From 5ff274872b6ccd52a9147588dca5be45a010e157 Mon Sep 17 00:00:00 2001 From: trickest-workflows Date: Wed, 1 May 2024 18:04:04 +0000 Subject: [PATCH] Update Wed May 1 18:04:03 UTC 2024 --- 2012/CVE-2012-5688.md | 2 +- 2015/CVE-2015-2180.md | 2 +- 2015/CVE-2015-2181.md | 17 +++++++++++++++++ 2015/CVE-2015-7297.md | 1 + 2015/CVE-2015-7857.md | 1 + 2015/CVE-2015-7858.md | 1 + 2019/CVE-2019-5736.md | 1 + 2020/CVE-2020-15157.md | 1 + 2020/CVE-2020-1947.md | 1 + 2020/CVE-2020-24186.md | 1 + 2020/CVE-2020-24490.md | 2 ++ 2021/CVE-2021-4034.md | 1 + 2021/CVE-2021-44228.md | 1 + 2024/CVE-2024-1698.md | 1 + 2024/CVE-2024-21006.md | 1 + 2024/CVE-2024-21345.md | 3 +++ 2024/CVE-2024-22403.md | 17 +++++++++++++++++ 2024/CVE-2024-26218.md | 3 +++ 2024/CVE-2024-27956.md | 2 ++ 2024/CVE-2024-28978.md | 17 +++++++++++++++++ 2024/CVE-2024-28979.md | 17 +++++++++++++++++ 2024/CVE-2024-32766.md | 1 + 2024/CVE-2024-33566.md | 17 +++++++++++++++++ 2024/CVE-2024-33763.md | 17 +++++++++++++++++ 2024/CVE-2024-33764.md | 17 +++++++++++++++++ 2024/CVE-2024-33766.md | 17 +++++++++++++++++ 2024/CVE-2024-33767.md | 17 +++++++++++++++++ 2024/CVE-2024-33768.md | 17 +++++++++++++++++ 2024/CVE-2024-4040.md | 1 + github.txt | 34 ++++++++++++++++++++++++++++++++++ references.txt | 3 +++ 31 files changed, 232 insertions(+), 2 deletions(-) create mode 100644 2015/CVE-2015-2181.md create mode 100644 2024/CVE-2024-22403.md create mode 100644 2024/CVE-2024-28978.md create mode 100644 2024/CVE-2024-28979.md create mode 100644 2024/CVE-2024-33566.md create mode 100644 2024/CVE-2024-33763.md create mode 100644 2024/CVE-2024-33764.md create mode 100644 2024/CVE-2024-33766.md create mode 100644 2024/CVE-2024-33767.md create mode 100644 2024/CVE-2024-33768.md diff --git a/2012/CVE-2012-5688.md b/2012/CVE-2012-5688.md index f3157bc980..8eb4ee282c 100644 --- a/2012/CVE-2012-5688.md +++ b/2012/CVE-2012-5688.md @@ -10,7 +10,7 @@ ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, ### POC #### Reference -No PoCs from references. +- http://www.ubuntu.com/usn/USN-1657-1 #### Github - https://github.com/Reverier-Xu/bind-EDNS-client-subnet-patched diff --git a/2015/CVE-2015-2180.md b/2015/CVE-2015-2180.md index 26734724fc..6118793f9d 100644 --- a/2015/CVE-2015-2180.md +++ b/2015/CVE-2015-2180.md @@ -10,7 +10,7 @@ The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote ### POC #### Reference -No PoCs from references. +- https://github.com/roundcube/roundcubemail/issues/4757 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2015/CVE-2015-2181.md b/2015/CVE-2015-2181.md new file mode 100644 index 0000000000..3562e416fb --- /dev/null +++ b/2015/CVE-2015-2181.md @@ -0,0 +1,17 @@ +### [CVE-2015-2181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2181) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. + +### POC + +#### Reference +- https://github.com/roundcube/roundcubemail/issues/4757 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2015/CVE-2015-7297.md b/2015/CVE-2015-7297.md index 927cd7e3a1..f8d73c7462 100644 --- a/2015/CVE-2015-7297.md +++ b/2015/CVE-2015-7297.md @@ -30,6 +30,7 @@ SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers - https://github.com/Youhoohoo/maltrail-iie - https://github.com/a-belard/maltrail - https://github.com/areaventuno/exploit-joomla +- https://github.com/dhruvbhaiji/Maltrail-IDS - https://github.com/hxp2k6/https-github.com-stamparm-maltrail - https://github.com/jweny/pocassistdb - https://github.com/khanzjob/maltrail diff --git a/2015/CVE-2015-7857.md b/2015/CVE-2015-7857.md index 639853b767..be69c54250 100644 --- a/2015/CVE-2015-7857.md +++ b/2015/CVE-2015-7857.md @@ -27,6 +27,7 @@ SQL injection vulnerability in the getListQuery function in administrator/compon - https://github.com/Youhoohoo/maltrail-iie - https://github.com/a-belard/maltrail - https://github.com/areaventuno/exploit-joomla +- https://github.com/dhruvbhaiji/Maltrail-IDS - https://github.com/hxp2k6/https-github.com-stamparm-maltrail - https://github.com/khanzjob/maltrail - https://github.com/mukarramkhalid/joomla-sqli-mass-exploit diff --git a/2015/CVE-2015-7858.md b/2015/CVE-2015-7858.md index 1eb34151d9..9a0d968639 