Update Sun Apr 21 18:06:33 UTC 2024

trickest · Apr 21, 2024 · 24e6231 · 24e6231
1 parent e80fd5c
commit 24e6231
Show file tree

Hide file tree

Showing 9 changed files with 64 additions and 1 deletion.
diff --git a/2008/CVE-2008-6945.md b/2008/CVE-2008-6945.md
@@ -0,0 +1,17 @@
+### [CVE-2008-6945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6945)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.
+
+### POC
+
+#### Reference
+- http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2011/CVE-2011-4293.md b/2011/CVE-2011-4293.md
@@ -0,0 +1,17 @@
+### [CVE-2011-4293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4293)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
+
+### POC
+
+#### Reference
+- http://moodle.org/mod/forum/discuss.php?d=182736
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2011/CVE-2011-4592.md b/2011/CVE-2011-4592.md
@@ -0,0 +1,17 @@
+### [CVE-2011-4592](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4592)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.
+
+### POC
+
+#### Reference
+- http://moodle.org/mod/forum/discuss.php?d=191761
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2014/CVE-2014-8351.md b/2014/CVE-2014-8351.md
@@ -12,6 +12,7 @@ SQL injection vulnerability in info.php in French National Commission on Informa
 #### Reference
 - http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-SQL-Injection.html
 - http://seclists.org/fulldisclosure/2014/Nov/3
+- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543960e2
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2014/CVE-2014-8352.md b/2014/CVE-2014-8352.md
@@ -12,6 +12,7 @@ Cross-site scripting (XSS) vulnerability in json.php in French National Commissi
 #### Reference
 - http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-SQL-Injection.html
 - http://seclists.org/fulldisclosure/2014/Nov/3
+- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543960e2
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2018/CVE-2018-0495.md b/2018/CVE-2018-0495.md
@@ -10,7 +10,7 @@ Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channe
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://usn.ubuntu.com/3692-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2018/CVE-2018-0732.md b/2018/CVE-2018-0732.md
@@ -11,6 +11,7 @@ During key agreement in a TLS handshake using a DH(E) based ciphersuite a malici
 
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
+- https://usn.ubuntu.com/3692-1/
 - https://www.oracle.com/security-alerts/cpuapr2020.html
 - https://www.oracle.com/security-alerts/cpujan2021.html
 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

diff --git a/2018/CVE-2018-0737.md b/2018/CVE-2018-0737.md
@@ -11,6 +11,7 @@ The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a ca
 
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
+- https://usn.ubuntu.com/3692-1/
 - https://www.oracle.com//security-alerts/cpujul2021.html
 - https://www.oracle.com/security-alerts/cpuapr2020.html
 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

diff --git a/references.txt b/references.txt
@@ -14193,6 +14193,7 @@ CVE-2008-6941 - https://www.exploit-db.com/exploits/7107
 CVE-2008-6942 - https://www.exploit-db.com/exploits/7110
 CVE-2008-6943 - https://www.exploit-db.com/exploits/7112
 CVE-2008-6944 - https://www.exploit-db.com/exploits/7111
+CVE-2008-6945 - http://ftp.icdevgroup.org/interchange/5.7/WHATSNEW
 CVE-2008-6946 - https://www.exploit-db.com/exploits/7076
 CVE-2008-6947 - https://www.exploit-db.com/exploits/7076
 CVE-2008-6948 - https://www.exploit-db.com/exploits/7076
@@ -20165,6 +20166,7 @@ CVE-2011-4153 - http://cxsecurity.com/research/103
 CVE-2011-4153 - http://www.exploit-db.com/exploits/18370/
 CVE-2011-4161 - http://isc.sans.org/diary/Hacking+HP+Printers+for+Fun+and+Profit/12112
 CVE-2011-4231 - http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_34s.html
+CVE-2011-4293 - http://moodle.org/mod/forum/discuss.php?d=182736
 CVE-2011-4314 - http://openid.net/2011/05/05/attribute-exchange-security-alert/
 CVE-2011-4317 - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
 CVE-2011-4317 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
@@ -20241,6 +20243,7 @@ CVE-2011-4579 - http://ubuntu.com/usn/usn-1320-1
 CVE-2011-4579 - http://ubuntu.com/usn/usn-1333-1
 CVE-2011-4582 - http://moodle.org/mod/forum/discuss.php?d=191748
 CVE-2011-4591 - http://moodle.org/mod/forum/discuss.php?d=191760
+CVE-2011-4592 - http://moodle.org/mod/forum/discuss.php?d=191761
 CVE-2011-4594 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1
 CVE-2011-4599 - http://bugs.icu-project.org/trac/ticket/8984
 CVE-2011-4613 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652249
@@ -30227,8 +30230,10 @@ CVE-2014-8347 - http://packetstormsecurity.com/files/128853/Filemaker-Login-Bypa
 CVE-2014-8349 - http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html
 CVE-2014-8351 - http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-SQL-Injection.html
 CVE-2014-8351 - http://seclists.org/fulldisclosure/2014/Nov/3
+CVE-2014-8351 - https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543960e2
 CVE-2014-8352 - http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-SQL-Injection.html
 CVE-2014-8352 - http://seclists.org/fulldisclosure/2014/Nov/3
+CVE-2014-8352 - https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543960e2
 CVE-2014-8354 - http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html
 CVE-2014-8355 - http://packetstormsecurity.com/files/128944/ImageMagick-Out-Of-Bounds-Read-Heap-Overflow.html
 CVE-2014-8356 - http://packetstormsecurity.com/files/133921/Zhone-Insecure-Reference-Password-Disclosure-Command-Injection.html
@@ -47239,6 +47244,7 @@ CVE-2018-0491 - https://www.exploit-db.com/exploits/44994/
 CVE-2018-0492 - https://www.exploit-db.com/exploits/44452/
 CVE-2018-0494 - https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
 CVE-2018-0494 - https://www.exploit-db.com/exploits/44601/
+CVE-2018-0495 - https://usn.ubuntu.com/3692-1/
 CVE-2018-0576 - https://wpvulndb.com/vulnerabilities/9609
 CVE-2018-0577 - https://wpvulndb.com/vulnerabilities/9610
 CVE-2018-0585 - https://wpvulndb.com/vulnerabilities/9608
@@ -47273,6 +47279,7 @@ CVE-2018-0710 - https://www.coresecurity.com/advisories/qnap-qcenter-virtual-app
 CVE-2018-0710 - https://www.exploit-db.com/exploits/45015/
 CVE-2018-0715 - https://www.exploit-db.com/exploits/45348/
 CVE-2018-0732 - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
+CVE-2018-0732 - https://usn.ubuntu.com/3692-1/
 CVE-2018-0732 - https://www.oracle.com/security-alerts/cpuapr2020.html
 CVE-2018-0732 - https://www.oracle.com/security-alerts/cpujan2021.html
 CVE-2018-0732 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
@@ -47292,6 +47299,7 @@ CVE-2018-0734 - https://www.tenable.com/security/tns-2018-17
 CVE-2018-0735 - https://www.oracle.com/security-alerts/cpujan2020.html
 CVE-2018-0735 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
 CVE-2018-0737 - http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
+CVE-2018-0737 - https://usn.ubuntu.com/3692-1/
 CVE-2018-0737 - https://www.oracle.com//security-alerts/cpujul2021.html
 CVE-2018-0737 - https://www.oracle.com/security-alerts/cpuapr2020.html
 CVE-2018-0737 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html