Update Thu Mar 21 18:01:22 UTC 2024

2017/CVE-2017-12597.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds wr
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2017/CVE-2017-12598.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds re
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/xiaoqx/pocs

2017/CVE-2017-12599.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds re
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/xiaoqx/pocs

2017/CVE-2017-12601.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow i
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/xiaoqx/pocs

2017/CVE-2017-12603.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/xiaoqx/pocs

2017/CVE-2017-12604.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds wr
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/xiaoqx/pocs

2017/CVE-2017-12605.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds wr
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/xiaoqx/pocs

2017/CVE-2017-12606.md

@@ -10,7 +10,7 @@ OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds wr
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/opencv/opencv/issues/9309
 
 #### Github
 - https://github.com/xiaoqx/pocs

2019/CVE-2019-13272.md

@@ -92,6 +92,7 @@ In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the
 - https://github.com/jiayy/android_vuln_poc-exp
 - https://github.com/karlhat/Ksplice-demo
 - https://github.com/kdandy/pentest_tools
+- https://github.com/kurniawandata/xcoderootsploit
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/lnick2023/nicenice
 - https://github.com/merlinepedra/Pentest-Tools

2019/CVE-2019-16253.md

@@ -18,6 +18,7 @@ The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.0
 - https://github.com/ThePBone/awesome-shizuku
 - https://github.com/alphaSeclab/sec-daily-2019
 - https://github.com/emtee40/SMTShell
+- https://github.com/k0mraid3/K0mraid3s-System-Shell-PREBUILT
 - https://github.com/vaimalaviya1233/SamsungMTShell
 - https://github.com/wr3cckl3ss/system_shell_2
 - https://github.com/wr3cckl3ss1/system3

2020/CVE-2020-35837.md

@@ -0,0 +1,17 @@
+### [CVE-2020-35837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35837)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000062650/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2018-0499
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-7460.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/alphaSeclab/sec-daily-2020
+- https://github.com/kurniawandata/xcodefreebsdsploit
 

2021/CVE-2021-3156.md

@@ -190,6 +190,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based
 - https://github.com/kgwanjala/oscp-cheatsheet
 - https://github.com/kldksd/server
 - https://github.com/kotikjaroslav/sigma_detection_rules
+- https://github.com/kurniawandata/xcoderootsploit
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/liqimore/ECE9609-Introduction-to-Hacking
 - https://github.com/lmol/CVE-2021-3156

2021/CVE-2021-3490.md

@@ -41,6 +41,7 @@ The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux ke
 - https://github.com/khanhhdz06/linux-kernel-exploitation
 - https://github.com/khanhnd123/linux-kernel-exploitation
 - https://github.com/knd06/linux-kernel-exploitation
+- https://github.com/kurniawandata/xcoderootsploit
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/manas3c/CVE-POC
 - https://github.com/nomi-sec/PoC-in-GitHub

2021/CVE-2021-3739.md

@@ -11,6 +11,7 @@ A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/
 
 #### Reference
 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e4571b8c5e9ffa1e85c0c671995bd4dcc5c75091
+- https://ubuntu.com/security/CVE-2021-3739
 
 #### Github
 No PoCs found on GitHub currently.

2021/CVE-2021-4034.md

@@ -266,6 +266,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
 - https://github.com/kimusan/pkwner
 - https://github.com/kraloveckey/venom
 - https://github.com/kt690/backup1
+- https://github.com/kurniawandata/xcoderootsploit
 - https://github.com/learner-ing/changeTools
 - https://github.com/legovaer/my-awesome-stars
 - https://github.com/liamg/traitor

2021/CVE-2021-45563.md

@@ -0,0 +1,17 @@
+### [CVE-2021-45563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45563)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000064084/Security-Advisory-for-Post-Authentication-Command-Injection-on-Some-WiFi-Systems-PSV-2020-0066
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-30123.md

@@ -0,0 +1,17 @@
+### [CVE-2022-30123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30123)
+![](https://img.shields.io/static/v1?label=Product&message=https%3A%2F%2Fgithub.com%2Frack%2Frack&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Escape%2C%20Meta%2C%20or%20Control%20Sequences%20(CWE-150)&color=brighgreen)
+
+### Description
+
+A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/neo9/fluentd
+

2022/CVE-2022-32207.md

@@ -16,4 +16,5 @@ When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/JtMotoX/docker-trivy
 - https://github.com/maxim12z/ECommerce
+- https://github.com/neo9/fluentd
 

2022/CVE-2022-37434.md

@@ -34,6 +34,7 @@ zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in infl
 - https://github.com/karimhabush/cyberowl
 - https://github.com/manas3c/CVE-POC
 - https://github.com/maxim12z/ECommerce
+- https://github.com/neo9/fluentd
 - https://github.com/nidhi7598/external_zlib-1.2.11_AOSP_10_r33_CVE-2022-37434
 - https://github.com/nidhi7598/external_zlib-1.2.7_CVE-2022-37434
 - https://github.com/nomi-sec/PoC-in-GitHub

2024/CVE-2024-1009.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1009)
+![](https://img.shields.io/static/v1?label=Product&message=Employee%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-1086.md

@@ -13,6 +13,8 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon
 No PoCs from references.
 
 #### Github
+- https://github.com/Notselwyn/CVE-2024-1086
 - https://github.com/Notselwyn/exploits
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/nomi-sec/PoC-in-GitHub
 

2024/CVE-2024-2236.md

@@ -17,6 +17,7 @@ A timing-based side-channel flaw was found in libgcrypt's RSA implementation. Th
 No PoCs from references.
 
 #### Github
+- https://github.com/TimoTielens/TwT.Docker.Aspnet
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/fokypoky/places-list