Update Mon Jun 5 00:10:48 UTC 2023

2004/CVE-2004-2157.md

@@ -0,0 +1,17 @@
+### [CVE-2004-2157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2157)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.
+
+### POC
+
+#### Reference
+- http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2004/CVE-2004-2158.md

@@ -0,0 +1,17 @@
+### [CVE-2004-2158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2158)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
+
+### POC
+
+#### Reference
+- http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2006/CVE-2006-6421.md

@@ -0,0 +1,17 @@
+### [CVE-2006-6421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6421)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user.
+
+### POC
+
+#### Reference
+- http://securityreason.com/securityalert/2005
+
+#### Github
+No PoCs found on GitHub currently.
+

2015/CVE-2015-2298.md

@@ -0,0 +1,17 @@
+### [CVE-2015-2298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2298)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
+
+### POC
+
+#### Reference
+- https://github.com/ether/etherpad-lite/releases/tag/1.5.2
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-6834.md

@@ -0,0 +1,17 @@
+### [CVE-2018-6834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6834)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href.
+
+### POC
+
+#### Reference
+- https://github.com/ether/etherpad-lite/releases/tag/1.6.3
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-6835.md

@@ -10,7 +10,7 @@ node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP,
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/ether/etherpad-lite/releases/tag/1.6.3
 
 #### Github
 - https://github.com/github/securitylab

2021/CVE-2021-34816.md

@@ -0,0 +1,17 @@
+### [CVE-2021-34816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34816)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
+
+### POC
+
+#### Reference
+- https://github.com/ether/etherpad-lite/releases
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-34817.md

@@ -0,0 +1,17 @@
+### [CVE-2021-34817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34817)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.
+
+### POC
+
+#### Reference
+- https://github.com/ether/etherpad-lite/releases/tag/1.8.14
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-43802.md

@@ -0,0 +1,18 @@
+### [CVE-2021-43802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43802)
+![](https://img.shields.io/static/v1?label=Product&message=etherpad-lite&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1287%3A%20Improper%20Validation%20of%20Specified%20Type%20of%20Input&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-790%3A%20Improper%20Filtering%20of%20Special%20Elements&color=brighgreen)
+
+### Description
+
+Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory.
+
+### POC
+
+#### Reference
+- https://github.com/ether/etherpad-lite/releases/tag/1.8.16
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4584.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4584](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4584)
+![](https://img.shields.io/static/v1?label=Product&message=Bento4&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.6.0-639%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.216170
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4613.md

@@ -12,6 +12,7 @@ A vulnerability was found in Click Studios Passwordstate and Passwordstate Brows
 
 #### Reference
 - https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
+- https://vuldb.com/?id.216275
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-47028.md

@@ -0,0 +1,17 @@
+### [CVE-2022-47028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47028)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2022-47028/CVE%20detailed.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-47029.md

@@ -0,0 +1,17 @@
+### [CVE-2022-47029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47029)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update.
+
+### POC
+
+#### Reference
+- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2022-47029/CVE%20detailed.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-4730.md

@@ -0,0 +1,17 @@
+### [CVE-2022-4730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4730)
+![](https://img.shields.io/static/v1?label=Product&message=Web&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216744.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.216744
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-31618.md

