Update Sun May 5 18:05:50 UTC 2024

2014/CVE-2014-6324.md

@@ -43,6 +43,7 @@ No PoCs from references.
 - https://github.com/nitishbadole/oscp-note-2
 - https://github.com/paramint/AD-Attack-Defense
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/retr0-13/AD-Attack-Defense
 - https://github.com/rmsbpro/rmsbpro
 - https://github.com/sunzu94/AD-Attack-Defense

2017/CVE-2017-5715.md

@@ -26,6 +26,7 @@ Systems with microprocessors utilizing speculative execution and indirect branch
 - https://usn.ubuntu.com/3580-1/
 - https://usn.ubuntu.com/3581-1/
 - https://usn.ubuntu.com/3582-1/
+- https://usn.ubuntu.com/3597-2/
 - https://usn.ubuntu.com/3777-3/
 - https://www.exploit-db.com/exploits/43427/
 - https://www.kb.cert.org/vuls/id/180049

2017/CVE-2017-5753.md

@@ -21,6 +21,7 @@ Systems with microprocessors utilizing speculative execution and branch predicti
 - https://usn.ubuntu.com/3540-2/
 - https://usn.ubuntu.com/3541-1/
 - https://usn.ubuntu.com/3580-1/
+- https://usn.ubuntu.com/3597-2/
 - https://www.exploit-db.com/exploits/43427/
 - https://www.kb.cert.org/vuls/id/180049
 - https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001

2017/CVE-2017-5754.md

@@ -18,6 +18,7 @@ Systems with microprocessors utilizing speculative execution and indirect branch
 - https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
 - https://meltdownattack.com/
 - https://usn.ubuntu.com/3540-2/
+- https://usn.ubuntu.com/3597-2/
 - https://usn.ubuntu.com/usn/usn-3525-1/
 - https://www.kb.cert.org/vuls/id/180049
 - https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001

2018/CVE-2018-12386.md

@@ -27,4 +27,5 @@ A vulnerability in register allocation in JavaScript can lead to type confusion,
 - https://github.com/niklasb/sploits
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/xbl3/awesome-cve-poc_qazbnm456
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2018/CVE-2018-4299.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2018/CVE-2018-4359.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-0724.md

@@ -18,4 +18,5 @@ No PoCs from references.
 #### Github
 - https://github.com/eeenvik1/scripts_for_YouTrack
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 

2019/CVE-2019-11707.md

@@ -39,4 +39,5 @@ A type confusion vulnerability can occur when manipulating JavaScript objects du
 - https://github.com/securesystemslab/pkru-safe-cve-html
 - https://github.com/tunnelshade/cve-2019-11707
 - https://github.com/vigneshsrao/CVE-2019-11707
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-5831.md

@@ -15,4 +15,5 @@ Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a re
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-5841.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-5847.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-5853.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8518.md

@@ -31,4 +31,5 @@ No PoCs from references.
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/tunz/js-vuln-db
 - https://github.com/xbl3/awesome-cve-poc_qazbnm456
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8558.md

@@ -26,4 +26,5 @@ No PoCs from references.
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
 - https://github.com/tunz/js-vuln-db
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8611.md

@@ -25,4 +25,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8622.md

@@ -28,4 +28,5 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8623.md

@@ -27,4 +27,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8671.md

@@ -27,4 +27,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8672.md

@@ -29,4 +29,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8678.md

@@ -28,4 +28,5 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8685.md

@@ -29,4 +29,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8765.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8820.md

@@ -27,4 +27,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-8844.md

@@ -25,4 +25,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-9791.md

@@ -22,4 +22,5 @@ The type inference system allows the compilation of functions that can cause typ
 - https://github.com/googleprojectzero/fuzzilli
 - https://github.com/tunz/js-vuln-db
 - https://github.com/ulexec/Exploits
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-9792.md

@@ -19,4 +19,5 @@ The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-9813.md

@@ -21,4 +21,5 @@ Incorrect handling of __proto__ mutations may lead to type confusion in IonMonke
 - https://github.com/ZihanYe/web-browser-vulnerabilities
 - https://github.com/googleprojectzero/fuzzilli
 - https://github.com/tunz/js-vuln-db
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2019/CVE-2019-9816.md

@@ -18,4 +18,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-0796.md

@@ -287,6 +287,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve
 - https://github.com/puckiestyle/Active-Directory-Exploitation-Cheat-Sheet
 - https://github.com/pwninx/WinPwn
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/rainmana/awesome-rainmana
 - https://github.com/ran-sama/CVE-2020-0796

2020/CVE-2020-13622.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-13623.md

@@ -15,4 +15,5 @@ JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumpti
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-13649.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-13991.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-14163.md

@@ -15,4 +15,5 @@ An issue was discovered in ecma/operations/ecma-container-object.c in JerryScrip
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-1472.md

@@ -305,6 +305,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
 - https://github.com/puckiestyle/CVE-2020-1472
 - https://github.com/pwninx/WinPwn
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/r00t7oo2jm/AMON-Eye
 - https://github.com/r0eXpeR/supplier
 - https://github.com/readloud/Pentesting-Bible

2020/CVE-2020-15656.md

@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/Live-Hack-CVE/CVE-2020-15656
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-16006.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-17049.md

@@ -70,6 +70,7 @@ No PoCs from references.
 - https://github.com/orgTestCodacy11KRepos110MB/repo-3423-Pentest_Note
 - https://github.com/paramint/AD-Attack-Defense
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/qobil7681/Password-cracker
 - https://github.com/retr0-13/AD-Attack-Defense
 - https://github.com/select-ldl/word_select

