Update Thu Sep 7 11:02:04 UTC 2023

2021/CVE-2021-36646.md

@@ -0,0 +1,17 @@
+### [CVE-2021-36646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36646)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.
+
+### POC
+
+#### Reference
+- https://github.com/kalcaddle/KodExplorer/issues/482
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-43361.md

@@ -1,11 +1,11 @@
 ### [CVE-2021-43361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43361)
-![](https://img.shields.io/static/v1?label=Product&message=Mia-Med&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=HBYS&color=blue)
 ![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.1%20&color=brighgreen)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
 
 ### Description
 
-Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.
+Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.
 
 ### POC
 

2022/CVE-2022-1093.md

@@ -0,0 +1,17 @@
+### [CVE-2022-1093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1093)
+![](https://img.shields.io/static/v1?label=Product&message=WP%20Meta%20SEO&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.4.7%3C%204.4.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/57017050-811e-474d-8256-33d19d4c0553
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-1536.md

@@ -11,6 +11,7 @@ A vulnerability has been found in automad up to 1.10.9 and classified as problem
 
 #### Reference
 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md
+- https://vuldb.com/?id.198706
 
 #### Github
 No PoCs found on GitHub currently.

2022/CVE-2022-41073.md

@@ -49,7 +49,7 @@ Windows Print Spooler Elevation of Privilege Vulnerability
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-20854.md

@@ -0,0 +1,17 @@
+### [CVE-2023-20854](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20854)
+![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workstation&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20file%20deletion%20vulnerability&color=brighgreen)
+
+### Description
+
+VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.
+
+### POC
+
+#### Reference
+- https://www.vmware.com/security/advisories/VMSA-2023-0003.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-20900.md

@@ -6,7 +6,7 @@
 
 ### Description
 
-VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.
+A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
 
 ### POC
 

2023/CVE-2023-23333.md

@@ -10,6 +10,7 @@ There is a command injection vulnerability in SolarView Compact through 6.00, at
 ### POC
 
 #### Reference
+- http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html
 - https://github.com/Timorlover/CVE-2023-23333
 
 #### Github

2023/CVE-2023-30533.md

@@ -5,7 +5,7 @@
 
 ### Description
 
-SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file.
+SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.
 
 ### POC
 

2023/CVE-2023-35359.md

@@ -42,7 +42,7 @@ Windows Kernel Elevation of Privilege Vulnerability
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html
 
 #### Github
 - https://github.com/afine-com/research

2023/CVE-2023-36095.md

@@ -0,0 +1,17 @@
+### [CVE-2023-36095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36095)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, affected functions include from_math_prompt and from_colored_object_prompt.
+
+### POC
+
+#### Reference
+- http://langchain.com
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-39615.md

@@ -5,7 +5,7 @@
 
 ### Description
 
-Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.
+** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
 