@@ -0,0 +1,17 @@
+### [CVE-2023-31618](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31618)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
+
+### POC
+
+#### Reference
+- https://github.com/openlink/virtuoso-opensource/issues/1136
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -935,6 +935,8 @@ CVE-2004-2116 - http://packetstormsecurity.com/files/129320/Tiny-Server-1.1.9-Ar
 CVE-2004-2125 - http://marc.info/?l=bugtraq&m=107530966524193&w=2
 CVE-2004-2126 - http://marc.info/?l=bugtraq&m=107530966524193&w=2
 CVE-2004-2137 - http://www.networksecurity.fi/advisories/outlook-bcc.html
+CVE-2004-2157 - http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html
+CVE-2004-2158 - http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html
 CVE-2004-2165 - http://aluigi.altervista.org/adv/lotr3boom-adv.txt
 CVE-2004-2165 - http://seclists.org/lists/fulldisclosure/2004/Sep/0660.html
 CVE-2004-2262 - https://www.exploit-db.com/exploits/704
@@ -4729,6 +4731,7 @@ CVE-2006-6408 - http://www.quantenblog.net/security/virus-scanner-bypass
 CVE-2006-6409 - http://www.quantenblog.net/security/virus-scanner-bypass
 CVE-2006-6410 - https://www.exploit-db.com/exploits/2264
 CVE-2006-6418 - http://www.netragard.com/pdfs/research/HP-TRU64-LIBPTHREAD-20060811.txt
+CVE-2006-6421 - http://securityreason.com/securityalert/2005
 CVE-2006-6426 - https://www.exploit-db.com/exploits/2898
 CVE-2006-6445 - https://www.exploit-db.com/exploits/2888
 CVE-2006-6453 - https://www.exploit-db.com/exploits/2895
@@ -29906,6 +29909,7 @@ CVE-2015-2294 - http://packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Si
 CVE-2015-2294 - https://www.exploit-db.com/exploits/36506/
 CVE-2015-2295 - http://packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
 CVE-2015-2295 - https://www.exploit-db.com/exploits/36506/
+CVE-2015-2298 - https://github.com/ether/etherpad-lite/releases/tag/1.5.2
 CVE-2015-2305 - http://www.kb.cert.org/vuls/id/695940
 CVE-2015-2314 - http://klikki.fi/adv/wpml.html
 CVE-2015-2314 - http://packetstormsecurity.com/files/130810/WordPress-WPML-XSS-Deletion-SQL-Injection.html
@@ -49696,6 +49700,8 @@ CVE-2018-6829 - https://www.oracle.com/security-alerts/cpujan2020.html
 CVE-2018-6830 - https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
 CVE-2018-6831 - https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
 CVE-2018-6832 - https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
+CVE-2018-6834 - https://github.com/ether/etherpad-lite/releases/tag/1.6.3
+CVE-2018-6835 - https://github.com/ether/etherpad-lite/releases/tag/1.6.3
 CVE-2018-6836 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397
 CVE-2018-6844 - https://websecnerd.blogspot.com/2018/02/mybb-forum-1.html
 CVE-2018-6845 - https://www.exploit-db.com/exploits/44016
@@ -67815,6 +67821,8 @@ CVE-2021-34791 - https://tools.cisco.com/security/center/content/CiscoSecurityAd
 CVE-2021-34798 - https://www.oracle.com/security-alerts/cpujan2022.html
 CVE-2021-34805 - http://packetstormsecurity.com/files/165701/FAUST-iServer-9.0.018.018.4-Local-File-Inclusion.html
 CVE-2021-34805 - https://sec-consult.com/vulnerability-lab/
+CVE-2021-34816 - https://github.com/ether/etherpad-lite/releases
+CVE-2021-34817 - https://github.com/ether/etherpad-lite/releases/tag/1.8.14
 CVE-2021-34820 - http://packetstormsecurity.com/files/163453/Novus-Management-System-Directory-Traversal-Cross-Site-Scripting.html
 CVE-2021-34823 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
 CVE-2021-34831 - https://www.foxit.com/support/security-bulletins.html
@@ -69805,6 +69813,7 @@ CVE-2021-43779 - https://github.com/hansmach1ne/MyExploits/tree/main/RCE_GLPI_ad
 CVE-2021-43797 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2021-43798 - http://packetstormsecurity.com/files/165198/Grafana-Arbitrary-File-Reading.html
 CVE-2021-43798 - http://packetstormsecurity.com/files/165221/Grafana-8.3.0-Directory-Traversal-Arbitrary-File-Read.html
