 +24,7 @@ A carefully crafted request body can cause a buffer overflow in the mod_lua mult - https://github.com/cretlaw/SnykDesk - https://github.com/emotest1/emo_emo - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/nuPacaChi/-CVE-2021-44790 - https://github.com/pboonman196/Final_Project_CyberBootcamp diff --git a/2021/CVE-2021-45785.md b/2021/CVE-2021-45785.md new file mode 100644 index 0000000000..a96e8b66ba --- /dev/null +++ b/2021/CVE-2021-45785.md @@ -0,0 +1,17 @@ +### [CVE-2021-45785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45785) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage. + +### POC + +#### Reference +- https://1d8.github.io/cves/cve_2021_45785/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2021/CVE-2021-46709.md b/2021/CVE-2021-46709.md new file mode 100644 index 0000000000..e0ab82fb23 --- /dev/null +++ b/2021/CVE-2021-46709.md @@ -0,0 +1,17 @@ +### [CVE-2021-46709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46709) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). + +### POC + +#### Reference +- https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-0185.md b/2022/CVE-2022-0185.md index a3edcc1d1e..6076e952b4 100644 --- a/2022/CVE-2022-0185.md +++ b/2022/CVE-2022-0185.md @@ -37,6 +37,7 @@ A heap-based buffer overflow flaw was found in the way the legacy_parse_param fu - https://github.com/Shoeb-K/MANAGE-SECURE-VALIDATE-DEBUG-MONITOR-HARDENING-AND-PREVENT-MISCONFIGURATION-OF-KUBERNETES - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/a8stract-lab/SeaK - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground diff --git a/2022/CVE-2022-0847.md b/2022/CVE-2022-0847.md index 9a3901e4a9..92cd028542 100644 --- a/2022/CVE-2022-0847.md +++ b/2022/CVE-2022-0847.md @@ -52,6 +52,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/CYB3RK1D/CVE-2022-0847-POC +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/Ch4nc3n/PublicExploitation - https://github.com/CharonDefalt/linux-exploit - https://github.com/DanaEpp/pwncat_dirtypipe @@ -135,6 +136,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/XmasSnowISBACK/CVE-2022-0847-DirtyPipe-Exploits - https://github.com/ZWDeJun/ZWDeJun - https://github.com/Zen-ctrl/Rutgers_Cyber_Range +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/ahrixia/CVE_2022_0847 diff --git a/2022/CVE-2022-0995.md b/2022/CVE-2022-0995.md index 4900846498..78cda7ef23 100644 --- a/2022/CVE-2022-0995.md +++ b/2022/CVE-2022-0995.md @@ -37,6 +37,7 @@ An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch - https://github.com/SYRTI/POC_to_review - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/cyberanand1337x/bug-bounty-2022 diff --git a/2022/CVE-2022-1015.md b/2022/CVE-2022-1015.md index bfcf543ede..9a6a15703d 100644 --- a/2022/CVE-2022-1015.md +++ b/2022/CVE-2022-1015.md @@ -26,8 +26,10 @@ A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of t - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/TurtleARM/CVE-2023-0179-PoC +- https://github.com/Uniguri/CVE-1day - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/baehunsang/kernel2 - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-1388.md b/2022/CVE-2022-1388.md index e79b95c5e1..31ec527c1c 100644 --- a/2022/CVE-2022-1388.md +++ b/2022/CVE-2022-1388.md @@ -83,6 +83,7 @@ On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. - https://github.com/Threekiii/Awesome-POC - https://github.com/TomArni680/CVE-2022-1388-POC - https://github.com/TomArni680/CVE-2022-1388-RCE +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UNC1739/awesome-vulnerability-research - https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388 - https://github.com/WhooAmii/POC_to_review diff --git a/2022/CVE-2022-21894.md b/2022/CVE-2022-21894.md index 80de84058b..8070ff334f 100644 --- a/2022/CVE-2022-21894.md +++ b/2022/CVE-2022-21894.md @@ -47,6 +47,7 @@ No PoCs from references. - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/Iveco/xknow_infosec - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/NaInSec/CVE-PoC-in-GitHub diff --git a/2022/CVE-2022-22719.md b/2022/CVE-2022-22719.md index 90ba4dd34a..131b2f35f1 100644 --- a/2022/CVE-2022-22719.md +++ b/2022/CVE-2022-22719.md @@ -20,5 +20,6 @@ A carefully crafted request body can cause a read to a random memory area which - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2022/CVE-2022-22720.md b/2022/CVE-2022-22720.md index a829f4dfc3..9a630a8661 100644 --- a/2022/CVE-2022-22720.md +++ b/2022/CVE-2022-22720.md @@ -22,6 +22,7 @@ Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when err - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2022/CVE-2022-22721.md b/2022/CVE-2022-22721.md index 09af0d081c..a734b28a36 100644 --- a/2022/CVE-2022-22721.md +++ b/2022/CVE-2022-22721.md @@ -21,5 +21,6 @@ If LimitXMLRequestBody is set to allow request bodies larger than 350MB (default - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2022/CVE-2022-22947.md b/2022/CVE-2022-22947.md index 8b92a74d64..48550e06cc 100644 --- a/2022/CVE-2022-22947.md +++ b/2022/CVE-2022-22947.md @@ -161,6 +161,7 @@ In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nu0l/cve-2022-22947 - https://github.com/nu1r/yak-module-Nu +- https://github.com/onewinner/VulToolsKit - https://github.com/open-source-agenda/new-open-source-projects - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/pen4uin/java-memshell-generator-release diff --git a/2022/CVE-2022-22954.md b/2022/CVE-2022-22954.md index cb1ea0a4fd..db8394a4b4 100644 --- a/2022/CVE-2022-22954.md +++ b/2022/CVE-2022-22954.md @@ -101,6 +101,7 @@ VMware Workspace ONE Access and Identity Manager contain a remote code execution - https://github.com/mumu2020629/-CVE-2022-22954-scanner - https://github.com/nguyenv1nK/CVE-2022-22954 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/orwagodfather/CVE-2022-22954 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/rat857/AtomsPanic diff --git a/2022/CVE-2022-22963.md b/2022/CVE-2022-22963.md index 709f71730e..fc7efab598 100644 --- a/2022/CVE-2022-22963.md +++ b/2022/CVE-2022-22963.md @@ -137,6 +137,7 @@ In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w - https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963 - https://github.com/nitishbadole/oscp-note-3 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/onurgule/S4S-Scanner - https://github.com/oscpname/OSCP_cheat - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main diff --git a/2022/CVE-2022-22965.md b/2022/CVE-2022-22965.md index b43bd434d6..13c60a8988 100644 --- a/2022/CVE-2022-22965.md +++ b/2022/CVE-2022-22965.md @@ -262,6 +262,7 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nu0l/CVE-2022-22965 - https://github.com/nu1r/yak-module-Nu +- https://github.com/onewinner/VulToolsKit - https://github.com/onurgule/S4S-Scanner - https://github.com/opennms-forge/opennms-spring-patched - https://github.com/p1ckzi/CVE-2022-22965 diff --git a/2022/CVE-2022-22972.md b/2022/CVE-2022-22972.md index e6b6b05a57..d9c2cba382 100644 --- a/2022/CVE-2022-22972.md +++ b/2022/CVE-2022-22972.md @@ -36,6 +36,7 @@ No PoCs from references. - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/taielab/awesome-hacking-lists - https://github.com/trhacknon/Pocingit - https://github.com/whoforget/CVE-POC diff --git a/2022/CVE-2022-23222.md b/2022/CVE-2022-23222.md index cd4809ca13..c87ae2b8b3 100644 --- a/2022/CVE-2022-23222.md +++ b/2022/CVE-2022-23222.md @@ -40,6 +40,7 @@ No PoCs from references. - https://github.com/SYRTI/POC_to_review - https://github.com/Threekiii/Awesome-POC - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/cookiengineer/groot - https://github.com/cyberanand1337x/bug-bounty-2022 - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2022/CVE-2022-23823.md b/2022/CVE-2022-23823.md index 84585fb907..331aeef991 100644 --- a/2022/CVE-2022-23823.md +++ b/2022/CVE-2022-23823.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/bollwarm/SecToolSet +- https://github.com/smokyisthatyou/address_reuse_ita - https://github.com/teresaweber685/book_list diff --git a/2022/CVE-2022-23943.md b/2022/CVE-2022-23943.md index 0ee16695ef..3155a73e98 100644 --- a/2022/CVE-2022-23943.md +++ b/2022/CVE-2022-23943.md @@ -20,4 +20,5 @@ Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an att - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2022/CVE-2022-24112.md b/2022/CVE-2022-24112.md index dc4a3fc669..54bd2bb727 100644 --- a/2022/CVE-2022-24112.md +++ b/2022/CVE-2022-24112.md @@ -20,6 +20,7 @@ An attacker can abuse the batch-requests plugin to send requests to bypass the I - https://github.com/Acczdy/CVE-2022-24112_POC - https://github.com/Awrrays/FrameVul - https://github.com/Axx8/CVE-2022-24112 +- https://github.com/CrackerCat/CVE-2022-24112 - https://github.com/Greetdawn/Apache-APISIX-dashboard-RCE - https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection diff --git a/2022/CVE-2022-24436.md b/2022/CVE-2022-24436.md index 603ae63aee..d0ce874d54 100644 --- a/2022/CVE-2022-24436.md +++ b/2022/CVE-2022-24436.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/bollwarm/SecToolSet +- https://github.com/smokyisthatyou/address_reuse_ita - https://github.com/teresaweber685/book_list diff --git a/2022/CVE-2022-24816.md b/2022/CVE-2022-24816.md index 9f791a765e..85af28eea3 100644 --- a/2022/CVE-2022-24816.md +++ b/2022/CVE-2022-24816.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/Ostorlab/KEV - https://github.com/tanjiti/sec_profile diff --git a/2022/CVE-2022-2487.md b/2022/CVE-2022-2487.md index 438a76292e..97151fc515 100644 --- a/2022/CVE-2022-2487.md +++ b/2022/CVE-2022-2487.md @@ -17,4 +17,5 @@ A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2022/CVE-2022-24975.md b/2022/CVE-2022-24975.md index d1251369cc..538ed72faf 100644 --- a/2022/CVE-2022-24975.md +++ b/2022/CVE-2022-24975.md @@ -10,7 +10,7 @@ ### POC #### Reference -No PoCs from references. +- https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2022/CVE-2022-25622.md b/2022/CVE-2022-25622.md index 0569af25ca..c37a281402 100644 --- a/2022/CVE-2022-25622.md +++ b/2022/CVE-2022-25622.md @@ -2,17 +2,17 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20CFU%20DIQ&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20CFU%20PA&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200AL%20IM%20157-1%20PN&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8FX%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20MF%20HF&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F2%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F3%20HF%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20MF%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F2%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F3%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8FX%20PN%2FDP%20CPU&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20AI%208xRTD%2FTC%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%204x%20IO-Link%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%208x%20IO-Link%2C%20M12-L&color=blue) @@ -57,8 +57,13 @@ ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20S150&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20S210%20(6SL5...)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20V90&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20HCS4200%20CIM4210&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20HCS4200%20CIM4210C&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20HCS4300%20CIM4310&color=blue) @@ -75,13 +80,13 @@ ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.2.19%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.3.19%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3E%3D%204.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3E%3D%20V4.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3E%3D%20V5.1.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20with%20Ethernet%20interface%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.04.04%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.1.10%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.5%20SP1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.7%20SP14%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.7.14%20&color=brighgreen) @@ -90,13 +95,14 @@ ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V5.2.3.13%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V6.0.10%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V8.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=V4.2.0%3C%20*%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) ### Description -A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0), SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0), SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0), SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210 (6SL5...), SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0), SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1), SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0), SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0), SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. +The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. ### POC diff --git a/2022/CVE-2022-25636.md b/2022/CVE-2022-25636.md index aebc29bef9..9a5c38ff3e 100644 --- a/2022/CVE-2022-25636.md +++ b/2022/CVE-2022-25636.md @@ -39,6 +39,7 @@ net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows loca - https://github.com/SYRTI/POC_to_review - https://github.com/SnailDev/github-hot-hub - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/boustrophedon/extrasafe - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-2585.md b/2022/CVE-2022-2585.md index 70173f614a..262cf099ea 100644 --- a/2022/CVE-2022-2585.md +++ b/2022/CVE-2022-2585.md @@ -18,6 +18,7 @@ It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU t #### Github - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/greek0x0/2022-LPE-UAF - https://github.com/konoha279/2022-LPE-UAF diff --git a/2022/CVE-2022-25857.md b/2022/CVE-2022-25857.md index fecb9a82b6..9fb7b240a9 100644 --- a/2022/CVE-2022-25857.md +++ b/2022/CVE-2022-25857.md @@ -10,7 +10,8 @@ The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial o ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174 +- https://bitbucket.org/snakeyaml/snakeyaml/issues/525 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-2586.md b/2022/CVE-2022-2586.md index 7823731133..9f2b7954dc 100644 --- a/2022/CVE-2022-2586.md +++ b/2022/CVE-2022-2586.md @@ -26,6 +26,7 @@ It was discovered that a nft object or expression could reference a nft set on a - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Trickhish/automated_privilege_escalation - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aels/CVE-2022-2586-LPE - https://github.com/felixfu59/kernel-hack - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2022/CVE-2022-2588.md b/2022/CVE-2022-2588.md index 66203a68e6..34f51308eb 100644 --- a/2022/CVE-2022-2588.md +++ b/2022/CVE-2022-2588.md @@ -41,6 +41,7 @@ It was discovered that the cls_route filter implementation in the Linux kernel w - https://github.com/PolymorphicOpcode/CVE-2022-2588 