Update Mon Mar 4 18:09:08 UTC 2024

2019/CVE-2019-25065.md

@@ -11,6 +11,7 @@ A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical.
 
 #### Reference
 - https://0day.today/exploit/33544
+- https://vuldb.com/?id.146798
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-0428.md

@@ -0,0 +1,17 @@
+### [CVE-2022-0428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0428)
+![](https://img.shields.io/static/v1?label=Product&message=Content%20Egg&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.3.0%3C%205.3.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-52430.md

@@ -0,0 +1,17 @@
+### [CVE-2023-52430](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52430)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.
+
+### POC
+
+#### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-0765.md

@@ -10,7 +10,7 @@ As a default user on a multi-user instance of AnythingLLM, you could execute a c
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-0795.md

@@ -0,0 +1,17 @@
+### [CVE-2024-0795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0795)
+![](https://img.shields.io/static/v1?label=Product&message=mintplex-labs%2Fanything-llm&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-0968.md

@@ -0,0 +1,17 @@
+### [CVE-2024-0968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0968)
+![](https://img.shields.io/static/v1?label=Product&message=langchain-ai%2Fchat-langchain&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cross-site Scripting (XSS) - DOM in GitHub repository langchain-ai/chat-langchain prior to 0.0.0.
+
+### POC
+
+#### Reference
+- https://huntr.com/bounties/566033b9-df20-4928-b4aa-5cd4c3ca1561
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-21492.md

@@ -10,7 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-21493.md

@@ -10,6 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078
 
 #### Github

2024/CVE-2024-21494.md

@@ -10,6 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249859
 
 #### Github

2024/CVE-2024-21495.md

@@ -10,6 +10,7 @@ Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vul
 ### POC
 
 #### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6248275
 
 #### Github

2024/CVE-2024-21496.md

@@ -10,6 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249860
 
 #### Github

2024/CVE-2024-21497.md

@@ -10,6 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861
 
 #### Github

2024/CVE-2024-21498.md

@@ -10,6 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249862
 
 #### Github

2024/CVE-2024-21499.md

@@ -10,6 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863
 
 #### Github

2024/CVE-2024-21500.md

@@ -10,7 +10,7 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-27694.md

@@ -0,0 +1,17 @@
+### [CVE-2024-27694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27694)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
+
+### POC
+
+#### Reference
+- https://github.com/sms2056/cms/blob/main/1.md
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -57826,6 +57826,7 @@ CVE-2019-25061 - https://stackoverflow.com/questions/42170239/security-of-rand-i
 CVE-2019-25062 - https://www.exploit-db.com/exploits/47477
 CVE-2019-25064 - https://vuldb.com/?id.146832
 CVE-2019-25065 - https://0day.today/exploit/33544
+CVE-2019-25065 - https://vuldb.com/?id.146798
 CVE-2019-25066 - https://vuldb.com/?id.143950
 CVE-2019-25066 - https://www.exploit-db.com/exploits/47497
 CVE-2019-25067 - https://vuldb.com/?id.143949
@@ -75210,6 +75211,7 @@ CVE-2022-0420 - https://wpscan.com/vulnerability/056b5167-3cbc-47d1-9917-52a4347
 CVE-2022-0422 - https://wpscan.com/vulnerability/429be4eb-8a6b-4531-9465-9ef0d35c12cc
 CVE-2022-0426 - https://wpscan.com/vulnerability/de69bcd1-b0b1-4b16-9655-776ee57ad90a
 CVE-2022-0427 - https://gitlab.com/gitlab-org/gitlab/-/issues/347284
+CVE-2022-0428 - https://wpscan.com/vulnerability/071a2f69-9cd6-42a8-a56c-264a589784ab
 CVE-2022-0429 - https://wpscan.com/vulnerability/d1b6f438-f737-4b18-89cf-161238a7421b
 CVE-2022-0430 - https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f
 CVE-2022-0432 - https://huntr.dev/bounties/d06da292-7716-4d74-a129-dd04773398d7
@@ -88418,6 +88420,7 @@ CVE-2023-52355 - https://gitlab.com/libtiff/libtiff/-/issues/621
 CVE-2023-52356 - https://gitlab.com/libtiff/libtiff/-/issues/622
 CVE-2023-5237 - https://research.cleantalk.org/cve-2023-5237-memberlite-shortcodes-stored-xss-via-shortcode
 CVE-2023-5241 - http://packetstormsecurity.com/files/175371/WordPress-AI-ChatBot-4.8.9-SQL-Injection-Traversal-File-Deletion.html
+CVE-2023-52430 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2023-5244 - https://huntr.dev/bounties/a3bd58ba-ca59-4cba-85d1-799f73a76470
 CVE-2023-5245 - https://github.com/combust/mleap/pull/866#issuecomment-1738032225
 CVE-2023-5245 - https://research.jfrog.com/vulnerabilities/mleap-path-traversal-rce-xray-532656/
@@ -88822,6 +88825,7 @@ CVE-2024-0731 - https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt
 CVE-2024-0732 - https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt
 CVE-2024-0737 - https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html
 CVE-2024-0763 - https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5
+CVE-2024-0765 - https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786
 CVE-2024-0769 - https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md
 CVE-2024-0772 - https://youtu.be/WIeWeuXbkiY
 CVE-2024-0773 - https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing
@@ -88831,6 +88835,7 @@ CVE-2024-0782 - https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y
 CVE-2024-0783 - https://github.com/keru6k/Online-Admission-System-RCE-PoC
 CVE-2024-0783 - https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py
 CVE-2024-0784 - https://vuldb.com/?id.251700
+CVE-2024-0795 - https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec
 CVE-2024-0811 - http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html
 CVE-2024-0879 - https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/
 CVE-2024-0880 - https://vuldb.com/?id.252032
@@ -88860,6 +88865,7 @@ CVE-2024-0939 - https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20u
 CVE-2024-0953 - https://bugzilla.mozilla.org/show_bug.cgi?id=1837916
 CVE-2024-0958 - https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing
 CVE-2024-0964 - https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741
+CVE-2024-0968 - https://huntr.com/bounties/566033b9-df20-4928-b4aa-5cd4c3ca1561
 CVE-2024-0986 - https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link
 CVE-2024-0998 - https://vuldb.com/?id.252267
 CVE-2024-1010 - https://github.com/jomskiller/Employee-Management-System---Stored-XSS
@@ -88966,13 +88972,22 @@ CVE-2024-21485 - https://security.snyk.io/vuln/SNYK-PYTHON-DASHHTMLCOMPONENTS-62
 CVE-2024-21488 - https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c
 CVE-2024-21488 - https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371
 CVE-2024-21490 - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
+CVE-2024-21492 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
+CVE-2024-21493 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21493 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078
+CVE-2024-21494 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21494 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249859
+CVE-2024-21495 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21495 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6248275
+CVE-2024-21496 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21496 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249860
+CVE-2024-21497 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21497 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861
+CVE-2024-21498 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21498 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249862
+CVE-2024-21499 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21499 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863
+CVE-2024-21500 - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
 CVE-2024-21501 - https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf
 CVE-2024-21501 - https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334
 CVE-2024-21502 - https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26
@@ -89438,6 +89453,7 @@ CVE-2024-27570 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_c
 CVE-2024-27571 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md
 CVE-2024-27572 - https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md
 CVE-2024-27689 - https://github.com/Xin246/cms/blob/main/2.md
+CVE-2024-27694 - https://github.com/sms2056/cms/blob/main/1.md
 CVE-2024-27743 - https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27743.md
 CVE-2024-27744 - https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27744.md
 CVE-2024-27746 - https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27746.md