100644 --- a/2015/CVE-2015-7858.md +++ b/2015/CVE-2015-7858.md @@ -27,6 +27,7 @@ SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers - https://github.com/Youhoohoo/maltrail-iie - https://github.com/a-belard/maltrail - https://github.com/areaventuno/exploit-joomla +- https://github.com/dhruvbhaiji/Maltrail-IDS - https://github.com/hxp2k6/https-github.com-stamparm-maltrail - https://github.com/khanzjob/maltrail - https://github.com/mukarramkhalid/joomla-sqli-mass-exploit diff --git a/2019/CVE-2019-5736.md b/2019/CVE-2019-5736.md index 92ab023429..d3fd782ce5 100644 --- a/2019/CVE-2019-5736.md +++ b/2019/CVE-2019-5736.md @@ -62,6 +62,7 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow - https://github.com/Metarget/cloud-native-security-book - https://github.com/Metarget/k0otkit - https://github.com/Metarget/metarget +- https://github.com/MrHyperIon101/docker-security - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/PercussiveElbow/docker-escape-tool - https://github.com/PercussiveElbow/docker-security-checklist diff --git a/2020/CVE-2020-15157.md b/2020/CVE-2020-15157.md index 40a0b02a0e..01e1c6e023 100644 --- a/2020/CVE-2020-15157.md +++ b/2020/CVE-2020-15157.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/MrHyperIon101/docker-security - https://github.com/Petes77/Docker-Security - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground diff --git a/2020/CVE-2020-1947.md b/2020/CVE-2020-1947.md index 70292c2340..ed74d310d9 100644 --- a/2020/CVE-2020-1947.md +++ b/2020/CVE-2020-1947.md @@ -30,6 +30,7 @@ No PoCs from references. - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/PalindromeLabs/Java-Deserialization-CVEs - https://github.com/SexyBeast233/SecBooks +- https://github.com/StarkChristmas/CVE-2020-1947 - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hasee2018/Penetration_Testing_POC diff --git a/2020/CVE-2020-24186.md b/2020/CVE-2020-24186.md index cdf398b13a..29f134d562 100644 --- a/2020/CVE-2020-24186.md +++ b/2020/CVE-2020-24186.md @@ -21,6 +21,7 @@ A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/Sakura-501/CVE-2020-24186-exploit - https://github.com/Shamsuzzaman321/Wordpress-Exploit-AiO-Package +- https://github.com/Whiteh4tWolf/wordpress_shell_upload - https://github.com/ait-aecid/kyoushi-environment - https://github.com/h3v0x/CVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE - https://github.com/hev0x/CVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE diff --git a/2020/CVE-2020-24490.md b/2020/CVE-2020-24490.md index 6525eb92d0..72df584717 100644 --- a/2020/CVE-2020-24490.md +++ b/2020/CVE-2020-24490.md @@ -14,6 +14,8 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/AbrarKhan/Linux-4.19.72_CVE-2020-24490 +- https://github.com/AbrarKhan/linux_CVE-2020-24490-beforePatch - https://github.com/Charmve/BLE-Security-Attack-Defence - https://github.com/Dikens88/hopp - https://github.com/H4lo/awesome-IoT-security-article diff --git a/2021/CVE-2021-4034.md b/2021/CVE-2021-4034.md index 2e371203e8..948d24b924 100644 --- a/2021/CVE-2021-4034.md +++ b/2021/CVE-2021-4034.md @@ -375,6 +375,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/windware1203/InfoSec_study - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- - https://github.com/wongwaituck/CVE-2021-4034 +- https://github.com/wrdz13/YearOfTheRabbit-thm - https://github.com/wudicainiao/cve-2021-4034 - https://github.com/x04000/AutoPwnkit - https://github.com/x04000/CVE-2021-4034 diff --git a/2021/CVE-2021-44228.md b/2021/CVE-2021-44228.md index db18277255..81982bd920 100644 --- a/2021/CVE-2021-44228.md +++ b/2021/CVE-2021-44228.md @@ -246,6 +246,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/Ibrahim0963/Web-Pentesting-Resources - https://github.com/Ilovewomen/db_script_v2 - https://github.com/Ilovewomen/db_script_v2_2 +- https://github.com/InfoSecInnovations/Sentinel-Service-Offering - https://github.com/ItsCbass/CVE-2021-44228 - https://github.com/IvanBlanquez/aws-training-resources - https://github.com/J0B10/Minzomat diff --git a/2024/CVE-2024-1698.md b/2024/CVE-2024-1698.md index 762c7cf8dc..8911e6cf94 100644 --- a/2024/CVE-2024-1698.md +++ b/2024/CVE-2024-1698.md @@ -18,4 +18,5 @@ No PoCs from references. - https://github.com/kamranhasan/CVE-2024-1698-Exploit - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-21006.md b/2024/CVE-2024-21006.md index 09fa3bc02c..9f65e2c515 100644 --- a/2024/CVE-2024-21006.md +++ b/2024/CVE-2024-21006.md @@ -13,5 +13,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware No PoCs from references. #### Github +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-21345.md b/2024/CVE-2024-21345.md index 7a943e857f..8ec0556763 100644 --- a/2024/CVE-2024-21345.md +++ b/2024/CVE-2024-21345.md @@ -14,8 +14,11 @@ No PoCs from references. #### Github - https://github.com/FoxyProxys/CVE-2024-21345 +- https://github.com/aneasystone/github-trending - https://github.com/exploits-forsale/24h2-nt-exploit - https://github.com/exploits-forsale/CVE-2024-21345 +- https://github.com/fireinrain/github-trending +- https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-22403.md b/2024/CVE-2024-22403.md new file mode 100644 index 0000000000..efc0b712fc --- /dev/null +++ b/2024/CVE-2024-22403.md @@ -0,0 +1,17 @@ +### [CVE-2024-22403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22403) +![](https://img.shields.io/static/v1?label=Product&message=security-advisories&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2028.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-613%3A%20Insufficient%20Session%20Expiration&color=brighgreen) + +### Description + +Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-26218.md b/2024/CVE-2024-26218.md index e13e62b121..8248996391 100644 --- a/2024/CVE-2024-26218.md +++ b/2024/CVE-2024-26218.md @@ -30,7 +30,10 @@ Windows Kernel Elevation of Privilege Vulnerability No PoCs from references. #### Github +- https://github.com/aneasystone/github-trending - https://github.com/exploits-forsale/CVE-2024-26218 +- https://github.com/fireinrain/github-trending +- https://github.com/jafshare/GithubTrending - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-27956.md b/2024/CVE-2024-27956.md index 6e48744cc3..9b04f777ed 100644 --- a/2024/CVE-2024-27956.md +++ b/2024/CVE-2024-27956.md @@ -15,5 +15,7 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tanjiti/sec_profile - https://github.com/truonghuuphuc/CVE-2024-27956 +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-28978.md b/2024/CVE-2024-28978.md new file mode 100644 index 0000000000..4b45035742 --- /dev/null +++ b/2024/CVE-2024-28978.md @@ -0,0 +1,17 @@ +### [CVE-2024-28978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28978) +![](https://img.shields.io/static/v1?label=Product&message=Dell%20OpenManage%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +Dell OpenManage Enterprise, versions 3.10 and 4.0, contains an Improper Access Control vulnerability. A high privileged remote attacker could potentially exploit this vulnerability, leading to unauthorized access to resources. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-28979.md b/2024/CVE-2024-28979.md new file mode 100644 index 0000000000..5569895a64 --- /dev/null +++ b/2024/CVE-2024-28979.md @@ -0,0 +1,17 @@ +### [CVE-2024-28979](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28979) +![](https://img.shields.io/static/v1?label=Product&message=Dell%20OpenManage%20Enterprise&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%204.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Dell OpenManage Enterprise, versions prior to 4.1.0, contains an XSS injection vulnerability in UI. A high privileged local attacker could potentially exploit this vulnerability, leading to JavaScript injection. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-32766.md b/2024/CVE-2024-32766.md index 26383368f7..7bda6cc362 100644 --- a/2024/CVE-2024-32766.md +++ b/2024/CVE-2024-32766.md @@ -20,4 +20,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/p3c34r7/CVE-2024-32766-POC diff --git a/2024/CVE-2024-33566.md b/2024/CVE-2024-33566.md new file mode 100644 index 0000000000..777f4ef481 --- /dev/null +++ b/2024/CVE-2024-33566.md @@ -0,0 +1,17 @@ +### [CVE-2024-33566](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33566) +![](https://img.shields.io/static/v1?label=Product&message=OrderConvo&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/absholi7ly/absholi7ly + diff --git a/2024/CVE-2024-33763.md b/2024/CVE-2024-33763.md new file mode 100644 index 0000000000..8ba093579b --- /dev/null +++ b/2024/CVE-2024-33763.md @@ -0,0 +1,17 @@ +### [CVE-2024-33763](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33763) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-33764.md b/2024/CVE-2024-33764.md new file mode 100644 index 0000000000..7dc6991085 --- /dev/null +++ b/2024/CVE-2024-33764.md @@ -0,0 +1,17 @@ +### [CVE-2024-33764](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33764) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +lunasvg v2.3.9 was discovered to contain a stack-overflow at lunasvg/source/element.h. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-33766.md b/2024/CVE-2024-33766.md new file mode 100644 index 0000000000..fd8b745cec --- /dev/null +++ b/2024/CVE-2024-33766.md @@ -0,0 +1,17 @@ +### [CVE-2024-33766](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33766) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-33767.md b/2024/CVE-2024-33767.md new file mode 100644 index 0000000000..3ffe8df8fb --- /dev/null +++ b/2024/CVE-2024-33767.md @@ -0,0 +1,17 @@ +### [CVE-2024-33767](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33767) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-33768.md b/2024/CVE-2024-33768.md new file mode 100644 index 0000000000..c50cdf874a --- /dev/null +++ b/2024/CVE-2024-33768.md @@ -0,0 +1,17 @@ +### [CVE-2024-33768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33768) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-4040.md b/2024/CVE-2024-4040.md index 9775c544b4..c28b7cbbb4 100644 --- a/2024/CVE-2024-4040.md +++ b/2024/CVE-2024-4040.md @@ -18,6 +18,7 @@ A server side template injection vulnerability in CrushFTP in all versions befor - https://github.com/Praison001/CVE-2024-4040-CrushFTP-server - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC +- https://github.com/absholi7ly/absholi7ly - https://github.com/airbus-cert/CVE-2024-4040 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/getdrive/PoC diff --git a/github.txt b/github.txt index 1391df9494..f97fa78790 100644 --- a/github.txt +++ b/github.txt @@ -18170,6 +18170,7 @@ CVE-2015-7297 - https://github.com/RsbCode/maltrail CVE-2015-7297 - https://github.com/Youhoohoo/maltrail-iie CVE-2015-7297 - https://github.com/a-belard/maltrail CVE-2015-7297 - https://github.com/areaventuno/exploit-joomla +CVE-2015-7297 - https://github.com/dhruvbhaiji/Maltrail-IDS CVE-2015-7297 - https://github.com/hxp2k6/https-github.com-stamparm-maltrail CVE-2015-7297 - https://github.com/jweny/pocassistdb CVE-2015-7297 - https://github.com/khanzjob/maltrail @@ -18603,6 +18604,7 @@ CVE-2015-7857 - https://github.com/RsbCode/maltrail CVE-2015-7857 - https://github.com/Youhoohoo/maltrail-iie CVE-2015-7857 - https://github.com/a-belard/maltrail CVE-2015-7857 - https://github.com/areaventuno/exploit-joomla +CVE-2015-7857 - https://github.com/dhruvbhaiji/Maltrail-IDS CVE-2015-7857 - https://github.com/hxp2k6/https-github.com-stamparm-maltrail CVE-2015-7857 - https://github.com/khanzjob/maltrail CVE-2015-7857 - https://github.com/mukarramkhalid/joomla-sqli-mass-exploit @@ -18620,6 +18622,7 @@ CVE-2015-7858 - https://github.com/RsbCode/maltrail CVE-2015-7858 - https://github.com/Youhoohoo/maltrail-iie CVE-2015-7858 - https://github.com/a-belard/maltrail CVE-2015-7858 - https://github.com/areaventuno/exploit-joomla +CVE-2015-7858 - https://github.com/dhruvbhaiji/Maltrail-IDS CVE-2015-7858 - https://github.com/hxp2k6/https-github.com-stamparm-maltrail CVE-2015-7858 - https://github.com/khanzjob/maltrail CVE-2015-7858 - https://github.com/mukarramkhalid/joomla-sqli-mass-exploit @@ -70312,6 +70315,7 @@ CVE-2019-5736 - https://github.com/Metarget/awesome-cloud-native-security CVE-2019-5736 - https://github.com/Metarget/cloud-native-security-book CVE-2019-5736 - https://github.com/Metarget/k0otkit CVE-2019-5736 - https://github.com/Metarget/metarget +CVE-2019-5736 - https://github.com/MrHyperIon101/docker-security CVE-2019-5736 - https://github.com/NetW0rK1le3r/awesome-hacking-lists CVE-2019-5736 - https://github.com/PercussiveElbow/docker-escape-tool CVE-2019-5736 - https://github.com/PercussiveElbow/docker-security-checklist @@ -80953,6 +80957,7 @@ CVE-2020-15150 - https://github.com/404notf0und/CVE-Flow CVE-2020-15152 - https://github.com/ossf-cve-benchmark/CVE-2020-15152 CVE-2020-15156 - https://github.com/ossf-cve-benchmark/CVE-2020-15156 CVE-2020-15157 - https://github.com/ARPSyndicate/cvemon +CVE-2020-15157 - https://github.com/MrHyperIon101/docker-security CVE-2020-15157 - https://github.com/Petes77/Docker-Security CVE-2020-15157 - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground CVE-2020-15157 - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground @@ -83035,6 +83040,7 @@ CVE-2020-1947 - https://github.com/LubinLew/WEB-CVE CVE-2020-1947 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2020-1947 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs CVE-2020-1947 - https://github.com/SexyBeast233/SecBooks +CVE-2020-1947 - https://github.com/StarkChristmas/CVE-2020-1947 CVE-2020-1947 - https://github.com/YIXINSHUWU/Penetration_Testing_POC CVE-2020-1947 - https://github.com/developer3000S/PoC-in-GitHub CVE-2020-1947 - https://github.com/hasee2018/Penetration_Testing_POC @@ -83853,6 +83859,7 @@ CVE-2020-24186 - https://github.com/ARPSyndicate/kenzer-templates CVE-2020-24186 - https://github.com/Elsfa7-110/kenzer-templates CVE-2020-24186 - https://github.com/Sakura-501/CVE-2020-24186-exploit CVE-2020-24186 - https://github.com/Shamsuzzaman321/Wordpress-Exploit-AiO-Package +CVE-2020-24186 - https://github.com/Whiteh4tWolf/wordpress_shell_upload CVE-2020-24186 - https://github.com/ait-aecid/kyoushi-environment CVE-2020-24186 - https://github.com/h3v0x/CVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE CVE-2020-24186 - https://github.com/hev0x/CVE-2020-24186-WordPress-wpDiscuz-7.0.4-RCE @@ -83963,6 +83970,8 @@ CVE-2020-24445 - https://github.com/ARPSyndicate/cvemon CVE-2020-24445 - https://github.com/Live-Hack-CVE/CVE-2020-24445 CVE-2020-24489 - https://github.com/ARPSyndicate/cvemon CVE-2020-24490 - https://github.com/ARPSyndicate/cvemon +CVE-2020-24490 - https://github.com/AbrarKhan/Linux-4.19.72_CVE-2020-24490 +CVE-2020-24490 - https://github.com/AbrarKhan/linux_CVE-2020-24490-beforePatch CVE-2020-24490 - https://github.com/Charmve/BLE-Security-Attack-Defence CVE-2020-24490 - https://github.com/Dikens88/hopp CVE-2020-24490 - https://github.com/H4lo/awesome-IoT-security-article @@ -108146,6 +108155,7 @@ CVE-2021-4034 - https://github.com/whokilleddb/CVE-2021-4034 CVE-2021-4034 - https://github.com/windware1203/InfoSec_study CVE-2021-4034 - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- CVE-2021-4034 - https://github.com/wongwaituck/CVE-2021-4034 +CVE-2021-4034 - https://github.com/wrdz13/YearOfTheRabbit-thm CVE-2021-4034 - https://github.com/wudicainiao/cve-2021-4034 CVE-2021-4034 - https://github.com/x04000/AutoPwnkit CVE-2021-4034 - https://github.com/x04000/CVE-2021-4034 @@ -112147,6 +112157,7 @@ CVE-2021-44228 - https://github.com/ITninja04/awesome-stars CVE-2021-44228 - https://github.com/Ibrahim0963/Web-Pentesting-Resources CVE-2021-44228 - https://github.com/Ilovewomen/db_script_v2 CVE-2021-44228 - https://github.com/Ilovewomen/db_script_v2_2 +CVE-2021-44228 - https://github.com/InfoSecInnovations/Sentinel-Service-Offering CVE-2021-44228 - https://github.com/ItsCbass/CVE-2021-44228 CVE-2021-44228 - https://github.com/IvanBlanquez/aws-training-resources CVE-2021-44228 - https://github.com/J0B10/Minzomat @@ -135929,6 +135940,7 @@ CVE-2023-20032 - https://github.com/karimhabush/cyberowl CVE-2023-20032 - https://github.com/marekbeckmann/Clamav-Installation-Script CVE-2023-20043 - https://github.com/Live-Hack-CVE/CVE-2023-20043 CVE-2023-20048 - https://github.com/0zer0d4y/FuegoTest +CVE-2023-20048 - https://github.com/absholi7ly/absholi7ly CVE-2023-20048 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-20052 - https://github.com/ARPSyndicate/cvemon CVE-2023-20052 - https://github.com/CVEDB/awesome-cve-repo @@ -141139,6 +141151,7 @@ CVE-2023-34051 - https://github.com/sampsonv/github-trending CVE-2023-34051 - https://github.com/tanjiti/sec_profile CVE-2023-34053 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-3406 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-34060 - https://github.com/absholi7ly/absholi7ly CVE-2023-34062 - https://github.com/chainguard-dev/pombump CVE-2023-34062 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-34062 - https://github.com/tanjiti/sec_profile @@ -153457,6 +153470,7 @@ CVE-2024-1698 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1698 - https://github.com/kamranhasan/CVE-2024-1698-Exploit CVE-2024-1698 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-1698 - https://github.com/tanjiti/sec_profile +CVE-2024-1698 - https://github.com/wy876/POC CVE-2024-1700 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1701 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1708 - https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE @@ -153964,6 +153978,7 @@ CVE-2024-20983 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20984 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20985 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20986 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21006 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-21006 - https://github.com/tanjiti/sec_profile CVE-2024-21007 - https://github.com/tanjiti/sec_profile CVE-2024-21011 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -154048,8 +154063,11 @@ CVE-2024-2134 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21341 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21342 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21345 - https://github.com/FoxyProxys/CVE-2024-21345 +CVE-2024-21345 - https://github.com/aneasystone/github-trending CVE-2024-21345 - https://github.com/exploits-forsale/24h2-nt-exploit CVE-2024-21345 - https://github.com/exploits-forsale/CVE-2024-21345 +CVE-2024-21345 - https://github.com/fireinrain/github-trending +CVE-2024-21345 - https://github.com/jafshare/GithubTrending CVE-2024-21345 - https://github.com/johe123qwe/github-trending CVE-2024-21345 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-2135 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities @@ -154661,6 +154679,7 @@ CVE-2024-22397 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22398 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22401 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22402 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-22403 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22404 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2241 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22410 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -156397,7 +156416,10 @@ CVE-2024-26209 - https://github.com/EvanMcBroom/pocs CVE-2024-2621 - https://github.com/NaInSec/CVE-LIST CVE-2024-2621 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2621 - https://github.com/tanjiti/sec_profile +CVE-2024-26218 - https://github.com/aneasystone/github-trending CVE-2024-26218 - https://github.com/exploits-forsale/CVE-2024-26218 +CVE-2024-26218 - https://github.com/fireinrain/github-trending +CVE-2024-26218 - https://github.com/jafshare/GithubTrending CVE-2024-26218 - https://github.com/johe123qwe/github-trending CVE-2024-26218 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-26218 - https://github.com/tanjiti/sec_profile @@ -157063,7 +157085,9 @@ CVE-2024-27954 - https://github.com/wjlin0/poc-doc CVE-2024-27954 - https://github.com/wy876/POC CVE-2024-27956 - https://github.com/NaInSec/CVE-LIST CVE-2024-27956 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-27956 - https://github.com/tanjiti/sec_profile CVE-2024-27956 - https://github.com/truonghuuphuc/CVE-2024-27956 +CVE-2024-27956 - https://github.com/wy876/POC CVE-2024-27957 - https://github.com/NaInSec/CVE-LIST CVE-2024-27958 - https://github.com/NaInSec/CVE-LIST CVE-2024-27959 - https://github.com/NaInSec/CVE-LIST @@ -157543,6 +157567,8 @@ CVE-2024-2893 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2894 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2895 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2896 