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/beruangsalju/LocalPrivilegeEscalation - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-2602.md b/2022/CVE-2022-2602.md index 8023236d00..818ae4aa2d 100644 --- a/2022/CVE-2022-2602.md +++ b/2022/CVE-2022-2602.md @@ -21,6 +21,7 @@ io_uring UAF, Unix SCM garbage collection - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/felixfu59/kernel-hack diff --git a/2022/CVE-2022-26134.md b/2022/CVE-2022-26134.md index 95a7e3caa8..7117b704c5 100644 --- a/2022/CVE-2022-26134.md +++ b/2022/CVE-2022-26134.md @@ -174,6 +174,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nxtexploit/CVE-2022-26134 - https://github.com/offlinehoster/CVE-2022-26134 +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/oscpname/OSCP_cheat - https://github.com/p4b3l1t0/confusploit diff --git a/2022/CVE-2022-26258.md b/2022/CVE-2022-26258.md index c04db9740f..a402e44460 100644 --- a/2022/CVE-2022-26258.md +++ b/2022/CVE-2022-26258.md @@ -17,4 +17,5 @@ D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) - https://github.com/ARPSyndicate/cvemon - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/TrojanAZhen/Self_Back diff --git a/2022/CVE-2022-2639.md b/2022/CVE-2022-2639.md index 8dd00a67a9..17bdd2cb76 100644 --- a/2022/CVE-2022-2639.md +++ b/2022/CVE-2022-2639.md @@ -27,6 +27,7 @@ No PoCs from references. - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Threekiii/Awesome-POC - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/avboy1337/CVE-2022-2639-PipeVersion - https://github.com/bb33bb/CVE-2022-2639-PipeVersion - https://github.com/bsauce/kernel-exploit-factory diff --git a/2022/CVE-2022-26563.md b/2022/CVE-2022-26563.md new file mode 100644 index 0000000000..6971cb2010 --- /dev/null +++ b/2022/CVE-2022-26563.md @@ -0,0 +1,17 @@ +### [CVE-2022-26563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26563) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. + +### POC + +#### Reference +- https://bitbucket.org/tildeslash/monit/commits/6ecaab1d375f33165fe98d06d92f36c949c0ea11 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-27666.md b/2022/CVE-2022-27666.md index 3f9b35f783..686017e590 100644 --- a/2022/CVE-2022-27666.md +++ b/2022/CVE-2022-27666.md @@ -30,6 +30,7 @@ A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ip - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/a8stract-lab/SeaK - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-29034.md b/2022/CVE-2022-29034.md index 465bbc01c9..3c47640829 100644 --- a/2022/CVE-2022-29034.md +++ b/2022/CVE-2022-29034.md @@ -1,11 +1,11 @@ ### [CVE-2022-29034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29034) ![](https://img.shields.io/static/v1?label=Product&message=SINEMA%20Remote%20Connect%20Server&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ### Description -A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. +A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. ### POC diff --git a/2022/CVE-2022-29266.md b/2022/CVE-2022-29266.md index e2ad2e6e40..6a9667ecd3 100644 --- a/2022/CVE-2022-29266.md +++ b/2022/CVE-2022-29266.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/43622283/cloud-security-guides - https://github.com/ARPSyndicate/cvemon - https://github.com/GRQForCloud/cloud-security-guides +- https://github.com/Threekiii/Awesome-POC - https://github.com/YDCloudSecurity/cloud-security-guides - https://github.com/karimhabush/cyberowl - https://github.com/teamssix/awesome-cloud-security diff --git a/2022/CVE-2022-29420.md b/2022/CVE-2022-29420.md index 41e9ef6040..17aad9bcea 100644 --- a/2022/CVE-2022-29420.md +++ b/2022/CVE-2022-29420.md @@ -1,11 +1,11 @@ ### [CVE-2022-29420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29420) ![](https://img.shields.io/static/v1?label=Product&message=Countdown%20%26%20Clock%20(WordPress%20plugin)&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.3.2%3C%3D%202.3.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) ### Description -Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. ### POC diff --git a/2022/CVE-2022-31656.md b/2022/CVE-2022-31656.md index a7533c7bfa..9ca4de762d 100644 --- a/2022/CVE-2022-31656.md +++ b/2022/CVE-2022-31656.md @@ -19,4 +19,5 @@ VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an - https://github.com/Marcuccio/kevin - https://github.com/Schira4396/VcenterKiller - https://github.com/UNC1739/awesome-vulnerability-research +- https://github.com/onewinner/VulToolsKit diff --git a/2022/CVE-2022-32250.md b/2022/CVE-2022-32250.md index e0db184944..478a0dac15 100644 --- a/2022/CVE-2022-32250.md +++ b/2022/CVE-2022-32250.md @@ -30,6 +30,7 @@ net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Trickhish/automated_privilege_escalation - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/felixfu59/kernel-hack diff --git a/2022/CVE-2022-32253.md b/2022/CVE-2022-32253.md index 3b22844873..c5e6c6ee5b 100644 --- a/2022/CVE-2022-32253.md +++ b/2022/CVE-2022-32253.md @@ -1,6 +1,6 @@ ### [CVE-2022-32253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32253) ![](https://img.shields.io/static/v1?label=Product&message=SINEMA%20Remote%20Connect%20Server&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) ### Description diff --git a/2022/CVE-2022-32254.md b/2022/CVE-2022-32254.md index 628284dda8..d24317a24c 100644 --- a/2022/CVE-2022-32254.md +++ b/2022/CVE-2022-32254.md @@ -1,6 +1,6 @@ ### [CVE-2022-32254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32254) ![](https://img.shields.io/static/v1?label=Product&message=SINEMA%20Remote%20Connect%20Server&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) ### Description diff --git a/2022/CVE-2022-34346.md b/2022/CVE-2022-34346.md new file mode 100644 index 0000000000..30c1c6c4d7 --- /dev/null +++ b/2022/CVE-2022-34346.md @@ -0,0 +1,17 @@ +### [CVE-2022-34346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34346) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Media%20SDK%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%2022.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Orange-Cyberdefense/CVE-repository + diff --git a/2022/CVE-2022-34918.md b/2022/CVE-2022-34918.md index 4b4b30f04e..0d8506eeba 100644 --- a/2022/CVE-2022-34918.md +++ b/2022/CVE-2022-34918.md @@ -35,6 +35,7 @@ An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/dkb4rb/KernelExploiting diff --git a/2022/CVE-2022-36530.md b/2022/CVE-2022-36530.md new file mode 100644 index 0000000000..b0895fe78b --- /dev/null +++ b/2022/CVE-2022-36530.md @@ -0,0 +1,17 @@ +### [CVE-2022-36530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36530) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page. + +### POC + +#### Reference +- https://github.com/jianyan74/rageframe2/issues/106?by=xboy(Topsec) + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-37967.md b/2022/CVE-2022-37967.md index 74c13e9e42..323b368ac5 100644 --- a/2022/CVE-2022-37967.md +++ b/2022/CVE-2022-37967.md @@ -41,6 +41,7 @@ No PoCs from references. - https://github.com/RkDx/MyRuby - https://github.com/Strokekilla/Rubeus - https://github.com/qobil7681/Password-cracker +- https://github.com/santan2020/ck2 - https://github.com/syedrizvinet/lib-repos-Rubeus - https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2022/CVE-2022-38749.md b/2022/CVE-2022-38749.md index 13202dfd3e..1026d2ad34 100644 --- a/2022/CVE-2022-38749.md +++ b/2022/CVE-2022-38749.md @@ -10,7 +10,7 @@ Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Ser ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-38750.md b/2022/CVE-2022-38750.md index 77513c295c..63d0c428a8 100644 --- a/2022/CVE-2022-38750.md +++ b/2022/CVE-2022-38750.md @@ -10,7 +10,7 @@ Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Ser ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-38751.md b/2022/CVE-2022-38751.md index 8024766e4c..d250cb12e0 100644 --- a/2022/CVE-2022-38751.md +++ b/2022/CVE-2022-38751.md @@ -10,7 +10,7 @@ Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Ser ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-40438.md b/2022/CVE-2022-40438.md new file mode 100644 index 0000000000..59f6828e9c --- /dev/null +++ b/2022/CVE-2022-40438.md @@ -0,0 +1,17 @@ +### [CVE-2022-40438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40438) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-40439.md b/2022/CVE-2022-40439.md index 370e4da03a..4225638a70 100644 --- a/2022/CVE-2022-40439.md +++ b/2022/CVE-2022-40439.md @@ -13,5 +13,5 @@ An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts - https://github.com/axiomatic-systems/Bento4/issues/750 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-40487.md b/2022/CVE-2022-40487.md new file mode 100644 index 0000000000..f12ff1aec3 --- /dev/null +++ b/2022/CVE-2022-40487.md @@ -0,0 +1,17 @@ +### [CVE-2022-40487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40487) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. + +### POC + +#### Reference +- http://processwire.com + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-40488.md b/2022/CVE-2022-40488.md new file mode 100644 index 0000000000..4bd68dadbe --- /dev/null +++ b/2022/CVE-2022-40488.md @@ -0,0 +1,17 @@ +### [CVE-2022-40488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40488) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). + +### POC + +#### Reference +- http://processwire.com + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-41120.md b/2022/CVE-2022-41120.md index ca5a0b052d..d1816502f1 100644 --- a/2022/CVE-2022-41120.md +++ b/2022/CVE-2022-41120.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Wh04m1001/SysmonEoP - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2022/CVE-2022-43032.md b/2022/CVE-2022-43032.md new file mode 100644 index 0000000000..5ee23c50f6 --- /dev/null +++ b/2022/CVE-2022-43032.md @@ -0,0 +1,17 @@ +### [CVE-2022-43032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43032) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43033.md b/2022/CVE-2022-43033.md new file mode 100644 index 0000000000..98a1c1003e --- /dev/null +++ b/2022/CVE-2022-43033.md @@ -0,0 +1,17 @@ +### [CVE-2022-43033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43033) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43034.md b/2022/CVE-2022-43034.md new file mode 100644 index 0000000000..3c869a2648 --- /dev/null +++ b/2022/CVE-2022-43034.md @@ -0,0 +1,17 @@ +### [CVE-2022-43034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43034) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43035.md b/2022/CVE-2022-43035.md new file mode 100644 index 0000000000..b56bba81c9 --- /dev/null +++ b/2022/CVE-2022-43035.md @@ -0,0 +1,17 @@ +### [CVE-2022-43035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43035) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43037.md b/2022/CVE-2022-43037.md new file mode 100644 index 0000000000..68f6a2ca5c --- /dev/null +++ b/2022/CVE-2022-43037.md @@ -0,0 +1,17 @@ +### [CVE-2022-43037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43038.md b/2022/CVE-2022-43038.md new file mode 100644 index 0000000000..35a5b161ca --- /dev/null +++ b/2022/CVE-2022-43038.md @@ -0,0 +1,17 @@ +### [CVE-2022-43038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43038) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43039.md b/2022/CVE-2022-43039.md index 66e07ae61a..1d0809a02d 100644 --- a/2022/CVE-2022-43039.md +++ b/2022/CVE-2022-43039.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2281 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43040.md b/2022/CVE-2022-43040.md index d454924b73..b1b4e6a59d 100644 --- a/2022/CVE-2022-43040.md +++ b/2022/CVE-2022-43040.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer ov - https://github.com/gpac/gpac/issues/2280 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43042.md b/2022/CVE-2022-43042.md index 5c0473c595..5ed1ac30e5 100644 --- a/2022/CVE-2022-43042.md +++ b/2022/CVE-2022-43042.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer ov - https://github.com/gpac/gpac/issues/2278 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43043.md b/2022/CVE-2022-43043.md index 5671cad5ca..06af4fb34c 100644 --- a/2022/CVE-2022-43043.md +++ b/2022/CVE-2022-43043.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2276 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43044.md b/2022/CVE-2022-43044.md index 84901bc1ea..9473b33c6d 100644 --- a/2022/CVE-2022-43044.md +++ b/2022/CVE-2022-43044.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2282 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43045.md b/2022/CVE-2022-43045.md index 70ca65f4e4..55282ee3ee 100644 --- a/2022/CVE-2022-43045.md +++ b/2022/CVE-2022-43045.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2277 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43235.md b/2022/CVE-2022-43235.md index b91aa3d038..1da3d6f9fb 100644 --- a/2022/CVE-2022-43235.md +++ b/2022/CVE-2022-43235.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/337 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43236.md b/2022/CVE-2022-43236.md index 53c6208a69..ffa31cd69b 100644 --- a/2022/CVE-2022-43236.md +++ b/2022/CVE-2022-43236.md @@ -14,4 +14,5 @@ Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43237.md b/2022/CVE-2022-43237.md index eadd97df30..f4afd6f250 100644 --- a/2022/CVE-2022-43237.md +++ b/2022/CVE-2022-43237.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability - https://github.com/strukturag/libde265/issues/344 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43238.md b/2022/CVE-2022-43238.md index 5b28ed0c03..0448eb89f0 100644 --- a/2022/CVE-2022-43238.md +++ b/2022/CVE-2022-43238.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_ - https://github.com/strukturag/libde265/issues/336 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43239.md b/2022/CVE-2022-43239.md index 622e1170d9..e06556221e 100644 --- a/2022/CVE-2022-43239.md +++ b/2022/CVE-2022-43239.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/341 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43240.md b/2022/CVE-2022-43240.md index ab88cca95d..a5d71e1f75 100644 --- a/2022/CVE-2022-43240.md +++ b/2022/CVE-2022-43240.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/335 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43241.md b/2022/CVE-2022-43241.md index d80b1d5fbe..283cdcf48e 100644 --- a/2022/CVE-2022-43241.md +++ b/2022/CVE-2022-43241.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_ - https://github.com/strukturag/libde265/issues/338 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43242.md b/2022/CVE-2022-43242.md index 1c17079b4a..93891ca36e 100644 --- a/2022/CVE-2022-43242.md +++ b/2022/CVE-2022-43242.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/340 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43243.md b/2022/CVE-2022-43243.md index 00db1765fa..c5441b02e1 100644 --- a/2022/CVE-2022-43243.md +++ b/2022/CVE-2022-43243.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/339 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43244.md b/2022/CVE-2022-43244.md index 159ada7255..38995087d4 100644 --- a/2022/CVE-2022-43244.md +++ b/2022/CVE-2022-43244.