Update Wed Mar 27 18:06:32 UTC 2024

2013/CVE-2013-4930.md

@@ -0,0 +1,17 @@
+### [CVE-2013-4930](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4930)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c in the DVB-CI dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not validate a certain length value before decrementing it, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.
+
+### POC
+
+#### Reference
+- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dvbci.c?r1=50474&r2=50473&pathrev=50474
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-0160.md

@@ -198,6 +198,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/Tiriel-Alyptus/Pentest
 - https://github.com/Trietptm-on-Awesome-Lists/become-a-penetration-tester
 - https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10
+- https://github.com/UNILESS/QuickBCC_Public
 - https://github.com/UroBs17/hacking-tools
 - https://github.com/Vainoord/devops-netology
 - https://github.com/Valdem88/dev-17_ib-yakovlev_vs

2014/CVE-2014-3507.md

@@ -14,6 +14,7 @@ Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/Satheesh575555/openSSL_1.0.1g_CVE-2014-3507
 - https://github.com/Ypnose/ahrf
 - https://github.com/chnzzh/OpenSSL-CVE-lib
 - https://github.com/hrbrmstr/internetdb

2014/CVE-2014-3508.md

@@ -18,6 +18,7 @@ The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9
 - https://github.com/buptsseGJ/VulSeeker
 - https://github.com/chnzzh/OpenSSL-CVE-lib
 - https://github.com/hrbrmstr/internetdb
+- https://github.com/hshivhare67/OpenSSL_1.0.1g_CVE-2014-3508
 - https://github.com/jumanjihouse/oval
 - https://github.com/jumanjihouse/wormhole
 

2014/CVE-2014-3601.md

@@ -0,0 +1,17 @@
+### [CVE-2014-3601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2358-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-5077.md

@@ -11,6 +11,7 @@ The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel throu
 
 #### Reference
 - http://www.ubuntu.com/usn/USN-2335-1
+- http://www.ubuntu.com/usn/USN-2358-1
 
 #### Github
 No PoCs found on GitHub currently.

2014/CVE-2014-5471.md

@@ -0,0 +1,17 @@
+### [CVE-2014-5471](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2358-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-5472.md

@@ -0,0 +1,17 @@
+### [CVE-2014-5472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2358-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-6271.md

@@ -100,6 +100,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/CyberSavvy/python-pySecurity
 - https://github.com/CyberlearnbyVK/redteam-notebook
 - https://github.com/Cyberleet1337/Payloadswebhack
+- https://github.com/Cyberz189/SIEM-Lab
 - https://github.com/D3Ext/PentestDictionary
 - https://github.com/DanMcInerney/shellshock-hunter
 - https://github.com/DanMcInerney/shellshock-hunter-google
@@ -347,6 +348,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/erSubhashThapa/pentesting
 - https://github.com/eric-erki/Penetration-Testing
 - https://github.com/eric-erki/awesome-pentest
+- https://github.com/eric-gitta-moore/Safety-Project-Collection
 - https://github.com/ericlake/fabric-shellshock
 - https://github.com/falocab/PayloadsAllTheThings
 - https://github.com/fares-alkhalaf/BurbsuiteInArabic

2015/CVE-2015-10101.md

@@ -0,0 +1,17 @@
+### [CVE-2015-10101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-10101)
+![](https://img.shields.io/static/v1?label=Product&message=Google%20Analytics%20Top%20Content%20Widget%20Plugin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The identifier of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540
+
+#### Github
+No PoCs found on GitHub currently.
+

2015/CVE-2015-3202.md

@@ -11,6 +11,7 @@ fusermount in FUSE before 2.9.3-15 does not properly clear the environment befor
 
 #### Reference
 - http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
+- http://www.ubuntu.com/usn/USN-2617-2
 - https://www.exploit-db.com/exploits/37089/
 
 #### Github

2017/CVE-2017-5715.md

@@ -23,6 +23,7 @@ Systems with microprocessors utilizing speculative execution and indirect branch
 - https://seclists.org/bugtraq/2019/Jun/36
 - https://spectreattack.com/
 - https://usn.ubuntu.com/3540-2/
+- https://usn.ubuntu.com/3580-1/
 - https://usn.ubuntu.com/3582-1/
 - https://usn.ubuntu.com/3777-3/
 - https://www.exploit-db.com/exploits/43427/

2017/CVE-2017-5753.md

@@ -19,6 +19,7 @@ Systems with microprocessors utilizing speculative execution and branch predicti
 - https://seclists.org/bugtraq/2019/Jun/36
 - https://spectreattack.com/
 - https://usn.ubuntu.com/3540-2/
+- https://usn.ubuntu.com/3580-1/
 - https://www.exploit-db.com/exploits/43427/
 - https://www.kb.cert.org/vuls/id/180049
 - https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001

2017/CVE-2017-8994.md

@@ -10,6 +10,7 @@ A input validation vulnerability in HPE Operations Orchestration product all ver
 ### POC
 
 #### Reference
+- https://www.tenable.com/security/research/tra-2017-25
 - https://www.tenable.com/security/research/tra-2017-28
 
 #### Github

2020/CVE-2020-0423.md

@@ -26,6 +26,7 @@ No PoCs from references.
 - https://github.com/khanhhdz06/linux-kernel-exploitation
 - https://github.com/khanhnd123/linux-kernel-exploitation
 - https://github.com/knd06/linux-kernel-exploitation
+- https://github.com/sparrow-labz/CVE-2020-0423
 - https://github.com/ssr-111/linux-kernel-exploitation
 - https://github.com/xairy/linux-kernel-exploitation
 

2020/CVE-2020-19189.md

@@ -0,0 +1,17 @@
+### [CVE-2020-19189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19189)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
+
+### POC
+
+#### Reference
+- https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-30774.md

@@ -16,5 +16,6 @@ A logic issue was addressed with improved validation. This issue is fixed in iOS
 No PoCs from references.
 
 #### Github
+- https://github.com/alibaba/AegiScan
 - https://github.com/starf1ame/iService
 

2021/CVE-2021-33839.md

@@ -0,0 +1,17 @@
+### [CVE-2021-33839](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33839)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting.
+
+### POC
+
+#### Reference
+- https://youtu.be/jWyDfEB0m08
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-40323.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
+- https://github.com/wy876/POC
 

2022/CVE-2022-38223.md

@@ -15,4 +15,5 @@ There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It c
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/NaInSec/CVE-LIST
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2024/CVE-2024-0261.md

@@ -11,6 +11,7 @@ A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problema
 
 #### Reference
 - https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html
+- https://www.youtube.com/watch?v=q-CVJfYdd-g
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-1086.md

@@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/Notselwyn/exploits
 - https://github.com/Notselwyn/notselwyn
 - https://github.com/aobakwewastaken/aobakwewastaken
+- https://github.com/brimstone/stars
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/phixion/phixion

2024/CVE-2024-21762.md

@@ -37,4 +37,5 @@ No PoCs from references.
 - https://github.com/tanjiti/sec_profile
 - https://github.com/tr1pl3ight/CVE-2024-21762-POC
 - https://github.com/vorotilovaawex/CVE-2024-21762_POC
+- https://github.com/wy876/POC