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28978 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28979 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29003 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29009 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29018 - https://github.com/NaInSec/CVE-LIST @@ -158602,6 +158628,7 @@ CVE-2024-32746 - https://github.com/adiapera/xss_menu_page_wondercms_3.4.3 CVE-2024-32764 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32766 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32766 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-32766 - https://github.com/p3c34r7/CVE-2024-32766-POC CVE-2024-32773 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32793 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32794 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -158652,6 +158679,7 @@ CVE-2024-33386 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-33438 - https://github.com/julio-cfa/CVE-2024-33438 CVE-2024-33438 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-33465 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33566 - https://github.com/absholi7ly/absholi7ly CVE-2024-3358 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3359 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33592 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -158678,6 +158706,11 @@ CVE-2024-33695 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33696 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33697 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3371 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33763 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33764 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33766 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33767 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33768 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3378 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3381 - https://github.com/stayfesch/Get-PANOS-Advisories CVE-2024-3382 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -158868,6 +158901,7 @@ CVE-2024-4040 - https://github.com/Mufti22/CVE-2024-4040 CVE-2024-4040 - https://github.com/Praison001/CVE-2024-4040-CrushFTP-server CVE-2024-4040 - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI CVE-2024-4040 - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC +CVE-2024-4040 - https://github.com/absholi7ly/absholi7ly CVE-2024-4040 - https://github.com/airbus-cert/CVE-2024-4040 CVE-2024-4040 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4040 - https://github.com/getdrive/PoC diff --git a/references.txt b/references.txt index 61df504d85..07854c3e5f 100644 --- a/references.txt +++ b/references.txt @@ -22117,6 +22117,7 @@ CVE-2012-5667 - https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473 CVE-2012-5683 - http://packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html CVE-2012-5684 - http://packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html CVE-2012-5687 - http://packetstormsecurity.org/files/117749/TP-LINK-TL-WR841N-Local-File-Inclusion.html +CVE-2012-5688 - http://www.ubuntu.com/usn/USN-1657-1 CVE-2012-5700 - http://www.exploit-db.com/exploits/22741 CVE-2012-5701 - http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html CVE-2012-5703 - http://www.coresecurity.com/content/vmware-esx-input-validation-error @@ -32193,6 +32194,8 @@ CVE-2015-2169 - http://seclists.org/fulldisclosure/2015/Jun/74 CVE-2015-2169 - http://techtootech.blogspot.in/2015/06/found-xss-vulnerability-in-manage.html CVE-2015-2169 - https://www.exploit-db.com/exploits/37395/ CVE-2015-2177 - https://www.exploit-db.com/exploits/44802/ +CVE-2015-2180 - https://github.com/roundcube/roundcubemail/issues/4757 +CVE-2015-2181 - https://github.com/roundcube/roundcubemail/issues/4757 CVE-2015-2182 - http://packetstormsecurity.com/files/130487/Zeuscart-4-Cross-Site-Scripting-SQL-Injection.html CVE-2015-2182 - https://github.com/ZeusCart/zeuscart/issues/28 CVE-2015-2183 - http://packetstormsecurity.com/files/130487/Zeuscart-4-Cross-Site-Scripting-SQL-Injection.html