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/342 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43245.md b/2022/CVE-2022-43245.md index 861e2320aa..712201edef 100644 --- a/2022/CVE-2022-43245.md +++ b/2022/CVE-2022-43245.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao - https://github.com/strukturag/libde265/issues/352 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43248.md b/2022/CVE-2022-43248.md index 75bf2c6271..95644c728f 100644 --- a/2022/CVE-2022-43248.md +++ b/2022/CVE-2022-43248.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/349 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43249.md b/2022/CVE-2022-43249.md index d1c84ec062..198b277e1a 100644 --- a/2022/CVE-2022-43249.md +++ b/2022/CVE-2022-43249.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/345 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43250.md b/2022/CVE-2022-43250.md index 4f8e04a169..eab9fce33d 100644 --- a/2022/CVE-2022-43250.md +++ b/2022/CVE-2022-43250.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/346 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43252.md b/2022/CVE-2022-43252.md index a0ae247d3e..f342ad1e0f 100644 --- a/2022/CVE-2022-43252.md +++ b/2022/CVE-2022-43252.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/347 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43253.md b/2022/CVE-2022-43253.md index 3b876b94a0..fccaaf1cae 100644 --- a/2022/CVE-2022-43253.md +++ b/2022/CVE-2022-43253.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/348 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43254.md b/2022/CVE-2022-43254.md index bb92d82638..5a725a7650 100644 --- a/2022/CVE-2022-43254.md +++ b/2022/CVE-2022-43254.md @@ -13,5 +13,5 @@ GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak v - https://github.com/gpac/gpac/issues/2284 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43255.md b/2022/CVE-2022-43255.md index 8b9ab1e32a..97139edfc9 100644 --- a/2022/CVE-2022-43255.md +++ b/2022/CVE-2022-43255.md @@ -13,5 +13,5 @@ GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak v - https://github.com/gpac/gpac/issues/2285 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-44704.md b/2022/CVE-2022-44704.md index 6ff127ea9b..f0c8976d0f 100644 --- a/2022/CVE-2022-44704.md +++ b/2022/CVE-2022-44704.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Wh04m1001/SysmonEoP - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2022/CVE-2022-45669.md b/2022/CVE-2022-45669.md index 8914f4553e..a6cb852e44 100644 --- a/2022/CVE-2022-45669.md +++ b/2022/CVE-2022-45669.md @@ -15,4 +15,5 @@ Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ind #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45670.md b/2022/CVE-2022-45670.md index 10bbcacf38..1b612dfe52 100644 --- a/2022/CVE-2022-45670.md +++ b/2022/CVE-2022-45670.md @@ -15,4 +15,5 @@ Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the pin #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45673.md b/2022/CVE-2022-45673.md index 5310d759d6..23ab5eab63 100644 --- a/2022/CVE-2022-45673.md +++ b/2022/CVE-2022-45673.md @@ -15,4 +15,5 @@ Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) vi #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45674.md b/2022/CVE-2022-45674.md index 71c71d3720..856dc8fd92 100644 --- a/2022/CVE-2022-45674.md +++ b/2022/CVE-2022-45674.md @@ -15,4 +15,5 @@ Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) vi #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45796.md b/2022/CVE-2022-45796.md new file mode 100644 index 0000000000..7ac8f40ce5 --- /dev/null +++ b/2022/CVE-2022-45796.md @@ -0,0 +1,17 @@ +### [CVE-2022-45796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45796) +![](https://img.shields.io/static/v1?label=Product&message=SHARP%20multifunction%20printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=Digital%20Full-color%20Multifunctional%20System%3C%3D%20202%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors. + +### POC + +#### Reference +- http://seclists.org/fulldisclosure/2024/Jul/0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-47069.md b/2022/CVE-2022-47069.md index eb6786120a..c9c3c44430 100644 --- a/2022/CVE-2022-47069.md +++ b/2022/CVE-2022-47069.md @@ -13,5 +13,5 @@ p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via t - https://sourceforge.net/p/p7zip/bugs/241/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-48063.md b/2022/CVE-2022-48063.md index 9635629325..69f0c04a14 100644 --- a/2022/CVE-2022-48063.md +++ b/2022/CVE-2022-48063.md @@ -13,5 +13,5 @@ GNU Binutils before 2.40 was discovered to contain an excessive memory consumpti - https://sourceware.org/bugzilla/show_bug.cgi?id=29924 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-48064.md b/2022/CVE-2022-48064.md index b440d49c2e..d8a4b06f62 100644 --- a/2022/CVE-2022-48064.md +++ b/2022/CVE-2022-48064.md @@ -13,5 +13,5 @@ GNU Binutils before 2.40 was discovered to contain an excessive memory consumpti - https://sourceware.org/bugzilla/show_bug.cgi?id=29922 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-48065.md b/2022/CVE-2022-48065.md index 3af1ef4a26..cb72e83053 100644 --- a/2022/CVE-2022-48065.md +++ b/2022/CVE-2022-48065.md @@ -13,5 +13,5 @@ GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability v - https://sourceware.org/bugzilla/show_bug.cgi?id=29925 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-4968.md b/2022/CVE-2022-4968.md index 8fd644bf39..32dd1f010c 100644 --- a/2022/CVE-2022-4968.md +++ b/2022/CVE-2022-4968.md @@ -1,11 +1,11 @@ ### [CVE-2022-4968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4968) ![](https://img.shields.io/static/v1?label=Product&message=Netplan&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%201.0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-497&color=brighgreen) ### Description -netplan leaks the private key of wireguard to local users. A security fix will be released soon. +netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. ### POC diff --git a/2023/CVE-2023-0400.md b/2023/CVE-2023-0400.md index 100ddbec2c..f79939667f 100644 --- a/2023/CVE-2023-0400.md +++ b/2023/CVE-2023-0400.md @@ -13,5 +13,5 @@ The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in ve - https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-1773.md b/2023/CVE-2023-1773.md new file mode 100644 index 0000000000..659b4db6dc --- /dev/null +++ b/2023/CVE-2023-1773.md @@ -0,0 +1,17 @@ +### [CVE-2023-1773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1773) +![](https://img.shields.io/static/v1?label=Product&message=Rockoa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Code%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-2033.md b/2023/CVE-2023-2033.md index f39043864c..018a1f5e9f 100644 --- a/2023/CVE-2023-2033.md +++ b/2023/CVE-2023-2033.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Threekiii/CVE - https://github.com/WalccDev/CVE-2023-2033 - https://github.com/dan-mba/python-selenium-news +- https://github.com/doyensec/awesome-electronjs-hacking - https://github.com/gretchenfrage/CVE-2023-2033-analysis - https://github.com/insoxin/CVE-2023-2033 - https://github.com/karimhabush/cyberowl diff --git a/2023/CVE-2023-20598.md b/2023/CVE-2023-20598.md index 77165471e2..28f8b4c072 100644 --- a/2023/CVE-2023-20598.md +++ b/2023/CVE-2023-20598.md @@ -24,6 +24,7 @@ An improper privilege management in the AMD Radeon™ Graphics driver may allow No PoCs from references. #### Github +- https://github.com/0xsyr0/OSCP - https://github.com/hfiref0x/KDU - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-20872.md b/2023/CVE-2023-20872.md new file mode 100644 index 0000000000..fddf150216 --- /dev/null +++ b/2023/CVE-2023-20872.md @@ -0,0 +1,17 @@ +### [CVE-2023-20872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20872) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workstation%20Pro%20%2F%20Player%20(Workstation)%20and%20VMware%20Fusion&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20read%2Fwrite%20vulnerability&color=brighgreen) + +### Description + +VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-20938.md b/2023/CVE-2023-20938.md index 9db9f3fbd3..adeef59756 100644 --- a/2023/CVE-2023-20938.md +++ b/2023/CVE-2023-20938.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/IamAlch3mist/Awesome-Android-Vulnerability-Research +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-20945.md b/2023/CVE-2023-20945.md new file mode 100644 index 0000000000..35fea945d4 --- /dev/null +++ b/2023/CVE-2023-20945.md @@ -0,0 +1,17 @@ +### [CVE-2023-20945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20945) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-21266.md b/2023/CVE-2023-21266.md index 0b0f7f3887..58ce58fad1 100644 --- a/2023/CVE-2023-21266.md +++ b/2023/CVE-2023-21266.md @@ -5,7 +5,7 @@ ### Description -In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. +In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ### POC diff --git a/2023/CVE-2023-21400.md b/2023/CVE-2023-21400.md index fe98289ca0..ca1a8a955e 100644 --- a/2023/CVE-2023-21400.md +++ b/2023/CVE-2023-21400.md @@ -13,5 +13,5 @@ In multiple functions of io_uring.c, there is a possible kernel memory corrupti - http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html #### Github -No PoCs found on GitHub currently. +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-21768.md b/2023/CVE-2023-21768.md index b7546c1443..f71bccfcb7 100644 --- a/2023/CVE-2023-21768.md +++ b/2023/CVE-2023-21768.md @@ -30,6 +30,7 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili - https://github.com/Cruxer8Mech/Idk - https://github.com/Dy-Baby/nullmap - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/HKxiaoli/Windows_AFD_LPE_CVE-2023-21768 - https://github.com/Ha0-Y/CVE-2023-21768 - https://github.com/HasanIftakher/win11-Previlage-escalation diff --git a/2023/CVE-2023-21839.md b/2023/CVE-2023-21839.md index dbfdf34767..a650e8e59c 100644 --- a/2023/CVE-2023-21839.md +++ b/2023/CVE-2023-21839.md @@ -57,6 +57,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/labesterOct/CVE-2024-20931 - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/qi4L/WeblogicScan.go - https://github.com/r00t4dm/r00t4dm - https://github.com/skyblueflag/WebSecurityStudy diff --git a/2023/CVE-2023-21931.md b/2023/CVE-2023-21931.md index d79a06fd7a..de297aa55f 100644 --- a/2023/CVE-2023-21931.md +++ b/2023/CVE-2023-21931.md @@ -29,5 +29,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/gobysec/Weblogic - https://github.com/hktalent/TOP - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/trganda/starrlist diff --git a/2023/CVE-2023-22463.md b/2023/CVE-2023-22463.md index faff17b8a5..8b3fb7820e 100644 --- a/2023/CVE-2023-22463.md +++ b/2023/CVE-2023-22463.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/20142995/pocsuite3 - https://github.com/DarkFunct/CVE_Exploits - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/ggjkjk/1444 - https://github.com/ibaiw/2023Hvv diff --git a/2023/CVE-2023-22515.md b/2023/CVE-2023-22515.md index 8f4321d636..c3eab2f0c0 100644 --- a/2023/CVE-2023-22515.md +++ b/2023/CVE-2023-22515.md @@ -67,6 +67,7 @@ Atlassian has been made aware of an issue reported by a handful of customers whe - https://github.com/mumble99/rvision_task - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/rxerium/CVE-2023-22515 - https://github.com/rxerium/stars - https://github.com/s1d6point7bugcrowd/CVE-2023-22515-check diff --git a/2023/CVE-2023-22527.md b/2023/CVE-2023-22527.md index e2fdeda50c..3dbd4bc1a0 100644 --- a/2023/CVE-2023-22527.md +++ b/2023/CVE-2023-22527.md @@ -35,6 +35,7 @@ A template injection vulnerability on older versions of Confluence Data Center a - https://github.com/ReAbout/web-sec - https://github.com/RevoltSecurities/CVE-2023-22527 - https://github.com/Sudistark/patch-diff-CVE-2023-22527 +- https://github.com/T0ngMystic/Vulnerability_List - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Threekiii/CVE @@ -59,6 +60,7 @@ A template injection vulnerability on older versions of Confluence Data Center a - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/ramirezs4/Tips-and-tools-forensics---RS4 - https://github.com/sanjai-AK47/CVE-2023-22527 - https://github.com/tanjiti/sec_profile diff --git a/2023/CVE-2023-23388.md b/2023/CVE-2023-23388.md new file mode 100644 index 0000000000..1f0cfc8a93 --- /dev/null +++ b/2023/CVE-2023-23388.md @@ -0,0 +1,35 @@ +### [CVE-2023-23388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23388) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2020H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.5786%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.4131%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1607%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.1696%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1413%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-681%3A%20Incorrect%20Conversion%20between%20Numeric%20Types&color=brighgreen) + +### Description + +Windows Bluetooth Driver Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-2375.md b/2023/CVE-2023-2375.md new file mode 100644 index 0000000000..1a7034f82e --- /dev/null +++ b/2023/CVE-2023-2375.md @@ -0,0 +1,17 @@ +### [CVE-2023-2375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2375) +![](https://img.shields.io/static/v1?label=Product&message=EdgeRouter%20X&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.9-hotfix.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-24159.md b/2023/CVE-2023-24159.md index 199ddb295d..50389bef59 100644 --- a/2023/CVE-2023-24159.md +++ b/2023/CVE-2023-24159.md @@ -15,4 +15,5 @@ TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulne #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2023/CVE-2023-24160.md b/2023/CVE-2023-24160.md index d5231d1552..8ac14b50b4 100644 --- a/2023/CVE-2023-24160.md +++ b/2023/CVE-2023-24160.md @@ -15,4 +15,5 @@ TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulne #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2023/CVE-2023-24161.md b/2023/CVE-2023-24161.md index 89d79ffdff..9046615cfb 100644 --- a/2023/CVE-2023-24161.md +++ b/2023/CVE-2023-24161.