+CVE-2021-43802 - https://github.com/ether/etherpad-lite/releases/tag/1.8.16
 CVE-2021-43818 - https://www.oracle.com/security-alerts/cpujul2022.html
 CVE-2021-43828 - https://huntr.dev/bounties/fe6248f1-603d-43df-816c-c75534a56f72
 CVE-2021-43829 - https://huntr.dev/bounties/17324785-f83a-4058-ac40-03f2bfa16399/
@@ -76791,6 +76800,7 @@ CVE-2022-45768 - https://www.lovesandy.cc/2022/11/20/EDIMAX%E6%BC%8F%E6%B4%9E/
 CVE-2022-45770 - https://hackmag.com/security/aguard-cve/
 CVE-2022-45770 - https://xakep.ru/2023/01/27/aguard-cve/
 CVE-2022-45771 - https://github.com/pwndoc/pwndoc/issues/401
+CVE-2022-4584 - https://vuldb.com/?id.216170
 CVE-2022-45868 - https://sites.google.com/sonatype.com/vulnerabilities/sonatype-2022-6243
 CVE-2022-45869 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47b0c2e4c220f2251fd8dcfbb44479819c715e15
 CVE-2022-45889 - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-planet-enterprises-ltd-planet-estream/
@@ -76876,6 +76886,7 @@ CVE-2022-46109 - https://github.com/z1r00/IOT_Vul/tree/main/Tenda/AC10/formSetCl
 CVE-2022-4611 - https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
 CVE-2022-4612 - https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
 CVE-2022-4613 - https://modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
+CVE-2022-4613 - https://vuldb.com/?id.216275
 CVE-2022-46135 - https://github.com/MegaTKC/AeroCMS/issues/5
 CVE-2022-4614 - https://huntr.dev/bounties/8b429330-3096-4fe4-85e0-1a9143e4dca5
 CVE-2022-4615 - https://huntr.dev/bounties/9c66ece4-bcaa-417d-8b98-e8daff8a728b
@@ -77050,6 +77061,8 @@ CVE-2022-46966 - https://packetstormsecurity.com/files/169916/Revenue-Collection
 CVE-2022-46967 - https://packetstormsecurity.com/files/169916/Revenue-Collection-System-1.0-SQL-Injection-Remote-Code-Execution.html
 CVE-2022-46968 - https://packetstormsecurity.com/files/169917/Revenue-Collection-System-1.0-Cross-Site-Scripting-Authentication-Bypass.html
 CVE-2022-47027 - https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2022-47027/CVE%20detail.md
+CVE-2022-47028 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2022-47028/CVE%20detailed.md
+CVE-2022-47029 - https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2022-47029/CVE%20detailed.md
 CVE-2022-47065 - https://github.com/chunklhit/cve/blob/master/TRENDNet/TEW-820AP/01/README.md
 CVE-2022-47070 - https://github.com/Sylon001/NVS-365-Camera/tree/master/NVS365%20Network%20Video%20Server%20Password%20Information%20Unauthorized%20Access%20Vulnerability
 CVE-2022-47073 - https://medium.com/@shiva.infocop/stored-xss-found-in-small-crm-phpgurukul-7890ea3c04df
@@ -77079,6 +77092,7 @@ CVE-2022-4721 - https://huntr.dev/bounties/3c48ef5d-da4d-4ee4-aaca-af65e7273720
 CVE-2022-4722 - https://huntr.dev/bounties/c62126dc-d9a6-4d3e-988d-967031876c58
 CVE-2022-4723 - https://huntr.dev/bounties/9369681b-8bfc-4146-a54c-c5108442d92c
 CVE-2022-4724 - https://huntr.dev/bounties/e6fb1931-8d9c-4895-be4a-59839b4b6445
+CVE-2022-4730 - https://vuldb.com/?id.216744
 CVE-2022-4732 - https://huntr.dev/bounties/d5be2e96-1f2f-4357-a385-e184cf0119aa
 CVE-2022-4733 - https://huntr.dev/bounties/f353adfb-e5b8-43e7-957a-894670fd4ccd
 CVE-2022-4744 - http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html
@@ -78745,6 +78759,7 @@ CVE-2023-31610 - https://github.com/openlink/virtuoso-opensource/issues/1118
 CVE-2023-31611 - https://github.com/openlink/virtuoso-opensource/issues/1119
 CVE-2023-31612 - https://github.com/openlink/virtuoso-opensource/issues/1125
 CVE-2023-31613 - https://github.com/openlink/virtuoso-opensource/issues/1121
+CVE-2023-31618 - https://github.com/openlink/virtuoso-opensource/issues/1136
 CVE-2023-31623 - https://github.com/openlink/virtuoso-opensource/issues/1131
 CVE-2023-31677 - https://github.com/zzh-newlearner/record/blob/main/luowice.md
 CVE-2023-31698 - http://packetstormsecurity.com/files/172462/Bludit-CMS-3.14.1-Cross-Site-Scripting.html