Update Sat Feb 17 18:09:24 UTC 2024

1999/CVE-1999-0524.md

@@ -10,7 +10,7 @@ ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-1999-0524

2000/CVE-2000-0219.md

@@ -0,0 +1,17 @@
+### [CVE-2000-0219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0219)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2004/CVE-2004-0230.md

@@ -14,6 +14,7 @@ TCP, when using a large Window Size, makes it easier for remote attackers to gue
 - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019
 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
 
 #### Github
 - https://github.com/biswajitde/dsm_ips

2014/CVE-2014-8520.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8520)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information via vectors related to open network ports.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8521.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8521)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8522.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8522)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8523.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8523)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site request forgery (CSRF) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8524.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8524)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable the autocomplete setting for the password and other fields, which allows remote attackers to obtain sensitive information via unspecified vectors.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8525.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8525)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8526.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8526)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8527.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8527)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information and affect integrity via vectors related to a "plain text password."
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8528.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8528)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs, which allows local users to obtain sensitive information by reading the audit log.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8529.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8529)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8530.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8530)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to obtain sensitive information, affect integrity, or cause a denial of service via unknown vectors, related to simultaneous logins.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8531.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8531)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8532.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8532](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8532)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in McAfee Network Data Loss Prevention before (NDLP) before 9.3 allows local users to obtain sensitive information and impact integrity via unknown vectors, related to partition mounting.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8533.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8533](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8533)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection.
+
+### POC
+
+#### Reference
+- https://kc.mcafee.com/corporate/index?page=content&id=SB10053
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-7092.md

@@ -11,6 +11,7 @@ A vulnerability was found in Uniway UW-302VP 2.0. It has been rated as problemat
 
 #### Reference
 - https://drive.google.com/file/d/15Wr3EL4cpAS_H_Vp7TuIftssxAuzb4SL/view
+- https://vuldb.com/?id.248939
 
 #### Github
 No PoCs found on GitHub currently.

2023/CVE-2023-7109.md

@@ -10,7 +10,7 @@ A vulnerability classified as critical was found in code-projects Library Manage
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.249004
 
 #### Github
 - https://github.com/h4md153v63n/CVEs

2023/CVE-2023-7126.md

@@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in code-projects Automated
 
 #### Reference
 - https://github.com/h4md153v63n/CVEs/blob/main/Automated_Voting_System/Automated_Voting_System-SQL_Injection-1.md
+- https://vuldb.com/?id.249129
 
 #### Github
 - https://github.com/h4md153v63n/CVEs

2023/CVE-2023-7130.md

@@ -10,7 +10,7 @@ A vulnerability has been found in code-projects College Notes Gallery 2.0 and cl
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.249133
 
 #### Github
 - https://github.com/h4md153v63n/CVEs

2023/CVE-2023-7160.md

@@ -0,0 +1,17 @@
+### [CVE-2023-7160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7160)
+![](https://img.shields.io/static/v1?label=Product&message=Engineers%20Online%20Portal&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.249182
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-7176.md

@@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in Campcodes Online Colleg
 
 #### Reference
 - https://medium.com/@heishou/libsystem-foreground-sql-injection-vulnerability-3-d02f0ce78fe3
+- https://vuldb.com/?id.249363
 
 #### Github
 No PoCs found on GitHub currently.

2023/CVE-2023-7181.md

@@ -0,0 +1,17 @@
+### [CVE-2023-7181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7181)
+![](https://img.shields.io/static/v1?label=Product&message=DedeBIZ&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.249368
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-7215.md

@@ -10,7 +10,7 @@ A vulnerability, which was classified as problematic, has been found in Chanzhao
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.249779
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds