Update Sat Jul 20 14:27:33 UTC 2024

2016/CVE-2016-1000109.md

@@ -32,6 +32,7 @@ HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and
 - https://github.com/creativ/docker-nginx-proxy
 - https://github.com/cryptoplay/docker-alpine-nginx-proxy
 - https://github.com/dlpnetworks/dlp-nginx-proxy
+- https://github.com/dmitriy-tkalich/docker-nginx-proxy
 - https://github.com/expoli/nginx-proxy-docker-image-builder
 - https://github.com/gabomasi/reverse-proxy
 - https://github.com/garnser/nginx-oidc-proxy

2016/CVE-2016-1000110.md

@@ -33,6 +33,7 @@ The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_P
 - https://github.com/creativ/docker-nginx-proxy
 - https://github.com/cryptoplay/docker-alpine-nginx-proxy
 - https://github.com/dlpnetworks/dlp-nginx-proxy
+- https://github.com/dmitriy-tkalich/docker-nginx-proxy
 - https://github.com/expoli/nginx-proxy-docker-image-builder
 - https://github.com/gabomasi/reverse-proxy
 - https://github.com/garnser/nginx-oidc-proxy

2016/CVE-2016-5385.md

@@ -43,6 +43,7 @@ PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace
 - https://github.com/creativ/docker-nginx-proxy
 - https://github.com/cryptoplay/docker-alpine-nginx-proxy
 - https://github.com/dlpnetworks/dlp-nginx-proxy
+- https://github.com/dmitriy-tkalich/docker-nginx-proxy
 - https://github.com/expoli/nginx-proxy-docker-image-builder
 - https://github.com/gabomasi/reverse-proxy
 - https://github.com/garnser/nginx-oidc-proxy

2016/CVE-2016-5386.md

@@ -36,6 +36,7 @@ The net/http package in Go through 1.6 does not attempt to address RFC 3875 sect
 - https://github.com/creativ/docker-nginx-proxy
 - https://github.com/cryptoplay/docker-alpine-nginx-proxy
 - https://github.com/dlpnetworks/dlp-nginx-proxy
+- https://github.com/dmitriy-tkalich/docker-nginx-proxy
 - https://github.com/expoli/nginx-proxy-docker-image-builder
 - https://github.com/gabomasi/reverse-proxy
 - https://github.com/garnser/nginx-oidc-proxy

2016/CVE-2016-5387.md

@@ -46,6 +46,7 @@ The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and theref
 - https://github.com/creativ/docker-nginx-proxy
 - https://github.com/cryptoplay/docker-alpine-nginx-proxy
 - https://github.com/dlpnetworks/dlp-nginx-proxy
+- https://github.com/dmitriy-tkalich/docker-nginx-proxy
 - https://github.com/expoli/nginx-proxy-docker-image-builder
 - https://github.com/firatesatoglu/shodanSearch
 - https://github.com/gabomasi/reverse-proxy

2016/CVE-2016-5388.md

@@ -36,6 +36,7 @@ Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is
 - https://github.com/creativ/docker-nginx-proxy
 - https://github.com/cryptoplay/docker-alpine-nginx-proxy
 - https://github.com/dlpnetworks/dlp-nginx-proxy
+- https://github.com/dmitriy-tkalich/docker-nginx-proxy
 - https://github.com/expoli/nginx-proxy-docker-image-builder
 - https://github.com/gabomasi/reverse-proxy
 - https://github.com/garnser/nginx-oidc-proxy

2016/CVE-2016-7478.md

@@ -11,6 +11,7 @@ Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13,
 
 #### Reference
 - https://bugs.php.net/bug.php?id=73093
+- https://www.youtube.com/watch?v=LDcaPstAuPk
 
 #### Github
 - https://github.com/syadg123/pigat

2016/CVE-2016-7479.md

@@ -11,6 +11,7 @@ In all versions of PHP 7, during the unserialization process, resizing the 'prop
 
 #### Reference
 - https://bugs.php.net/bug.php?id=73092
+- https://www.youtube.com/watch?v=LDcaPstAuPk
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2016/CVE-2016-7480.md

@@ -10,7 +10,7 @@ The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://www.youtube.com/watch?v=LDcaPstAuPk
 
 #### Github
 - https://github.com/ycamper/censys-scripts

2020/CVE-2020-6514.md

@@ -18,6 +18,7 @@ Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 al
 - https://github.com/HassanAzze/CVE-2020-6514
 - https://github.com/R0jhack/CVE-2020-6514
 - https://github.com/developer3000S/PoC-in-GitHub
+- https://github.com/hasan-khalil/CVE-2020-6514
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/rojhack/CVE-2020-6514

