Update Sun Jul 30 00:22:51 UTC 2023

trickest · Jul 30, 2023 · 030736a · 030736a
1 parent 2c521ae
commit 030736a
Show file tree

Hide file tree

Showing 9 changed files with 79 additions and 3 deletions.
diff --git a/2011/CVE-2011-3046.md b/2011/CVE-2011-3046.md
@@ -0,0 +1,17 @@
+### [CVE-2011-3046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3046)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
+
+### POC
+
+#### Reference
+- https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqs
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2016/CVE-2016-3912.md b/2016/CVE-2016-3912.md
@@ -0,0 +1,17 @@
+### [CVE-2016-3912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3912)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481.
+
+### POC
+
+#### Reference
+- https://android.googlesource.com/platform/frameworks/base/+/6c049120c2d749f0c0289d822ec7d0aa692f55c5
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2020/CVE-2020-15957.md b/2020/CVE-2020-15957.md
@@ -0,0 +1,17 @@
+### [CVE-2020-15957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15957)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none.
+
+### POC
+
+#### Reference
+- https://github.com/DP-3T/dp3t-sdk-backend/security/advisories/GHSA-5m5q-3qw2-3xf3
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-28026.md b/2022/CVE-2022-28026.md
@@ -10,7 +10,7 @@ Student Grading System v1.0 was discovered to contain a SQL injection vulnerabil
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Student-Grading-System/SQLi-3.md
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2022/CVE-2022-28411.md b/2022/CVE-2022-28411.md
@@ -10,7 +10,7 @@ Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-5.md
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2022/CVE-2022-28412.md b/2022/CVE-2022-28412.md
@@ -10,7 +10,7 @@ Car Driving School Managment System v1.0 was discovered to contain a SQL injecti
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-1.md
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2022/CVE-2022-4856.md b/2022/CVE-2022-4856.md
@@ -12,6 +12,7 @@ A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5.1 and clas
 #### Reference
 - https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/Modbus%20Slave%20(version%207.5.1%20and%20earlier)%20mbs%20file%20has%20a%20buffer%20overflow%20vulnerability.md
 - https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/poc/poc.mbs
+- https://vuldb.com/?id.217021
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2023/CVE-2023-36542.md b/2023/CVE-2023-36542.md
@@ -0,0 +1,17 @@
+### [CVE-2023-36542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36542)
+![](https://img.shields.io/static/v1?label=Product&message=Apache%20NiFi&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0.0.2%3C%3D%201.22.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
+
+### Description
+
+Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nbxiglk0/nbxiglk0
+
diff --git a/references.txt b/references.txt
@@ -18523,6 +18523,7 @@ CVE-2011-3001 - https://bugzilla.mozilla.org/show_bug.cgi?id=672485
 CVE-2011-3003 - https://bugzilla.mozilla.org/show_bug.cgi?id=682335
 CVE-2011-3010 - http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5
 CVE-2011-3012 - http://securityreason.com/securityalert/8324
+CVE-2011-3046 - https://plus.google.com/u/0/116651741222993143554/posts/5Eq5d9XgFqs
 CVE-2011-3079 - https://bugzilla.mozilla.org/show_bug.cgi?id=1087565
 CVE-2011-3143 - http://www.digitalbond.com/scadapedia/vulnerability-notes/heap-overflow-vulnerability/
 CVE-2011-3144 - http://www.digitalbond.com/scadapedia/vulnerability-notes/control-microsystems-cross-site-scripting-vulnerability/
@@ -35813,6 +35814,7 @@ CVE-2016-3737 - https://www.tenable.com/security/research/tra-2016-22
 CVE-2016-3739 - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