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2023/CVE-2023-24322.md b/2023/CVE-2023-24322.md index 29b4c3b42a..49044b70dd 100644 --- a/2023/CVE-2023-24322.md +++ b/2023/CVE-2023-24322.md @@ -16,4 +16,5 @@ A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx comp - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/blakduk/Advisories +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2023/CVE-2023-2474.md b/2023/CVE-2023-2474.md index ba43ffb81e..d94709b724 100644 --- a/2023/CVE-2023-2474.md +++ b/2023/CVE-2023-2474.md @@ -10,6 +10,7 @@ A vulnerability has been found in Rebuild 3.2 and classified as problematic. Thi ### POC #### Reference +- https://gitee.com/getrebuild/rebuild/issues/I6W4M2 - https://vuldb.com/?id.227866 #### Github diff --git a/2023/CVE-2023-24871.md b/2023/CVE-2023-24871.md new file mode 100644 index 0000000000..2fddd2b959 --- /dev/null +++ b/2023/CVE-2023-24871.md @@ -0,0 +1,27 @@ +### [CVE-2023-24871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24871) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2020H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1607%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.1696%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1413%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Bluetooth Service Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-24932.md b/2023/CVE-2023-24932.md index 0b7628fbc2..d1832f3f45 100644 --- a/2023/CVE-2023-24932.md +++ b/2023/CVE-2023-24932.md @@ -24,22 +24,22 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20048%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.6085%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.4645%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20710%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7159%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6054%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2965%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2965%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2965%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1850%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2176%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1992%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3447%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22175%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.26623%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26623%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24374%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.21063%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3079%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22769%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22074%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Security%20Feature%20Bypass&color=brighgreen) ### Description diff --git a/2023/CVE-2023-25194.md b/2023/CVE-2023-25194.md index 4bb66515e7..52fa469fba 100644 --- a/2023/CVE-2023-25194.md +++ b/2023/CVE-2023-25194.md @@ -36,6 +36,7 @@ A possible security vulnerability has been identified in Apache Kafka Connect AP - https://github.com/srchen1987/springcloud-distributed-transaction - https://github.com/turn1tup/Writings - https://github.com/vulncheck-oss/cve-2023-25194 +- https://github.com/vulncheck-oss/go-exploit - https://github.com/whoforget/CVE-POC - https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-2523.md b/2023/CVE-2023-2523.md index fc2087f542..045a4c7987 100644 --- a/2023/CVE-2023-2523.md +++ b/2023/CVE-2023-2523.md @@ -15,6 +15,7 @@ A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. #### Github - https://github.com/Any3ite/CVE-2023-2523 - https://github.com/Co5mos/nuclei-tps +- https://github.com/TrojanAZhen/Self_Back - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/kuang-zy/2023-Weaver-pocs diff --git a/2023/CVE-2023-2648.md b/2023/CVE-2023-2648.md index 21d2759ab7..66d5b88aa4 100644 --- a/2023/CVE-2023-2648.md +++ b/2023/CVE-2023-2648.md @@ -16,6 +16,7 @@ A vulnerability was found in Weaver E-Office 9.5. It has been classified as crit - https://github.com/Co5mos/nuclei-tps - https://github.com/MD-SEC/MDPOCS - https://github.com/MzzdToT/HAC_Bored_Writing +- https://github.com/TrojanAZhen/Self_Back - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/kuang-zy/2023-Weaver-pocs diff --git a/2023/CVE-2023-27372.md b/2023/CVE-2023-27372.md index 3732685dd4..d01a0c74c3 100644 --- a/2023/CVE-2023-27372.md +++ b/2023/CVE-2023-27372.md @@ -20,6 +20,7 @@ SPIP before 4.2.1 allows Remote Code Execution via form values in the public are - https://github.com/Pari-Malam/CVE-2023-27372 - https://github.com/RSTG0D/CVE-2023-27372-PoC - https://github.com/ThatNotEasy/CVE-2023-27372 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android - https://github.com/izzz0/CVE-2023-27372-POC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-27636.md b/2023/CVE-2023-27636.md new file mode 100644 index 0000000000..c6e426ba38 --- /dev/null +++ b/2023/CVE-2023-27636.md @@ -0,0 +1,17 @@ +### [CVE-2023-27636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27636) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. + +### POC + +#### Reference +- https://www.exploit-db.com/exploits/52035 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2796.md b/2023/CVE-2023-2796.md index 20ae560ab7..1e65507fc2 100644 --- a/2023/CVE-2023-2796.md +++ b/2023/CVE-2023-2796.md @@ -14,5 +14,6 @@ The EventON WordPress plugin before 2.1.2 lacks authentication and authorization - https://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d #### Github +- https://github.com/NoTsPepino/Shodan-Dorking - https://github.com/nullfuzz-pentest/shodan-dorks diff --git a/2023/CVE-2023-28432.md b/2023/CVE-2023-28432.md index e9c86d299b..4cbe71af5d 100644 --- a/2023/CVE-2023-28432.md +++ b/2023/CVE-2023-28432.md @@ -44,6 +44,7 @@ No PoCs from references. - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/acheiii/CVE-2023-28432 - https://github.com/atk7r/Taichi - https://github.com/bakery312/Vulhub-Reproduce @@ -51,6 +52,7 @@ No PoCs from references. - https://github.com/bingtangbanli/VulnerabilityTools - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/gmh5225/Awesome-ML-Security_ +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/gobysec/CVE-2023-28432 - https://github.com/h0ng10/CVE-2023-28432_docker - https://github.com/hktalent/TOP diff --git a/2023/CVE-2023-28486.md b/2023/CVE-2023-28486.md index 338308751b..152a302f54 100644 --- a/2023/CVE-2023-28486.md +++ b/2023/CVE-2023-28486.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/vulsio/goval-dictionary diff --git a/2023/CVE-2023-28487.md b/2023/CVE-2023-28487.md index ec253d3458..0bf685f57b 100644 --- a/2023/CVE-2023-28487.md +++ b/2023/CVE-2023-28487.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/vulsio/goval-dictionary diff --git a/2023/CVE-2023-29300.md b/2023/CVE-2023-29300.md index 4ff2c75e8f..62ae37733e 100644 --- a/2023/CVE-2023-29300.md +++ b/2023/CVE-2023-29300.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Ostorlab/KEV - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XRSec/AWVS-Update - https://github.com/Y4tacker/JavaSec - https://github.com/ggjkjk/1444 diff --git a/2023/CVE-2023-29489.md b/2023/CVE-2023-29489.md index 26b39f0ba9..277679c51c 100644 --- a/2023/CVE-2023-29489.md +++ b/2023/CVE-2023-29489.md @@ -31,6 +31,7 @@ An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the c - https://github.com/ViperM4sk/cpanel-xss-177 - https://github.com/ctflearner/Learn365 - https://github.com/daffainfo/Oneliner-Bugbounty +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/haxor1337x/Scanner-CVE-2023-29489 - https://github.com/htrgouvea/spellbook - https://github.com/ipk1/CVE-2023-29489.py diff --git a/2023/CVE-2023-30237.md b/2023/CVE-2023-30237.md index 7e5cff2a7c..d6ad8f982c 100644 --- a/2023/CVE-2023-30237.md +++ b/2023/CVE-2023-30237.md @@ -10,6 +10,7 @@ CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DL ### POC #### Reference +- https://cwe.mitre.org/data/definitions/77.html - https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/ #### Github diff --git a/2023/CVE-2023-30800.md b/2023/CVE-2023-30800.md new file mode 100644 index 0000000000..8a5fe6f0bc --- /dev/null +++ b/2023/CVE-2023-30800.md @@ -0,0 +1,17 @@ +### [CVE-2023-30800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30800) +![](https://img.shields.io/static/v1?label=Product&message=RouterOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-3141.md b/2023/CVE-2023-3141.md new file mode 100644 index 0000000000..7a83b0da4b --- /dev/null +++ b/2023/CVE-2023-3141.md @@ -0,0 +1,17 @@ +### [CVE-2023-3141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3141) +![](https://img.shields.io/static/v1?label=Product&message=Kernel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416&color=brighgreen) + +### Description + +A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31582.md b/2023/CVE-2023-31582.md new file mode 100644 index 0000000000..fa7cfadeca --- /dev/null +++ b/2023/CVE-2023-31582.md @@ -0,0 +1,17 @@ +### [CVE-2023-31582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31582) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. + +### POC + +#### Reference +- https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-32233.md b/2023/CVE-2023-32233.md index 94272d2a18..e5fc42edc2 100644 --- a/2023/CVE-2023-32233.md +++ b/2023/CVE-2023-32233.md @@ -37,6 +37,7 @@ In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when - https://github.com/oscpname/OSCP_cheat - https://github.com/revanmalang/OSCP - https://github.com/sirhc505/CVE_TOOLS +- https://github.com/tanjiti/sec_profile - https://github.com/txuswashere/OSCP - https://github.com/void0red/CVE-2023-32233 - https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-32315.md b/2023/CVE-2023-32315.md index ab4ebc0bc4..d8cd8a5eb5 100644 --- a/2023/CVE-2023-32315.md +++ b/2023/CVE-2023-32315.md @@ -33,6 +33,7 @@ Openfire is an XMPP server licensed under the Open Source Apache License. Openfi - https://github.com/ThatNotEasy/CVE-2023-32315 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XRSec/AWVS-Update - https://github.com/aneasystone/github-trending - https://github.com/bakery312/Vulhub-Reproduce diff --git a/2023/CVE-2023-3268.md b/2023/CVE-2023-3268.md index a404987c7a..17553e3912 100644 --- a/2023/CVE-2023-3268.md +++ b/2023/CVE-2023-3268.md @@ -10,7 +10,7 @@ An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-32832.md b/2023/CVE-2023-32832.md index 42c7460ebc..d1e41cc667 100644 --- a/2023/CVE-2023-32832.md +++ b/2023/CVE-2023-32832.md @@ -13,5 +13,5 @@ In video, there is a possible memory corruption due to a race condition. This co - http://packetstormsecurity.com/files/175662/Android-mtk_jpeg-Driver-Race-Condition-Privilege-Escalation.html #### Github -No PoCs found on GitHub currently. +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-32837.md b/2023/CVE-2023-32837.md index 70a08047be..0fe9915502 100644 --- a/2023/CVE-2023-32837.md +++ b/2023/CVE-2023-32837.md @@ -13,5 +13,5 @@ In video, there is a possible out of bounds write due to a missing bounds check. - http://packetstormsecurity.com/files/175665/mtk-jpeg-Driver-Out-Of-Bounds-Read-Write.html #### Github -No PoCs found on GitHub currently. +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-32878.md b/2023/CVE-2023-32878.md new file mode 100644 index 0000000000..957d32800b --- /dev/null +++ b/2023/CVE-2023-32878.md @@ -0,0 +1,17 @@ +### [CVE-2023-32878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32878) +![](https://img.shields.io/static/v1?label=Product&message=MT6762%2C%20MT6765%2C%20MT6833%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6983%2C%20MT8167%2C%20MT8168%2C%20MT8188%2C%20MT8321%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8786%2C%20MT8788%2C%20MT8789%2C%20MT8791T%2C%20MT8797%2C%20MT8798&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen) + +### Description + +In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2023/CVE-2023-32882.md b/2023/CVE-2023-32882.md new file mode 100644 index 0000000000..056a973cd6 --- /dev/null +++ b/2023/CVE-2023-32882.md @@ -0,0 +1,17 @@ +### [CVE-2023-32882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32882) +![](https://img.shields.io/static/v1?label=Product&message=MT6762%2C%20MT6765%2C%20MT6833%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6983%2C%20MT8167%2C%20MT8168%2C%20MT8188%2C%20MT8321%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8786%2C%20MT8788%2C%20MT8789%2C%20MT8791T%2C%20MT8797%2C%20MT8798&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen) + +### Description + +In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2023/CVE-2023-33252.md b/2023/CVE-2023-33252.md index f81cc03a2b..ee1b07a5ba 100644 --- a/2023/CVE-2023-33252.md +++ b/2023/CVE-2023-33252.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/BeosinBlockchainSecurity/Security-Incident-Reports +- https://github.com/brycewai/Web3-Security diff --git a/2023/CVE-2023-33303.md b/2023/CVE-2023-33303.md new file mode 100644 index 0000000000..2d565450a7 --- /dev/null +++ b/2023/CVE-2023-33303.md @@ -0,0 +1,17 @@ +### [CVE-2023-33303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33303) +![](https://img.shields.io/static/v1?label=Product&message=FortiEDR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.0.0%3C%3D%205.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen) + +### Description + +A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Orange-Cyberdefense/CVE-repository + diff --git a/2023/CVE-2023-33468.md b/2023/CVE-2023-33468.md index 66502d945c..d826595779 100644 --- a/2023/CVE-2023-33468.md +++ b/2023/CVE-2023-33468.md @@ -10,7 +10,7 @@ KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.13 ### POC #### Reference -No PoCs from references. +- http://kramerav.com #### Github - https://github.com/Sharpe-nl/CVEs diff --git a/2023/CVE-2023-33469.md b/2023/CVE-2023-33469.md index 4c8f5deeb4..d2f450cdb3 100644 --- a/2023/CVE-2023-33469.md +++ b/2023/CVE-2023-33469.md @@ -10,7 +10,7 @@ In instances where the screen is visible and remote mouse connection is enabled, ### POC #### Reference -No PoCs from references. +- http://kramerav.com #### Github - https://github.com/Sharpe-nl/CVEs diff --git a/2023/CVE-2023-33669.md b/2023/CVE-2023-33669.md index 268394b503..509edc8240 100644 --- a/2023/CVE-2023-33669.md +++ b/2023/CVE-2023-33669.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the ti #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33670.md b/2023/CVE-2023-33670.md index 3e1587e9bd..0f3af7ba78 100644 --- a/2023/CVE-2023-33670.md +++ b/2023/CVE-2023-33670.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the ti #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33671.md b/2023/CVE-2023-33671.md index 9099c323c8..9881d6d9c6 100644 --- a/2023/CVE-2023-33671.md +++ b/2023/CVE-2023-33671.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the de #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33672.md b/2023/CVE-2023-33672.md index 9155ed0de5..96a09c7597 100644 --- a/2023/CVE-2023-33672.md +++ b/2023/CVE-2023-33672.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the sh #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33673.md b/2023/CVE-2023-33673.md index d2e6da6a11..8be252f4cb 100644 --- a/2023/CVE-2023-33673.md +++ b/2023/CVE-2023-33673.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the fi #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33675.md b/2023/CVE-2023-33675.md index ac9cc8e3b7..ede6c69368 100644 --- a/2023/CVE-2023-33675.md +++ b/2023/CVE-2023-33675.