2024/CVE-2024-2337.md

@@ -0,0 +1,17 @@
+### [CVE-2024-2337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2337)
+![](https://img.shields.io/static/v1?label=Product&message=Easy%20Testimonials&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.9.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-37561.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37561)
+![](https://img.shields.io/static/v1?label=Product&message=Plugin%20Notes%20Plus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jamie Bergen Plugin Notes Plus allows Stored XSS.This issue affects Plugin Notes Plus: from n/a through 1.2.6.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37562.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37562)
+![](https://img.shields.io/static/v1?label=Product&message=Simple%20Post%20Notes&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.7.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BracketSpace Simple Post Notes allows Stored XSS.This issue affects Simple Post Notes: from n/a through 1.7.7.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37563.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37563)
+![](https://img.shields.io/static/v1?label=Product&message=TOCHAT.BE&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.3.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TOCHAT.BE allows Stored XSS.This issue affects TOCHAT.BE: from n/a through 1.3.0.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37565.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37565)
+![](https://img.shields.io/static/v1?label=Product&message=Gum%20Elementor%20Addon&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.5.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37918.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37918)
+![](https://img.shields.io/static/v1?label=Product&message=ConeBlog%20%E2%80%93%20WordPress%20Blog%20Widgets&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCone.Com ConeBlog – WordPress Blog Widgets allows Stored XSS.This issue affects ConeBlog – WordPress Blog Widgets: from n/a through 1.4.8.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37919.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37919)
+![](https://img.shields.io/static/v1?label=Product&message=Timeline%20Module%20for%20Beaver%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.1.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pratik Chaskar Timeline Module for Beaver Builder allows Stored XSS.This issue affects Timeline Module for Beaver Builder: from n/a through 1.1.3.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37920.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37920)
+![](https://img.shields.io/static/v1?label=Product&message=ARForms%20Form%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Repute InfoSystems ARForms Form Builder allows Reflected XSS.This issue affects ARForms Form Builder: from n/a through 1.6.7.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37936.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37936)
+![](https://img.shields.io/static/v1?label=Product&message=Tabs%20For%20WPBakery%20Page%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in labibahmed Tabs For WPBakery Page Builder allows Stored XSS.This issue affects Tabs For WPBakery Page Builder: from n/a through 1.2.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37943.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37943)
+![](https://img.shields.io/static/v1?label=Product&message=YITH%20WooCommerce%20Ajax%20Product%20Filter&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Ajax Product Filter allows Reflected XSS.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through 5.1.0.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37944.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37944](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37944)
+![](https://img.shields.io/static/v1?label=Product&message=WP%20Travel%20Engine&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel Engine allows Stored XSS.This issue affects WP Travel Engine: from n/a through 5.9.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37946.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37946)
+![](https://img.shields.io/static/v1?label=Product&message=ReCaptcha%20Integration%20for%20WordPress&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs ReCaptcha Integration for WordPress allows Stored XSS.This issue affects ReCaptcha Integration for WordPress: from n/a through 1.2.5.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37947.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37947)
+![](https://img.shields.io/static/v1?label=Product&message=Tutor%20LMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37948.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37948)
+![](https://img.shields.io/static/v1?label=Product&message=Caxton%20%E2%80%93%20Create%20Pro%20page%20layouts%20in%20Gutenberg&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.30.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PootlePress Caxton – Create Pro page layouts in Gutenberg allows Stored XSS.This issue affects Caxton – Create Pro page layouts in Gutenberg: from n/a through 1.30.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37949.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37949)
+![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Mobile&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.15.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive Mobile allows Stored XSS.This issue affects Responsive Mobile: from n/a through 1.15.1.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37950.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37950)
+![](https://img.shields.io/static/v1?label=Product&message=Master%20Popups&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodexHelp Master Popups allows Stored XSS.This issue affects Master Popups: from n/a through 1.0.3.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+

2024/CVE-2024-37951.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37951](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37951)
+![](https://img.shields.io/static/v1?label=Product&message=Magical%20Posts%20Display%20%E2%80%93%20Elementor%20%26%20Gutenberg%20Posts%20Blocks&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.38%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Posts Display – Elementor & Gutenberg Posts Blocks allows Stored XSS.This issue affects Magical Posts Display – Elementor & Gutenberg Posts Blocks: from n/a through 1.2.38.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/20142995/nuclei-templates
+