Update Sun Jun 25 00:12:42 UTC 2023

2016/CVE-2016-15003.md

@@ -12,6 +12,7 @@ A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as pr
 #### Reference
 - https://vuldb.com/?id.97204
 - https://www.exploit-db.com/exploits/39803/
+- https://youtu.be/r06VwwJ9J4M
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2021/CVE-2021-25078.md

@@ -10,7 +10,7 @@ The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-1721.md

@@ -0,0 +1,17 @@
+### [CVE-2023-1721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1721)
+![](https://img.shields.io/static/v1?label=Product&message=Yoga%20Class%20Registration%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)
+
+### Description
+
+Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
+
+### POC
+
+#### Reference
+- https://fluidattacks.com/advisories/blessd/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-1722.md

@@ -0,0 +1,17 @@
+### [CVE-2023-1722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1722)
+![](https://img.shields.io/static/v1?label=Product&message=Yoga%20Class%20Registration%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
+
+### POC
+
+#### Reference
+- https://fluidattacks.com/advisories/wyckoff/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-2989.md

@@ -0,0 +1,17 @@
+### [CVE-2023-2989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2989)
+![](https://img.shields.io/static/v1?label=Product&message=Globalscape%20EFT&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=8.0.0%3C%208.1.0.16%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%20Out-of-bounds%20Read&color=brighgreen)
+
+### Description
+
+Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited
+
+### POC
+
+#### Reference
+- https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-2990.md

@@ -0,0 +1,17 @@
+### [CVE-2023-2990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2990)
+![](https://img.shields.io/static/v1?label=Product&message=Globalscape%20EFT&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=8.0.0%3C%208.1.0.16%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)
+
+### Description
+
+Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service
+
+### POC
+
+#### Reference
+- https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-2991.md

@@ -0,0 +1,17 @@
+### [CVE-2023-2991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2991)
+![](https://img.shields.io/static/v1?label=Product&message=Globalscape%20EFT&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%208.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen)
+
+### Description
+
+Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message
+
+### POC
+
+#### Reference
+- https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-32571.md

