Skip to content

Commit

Permalink
Update Sat May 18 10:16:48 UTC 2024
Browse files Browse the repository at this point in the history
  • Loading branch information
@trickest-workflows
trickest-workflows committed May 18, 2024
1 parent bf01cd5 commit 7103711
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 1 deletion.
1 change: 1 addition & 0 deletions 2015/CVE-2015-1815.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot bef

#### Reference
- http://www.openwall.com/lists/oss-security/2015/03/26/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1203352
- https://www.exploit-db.com/exploits/36564/

#### Github
Expand Down
17 changes: 17 additions & 0 deletions 2018/CVE-2018-21216.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2018-21216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21216)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, and R6100 before 1.0.1.20.

### POC

#### Reference
- https://kb.netgear.com/000055121/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2485

#### Github
No PoCs found on GitHub currently.

17 changes: 17 additions & 0 deletions 2020/CVE-2020-19185.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2020-19185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19185)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

### POC

#### Reference
- https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md

#### Github
No PoCs found on GitHub currently.

1 change: 1 addition & 0 deletions 2022/CVE-2022-48164.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN
### POC

#### Reference
- https://docs.google.com/document/d/1JgqpBYRxyU0WKDSqkvi4Yo0723k7mrIUeuH9i1eEs8U/edit?usp=sharing
- https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK_WN533A8.md

#### Github
Expand Down
17 changes: 17 additions & 0 deletions 2024/CVE-2024-2153.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2024-2153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2153)
![](https://img.shields.io/static/v1?label=Product&message=Online%20Mobile%20Management%20Store&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)

### Description

A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255585 was assigned to this vulnerability.

### POC

#### Reference
- https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md

#### Github
No PoCs found on GitHub currently.

2 changes: 1 addition & 1 deletion 2024/CVE-2024-4966.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been class
### POC

#### Reference
No PoCs from references.
- https://github.com/CveSecLook/cve/issues/30

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Expand Down
6 changes: 6 additions & 0 deletions references.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32203,6 +32203,7 @@ CVE-2015-1804 - http://www.oracle.com/technetwork/topics/security/bulletinapr201
CVE-2015-1804 - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
CVE-2015-1805 - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
CVE-2015-1815 - http://www.openwall.com/lists/oss-security/2015/03/26/1
CVE-2015-1815 - https://bugzilla.redhat.com/show_bug.cgi?id=1203352
CVE-2015-1815 - https://www.exploit-db.com/exploits/36564/
CVE-2015-1819 - http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
CVE-2015-1819 - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Expand Down Expand Up @@ -52257,6 +52258,7 @@ CVE-2018-21211 - https://kb.netgear.com/000055138/Security-Advisory-for-Pre-Auth
CVE-2018-21212 - https://kb.netgear.com/000055137/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2490
CVE-2018-21214 - https://kb.netgear.com/000055123/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2488
CVE-2018-21215 - https://kb.netgear.com/000055122/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2486
CVE-2018-21216 - https://kb.netgear.com/000055121/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2485
CVE-2018-21217 - https://kb.netgear.com/000055120/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2484
CVE-2018-21218 - https://kb.netgear.com/000055119/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2483
CVE-2018-21221 - https://kb.netgear.com/000055116/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2459
Expand Down Expand Up @@ -65329,6 +65331,7 @@ CVE-2020-19131 - http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%
CVE-2020-19131 - http://bugzilla.maptools.org/show_bug.cgi?id=2831
CVE-2020-1915 - https://www.facebook.com/security/advisories/cve-2020-1915
CVE-2020-19165 - https://github.com/Mint60/PHP/issues/1
CVE-2020-19185 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md
CVE-2020-19186 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md
CVE-2020-19187 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc3.md
CVE-2020-19188 - https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc4.md
Expand Down Expand Up @@ -87377,6 +87380,7 @@ CVE-2022-4813 - https://huntr.dev/bounties/a24b45d8-554b-4131-8ce1-f33bf8cdbacc
CVE-2022-48130 - https://github.com/Stevenbaga/fengsha/blob/main/W20E/formSetStaticRoute.md
CVE-2022-4814 - https://huntr.dev/bounties/e65b3458-c2e2-4c0b-9029-e3c9ee015ae4
CVE-2022-48150 - https://github.com/sahilop123/-CVE-2022-48150
CVE-2022-48164 - https://docs.google.com/document/d/1JgqpBYRxyU0WKDSqkvi4Yo0723k7mrIUeuH9i1eEs8U/edit?usp=sharing
CVE-2022-48164 - https://github.com/strik3r0x1/Vulns/blob/main/WAVLINK_WN533A8.md
CVE-2022-48177 - http://packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html
CVE-2022-48178 - http://packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html
Expand Down Expand Up @@ -94220,6 +94224,7 @@ CVE-2024-21508 - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085
CVE-2024-21509 - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084
CVE-2024-21511 - https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046
CVE-2024-2152 - https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20Mobile%20Management%20Store.md
CVE-2024-2153 - https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md
CVE-2024-2154 - https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md
CVE-2024-2154 - https://vuldb.com/?id.255586
CVE-2024-2159 - https://wpscan.com/vulnerability/d7fa9849-c82a-4efd-84b6-9245053975ba/
Expand Down Expand Up @@ -96027,6 +96032,7 @@ CVE-2024-4855 - https://gitlab.com/wireshark/wireshark/-/issues/19782
CVE-2024-4855 - https://gitlab.com/wireshark/wireshark/-/issues/19783
CVE-2024-4855 - https://gitlab.com/wireshark/wireshark/-/issues/19784
CVE-2024-4860 - https://www.tenable.com/security/research/tra-2024-16
CVE-2024-4966 - https://github.com/CveSecLook/cve/issues/30
CVE-2024-5046 - https://github.com/CveSecLook/cve/issues/32
CVE-2024-5047 - https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md
CVE-2024-5048 - https://github.com/BurakSevben/CVEs/blob/main/Budget%20Management%20App/Budget%20Management%20App%20-%20SQL%20Injection%20-%201.md
Expand Down

0 comments on commit 7103711

Please sign in to comment.