Update Fri Apr 12 10:05:52 UTC 2024

2016/CVE-2016-0728.md

@@ -12,6 +12,7 @@ The join_session_keyring function in security/keys/process_keys.c in the Linux k
 #### Reference
 - http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
+- http://www.ubuntu.com/usn/USN-2872-2
 - https://security.netapp.com/advisory/ntap-20160211-0001/
 - https://www.exploit-db.com/exploits/39277/
 

2016/CVE-2016-0926.md

@@ -0,0 +1,17 @@
+### [CVE-2016-0926](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0926)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
+
+### POC
+
+#### Reference
+- https://pivotal.io/security/cve-2016-0926
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-21202.md

@@ -0,0 +1,17 @@
+### [CVE-2018-21202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21202)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000055147/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2590
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-22526.md

@@ -0,0 +1,17 @@
+### [CVE-2024-22526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22526)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file.
+
+### POC
+
+#### Reference
+- https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-22734.md

@@ -0,0 +1,17 @@
+### [CVE-2024-22734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22734)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components.
+
+### POC
+
+#### Reference
+- https://www.redlinecybersecurity.com/blog/cve-2024-22734
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-30614.md

@@ -0,0 +1,17 @@
+### [CVE-2024-30614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30614)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in Ametys CMS v4.5.0 and before allows attackers to obtain sensitive information via exposed resources to the error scope.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2024/CVE-2024-30850.md

@@ -0,0 +1,18 @@
+### [CVE-2024-30850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30850)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
+
+### POC
+
+#### Reference
+- https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/
+
+#### Github
+- https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc
+- https://github.com/nomi-sec/PoC-in-GitHub
+

references.txt

@@ -36201,6 +36201,7 @@ CVE-2016-0723 - http://www.ubuntu.com/usn/USN-2948-2
 CVE-2016-0727 - http://packetstormsecurity.com/files/141913/NTP-Privilege-Escalation.html
 CVE-2016-0728 - http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
 CVE-2016-0728 - http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
+CVE-2016-0728 - http://www.ubuntu.com/usn/USN-2872-2
 CVE-2016-0728 - https://security.netapp.com/advisory/ntap-20160211-0001/
 CVE-2016-0728 - https://www.exploit-db.com/exploits/39277/
 CVE-2016-0729 - http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html
@@ -36311,6 +36312,7 @@ CVE-2016-0895 - http://packetstormsecurity.com/files/136888/RSA-Data-Loss-Preven
 CVE-2016-0900 - http://packetstormsecurity.com/files/136994/RSA-Authentication-Manager-XSS-HTTP-Response-Splitting.html
 CVE-2016-0901 - http://packetstormsecurity.com/files/136994/RSA-Authentication-Manager-XSS-HTTP-Response-Splitting.html
 CVE-2016-0902 - http://packetstormsecurity.com/files/136994/RSA-Authentication-Manager-XSS-HTTP-Response-Splitting.html
+CVE-2016-0926 - https://pivotal.io/security/cve-2016-0926
 CVE-2016-0951 - https://www.exploit-db.com/exploits/39429/
 CVE-2016-0952 - https://www.exploit-db.com/exploits/39430/
 CVE-2016-0953 - https://www.exploit-db.com/exploits/39431/
@@ -51656,6 +51658,7 @@ CVE-2018-21190 - https://kb.netgear.com/000055167/Security-Advisory-for-Post-Aut
 CVE-2018-21194 - https://kb.netgear.com/000055163/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2601
 CVE-2018-21195 - https://kb.netgear.com/000055162/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2600
 CVE-2018-21197 - https://kb.netgear.com/000055152/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2596
+CVE-2018-21202 - https://kb.netgear.com/000055147/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2590
 CVE-2018-21203 - https://kb.netgear.com/000055146/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2589
 CVE-2018-21205 - https://kb.netgear.com/000055144/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2568
 CVE-2018-21207 - https://kb.netgear.com/000055142/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2566
@@ -92961,6 +92964,7 @@ CVE-2024-22422 - https://github.com/Mintplex-Labs/anything-llm/security/advisori
 CVE-2024-22491 - https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md
 CVE-2024-22514 - https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution
 CVE-2024-22515 - https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability
+CVE-2024-22526 - https://gist.github.com/GAP-dev/c33276a151c824300d68aecc317082a3
 CVE-2024-22529 - https://github.com/unpWn4bL3/iot-security/blob/main/29.md
 CVE-2024-22532 - https://github.com/pwndorei/CVE-2024-22532
 CVE-2024-22550 - https://packetstormsecurity.com/files/176312/ShopSite-14.0-Cross-Site-Scripting.html
@@ -92997,6 +93001,7 @@ CVE-2024-22715 - https://github.com/RumblingIsOccupied/cms/blob/main/1.md
 CVE-2024-2272 - https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md
 CVE-2024-22727 - https://teltonika-networks.com/newsroom/critical-security-update-for-trb1-series-gateways
 CVE-2024-22729 - https://github.com/adhikara13/CVE/blob/main/netis_MW5360/blind%20command%20injection%20in%20password%20parameter%20in%20initial%20settings.md
+CVE-2024-22734 - https://www.redlinecybersecurity.com/blog/cve-2024-22734
 CVE-2024-22749 - https://github.com/gpac/gpac/issues/2713
 CVE-2024-22749 - https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md
 CVE-2024-22751 - https://github.com/5erua/vuls/blob/main/dir882.md
@@ -93700,6 +93705,7 @@ CVE-2024-30639 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F
 CVE-2024-30807 - https://github.com/axiomatic-systems/Bento4/issues/937
 CVE-2024-30808 - https://github.com/axiomatic-systems/Bento4/issues/937
 CVE-2024-30809 - https://github.com/axiomatic-systems/Bento4/issues/937
+CVE-2024-30850 - https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/
 CVE-2024-30879 - https://github.com/jianyan74/rageframe2/issues/114
 CVE-2024-30880 - https://github.com/jianyan74/rageframe2/issues/114
 CVE-2024-30883 - https://github.com/jianyan74/rageframe2/issues/114