Update Mon Apr 3 19:40:07 UTC 2023

trickest · Apr 3, 2023 · 2d7e9b4 · 2d7e9b4
1 parent abddf54
commit 2d7e9b4
Show file tree

Hide file tree

Showing 12 changed files with 166 additions and 0 deletions.
diff --git a/2018/CVE-2018-21197.md b/2018/CVE-2018-21197.md
@@ -0,0 +1,17 @@
+### [CVE-2018-21197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21197)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2021/CVE-2021-24572.md b/2021/CVE-2021-24572.md
@@ -0,0 +1,17 @@
+### [CVE-2021-24572](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24572)
+![](https://img.shields.io/static/v1?label=Product&message=Accept%20Donations%20with%20PayPal&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.3.1%3C%201.3.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44f
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-22853.md b/2022/CVE-2022-22853.md
@@ -11,6 +11,7 @@ A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Man
 
 #### Reference
 - https://github.com/Dheeraj-Deshmukh/stored-xss-in-Hospital-s-Patient-Records-Management-System
+- https://www.sourcecodester.com/sites/default/files/download/oretnom23/hprms_0.zip
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2022/CVE-2022-34113.md b/2022/CVE-2022-34113.md
@@ -0,0 +1,17 @@
+### [CVE-2022-34113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34113)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.
+
+### POC
+
+#### Reference
+- https://github.com/dataease/dataease/issues/2431
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-37424.md b/2022/CVE-2022-37424.md
@@ -0,0 +1,17 @@
+### [CVE-2022-37424](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37424)
+![](https://img.shields.io/static/v1?label=Product&message=OpenNebula&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brighgreen)
+
+### Description
+
+Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery.
+
+### POC
+
+#### Reference
+- https://opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-37425.md b/2022/CVE-2022-37425.md
@@ -0,0 +1,17 @@
+### [CVE-2022-37425](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37425)
+![](https://img.shields.io/static/v1?label=Product&message=OpenNebula&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.
+
+### POC
+
+#### Reference
+- https://opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-37426.md b/2022/CVE-2022-37426.md
@@ -0,0 +1,17 @@
+### [CVE-2022-37426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37426)
+![](https://img.shields.io/static/v1?label=Product&message=OpenNebula&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)
+
+### Description
+
+Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.
+
+### POC
+
+#### Reference
+- https://opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2022/CVE-2022-4331.md b/2022/CVE-2022-4331.md
@@ -0,0 +1,17 @@
+### [CVE-2022-4331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4331)
+![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20access%20control%20in%20GitLab&color=brighgreen)
+
+### Description
+
+An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.
+
+### POC
+
+#### Reference
+- https://gitlab.com/gitlab-org/gitlab/-/issues/385050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-26112.md b/2023/CVE-2023-26112.md
@@ -0,0 +1,17 @@
+### [CVE-2023-26112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26112)
+![](https://img.shields.io/static/v1?label=Product&message=configobj&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Regular%20Expression%20Denial%20of%20Service%20(ReDoS)&color=brighgreen)
+
+### Description
+
+All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-26119.md b/2023/CVE-2023-26119.md
@@ -0,0 +1,17 @@
+### [CVE-2023-26119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26119)
+![](https://img.shields.io/static/v1?label=Product&message=net.sourceforge.htmlunit%3Ahtmlunit&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen)
+
+### Description
+
+Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.
+
+### POC
+
+#### Reference
+- https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-27842.md b/2023/CVE-2023-27842.md
@@ -10,6 +10,7 @@ Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2
 ### POC
 
 #### Reference
+- http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution/
 - https://github.com/tristao-marinho/CVE-2023-27842
 - https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md
 