2020/CVE-2020-1912.md

@@ -16,4 +16,5 @@ No PoCs from references.
 - https://github.com/404notf0und/CVE-Flow
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-1914.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-3901.md

@@ -27,4 +27,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2020/CVE-2020-6512.md

@@ -18,4 +18,5 @@ No PoCs from references.
 - https://github.com/googleprojectzero/fuzzilli
 - https://github.com/psifertex/ctf-vs-the-real-world
 - https://github.com/singularseclab/Browser_Exploits
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2021/CVE-2021-1675.md

@@ -257,6 +257,7 @@ Windows Print Spooler Remote Code Execution Vulnerability
 - https://github.com/puckiestyle/CVE-2021-1675
 - https://github.com/pwninx/WinPwn
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/r1skkam/PrintNightmare
 - https://github.com/raithedavion/PrintNightmare
 - https://github.com/real-acmkan/docker-printernightmare

2021/CVE-2021-26855.md

@@ -174,6 +174,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability
 - https://github.com/praetorian-inc/proxylogon-exploit
 - https://github.com/pussycat0x/CVE-2021-26855-SSRF
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/r0ckysec/CVE-2021-26855_Exchange
 - https://github.com/r0eXpeR/redteam_vul
 - https://github.com/r0eXpeR/supplier

2021/CVE-2021-29982.md

@@ -15,4 +15,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2021/CVE-2021-29984.md

@@ -17,4 +17,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2021/CVE-2021-30818.md

@@ -21,4 +21,5 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2021/CVE-2021-30851.md

@@ -19,4 +19,5 @@ No PoCs from references.
 #### Github
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2021/CVE-2021-31207.md

@@ -55,6 +55,7 @@ Microsoft Exchange Server Security Feature Bypass Vulnerability
 - https://github.com/pen4uin/vulnerability-research
 - https://github.com/pen4uin/vulnerability-research-list
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/r0eXpeR/supplier
 - https://github.com/retr0-13/proxy_Attackchain
 - https://github.com/signorrayan/RedTeam_toolkit

2021/CVE-2021-34473.md

@@ -91,6 +91,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability
 - https://github.com/phamphuqui1998/CVE-2021-34473
 - https://github.com/psc4re/NSE-scripts
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/r0eXpeR/supplier
 - https://github.com/rastidoust/Red
 - https://github.com/rastidoust/rastidoust.github.io

2021/CVE-2021-34523.md

@@ -57,6 +57,7 @@ Microsoft Exchange Server Elevation of Privilege Vulnerability
 - https://github.com/pen4uin/vulnerability-research
 - https://github.com/pen4uin/vulnerability-research-list
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/r0eXpeR/supplier
 - https://github.com/retr0-13/proxy_Attackchain
 - https://github.com/signorrayan/RedTeam_toolkit

2021/CVE-2021-34527.md

@@ -215,6 +215,7 @@
 - https://github.com/powershellpr0mpt/PrintNightmare-CVE-2021-34527
 - https://github.com/pwninx/WinPwn
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/r1skkam/PrintNightmare
 - https://github.com/raithedavion/PrintNightmare
 - https://github.com/rdboboia/disable-RegisterSpoolerRemoteRpcEndPoint

2021/CVE-2021-3509.md

@@ -0,0 +1,17 @@
+### [CVE-2021-3509](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3509)
+![](https://img.shields.io/static/v1?label=Product&message=ceph-dashboard&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79&color=brighgreen)
+
+### Description
+
+A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=1950116
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-36934.md

@@ -101,6 +101,7 @@
 - https://github.com/noodlemctwoodle/MSRC-CVE-Function
 - https://github.com/oscpname/OSCP_cheat
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/pyonghe/HiveNightmareChecker
 - https://github.com/retr0-13/Active-Directory-Exploitation-Cheat-Sheet
 - https://github.com/revanmalang/OSCP

2021/CVE-2021-37991.md

@@ -16,4 +16,5 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/RUB-SysSec/JIT-Picker
 - https://github.com/googleprojectzero/fuzzilli
+- https://github.com/zhangjiahui-buaa/MasterThesis
 

2021/CVE-2021-42278.md

@@ -138,6 +138,7 @@ No PoCs from references.
 - https://github.com/puckiestyle/A-Red-Teamer-diaries
 - https://github.com/puckiestyle/sam-the-admin
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/retr0-13/AD-Attack-Defense
 - https://github.com/retr0-13/Active-Directory-Exploitation-Cheat-Sheet
 - https://github.com/retr0-13/noPac

2021/CVE-2021-42287.md

@@ -138,6 +138,7 @@ No PoCs from references.
 - https://github.com/puckiestyle/A-Red-Teamer-diaries
 - https://github.com/puckiestyle/sam-the-admin
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/qobil7681/Password-cracker
 - https://github.com/retr0-13/AD-Attack-Defense
 - https://github.com/retr0-13/Active-Directory-Exploitation-Cheat-Sheet

2021/CVE-2021-44228.md

@@ -1195,6 +1195,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/pvnovarese/2023-12-demo
 - https://github.com/pwnipc/Log4jExploitDemo
 - https://github.com/pwnlog/PAD
+- https://github.com/pwnlog/PurpAD
 - https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch
 - https://github.com/qingtengyun/cve-2021-44228-qingteng-patch
 - https://github.com/quoll/mulgara