@@ -0,0 +1,17 @@
+### [CVE-2023-32571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32571)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
+
+### POC
+
+#### Reference
+- https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-3393.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3393)
+![](https://img.shields.io/static/v1?label=Product&message=fossbilling%2Ffossbilling&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.5.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code&color=brighgreen)
+
+### Description
+
+ Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-3394.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3394)
+![](https://img.shields.io/static/v1?label=Product&message=fossbilling%2Ffossbilling&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.5.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-384%20Session%20Fixation&color=brighgreen)
+
+### Description
+
+Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
+
+### POC
+
+#### Reference
+- https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -34538,6 +34538,7 @@ CVE-2016-1499 - https://hackerone.com/reports/110655
 CVE-2016-1499 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-062.txt
 CVE-2016-15003 - https://vuldb.com/?id.97204
 CVE-2016-15003 - https://www.exploit-db.com/exploits/39803/
+CVE-2016-15003 - https://youtu.be/r06VwwJ9J4M
 CVE-2016-1501 - https://hackerone.com/reports/85201
 CVE-2016-1501 - https://hackerone.com/reports/87505
 CVE-2016-1513 - http://www.openoffice.org/security/cves/CVE-2016-1513.html
@@ -66143,6 +66144,7 @@ CVE-2021-25030 - https://wpscan.com/vulnerability/bc7058b1-ca93-4c45-9ced-7848c7
 CVE-2021-25061 - https://wpscan.com/vulnerability/bd9dc754-08a4-4bfc-8dda-3f5c0e070f7e
 CVE-2021-25065 - https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc
 CVE-2021-25076 - http://packetstormsecurity.com/files/166071/WordPress-WP-User-Frontend-3.5.25-SQL-Injection.html
+CVE-2021-25078 - https://wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e
 CVE-2021-25082 - https://wpscan.com/vulnerability/0f90f10c-4b0a-46da-ac1f-aa6a03312132
 CVE-2021-25094 - http://packetstormsecurity.com/files/167190/WordPress-Tatsu-Builder-Remote-Code-Execution.html
 CVE-2021-25099 - https://wpscan.com/vulnerability/87a64b27-23a3-40f5-a3d8-0650975fee6f
@@ -78171,6 +78173,8 @@ CVE-2023-1702 - https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19
 CVE-2023-1704 - https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f
 CVE-2023-1708 - https://gitlab.com/gitlab-org/gitlab/-/issues/387185
 CVE-2023-1712 - https://huntr.dev/bounties/9a6b1fb4-ec9b-4cfa-af1e-9ce304924829
+CVE-2023-1721 - https://fluidattacks.com/advisories/blessd/
+CVE-2023-1722 - https://fluidattacks.com/advisories/wyckoff/
 CVE-2023-1741 - https://vuldb.com/?id.224629
 CVE-2023-1742 - https://gitee.com/wkstestete/cve/blob/master/sql/ibos%20sql%20injection3.md
 CVE-2023-1745 - https://github.com/10cksYiqiyinHangzhouTechnology/KMPlayer_Poc
@@ -79281,11 +79285,14 @@ CVE-2023-29850 - https://github.com/slims/slims9_bulian/issues/186
 CVE-2023-2986 - http://packetstormsecurity.com/files/172966/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html
 CVE-2023-2986 - http://packetstormsecurity.com/files/173018/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html
 CVE-2023-29863 - https://medium.com/@waadalbyalii5/sql-injection-in-wsdl-file-c66fa00042f5
+CVE-2023-2989 - https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
+CVE-2023-2990 - https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
 CVE-2023-29905 - https://hackmd.io/@0dayResearch/H1IFt1Jgn
 CVE-2023-29906 - https://hackmd.io/@0dayResearch/rk1uu20Jh
 CVE-2023-29907 - https://hackmd.io/@0dayResearch/rk-6aRRyn
 CVE-2023-29908 - https://hackmd.io/@0dayResearch/Ski-S20J2
 CVE-2023-29909 - https://hackmd.io/@0dayResearch/r1FC0AAy2
+CVE-2023-2991 - https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
 CVE-2023-29910 - https://hackmd.io/@0dayResearch/S1aGs1Jl2
 CVE-2023-29911 - https://hackmd.io/@0dayResearch/SyTaRoCJn
 CVE-2023-29912 - https://hackmd.io/@0dayResearch/S1TusiR1n
@@ -79547,6 +79554,7 @@ CVE-2023-32314 - https://github.com/patriksimek/vm2/security/advisories/GHSA-whp
 CVE-2023-32321 - https://github.com/ckan/ckan/blob/2a6080e61d5601fa0e2a0317afd6a8e9b7abf6dd/CHANGELOG.rst
 CVE-2023-32322 - https://github.com/Ombi-app/Ombi/security/advisories/GHSA-28j3-84m7-gpjp
 CVE-2023-32324 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
+CVE-2023-32571 - https://research.nccgroup.com/2023/06/13/dynamic-linq-injection-remote-code-execution-vulnerability-cve-2023-32571/
 CVE-2023-32679 - https://github.com/craftcms/cms/security/advisories/GHSA-vqxf-r9ph-cc9c
 CVE-2023-32699 - https://github.com/metersphere/metersphere/security/advisories/GHSA-qffq-8gf8-mhq7
 CVE-2023-32749 - http://packetstormsecurity.com/files/172645/Pydio-Cells-4.1.2-Privilege-Escalation.html
@@ -79662,6 +79670,8 @@ CVE-2023-33864 - https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt
 CVE-2023-33865 - http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html
 CVE-2023-33865 - http://seclists.org/fulldisclosure/2023/Jun/2
 CVE-2023-33865 - https://www.qualys.com/2023/06/06/renderdoc/renderdoc.txt
+CVE-2023-3393 - https://huntr.dev/bounties/e4df9280-900a-407a-a07e-e7fef3345914
+CVE-2023-3394 - https://huntr.dev/bounties/84bf3e85-cdeb-4b8d-9ea4-74156dbda83f
 CVE-2023-33970 - https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286
 CVE-2023-33971 - https://github.com/pluginsGLPI/formcreator/security/advisories/GHSA-777g-3848-8r3g
 CVE-2023-33977 - https://huntr.dev/bounties/6aea9a26-e29a-467b-aa5a-f767f0c2ec96/