 CVE-2016-3740 - https://0patch.blogspot.com/2016/07/0patching-foxit-readers-heap-buffer.html
 CVE-2016-3861 - https://www.exploit-db.com/exploits/40354/
+CVE-2016-3912 - https://android.googlesource.com/platform/frameworks/base/+/6c049120c2d749f0c0289d822ec7d0aa692f55c5
 CVE-2016-3914 - https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/3a3a5d145d380deef2d5b7c3150864cd04be397f
 CVE-2016-3943 - http://packetstormsecurity.com/files/136606/Panda-Endpoint-Administration-Agent-Privilege-Escalation.html
 CVE-2016-3943 - https://www.exploit-db.com/exploits/39671/
@@ -59803,6 +59805,7 @@ CVE-2020-15952 - https://labs.bishopfox.com/advisories
 CVE-2020-15952 - https://labs.bishopfox.com/advisories/immuta-version-2.8.2
 CVE-2020-15956 - http://packetstormsecurity.com/files/158771/ACTi-NVR3-Standard-Professional-Server-3.0.12.42-Denial-Of-Service.html
 CVE-2020-15956 - https://github.com/megamagnus/cve-2020-15956
+CVE-2020-15957 - https://github.com/DP-3T/dp3t-sdk-backend/security/advisories/GHSA-5m5q-3qw2-3xf3
 CVE-2020-15958 - http://packetstormsecurity.com/files/159193/1CRM-8.6.7-Insecure-Direct-Object-Reference.html
 CVE-2020-15958 - http://seclists.org/fulldisclosure/2020/Sep/31
 CVE-2020-15972 - http://packetstormsecurity.com/files/172842/Chrome-Renderer-Remote-Code-Execution.html
@@ -73917,6 +73920,7 @@ CVE-2022-28022 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom2
 CVE-2022-28023 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/purchase-order-management-system/SQLi-2.md
 CVE-2022-28024 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Student-Grading-System/SQLi-1.md
 CVE-2022-28025 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Student-Grading-System/SQLi-2.md
+CVE-2022-28026 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Student-Grading-System/SQLi-3.md
 CVE-2022-28028 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-1.md
 CVE-2022-28029 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-2.md
 CVE-2022-28030 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-3.md
@@ -74062,6 +74066,8 @@ CVE-2022-2841 - https://www.modzero.com/advisories/MZ-22-02-CrowdStrike-FalconSe
 CVE-2022-2841 - https://www.modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html
 CVE-2022-2841 - https://youtu.be/3If-Fqwx-4s
 CVE-2022-28410 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-4.md
+CVE-2022-28411 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/Simple-Real-Estate-Portal-System/SQLi-5.md
+CVE-2022-28412 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-1.md
 CVE-2022-28413 - https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/car-driving-school-management-system/SQLi-2.md
 CVE-2022-2845 - https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445
 CVE-2022-28452 - https://github.com/YavuzSahbaz/Red-Planet-Laundry-Management-System-1.0-is-vulnerable-to-SQL
@@ -78113,6 +78119,7 @@ CVE-2022-4851 - https://huntr.dev/bounties/e3cebc1a-1326-4a08-abad-0414a717fa0f
 CVE-2022-4855 - https://github.com/joinia/webray.com.cn/blob/main/lead-management-system/leadmanasql.md
 CVE-2022-4856 - https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/Modbus%20Slave%20(version%207.5.1%20and%20earlier)%20mbs%20file%20has%20a%20buffer%20overflow%20vulnerability.md
 CVE-2022-4856 - https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Slave/poc/poc.mbs
+CVE-2022-4856 - https://vuldb.com/?id.217021
 CVE-2022-4857 - https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Poll/Modbus%20Poll%20(version%209.10.0%20and%20earlier)%20mbp%20file%20has%20a%20buffer%20overflow%20vulnerability.md
 CVE-2022-4857 - https://github.com/Durian1546/vul/blob/main/webray.com.cn/Modbus%20Poll/poc/poc.mbp
 CVE-2022-4863 - https://huntr.dev/bounties/42751929-e511-49a9-888d-d5b610da2a45