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the ti #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33768.md b/2023/CVE-2023-33768.md index 611a53a25d..fbacf604a9 100644 --- a/2023/CVE-2023-33768.md +++ b/2023/CVE-2023-33768.md @@ -10,7 +10,7 @@ Incorrect signature verification of the firmware during the Device Firmware Upda ### POC #### Reference -No PoCs from references. +- https://play.google.com/store/apps/details?id=com.belkin.wemoandroid&hl=en_US&gl=US #### Github - https://github.com/Fr0stM0urne/CVE-2023-33768 diff --git a/2023/CVE-2023-33829.md b/2023/CVE-2023-33829.md index 8cf2d3d57a..ee8bf79abe 100644 --- a/2023/CVE-2023-33829.md +++ b/2023/CVE-2023-33829.md @@ -11,6 +11,7 @@ A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v #### Reference - http://packetstormsecurity.com/files/172588/SCM-Manager-1.60-Cross-Site-Scripting.html +- https://bitbucket.org/sdorra/docker-scm-manager/src/master/ - https://github.com/n3gox/Stored-XSS-on-SCM-Manager-1.60 #### Github diff --git a/2023/CVE-2023-33919.md b/2023/CVE-2023-33919.md index 7c1d218f0e..5030d5946d 100644 --- a/2023/CVE-2023-33919.md +++ b/2023/CVE-2023-33919.md @@ -13,6 +13,7 @@ A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPC #### Reference - http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html - http://seclists.org/fulldisclosure/2023/Jul/14 +- http://seclists.org/fulldisclosure/2024/Jul/4 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-33951.md b/2023/CVE-2023-33951.md index c1a42948ca..5d47231b00 100644 --- a/2023/CVE-2023-33951.md +++ b/2023/CVE-2023-33951.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) diff --git a/2023/CVE-2023-33952.md b/2023/CVE-2023-33952.md index e6dfcdaab1..27d275c2e1 100644 --- a/2023/CVE-2023-33952.md +++ b/2023/CVE-2023-33952.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Double%20Free&color=brighgreen) diff --git a/2023/CVE-2023-34256.md b/2023/CVE-2023-34256.md index b5662d8eed..a7c056ae24 100644 --- a/2023/CVE-2023-34256.md +++ b/2023/CVE-2023-34256.md @@ -10,7 +10,7 @@ ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3 #### Github - https://github.com/vin01/bogus-cves diff --git a/2023/CVE-2023-3450.md b/2023/CVE-2023-3450.md index 356a959eac..aa9659b773 100644 --- a/2023/CVE-2023-3450.md +++ b/2023/CVE-2023-3450.md @@ -13,6 +13,7 @@ A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. No PoCs from references. #### Github +- https://github.com/TrojanAZhen/Self_Back - https://github.com/caopengyan/CVE-2023-3450 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/yuanjinyuyuyu/CVE-2023-3450 diff --git a/2023/CVE-2023-35789.md b/2023/CVE-2023-35789.md new file mode 100644 index 0000000000..c71be16344 --- /dev/null +++ b/2023/CVE-2023-35789.md @@ -0,0 +1,17 @@ +### [CVE-2023-35789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35789) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vulsio/goval-dictionary + diff --git a/2023/CVE-2023-35823.md b/2023/CVE-2023-35823.md new file mode 100644 index 0000000000..fd118e9f1e --- /dev/null +++ b/2023/CVE-2023-35823.md @@ -0,0 +1,17 @@ +### [CVE-2023-35823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35823) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-35824.md b/2023/CVE-2023-35824.md new file mode 100644 index 0000000000..cf90ae2dec --- /dev/null +++ b/2023/CVE-2023-35824.md @@ -0,0 +1,17 @@ +### [CVE-2023-35824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35824) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-35826.md b/2023/CVE-2023-35826.md new file mode 100644 index 0000000000..b19f173bf0 --- /dev/null +++ b/2023/CVE-2023-35826.md @@ -0,0 +1,17 @@ +### [CVE-2023-35826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35826) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-35828.md b/2023/CVE-2023-35828.md index 45735b5a6b..a07c7daa0c 100644 --- a/2023/CVE-2023-35828.md +++ b/2023/CVE-2023-35828.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was f ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 #### Github - https://github.com/Trinadh465/linux-4.19.72_CVE-2023-35828 diff --git a/2023/CVE-2023-35829.md b/2023/CVE-2023-35829.md index 622c8cb526..eb6407150b 100644 --- a/2023/CVE-2023-35829.md +++ b/2023/CVE-2023-35829.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was f ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 #### Github - https://github.com/20142995/sectool diff --git a/2023/CVE-2023-36845.md b/2023/CVE-2023-36845.md index 55cc70e893..a83feebd3e 100644 --- a/2023/CVE-2023-36845.md +++ b/2023/CVE-2023-36845.md @@ -45,6 +45,7 @@ A PHP External Variable Modification vulnerability in J-Web of Juniper Networks - https://github.com/tanjiti/sec_profile - https://github.com/toanln-cov/CVE-2023-36845 - https://github.com/vulncheck-oss/cve-2023-36845-scanner +- https://github.com/vulncheck-oss/go-exploit - https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844 - https://github.com/zaenhaxor/CVE-2023-36845 diff --git a/2023/CVE-2023-38426.md b/2023/CVE-2023-38426.md index 81a178d938..5329f920b3 100644 --- a/2023/CVE-2023-38426.md +++ b/2023/CVE-2023-38426.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bo ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38427.md b/2023/CVE-2023-38427.md index 13bd0ce690..35b72fced9 100644 --- a/2023/CVE-2023-38427.md +++ b/2023/CVE-2023-38427.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu. ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38428.md b/2023/CVE-2023-38428.md index b61714d90f..c81e8610b5 100644 --- a/2023/CVE-2023-38428.md +++ b/2023/CVE-2023-38428.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38429.md b/2023/CVE-2023-38429.md index 8170f15852..311017fe77 100644 --- a/2023/CVE-2023-38429.md +++ b/2023/CVE-2023-38429.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38430.md b/2023/CVE-2023-38430.md index 64ecce4daf..6bafd02db2 100644 --- a/2023/CVE-2023-38430.md +++ b/2023/CVE-2023-38430.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validat ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38431.md b/2023/CVE-2023-38431.md index 45f28480b1..54049a0092 100644 --- a/2023/CVE-2023-38431.md +++ b/2023/CVE-2023-38431.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connecti ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38432.md b/2023/CVE-2023-38432.md index 20f02b5ec3..9b84e84972 100644 --- a/2023/CVE-2023-38432.md +++ b/2023/CVE-2023-38432.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2mis ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38646.md b/2023/CVE-2023-38646.md index c90dacd556..ccb7c6ad1a 100644 --- a/2023/CVE-2023-38646.md +++ b/2023/CVE-2023-38646.md @@ -43,6 +43,7 @@ Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 all - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase - https://github.com/Xuxfff/CVE-2023-38646-Poc - https://github.com/Zenmovie/CVE-2023-38646 diff --git a/2023/CVE-2023-3881.md b/2023/CVE-2023-3881.md new file mode 100644 index 0000000000..ca6922d8ed --- /dev/null +++ b/2023/CVE-2023-3881.md @@ -0,0 +1,18 @@ +### [CVE-2023-3881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3881) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Salon%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnugiArrawwala/CVE-Research +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-38941.md b/2023/CVE-2023-38941.md new file mode 100644 index 0000000000..87801d2481 --- /dev/null +++ b/2023/CVE-2023-38941.md @@ -0,0 +1,17 @@ +### [CVE-2023-38941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38941) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oxagast/oxasploits + diff --git a/2023/CVE-2023-38947.md b/2023/CVE-2023-38947.md index c91a4ad1e4..d1d4e6651e 100644 --- a/2023/CVE-2023-38947.md +++ b/2023/CVE-2023-38947.md @@ -11,6 +11,7 @@ An arbitrary file upload vulnerability in the /languages/install.php component o #### Reference - https://gitee.com/CTF-hacker/pwn/issues/I7LH2N +- https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-39070.md b/2023/CVE-2023-39070.md index b89549dbe7..fbe0d2f347 100644 --- a/2023/CVE-2023-39070.md +++ b/2023/CVE-2023-39070.md @@ -13,5 +13,5 @@ An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code - https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-3979.md b/2023/CVE-2023-3979.md index f77f1c1ede..b00534dc4b 100644 --- a/2023/CVE-2023-3979.md +++ b/2023/CVE-2023-3979.md @@ -5,7 +5,7 @@ ### Description -An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. +An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. ### POC diff --git a/2023/CVE-2023-39848.md b/2023/CVE-2023-39848.md index 98de84a1b5..1e4ca8dab9 100644 --- a/2023/CVE-2023-39848.md +++ b/2023/CVE-2023-39848.md @@ -21,6 +21,7 @@ No PoCs from references. - https://github.com/CapiDeveloper/DVWA - https://github.com/Cybersecurity-test-team/digininja - https://github.com/DHFrisk/Tarea6-DVWA +- https://github.com/Demo-MBI/DVWA - https://github.com/ErwinNavarroGT/DVWA-master - https://github.com/HMPDocker/hmpdockertp - https://github.com/HowAreYouChristian/crs @@ -45,7 +46,9 @@ No PoCs from references. - https://github.com/Security-Test-Account/DVWA - https://github.com/ShrutikaNakhale/DVWA2 - https://github.com/Slon12jr/DVWA +- https://github.com/StepsOnes/dvwa - https://github.com/TINNI-Lal/DVWA +- https://github.com/VasuAz400/DVWA - https://github.com/Yahyazaizi/application-test-security - https://github.com/Zahidkhan1221/DWVA - https://github.com/andersongodoy/DVWA-CORRIGIDO @@ -53,12 +56,16 @@ No PoCs from references. - https://github.com/astojanovicmds/DVWA - https://github.com/bhupe1009/dvwa - https://github.com/blackdustbb/DVWA +- https://github.com/caishenwong/DVWA - https://github.com/chelsea309/dvwa +- https://github.com/cloudsecnetwork/demo-app - https://github.com/cuongbtu/dvwa_config - https://github.com/davinci96/-aplicacion-vulnerable - https://github.com/deftdeft2000/nl_kitkat +- https://github.com/devsecopsteam2022/pruebarepo - https://github.com/digininja/DVWA - https://github.com/djstevanovic98/DVWA-test +- https://github.com/ekemena97/Jen - https://github.com/ganate34/damnwebapp - https://github.com/ganate34/diva - https://github.com/gauravsec/dvwa @@ -67,14 +74,19 @@ No PoCs from references. - https://github.com/https-github-com-Sambit-rgb/DVWA - https://github.com/imayou123/DVWA - https://github.com/imtiyazhack/DVWA +- https://github.com/jayaprakashmurthy/Sonarcloudjp - https://github.com/jlcmux/DWVA-Desafio3 - https://github.com/jmsanderscybersec/DVWA - https://github.com/johdgft/digininja - https://github.com/kaushik-qp/DVWA-2 +- https://github.com/kowan7/DVWA - https://github.com/krrajesh-git/DVWA +- https://github.com/kyphan38/dvwa - https://github.com/luisaamaya005/DVWA2 - https://github.com/marinheiromc/DVWA +- https://github.com/mindara09/test-sast-dvwa - https://github.com/nkshilpa21/DVWA +- https://github.com/phipk02/dvwa - https://github.com/piwpiw-ouch/dvwa - https://github.com/poo45600y6/DVNA - https://github.com/ppmojipp/owasp-web-dvwa @@ -82,15 +94,19 @@ No PoCs from references. - https://github.com/pramodkadam777/DVWA - https://github.com/rohitis001/web_security - https://github.com/rootrttttt/dvwa +- https://github.com/sahiljaiswal7370/DVWA_APP - https://github.com/selap/Tarea-4 - https://github.com/sn0xdd/source - https://github.com/snyk-rogerio/DVWA - https://github.com/struxnet/demorepo +- https://github.com/tallesbarros28/aaaeeffweeg - https://github.com/tcameron99/demo - https://github.com/timfranklinbright/dvwa - https://github.com/truongnhudatt/dvwa - https://github.com/ut-101/DVWA-Test +- https://github.com/villhect/dvwa - https://github.com/vinr48/newport - https://github.com/vrbegft/ninja2 +- https://github.com/yelprofessor/dvwa_git - https://github.com/yhaddam/Webapp2 diff --git a/2023/CVE-2023-40305.md b/2023/CVE-2023-40305.md index 8a2e2bc258..1123c1ead6 100644 --- a/2023/CVE-2023-40305.md +++ b/2023/CVE-2023-40305.md @@ -13,5 +13,5 @@ GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c v - https://savannah.gnu.org/bugs/index.php?64503 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-41251.md b/2023/CVE-2023-41251.md new file mode 100644 index 0000000000..2815de6bb7 --- /dev/null +++ b/2023/CVE-2023-41251.md @@ -0,0 +1,19 @@ +### [CVE-2023-41251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41251) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1894 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-4165.md b/2023/CVE-2023-4165.md index b610cd903c..3cbb58b522 100644 --- a/2023/CVE-2023-4165.md +++ b/2023/CVE-2023-4165.md @@ -13,6 +13,7 @@ A vulnerability, which was classified as critical, was found in Tongda OA. This - https://github.com/nagenanhai/cve/blob/main/sql.md #### Github +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/izj007/wechat - https://github.com/mvpyyds/CVE-2023-4165 diff --git a/2023/CVE-2023-4166.md b/2023/CVE-2023-4166.md index 964c6995d2..75862c7b72 100644 --- a/2023/CVE-2023-4166.md +++ b/2023/CVE-2023-4166.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/DarkFunct/CVE_Exploits - https://github.com/MzzdToT/HAC_Bored_Writing +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Ultramanzhang/obsfir - https://github.com/ZUEB-CybersecurityGroup/obsfir - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2023/CVE-2023-4220.md b/2023/CVE-2023-4220.md index 314ea6ecff..bc81ef730e 100644 --- a/2023/CVE-2023-4220.md +++ b/2023/CVE-2023-4220.md @@ -13,5 +13,6 @@ Unrestricted file upload in big file upload functionality in `/main/inc/lib/java - https://starlabs.sg/advisories/23/23-4220 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/nr4x4/CVE-2023-4220 diff --git a/2023/CVE-2023-4226.md b/2023/CVE-2023-4226.md index 8efa6c9258..474950c7f0 100644 --- a/2023/CVE-2023-4226.md +++ b/2023/CVE-2023-4226.md @@ -13,5 +13,5 @@ Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1. - https://starlabs.sg/advisories/23/23-4226 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-42282.md b/2023/CVE-2023-42282.md index 514245829f..630c4f95f1 100644 --- a/2023/CVE-2023-42282.md +++ b/2023/CVE-2023-42282.md @@ -11,7 +11,10 @@ The ip package before 1.1.9 for Node.js might allow SSRF because some IP address #### Reference - https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html +- https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/ #### Github +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/seal-community/patches +- https://github.com/vin01/bogus-cves diff --git a/2023/CVE-2023-42465.md b/2023/CVE-2023-42465.md index 7b53ed45a4..94f1d8e9b4 100644 --- a/2023/CVE-2023-42465.md +++ b/2023/CVE-2023-42465.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/vulsio/goval-dictionary diff --git a/2023/CVE-2023-4427.md b/2023/CVE-2023-4427.md index 1d4f12d0fb..f2d6299558 100644 --- a/2023/CVE-2023-4427.md +++ b/2023/CVE-2023-4427.md @@ -16,6 +16,7 @@ Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allow - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rycbar77/V8Exploits +- https://github.com/rycbar77/rycbar77 - https://github.com/sploitem/v8-writeups - https://github.com/tianstcht/CVE-2023-4427 diff --git a/2023/CVE-2023-44313.md b/2023/CVE-2023-44313.md index 2cd5bd7a27..5fd019cef5 100644 --- a/2023/CVE-2023-44313.md +++ b/2023/CVE-2023-44313.