 ### POC
 

2023/CVE-2023-41330.md

@@ -0,0 +1,17 @@
+### [CVE-2023-41330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41330)
+![](https://img.shields.io/static/v1?label=Product&message=snappy&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.4.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen)
+
+### Description
+
+knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page.## IssueOn March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check `if (\strpos($filename, 'phar://') === 0)` in the `prepareOutput` function to resolve this CVE, however if the user is able to control the second parameter of the `generateFromHtml()` function of Snappy, it will then be passed as the `$filename` parameter in the `prepareOutput()` function. In the original vulnerability, a file name with a `phar://` wrapper could be sent to the `fileExists()` function, equivalent to the `file_exists()` PHP function. This allowed users to trigger a deserialization on arbitrary PHAR files. To fix this issue, the string is now passed to the `strpos()` function and if it starts with `phar://`, an exception is raised. However, PHP wrappers being case insensitive, this patch can be bypassed using `PHAR://` instead of `phar://`. A successful exploitation of this vulnerability allows executing arbitrary code and accessing the underlying filesystem. The attacker must be able to upload a file and the server must be running a PHP version prior to 8. This issue has been addressed in commit `d3b742d61a` which has been included in version 1.4.3. Users are advised to upgrade. Users unable to upgrade should ensure that only trusted users may submit data to the `AbstractGenerator->generate(...)` function.
+
+### POC
+
+#### Reference
+- https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -69373,6 +69373,7 @@ CVE-2021-36623 - https://www.exploit-db.com/exploits/50106
 CVE-2021-36624 - https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-36624
 CVE-2021-36624 - https://www.exploit-db.com/exploits/50105
 CVE-2021-3664 - https://huntr.dev/bounties/1625557993985-unshiftio/url-parse
+CVE-2021-36646 - https://github.com/kalcaddle/KodExplorer/issues/482
 CVE-2021-36654 - http://packetstormsecurity.com/files/163737/CMSuno-1.7-Cross-Site-Scripting.html
 CVE-2021-3666 - https://huntr.dev/bounties/1-other-fiznool/body-parser-xml
 CVE-2021-36665 - https://imhotepisinvisible.com/druva-lpe/
@@ -72272,6 +72273,7 @@ CVE-2022-1086 - https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.
 CVE-2022-1086 - https://vuldb.com/?id.195368
 CVE-2022-1087 - https://github.com/liaojia-99/project/blob/main/htmly/1.md
 CVE-2022-1087 - https://vuldb.com/?id.195203
+CVE-2022-1093 - https://wpscan.com/vulnerability/57017050-811e-474d-8256-33d19d4c0553
 CVE-2022-1094 - https://wpscan.com/vulnerability/3c03816b-e381-481c-b9f5-63d0c24ff329
 CVE-2022-1106 - https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f
 CVE-2022-1115 - https://github.com/ImageMagick/ImageMagick/issues/4974
@@ -72427,6 +72429,7 @@ CVE-2022-1531 - https://huntr.dev/bounties/fc4eb544-ef1e-412d-9fdb-0ceb04e038fe
 CVE-2022-1533 - https://huntr.dev/bounties/cb574ce1-fbf7-42ea-9e6a-91e17adecdc3
 CVE-2022-1534 - https://huntr.dev/bounties/9a90ffa1-38f5-4685-9c00-68ba9068ce3d
 CVE-2022-1536 - https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/automad%3C%3D1.10.9%20Stored%20Cross-Site%20Scripting(XSS).md
+CVE-2022-1536 - https://vuldb.com/?id.198706
 CVE-2022-1537 - https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d
 CVE-2022-1543 - https://huntr.dev/bounties/9889d435-3b9c-4e9d-93bc-5272e0723f9f
 CVE-2022-1544 - https://huntr.dev/bounties/fa6d6e75-bc7a-40f6-9bdd-2541318912d4
@@ -77413,6 +77416,7 @@ CVE-2022-41040 - https://www.secpod.com/blog/microsoft-november-2022-patch-tuesd
 CVE-2022-4105 - https://huntr.dev/bounties/386417e9-0cd5-4d80-8137-b0fd5c30b8f8
 CVE-2022-41057 - http://packetstormsecurity.com/files/170128/SentinelOne-sentinelagent-22.3.2.5-Privilege-Escalation.html
 CVE-2022-41057 - http://packetstormsecurity.com/files/170128/Windows-HTTP.SYS-Kerberos-PAC-Verification-Bypass-Privilege-Escalation.html
+CVE-2022-41073 - http://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html
 CVE-2022-41082 - http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
 CVE-2022-41082 - https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/
 CVE-2022-4111 - https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d
@@ -79393,6 +79397,7 @@ CVE-2023-20593 - http://www.openwall.com/lists/oss-security/2023/07/24/3
 CVE-2023-2068 - http://packetstormsecurity.com/files/173735/WordPress-File-Manager-Advanced-Shortcode-2.3.2-Remote-Code-Execution.html
 CVE-2023-2069 - https://gitlab.com/gitlab-org/gitlab/-/issues/407374
 CVE-2023-2074 - https://github.com/E1CHO/cve_hub/blob/main/Online%20Traffic%20Offense%20Management%20System/Online%20Traffic%20Offense%20Management%20System%20-%20vuln%202.pdf
+CVE-2023-20854 - https://www.vmware.com/security/advisories/VMSA-2023-0003.html
 CVE-2023-20857 - http://packetstormsecurity.com/files/171158/VMware-Security-Advisory-2023-0006.html
 CVE-2023-20887 - http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html
 CVE-2023-20894 - https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1658
@@ -79591,6 +79596,7 @@ CVE-2023-23326 - https://github.com/superkojiman/vulnerabilities/blob/master/Ava
 CVE-2023-23327 - https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
 CVE-2023-23328 - https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
 CVE-2023-23331 - https://0xhunter20.medium.com/how-i-found-my-first-blind-sql-injection-cve-2023-23331-aef103a7f73c
+CVE-2023-23333 - http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html
 CVE-2023-23333 - https://github.com/Timorlover/CVE-2023-23333
 CVE-2023-2336 - https://huntr.dev/bounties/af764624-7746-4f53-8480-85348dbb4f14
 CVE-2023-2338 - https://huntr.dev/bounties/bbf59fa7-cf5b-4945-81b0-328adc710462
@@ -81391,6 +81397,7 @@ CVE-2023-35356 - http://packetstormsecurity.com/files/174115/Microsoft-Windows-K
 CVE-2023-35356 - http://packetstormsecurity.com/files/174118/Microsoft-Windows-Kernel-Security-Descriptor-Use-After-Free.html
 CVE-2023-35357 - http://packetstormsecurity.com/files/174116/Microsoft-Windows-Kernel-Unsafe-Reference.html
 CVE-2023-35358 - http://packetstormsecurity.com/files/174117/Microsoft-Windows-Kernel-Unsafe-Reference.html
+CVE-2023-35359 - http://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html
 CVE-2023-35382 - http://packetstormsecurity.com/files/174450/Microsoft-Windows-Kernel-Use-After-Free.html
 CVE-2023-3551 - https://huntr.dev/bounties/cf8878ff-6cd9-49be-b313-7ac2a94fc7f7
 CVE-2023-3552 - https://huntr.dev/bounties/aeb2f43f-0602-4ac6-9685-273e87ff4ded
@@ -81430,6 +81437,7 @@ CVE-2023-35932 - https://github.com/tanghaibao/jcvi/security/advisories/GHSA-x49
 CVE-2023-35945 - https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
 CVE-2023-3599 - https://github.com/movonow/demo/blob/main/click_fees.md
 CVE-2023-36093 - https://github.com/weng-xianhu/eyoucms/issues/44
+CVE-2023-36095 - http://langchain.com
 CVE-2023-36118 - http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.html
 CVE-2023-36119 - https://nvd.nist.gov/vuln/detail/CVE-2023-0527
 CVE-2023-36121 - https://www.exploit-db.com/exploits/51449
@@ -81754,6 +81762,7 @@ CVE-2023-4124 - https://huntr.dev/bounties/2c684f99-d181-4106-8ee2-64a76ae6a348
 CVE-2023-4125 - https://huntr.dev/bounties/85bfd18f-8d3b-4154-8b7b-1f8fcf704e28
 CVE-2023-4126 - https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5
 CVE-2023-4127 - https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba
+CVE-2023-41330 - https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
 CVE-2023-4136 - http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripting.html
 CVE-2023-41364 - https://herolab.usd.de/security-advisories/usd-2023-0002/
 CVE-2023-4138 - https://huntr.dev/bounties/1b1fa915-d588-4bb1-9e82-6a6be79befed