diff --git a/references.txt b/references.txt
@@ -45769,6 +45769,7 @@ CVE-2018-21183 - https://kb.netgear.com/000055175/Security-Advisory-for-Post-Aut
 CVE-2018-21189 - https://kb.netgear.com/000055168/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2606
 CVE-2018-21190 - https://kb.netgear.com/000055167/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2605
 CVE-2018-21195 - https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600
+CVE-2018-21197 - https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596
 CVE-2018-21203 - https://kb.netgear.com/000055146/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2589
 CVE-2018-21205 - https://kb.netgear.com/000055144/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2568
 CVE-2018-21211 - https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2491
@@ -63091,6 +63092,7 @@ CVE-2021-24558 - https://codevigilant.com/disclosure/2021/wp-plugin-project-stat
 CVE-2021-2456 - https://www.oracle.com/security-alerts/cpujul2021.html
 CVE-2021-24563 - http://packetstormsecurity.com/files/165515/WordPress-Frontend-Uploader-1.3.2-Cross-Site-Scripting.html
 CVE-2021-2457 - https://www.oracle.com/security-alerts/cpujul2021.html
+CVE-2021-24572 - https://wpscan.com/vulnerability/7b1ebd26-ea8b-448c-a775-66a04102e44f
 CVE-2021-2458 - https://www.oracle.com/security-alerts/cpujul2021.html
 CVE-2021-24588 - https://wpscan.com/vulnerability/dc2ce546-9da1-442c-8ee2-cd660634501f
 CVE-2021-2460 - https://www.oracle.com/security-alerts/cpujul2021.html
@@ -68939,6 +68941,7 @@ CVE-2022-2284 - https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874
 CVE-2022-22844 - https://gitlab.com/libtiff/libtiff/-/issues/355
 CVE-2022-2285 - https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736
 CVE-2022-22853 - https://github.com/Dheeraj-Deshmukh/stored-xss-in-Hospital-s-Patient-Records-Management-System
+CVE-2022-22853 - https://www.sourcecodester.com/sites/default/files/download/oretnom23/hprms_0.zip
 CVE-2022-2286 - https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8
 CVE-2022-2287 - https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284
 CVE-2022-2288 - https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad
@@ -71400,6 +71403,7 @@ CVE-2022-34094 - https://github.com/wagnerdracha/ProofOfConcept/blob/main/i3geo_
 CVE-2022-34100 - https://www.crestron.com/Security/Security_Advisories
 CVE-2022-34101 - https://www.crestron.com/Security/Security_Advisories
 CVE-2022-34102 - https://www.crestron.com/Security/Security_Advisories
+CVE-2022-34113 - https://github.com/dataease/dataease/issues/2431
 CVE-2022-34121 - https://github.com/CuppaCMS/CuppaCMS/issues/18
 CVE-2022-34121 - https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates
 CVE-2022-34140 - http://packetstormsecurity.com/files/168012/Feehi-CMS-2.1.1-Cross-Site-Scripting.html
@@ -72064,6 +72068,9 @@ CVE-2022-37401 - https://www.openoffice.org/security/cves/CVE-2022-37401.html
 CVE-2022-3741 - https://huntr.dev/bounties/46f6e07e-f438-4540-938a-510047f987d0
 CVE-2022-37415 - https://gist.github.com/alfarom256/220cb75816ca2b5556e7fc8d8d2803a0
 CVE-2022-37416 - https://issuetracker.google.com/issues/231026247
+CVE-2022-37424 - https://opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/
+CVE-2022-37425 - https://opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/
+CVE-2022-37426 - https://opennebula.io/opennebula-6-4-2-ee-lts-maintenance-release-is-available/
 CVE-2022-37434 - http://seclists.org/fulldisclosure/2022/Oct/41
 CVE-2022-37434 - https://github.com/ivd38/zlib_overflow
 CVE-2022-37450 - https://medium.com/@aviv.yaish/uncle-maker-time-stamping-out-the-competition-in-ethereum-d27c1cb62fef
@@ -73130,6 +73137,7 @@ CVE-2022-43286 - https://github.com/nginx/njs/issues/480
 CVE-2022-43288 - https://github.com/Kubozz/rukovoditel-3.2.1/issues/2
 CVE-2022-43289 - https://github.com/jsummers/deark/issues/52
 CVE-2022-43308 - https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt
+CVE-2022-4331 - https://gitlab.com/gitlab-org/gitlab/-/issues/385050
 CVE-2022-43317 - https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Human%20Resource%20Management%20System/XSS-1.md
 CVE-2022-43320 - https://github.com/liufee/feehicms/issues/4
 CVE-2022-43321 - https://github.com/shopwind/yii-shopwind/issues/1
@@ -74467,12 +74475,14 @@ CVE-2023-26110 - https://security.snyk.io/vuln/SNYK-JS-NODEBLUETOOTH-3311821
 CVE-2023-26111 - https://gist.github.com/lirantal/c80b28e7bee148dc287339cb483e42bc
 CVE-2023-26111 - https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-3149928
 CVE-2023-26111 - https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3149927
+CVE-2023-26112 - https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494
 CVE-2023-26113 - https://github.com/kobezzza/Collection/issues/27
 CVE-2023-26113 - https://security.snyk.io/vuln/SNYK-JS-COLLECTIONJS-3185148
 CVE-2023-26114 - https://security.snyk.io/vuln/SNYK-JS-CODESERVER-3368148
 CVE-2023-26116 - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
 CVE-2023-26117 - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
 CVE-2023-26118 - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
+CVE-2023-26119 - https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-3252500
 CVE-2023-26213 - http://seclists.org/fulldisclosure/2023/Mar/2
 CVE-2023-26213 - https://sec-consult.com/vulnerability-lab/advisory/os-command-injection-in-barracuda-cloudgen-wan/
 CVE-2023-26314 - https://www.openwall.com/lists/oss-security/2023/01/05/1
@@ -74565,6 +74575,7 @@ CVE-2023-27711 - https://srpopty.github.io/2023/03/02/Typecho-V1.2.0-Backend-Ref
 CVE-2023-27754 - https://github.com/10cksYiqiyinHangzhouTechnology/vox2mesh_poc
 CVE-2023-27781 - https://github.com/tjko/jpegoptim/issues/132
 CVE-2023-27783 - https://github.com/appneta/tcpreplay/issues/780
+CVE-2023-27842 - http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution/
 CVE-2023-27842 - https://github.com/tristao-marinho/CVE-2023-27842
 CVE-2023-27842 - https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md
 CVE-2023-27847 - https://friends-of-presta.github.io/security-advisories/modules/2023/03/23/xipblog.html