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/tanjiti/sec_profile +- https://github.com/wy876/POC diff --git a/2023/CVE-2023-44315.md b/2023/CVE-2023-44315.md index 161928b61c..a9270f5149 100644 --- a/2023/CVE-2023-44315.md +++ b/2023/CVE-2023-44315.md @@ -1,6 +1,6 @@ ### [CVE-2023-44315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44315) ![](https://img.shields.io/static/v1?label=Product&message=SINEC%20NMS&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ### Description diff --git a/2023/CVE-2023-44487.md b/2023/CVE-2023-44487.md index 1e77ac6fd0..4aa189d562 100644 --- a/2023/CVE-2023-44487.md +++ b/2023/CVE-2023-44487.md @@ -42,6 +42,7 @@ The HTTP/2 protocol allows a denial of service (server resource consumption) bec - https://github.com/projectcontour/contour/pull/5826 - https://github.com/tempesta-tech/tempesta/issues/1986 - https://github.com/varnishcache/varnish-cache/issues/3996 +- https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ - https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event #### Github diff --git a/2023/CVE-2023-45215.md b/2023/CVE-2023-45215.md new file mode 100644 index 0000000000..d8af584212 --- /dev/null +++ b/2023/CVE-2023-45215.md @@ -0,0 +1,19 @@ +### [CVE-2023-45215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45215) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1891 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-45288.md b/2023/CVE-2023-45288.md index a7628b0770..8089f8a7e0 100644 --- a/2023/CVE-2023-45288.md +++ b/2023/CVE-2023-45288.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/Ampferl/poc_http2-continuation-flood - https://github.com/DrewskyDev/H2Flood - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC +- https://github.com/aerospike-managed-cloud-services/flb-output-gcs - https://github.com/blackmagic2023/http-2-DOS-PoC - https://github.com/hex0punk/cont-flood-poc - https://github.com/mkloubert/go-package-manager diff --git a/2023/CVE-2023-45498.md b/2023/CVE-2023-45498.md index 17b822d5ad..b40ea147ce 100644 --- a/2023/CVE-2023-45498.md +++ b/2023/CVE-2023-45498.md @@ -16,5 +16,5 @@ VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to c - https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ #### Github -No PoCs found on GitHub currently. +- https://github.com/Chocapikk/Chocapikk diff --git a/2023/CVE-2023-45499.md b/2023/CVE-2023-45499.md index 18ae870df4..565cbc338d 100644 --- a/2023/CVE-2023-45499.md +++ b/2023/CVE-2023-45499.md @@ -16,5 +16,5 @@ VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to c - https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ #### Github -No PoCs found on GitHub currently. +- https://github.com/Chocapikk/Chocapikk diff --git a/2023/CVE-2023-45651.md b/2023/CVE-2023-45651.md index 146dccc1e0..6223478137 100644 --- a/2023/CVE-2023-45651.md +++ b/2023/CVE-2023-45651.md @@ -1,11 +1,11 @@ ### [CVE-2023-45651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45651) ![](https://img.shields.io/static/v1?label=Product&message=WP%20Attachments&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%205.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) ### Description -Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments plugin <= 5.0.6 versions. +Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11. ### POC diff --git a/2023/CVE-2023-45830.md b/2023/CVE-2023-45830.md index 559065c311..eed2dfa69d 100644 --- a/2023/CVE-2023-45830.md +++ b/2023/CVE-2023-45830.md @@ -1,11 +1,11 @@ ### [CVE-2023-45830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45830) ![](https://img.shields.io/static/v1?label=Product&message=Accessibility%20Suite%20by%20Online%20ADA&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) ### Description -Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12. ### POC diff --git a/2023/CVE-2023-46214.md b/2023/CVE-2023-46214.md index 7801cd7eff..3940f2a6e4 100644 --- a/2023/CVE-2023-46214.md +++ b/2023/CVE-2023-46214.md @@ -16,7 +16,9 @@ No PoCs from references. #### Github - https://github.com/AdamCrosser/awesome-vuln-writeups +- https://github.com/Chocapikk/Chocapikk - https://github.com/Marco-zcl/POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UNC1739/awesome-vulnerability-research - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/nathan31337/Splunk-RCE-poc diff --git a/2023/CVE-2023-4622.md b/2023/CVE-2023-4622.md index dd9d3621f0..36c1366279 100644 --- a/2023/CVE-2023-4622.md +++ b/2023/CVE-2023-4622.md @@ -14,4 +14,5 @@ A use-after-free vulnerability in the Linux kernel's af_unix component can be ex #### Github - https://github.com/nidhi7598/linux-4.19.72_net_CVE-2023-4622 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-46280.md b/2023/CVE-2023-46280.md index 9445d4b46f..6a75d326b3 100644 --- a/2023/CVE-2023-46280.md +++ b/2023/CVE-2023-46280.md @@ -2,7 +2,9 @@ ![](https://img.shields.io/static/v1?label=Product&message=S7-PCT&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20Automation%20Tool&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20BATCH%20V9.1&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V16&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V17&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V18&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PCS%207%20V9.1&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PDM%20V9.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20Route%20Control%20V9.1&color=blue) @@ -31,17 +33,22 @@ ![](https://img.shields.io/static/v1?label=Product&message=Totally%20Integrated%20Automation%20Portal%20(TIA%20Portal)%20V19&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V16%20Update%206%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V18%20SP1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V18%20Update%204%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V19%20SP1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V19%20Update%202%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.18%20P025%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.19%20P010%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V6.23%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V7.5%20SP2%20Update%2017%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V8.0%20Update%205%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) ### Description -A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. +A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. ### POC diff --git a/2023/CVE-2023-46404.md b/2023/CVE-2023-46404.md index d6988e03c1..904c47ed32 100644 --- a/2023/CVE-2023-46404.md +++ b/2023/CVE-2023-46404.md @@ -10,6 +10,7 @@ PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulner ### POC #### Reference +- https://bitbucket.org/utmandrew/pcrs/commits/5f18bcbb383b7d73f7a8b399cc52b23597d752ae - https://github.com/windecks/CVE-2023-46404 #### Github diff --git a/2023/CVE-2023-46604.md b/2023/CVE-2023-46604.md index 54b02d9086..989226e8ea 100644 --- a/2023/CVE-2023-46604.md +++ b/2023/CVE-2023-46604.md @@ -69,6 +69,7 @@ The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Th - https://github.com/venkycs/cy8 - https://github.com/vjayant93/CVE-2023-46604-POC - https://github.com/vulncheck-oss/cve-2023-46604 +- https://github.com/vulncheck-oss/go-exploit - https://github.com/whitfieldsdad/cisa_kev - https://github.com/zengzzzzz/golang-trending-archive diff --git a/2023/CVE-2023-46685.md b/2023/CVE-2023-46685.md new file mode 100644 index 0000000000..dd0ed686b8 --- /dev/null +++ b/2023/CVE-2023-46685.md @@ -0,0 +1,17 @@ +### [CVE-2023-46685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46685) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-259%3A%20Use%20of%20Hard-coded%20Password&color=brighgreen) + +### Description + +A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1871 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-47856.md b/2023/CVE-2023-47856.md new file mode 100644 index 0000000000..ea98131ac6 --- /dev/null +++ b/2023/CVE-2023-47856.md @@ -0,0 +1,19 @@ +### [CVE-2023-47856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47856) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1892 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-48106.md b/2023/CVE-2023-48106.md index f088a9d11e..c34cdc54d8 100644 --- a/2023/CVE-2023-48106.md +++ b/2023/CVE-2023-48106.md @@ -13,5 +13,5 @@ Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker t - https://github.com/zlib-ng/minizip-ng/issues/740 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-48107.md b/2023/CVE-2023-48107.md index 5ac54c3c03..db67599cde 100644 --- a/2023/CVE-2023-48107.md +++ b/2023/CVE-2023-48107.md @@ -13,5 +13,5 @@ Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker t - https://github.com/zlib-ng/minizip-ng/issues/739 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-48270.md b/2023/CVE-2023-48270.md new file mode 100644 index 0000000000..bbf15e4a0f --- /dev/null +++ b/2023/CVE-2023-48270.md @@ -0,0 +1,19 @@ +### [CVE-2023-48270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48270) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1876 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-48362.md b/2023/CVE-2023-48362.md new file mode 100644 index 0000000000..9dbdbf5d62 --- /dev/null +++ b/2023/CVE-2023-48362.md @@ -0,0 +1,17 @@ +### [CVE-2023-48362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48362) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Drill&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.19.0%3C%201.21.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.Users are recommended to upgrade to version 1.21.2, which fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2023/CVE-2023-49073.md b/2023/CVE-2023-49073.md new file mode 100644 index 0000000000..0d9426e1d9 --- /dev/null +++ b/2023/CVE-2023-49073.md @@ -0,0 +1,19 @@ +### [CVE-2023-49073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49073) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1875 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-49188.md b/2023/CVE-2023-49188.md index 2e08d31470..c08f6e2880 100644 --- a/2023/CVE-2023-49188.md +++ b/2023/CVE-2023-49188.md @@ -1,11 +1,11 @@ ### [CVE-2023-49188](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49188) ![](https://img.shields.io/static/v1?label=Product&message=Track%20Geolocation%20Of%20Users%20Using%20Contact%20Form%207&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ### Description -Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4. +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0. ### POC diff --git a/2023/CVE-2023-49460.md b/2023/CVE-2023-49460.md index f53b2ec76f..31a820a41c 100644 --- a/2023/CVE-2023-49460.md +++ b/2023/CVE-2023-49460.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the funct - https://github.com/strukturag/libheif/issues/1046 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49462.md b/2023/CVE-2023-49462.md index 2af365601e..670bf6d2f0 100644 --- a/2023/CVE-2023-49462.md +++ b/2023/CVE-2023-49462.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the compo - https://github.com/strukturag/libheif/issues/1043 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49463.md b/2023/CVE-2023-49463.md index a449cc1d3e..858ed5a734 100644 --- a/2023/CVE-2023-49463.md +++ b/2023/CVE-2023-49463.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the funct - https://github.com/strukturag/libheif/issues/1042 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49464.md b/2023/CVE-2023-49464.md index 36c33db881..686d077ccb 100644 --- a/2023/CVE-2023-49464.md +++ b/2023/CVE-2023-49464.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the funct - https://github.com/strukturag/libheif/issues/1044 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49465.md b/2023/CVE-2023-49465.md index 2835fccf5a..d4263ab80e 100644 --- a/2023/CVE-2023-49465.md +++ b/2023/CVE-2023-49465.md @@ -13,5 +13,5 @@ Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability - https://github.com/strukturag/libde265/issues/435 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49467.md b/2023/CVE-2023-49467.md index bd95e3e2d6..926d39da55 100644 --- a/2023/CVE-2023-49467.md +++ b/2023/CVE-2023-49467.md @@ -13,5 +13,5 @@ Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability - https://github.com/strukturag/libde265/issues/434 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49468.md b/2023/CVE-2023-49468.md index 1669a55334..9026566464 100644 --- a/2023/CVE-2023-49468.md +++ b/2023/CVE-2023-49468.md @@ -13,5 +13,5 @@ Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerabilit - https://github.com/strukturag/libde265/issues/432 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49593.md b/2023/CVE-2023-49593.md new file mode 100644 index 0000000000..028e8d440f --- /dev/null +++ b/2023/CVE-2023-49593.md @@ -0,0 +1,17 @@ +### [CVE-2023-49593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49593) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-489%3A%20Leftover%20Debug%20Code&color=brighgreen) + +### Description + +Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-49595.md b/2023/CVE-2023-49595.md new file mode 100644 index 0000000000..ce258f8132 --- /dev/null +++ b/2023/CVE-2023-49595.md @@ -0,0 +1,19 @@ +### [CVE-2023-49595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49595) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1878 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-49867.md b/2023/CVE-2023-49867.md new file mode 100644 index 0000000000..10063a3121 --- /dev/null +++ b/2023/CVE-2023-49867.md @@ -0,0 +1,19 @@ +### [CVE-2023-49867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49867) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1904 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50239.md b/2023/CVE-2023-50239.md new file mode 100644 index 0000000000..aa679b2c05 --- /dev/null +++ b/2023/CVE-2023-50239.md @@ -0,0 +1,19 @@ +### [CVE-2023-50239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50239) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50240.md b/2023/CVE-2023-50240.md new file mode 100644 index 0000000000..d0e87e713c --- /dev/null +++ b/2023/CVE-2023-50240.md @@ -0,0 +1,19 @@ +### [CVE-2023-50240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50240) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50243.md b/2023/CVE-2023-50243.md new file mode 100644 index 0000000000..5fbed6148b --- /dev/null +++ b/2023/CVE-2023-50243.md @@ -0,0 +1,19 @@ +### [CVE-2023-50243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50243) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50244.md b/2023/CVE-2023-50244.md new file mode 100644 index 0000000000..11623a67d1 --- /dev/null +++ b/2023/CVE-2023-50244.md @@ -0,0 +1,19 @@ +### [CVE-2023-50244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50244) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50381.md b/2023/CVE-2023-50381.md new file mode 100644 index 0000000000..fc2d1aac96 --- /dev/null +++ b/2023/CVE-2023-50381.md @@ -0,0 +1,19 @@ +### [CVE-2023-50381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50381) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50382.md b/2023/CVE-2023-50382.md new file mode 100644 index 0000000000..ce9314da85 --- /dev/null +++ b/2023/CVE-2023-50382.md @@ -0,0 +1,19 @@ +### [CVE-2023-50382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50382) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50383.md b/2023/CVE-2023-50383.md new file mode 100644 index 0000000000..7556954440 --- /dev/null +++ b/2023/CVE-2023-50383.md @@ -0,0 +1,19 @@ +### [CVE-2023-50383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50383) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50917.md b/2023/CVE-2023-50917.md index ff8495cb09..d825fcd17e 100644 --- a/2023/CVE-2023-50917.md +++ b/2023/CVE-2023-50917.md @@ -15,6 +15,7 @@ MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution vi #### Github - https://github.com/Chocapikk/CVE-2023-50917 +- https://github.com/Chocapikk/Chocapikk - https://github.com/Chocapikk/My-CVEs - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-51104.md b/2023/CVE-2023-51104.md index bae2a68606..4d89dd1733 100644 --- a/2023/CVE-2023-51104.md +++ b/2023/CVE-2023-51104.md @@ -5,7 +5,7 @@ ### Description -A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. +A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. ### POC diff --git a/2023/CVE-2023-51219.md b/2023/CVE-2023-51219.md index 969b2cf916..68f3fdcaa1 100644 --- a/2023/CVE-2023-51219.md +++ b/2023/CVE-2023-51219.md @@ -5,7 +5,7 @@ ### Description -A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to takeover another user's account and read her/his chat messages. +A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages. ### POC diff --git a/2023/CVE-2023-51437.md b/2023/CVE-2023-51437.md index 2c290ae2c3..6a5a8f6863 100644 --- a/2023/CVE-2023-51437.md +++ b/2023/CVE-2023-51437.md @@ -1,7 +1,7 @@ ### [CVE-2023-51437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51437) ![](https://img.shields.io/static/v1?label=Product&message=Apache%20Pulsar&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.10.5%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203%20Observable%20Discrepancy&color=brighgreen) ### Description diff --git a/2023/CVE-2023-51444.md b/2023/CVE-2023-51444.md index bda96f20c7..80c048b8cd 100644 --- a/2023/CVE-2023-51444.md +++ b/2023/CVE-2023-51444.md @@ -15,6 +15,7 @@ GeoServer is an open source software server written in Java that allows users to - https://osgeo-org.atlassian.net/browse/GEOS-11176 #### Github +- https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-52251.md b/2023/CVE-2023-52251.md index 6675dac832..2d3dea271e 100644 --- a/2023/CVE-2023-52251.md +++ b/2023/CVE-2023-52251.md @@ -15,5 +15,8 @@ An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote atta #### Github - https://github.com/BobTheShoplifter/CVE-2023-52251-POC +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Ostorlab/KEV - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/wy876/POC diff --git a/2023/CVE-2023-52340.md b/2023/CVE-2023-52340.md new file mode 100644 index 0000000000..d670b952a2 --- /dev/null +++ b/2023/CVE-2023-52340.md @@ -0,0 +1,17 @@ +### [CVE-2023-52340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52340) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-52428.md b/2023/CVE-2023-52428.md new file mode 100644 index 0000000000..af06616388 --- /dev/null +++ b/2023/CVE-2023-52428.md @@ -0,0 +1,18 @@ +### [CVE-2023-52428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52428) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/ + +#### Github +- https://github.com/Azure/kafka-sink-azure-kusto + diff --git a/2023/CVE-2023-5360.md b/2023/CVE-2023-5360.md index 84d0296007..3060143e36 100644 --- a/2023/CVE-2023-5360.md +++ b/2023/CVE-2023-5360.md @@ -16,6 +16,7 @@ The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not #### Github - https://github.com/1337r0j4n/CVE-2023-5360 - https://github.com/Chocapikk/CVE-2023-5360 +- https://github.com/Chocapikk/Chocapikk - https://github.com/Jenderal92/WP-CVE-2023-5360 - https://github.com/Pushkarup/CVE-2023-5360 - https://github.com/angkerithhack001/CVE-2023-5360-PoC diff --git a/2023/CVE-2023-5633.md b/2023/CVE-2023-5633.md index 9531b09608..65453c311f 100644 --- a/2023/CVE-2023-5633.md +++ b/2023/CVE-2023-5633.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) diff --git a/2023/CVE-2023-5675.md b/2023/CVE-2023-5675.md index 8c4ed24f9d..2534a6a28d 100644 --- a/2023/CVE-2023-5675.md +++ b/2023/CVE-2023-5675.md @@ -4,10 +4,10 @@ ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%202.13.9.Final&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.9.Final&color=blue) diff --git a/2023/CVE-2023-5981.md b/2023/CVE-2023-5981.md index b2de6e6a30..2e4b0ddd37 100644 --- a/2023/CVE-2023-5981.md +++ b/2023/CVE-2023-5981.md @@ -1,4 +1,6 @@ ### [CVE-2023-5981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.15-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6350.md b/2023/CVE-2023-6350.md new file mode 100644 index 0000000000..a891ba085c --- /dev/null +++ b/2023/CVE-2023-6350.md @@ -0,0 +1,17 @@ +### [CVE-2023-6350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6350) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=119.0.6045.199%3C%20119.0.6045.199%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2023/CVE-2023-6351.md b/2023/CVE-2023-6351.md new file mode 100644 index 0000000000..2c94045576 --- /dev/null +++ b/2023/CVE-2023-6351.md @@ -0,0 +1,17 @@ +### [CVE-2023-6351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6351) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=119.0.6045.199%3C%20119.0.6045.199%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2023/CVE-2023-6356.md b/2023/CVE-2023-6356.md index 5097b50e88..e3b5ed4a57 100644 --- a/2023/CVE-2023-6356.md +++ b/2023/CVE-2023-6356.md @@ -1,4 +1,5 @@ ### [CVE-2023-6356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6356) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6535.md b/2023/CVE-2023-6535.md index 428f444f7c..01942e6a93 100644 --- a/2023/CVE-2023-6535.md +++ b/2023/CVE-2023-6535.md @@ -1,4 +1,5 @@ ### [CVE-2023-6535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6535) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6536.md b/2023/CVE-2023-6536.md index 2005baa070..ec21793082 100644 --- a/2023/CVE-2023-6536.md +++ b/2023/CVE-2023-6536.md @@ -1,4 +1,5 @@ ### [CVE-2023-6536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6536) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6546.md b/2023/CVE-2023-6546.md index cbcfaf6f63..68a3ee904b 100644 --- a/2023/CVE-2023-6546.md +++ b/2023/CVE-2023-6546.md @@ -1,7 +1,12 @@ ### [CVE-2023-6546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6546) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.7-RHEL-8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.2%20Advanced%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Advanced%20Mission%20Critical%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Telecommunications%20Update%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Update%20Services%20for%20SAP%20Solutions&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) diff --git a/2023/CVE-2023-6606.md b/2023/CVE-2023-6606.md index 7f2325f4a1..5ae9806d76 100644 --- a/2023/CVE-2023-6606.md +++ b/2023/CVE-2023-6606.md @@ -1,4 +1,5 @@ ### [CVE-2023-6606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6606) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6610.md b/2023/CVE-2023-6610.md index a1c7cb69e1..b23a0fd49b 100644 --- a/2023/CVE-2023-6610.md +++ b/2023/CVE-2023-6610.md @@ -1,4 +1,5 @@ ### [CVE-2023-6610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6610) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6704.md b/2023/CVE-2023-6704.md new file mode 100644 index 0000000000..d44af5022f --- /dev/null +++ b/2023/CVE-2023-6704.md @@ -0,0 +1,17 @@ +### [CVE-2023-6704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6704) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=120.0.6099.109%3C%20120.0.6099.109%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2023/CVE-2023-6717.md b/2023/CVE-2023-6717.md index 9060aa9261..3feda2180c 100644 --- a/2023/CVE-2023-6717.md +++ b/2023/CVE-2023-6717.md @@ -1,11 +1,10 @@ ### [CVE-2023-6717](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6717) ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%207&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOSS-1.33-RHEL-8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Developer%20Hub&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20A-MQ%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%206&color=blue) @@ -16,6 +15,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20GitOps&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022.0.10&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) diff --git a/2023/CVE-2023-6725.md b/2023/CVE-2023-6725.md index d653b0383a..41e7c67695 100644 --- a/2023/CVE-2023-6725.md +++ b/2023/CVE-2023-6725.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2018.0&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Insufficient%20Granularity%20of%20Access%20Control&color=brighgreen) diff --git a/2023/CVE-2023-7012.md b/2023/CVE-2023-7012.md new file mode 100644 index 0000000000..9e72c263c4 --- /dev/null +++ b/2023/CVE-2023-7012.md @@ -0,0 +1,17 @@ +### [CVE-2023-7012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7012) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=117.0.5938.62%3C%20117.0.5938.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insufficient%20data%20validation&color=brighgreen) + +### Description + +Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) + +### POC + +#### Reference +- https://issues.chromium.org/issues/40061509 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7045.md b/2023/CVE-2023-7045.md new file mode 100644 index 0000000000..1beb39132d --- /dev/null +++ b/2023/CVE-2023-7045.md @@ -0,0 +1,17 @@ +### [CVE-2023-7045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7045) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=13.11%3C%2016.10.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS). + +### POC + +#### Reference +- https://gitlab.com/gitlab-org/gitlab/-/issues/436358 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7268.md b/2023/CVE-2023-7268.md new file mode 100644 index 0000000000..a7ad6b16ea --- /dev/null +++ b/2023/CVE-2023-7268.md @@ -0,0 +1,17 @@ +### [CVE-2023-7268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7268) +![](https://img.shields.io/static/v1?label=Product&message=ArtPlacer%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.21.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9ac233dd-e00d-4aee-a41c-0de6e8aaefd7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7269.md b/2023/CVE-2023-7269.md new file mode 100644 index 0000000000..73777377d8 --- /dev/null +++ b/2023/CVE-2023-7269.md @@ -0,0 +1,18 @@ +### [CVE-2023-7269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7269) +![](https://img.shields.io/static/v1?label=Product&message=ArtPlacer%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.21.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1e8e1186-323b-473b-a0c4-580dc94020d7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7270.md b/2023/CVE-2023-7270.md new file mode 100644 index 0000000000..fa169265a7 --- /dev/null +++ b/2023/CVE-2023-7270.md @@ -0,0 +1,18 @@ +### [CVE-2023-7270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7270) +![](https://img.shields.io/static/v1?label=Product&message=FreeOffice&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Office&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed.The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. + +### POC + +#### Reference +- https://r.sec-consult.com/softmaker + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7271.md b/2023/CVE-2023-7271.md new file mode 100644 index 0000000000..b7d065bba4 --- /dev/null +++ b/2023/CVE-2023-7271.md @@ -0,0 +1,19 @@ +### [CVE-2023-7271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7271) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-840%20Business%20Logic%20Errors&color=brighgreen) + +### Description + +Privilege escalation vulnerability in the NMS moduleImpact: Successful exploitation of this vulnerability will affect availability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-0044.md b/2024/CVE-2024-0044.md index af96041cd6..4f581510c6 100644 --- a/2024/CVE-2024-0044.md +++ b/2024/CVE-2024-0044.md @@ -14,6 +14,7 @@ In createSessionInternal of PackageInstallerService.java, there is a possible ru - https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html #### Github +- https://github.com/GhostTroops/TOP - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-0056.md b/2024/CVE-2024-0056.md index ce417b08b4..6e154ec1a2 100644 --- a/2024/CVE-2024-0056.md +++ b/2024/CVE-2024-0056.md @@ -45,4 +45,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0151.md b/2024/CVE-2024-0151.md new file mode 100644 index 0000000000..c28dd09c4f --- /dev/null +++ b/2024/CVE-2024-0151.md @@ -0,0 +1,17 @@ +### [CVE-2024-0151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0151) +![](https://img.shields.io/static/v1?label=Product&message=Arm%20v8-M%20Security%20Extensions%20Requirements%20on%20Development%20Tools&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%201.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-241%20Improper%20Handling%20of%20Unexpected%20Data%20Type&color=brighgreen) + +### Description + +Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/STMicroelectronics/gnu-tools-for-stm32 + diff --git a/2024/CVE-2024-0193.md b/2024/CVE-2024-0193.md index 65eada929c..cf04ffe867 100644 --- a/2024/CVE-2024-0193.md +++ b/2024/CVE-2024-0193.md @@ -1,8 +1,10 @@ ### [CVE-2024-0193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0193) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Update%20Services%20for%20SAP%20Solutions&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) diff --git a/2024/CVE-2024-0517.md b/2024/CVE-2024-0517.md index 74588ce573..019f0af248 100644 --- a/2024/CVE-2024-0517.md +++ b/2024/CVE-2024-0517.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/Uniguri/CVE-1day - https://github.com/ret2eax/exploits +- https://github.com/rycbar77/V8Exploits - https://github.com/sploitem/v8-writeups diff --git a/2024/CVE-2024-0553.md b/2024/CVE-2024-0553.md index 38155282b0..939d28f45b 100644 --- a/2024/CVE-2024-0553.md +++ b/2024/CVE-2024-0553.md @@ -1,4 +1,6 @@ ### [CVE-2024-0553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.15-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0565.md b/2024/CVE-2024-0565.md index 78738889bb..7643eafa18 100644 --- a/2024/CVE-2024-0565.md +++ b/2024/CVE-2024-0565.md @@ -1,4 +1,5 @@ ### [CVE-2024-0565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.7-RHEL-8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0567.md b/2024/CVE-2024-0567.md index ba0a2a2534..08608ba4d4 100644 --- a/2024/CVE-2024-0567.md +++ b/2024/CVE-2024-0567.md @@ -1,4 +1,6 @@ ### [CVE-2024-0567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0567) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.15-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0646.md b/2024/CVE-2024-0646.md index 50a961e63c..aee7c544a2 100644 --- a/2024/CVE-2024-0646.md +++ b/2024/CVE-2024-0646.md @@ -1,4 +1,5 @@ ### [CVE-2024-0646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0646) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0874.md b/2024/CVE-2024-0874.md index 0635d70633..d1f82dfb41 100644 --- a/2024/CVE-2024-0874.md +++ b/2024/CVE-2024-0874.md @@ -1,7 +1,7 @@ ### [CVE-2024-0874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0874) ![](https://img.shields.io/static/v1?label=Product&message=Logging%20Subsystem%20for%20Red%20Hat%20OpenShift&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Management%20for%20Kubernetes%202&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Cache%20Containing%20Sensitive%20Information&color=brighgreen) diff --git a/2024/CVE-2024-0974.md b/2024/CVE-2024-0974.md new file mode 100644 index 0000000000..9b2c81c255 --- /dev/null +++ b/2024/CVE-2024-0974.md @@ -0,0 +1,17 @@ +### [CVE-2024-0974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0974) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Media%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7f8e5e63-a928-443e-9771-8b3f51f5eb9e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0985.md b/2024/CVE-2024-0985.md index a0511ddb41..f308693d1c 100644 --- a/2024/CVE-2024-0985.md +++ b/2024/CVE-2024-0985.md @@ -10,7 +10,7 @@ Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allo ### POC #### Reference -No PoCs from references. +- https://saites.dev/projects/personal/postgres-cve-2024-0985/ #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-1062.md b/2024/CVE-2024-1062.md index 35a169f44e..96ae045fdb 100644 --- a/2024/CVE-2024-1062.md +++ b/2024/CVE-2024-1062.md @@ -1,11 +1,13 @@ ### [CVE-2024-1062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1062) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.7%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.8%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2012&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen) diff --git a/2024/CVE-2024-1086.md b/2024/CVE-2024-1086.md index a96ce909b9..1853670d84 100644 --- a/2024/CVE-2024-1086.md +++ b/2024/CVE-2024-1086.md @@ -51,6 +51,7 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://github.com/rootkalilocalhost/CVE-2024-1086 - https://github.com/seekerzz/MyRSSSync - https://github.com/tanjiti/sec_profile +- https://github.com/trganda/starrlist - https://github.com/uhub/awesome-c - https://github.com/unresolv/stars - https://github.com/wuhanstudio/awesome-stars diff --git a/2024/CVE-2024-1141.md b/2024/CVE-2024-1141.md index 5db2715805..7b532310b1 100644 --- a/2024/CVE-2024-1141.md +++ b/2024/CVE-2024-1141.md @@ -2,6 +2,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.1&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2018.0&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Logging%20of%20Excessive%20Data&color=brighgreen) diff --git a/2024/CVE-2024-1151.md b/2024/CVE-2024-1151.md index 755eca52f7..cc5a48c41f 100644 --- a/2024/CVE-2024-1151.md +++ b/2024/CVE-2024-1151.md @@ -3,6 +3,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) diff --git a/2024/CVE-2024-1234.md b/2024/CVE-2024-1234.md index b149458dee..860cfa53f9 100644 --- a/2024/CVE-2024-1234.md +++ b/2024/CVE-2024-1234.md @@ -13,6 +13,7 @@ The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored No PoCs from references. #### Github +- https://github.com/0x41424142/qualyspy - https://github.com/CraigDonkin/Microsoft-CVE-Lookup - https://github.com/EDJIM143341/Project---Ethical-Hacking-Report - https://github.com/KyJr3os/Ethical-Hacking-Technical-Report diff --git a/2024/CVE-2024-1330.md b/2024/CVE-2024-1330.md new file mode 100644 index 0000000000..0ae9e2190e --- /dev/null +++ b/2024/CVE-2024-1330.md @@ -0,0 +1,17 @@ +### [CVE-2024-1330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1330) +![](https://img.shields.io/static/v1?label=Product&message=kadence-blocks-pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1394.md b/2024/CVE-2024-1394.md index 1356fe0c49..fcbafaeb3c 100644 --- a/2024/CVE-2024-1394.md +++ b/2024/CVE-2024-1394.md @@ -3,6 +3,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Developer%20Tools%20and%20Services&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Pipelines&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.16-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%201.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.4%20for%20RHEL%208&color=blue) @@ -13,6 +14,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Update%20Services%20for%20SAP%20Solutions&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue) @@ -27,8 +30,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2018.0&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Container%20Storage%204&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Data%20Foundation%204&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Service%20Interconnect%201&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Software%20Collections&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Storage%203&color=blue) diff --git a/2024/CVE-2024-1512.md b/2024/CVE-2024-1512.md index b4e714dc70..ab1e3205a5 100644 --- a/2024/CVE-2024-1512.md +++ b/2024/CVE-2024-1512.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rat-c/CVE-2024-1512 +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-1635.md b/2024/CVE-2024-1635.md index 8ae431e0cc..4668bd40f1 100644 --- a/2024/CVE-2024-1635.md +++ b/2024/CVE-2024-1635.md @@ -6,7 +6,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%208&color=blue) @@ -22,6 +21,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.0%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=streams%20for%20Apache%20Kafka&color=blue) diff --git a/2024/CVE-2024-1845.md b/2024/CVE-2024-1845.md new file mode 100644 index 0000000000..95510b2591 --- /dev/null +++ b/2024/CVE-2024-1845.md @@ -0,0 +1,17 @@ +### [CVE-2024-1845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1845) +![](https://img.shields.io/static/v1?label=Product&message=VikRentCar%20Car%20Rental%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/ + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-1963.md b/2024/CVE-2024-1963.md new file mode 100644 index 0000000000..b71e46ff61 --- /dev/null +++ b/2024/CVE-2024-1963.md @@ -0,0 +1,17 @@ +### [CVE-2024-1963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1963) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.4%3C%2016.10.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. + +### POC + +#### Reference +- https://gitlab.com/gitlab-org/gitlab/-/issues/443577 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20399.md b/2024/CVE-2024-20399.md new file mode 100644 index 0000000000..37c2833132 --- /dev/null +++ b/2024/CVE-2024-20399.md @@ -0,0 +1,17 @@ +### [CVE-2024-20399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20399) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20NX-OS%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.0(2)A6(1)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-2040.md b/2024/CVE-2024-2040.md new file mode 100644 index 0000000000..b7460acc5f --- /dev/null +++ b/2024/CVE-2024-2040.md @@ -0,0 +1,17 @@ +### [CVE-2024-2040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2040) +![](https://img.shields.io/static/v1?label=Product&message=Himer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1b97bbf0-c7d1-4e6c-bb80-f9bf45fbfe1e/ + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-20666.md b/2024/CVE-2024-20666.md index 5ad4e0147b..5fee43c606 100644 --- a/2024/CVE-2024-20666.md +++ b/2024/CVE-2024-20666.md @@ -38,6 +38,7 @@ No PoCs from references. #### Github - https://github.com/MHimken/WinRE-Customization - https://github.com/NaInSec/CVE-LIST +- https://github.com/invaderslabs/CVE-2024-20666 - https://github.com/nnotwen/Script-For-CVE-2024-20666 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21006.md b/2024/CVE-2024-21006.md index 8d87476267..8b3c247e92 100644 --- a/2024/CVE-2024-21006.md +++ b/2024/CVE-2024-21006.md @@ -17,4 +17,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-21183.md b/2024/CVE-2024-21183.md new file mode 100644 index 0000000000..2f3b3b17a9 --- /dev/null +++ b/2024/CVE-2024-21183.md @@ -0,0 +1,17 @@ +### [CVE-2024-21183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21183) +![](https://img.shields.io/static/v1?label=Product&message=WebLogic%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.2.1.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20T3%2C%20IIOP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20WebLogic%20Server%20accessible%20data.&color=brighgreen) + +### Description + +Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-21490.md b/2024/CVE-2024-21490.md index 317fd98159..3796d3308e 100644 --- a/2024/CVE-2024-21490.md +++ b/2024/CVE-2024-21490.md @@ -15,6 +15,7 @@ This affects versions of the package angular from 1.3.0. A regular expression us - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747 - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 +- https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21513.md b/2024/CVE-2024-21513.md new file mode 100644 index 0000000000..d369e64e86 --- /dev/null +++ b/2024/CVE-2024-21513.md @@ -0,0 +1,17 @@ +### [CVE-2024-21513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21513) +![](https://img.shields.io/static/v1?label=Product&message=langchain-experimental&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.15%3C%200.0.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20Code%20Execution&color=brighgreen) + +### Description + +Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain. **Notes:** Impact on the Confidentiality, Integrity and Availability of the vulnerable component: Confidentiality: Code execution happens within the impacted component, in this case langchain-experimental, so all resources are necessarily accessible. Integrity: There is nothing protected by the impacted component inherently. Although anything returned from the component counts as 'information' for which the trustworthiness can be compromised. Availability: The loss of availability isn't caused by the attack itself, but it happens as a result during the attacker's post-exploitation steps. Impact on the Confidentiality, Integrity and Availability of the subsequent system: As a legitimate low-privileged user of the package (PR:L) the attacker does not have more access to data owned by the package as a result of this vulnerability than they did with normal usage (e.g. can query the DB). The unintended action that one can perform by breaking out of the app environment and exfiltrating files, making remote connections etc. happens during the post exploitation phase in the subsequent system - in this case, the OS. AT:P: An attacker needs to be able to influence the input prompt, whilst the server is configured with the VectorSQLDatabaseChain plugin. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAINEXPERIMENTAL-7278171 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21514.md b/2024/CVE-2024-21514.md index 42dcbbfa52..418e53b14d 100644 --- a/2024/CVE-2024-21514.md +++ b/2024/CVE-2024-21514.md @@ -13,5 +13,5 @@ This affects versions of the package opencart/opencart from 0.0.0. An SQL Inject - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21520.md b/2024/CVE-2024-21520.md new file mode 100644 index 0000000000..5c8b2d6988 --- /dev/null +++ b/2024/CVE-2024-21520.md @@ -0,0 +1,18 @@ +### [CVE-2024-21520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21520) +![](https://img.shields.io/static/v1?label=Product&message=djangorestframework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.15.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137 + +#### Github +- https://github.com/ch4n3-yoon/ch4n3-yoon +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-21521.md b/2024/CVE-2024-21521.md new file mode 100644 index 0000000000..dc2867c86f --- /dev/null +++ b/2024/CVE-2024-21521.md @@ -0,0 +1,17 @@ +### [CVE-2024-21521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21521) +![](https://img.shields.io/static/v1?label=Product&message=%40discordjs%2Fopus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) + +### Description + +All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-6370643 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21522.md b/2024/CVE-2024-21522.md new file mode 100644 index 0000000000..5ea2ea3ee2 --- /dev/null +++ b/2024/CVE-2024-21522.md @@ -0,0 +1,17 @@ +### [CVE-2024-21522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21522) +![](https://img.shields.io/static/v1?label=Product&message=audify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Validation%20of%20Array%20Index&color=brighgreen) + +### Description + +All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21523.md b/2024/CVE-2024-21523.md new file mode 100644 index 0000000000..03d9f21583 --- /dev/null +++ b/2024/CVE-2024-21523.md @@ -0,0 +1,17 @@ +### [CVE-2024-21523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21523) +![](https://img.shields.io/static/v1?label=Product&message=images&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) + +### Description + +All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21524.md b/2024/CVE-2024-21524.md new file mode 100644 index 0000000000..5cfb082ee3 --- /dev/null +++ b/2024/CVE-2024-21524.md @@ -0,0 +1,17 @@ +### [CVE-2024-21524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21524) +![](https://img.shields.io/static/v1?label=Product&message=node-stringbuilder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read&color=brighgreen) + +### Description + +All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21525.md b/2024/CVE-2024-21525.md new file mode 100644 index 0000000000..161bda2739 --- /dev/null +++ b/2024/CVE-2024-21525.md @@ -0,0 +1,17 @@ +### [CVE-2024-21525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21525) +![](https://img.shields.io/static/v1?label=Product&message=node-twain&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Check%20or%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) + +### Description + +All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-NODETWAIN-6421153 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21526.md b/2024/CVE-2024-21526.md new file mode 100644 index 0000000000..5d29d620b7 --- /dev/null +++ b/2024/CVE-2024-21526.md @@ -0,0 +1,17 @@ +### [CVE-2024-21526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21526) +![](https://img.shields.io/static/v1?label=Product&message=speaker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) + +### Description + +All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21527.md b/2024/CVE-2024-21527.md new file mode 100644 index 0000000000..9d00932bda --- /dev/null +++ b/2024/CVE-2024-21527.md @@ -0,0 +1,21 @@ +### [CVE-2024-21527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21527) +![](https://img.shields.io/static/v1?label=Product&message=github.com%2Fgotenberg%2Fgotenberg%2Fv8%2Fpkg%2Fgotenberg&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=github.com%2Fgotenberg%2Fgotenberg%2Fv8%2Fpkg%2Fmodules%2Fchromium&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=github.com%2Fgotenberg%2Fgotenberg%2Fv8%2Fpkg%2Fmodules%2Fwebhook&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Server-side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as