Update Thu Mar 21 02:01:54 UTC 2024

trickest · Mar 21, 2024 · 7f104f0 · 7f104f0
1 parent a7f9f9d
commit 7f104f0
Show file tree

Hide file tree

Showing 20 changed files with 178 additions and 3 deletions.
diff --git a/2017/CVE-2017-15680.md b/2017/CVE-2017-15680.md
@@ -0,0 +1,17 @@
+### [CVE-2017-15680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15680)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
+
+### POC
+
+#### Reference
+- https://docs.craftercms.org/en/3.0/security/advisory.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-15681.md b/2017/CVE-2017-15681.md
@@ -10,7 +10,7 @@ In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists w
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://docs.craftercms.org/en/3.0/security/advisory.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2017/CVE-2017-15682.md b/2017/CVE-2017-15682.md
@@ -0,0 +1,17 @@
+### [CVE-2017-15682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15682)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
+
+### POC
+
+#### Reference
+- https://docs.craftercms.org/en/3.0/security/advisory.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-15683.md b/2017/CVE-2017-15683.md
@@ -10,7 +10,7 @@ In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to creat
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://docs.craftercms.org/en/3.0/security/advisory.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2017/CVE-2017-15684.md b/2017/CVE-2017-15684.md
@@ -0,0 +1,17 @@
+### [CVE-2017-15684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15684)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
+
+### POC
+
+#### Reference
+- https://docs.craftercms.org/en/3.0/security/advisory.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-15685.md b/2017/CVE-2017-15685.md
@@ -0,0 +1,17 @@
+### [CVE-2017-15685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15685)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
+
+### POC
+
+#### Reference
+- https://docs.craftercms.org/en/3.0/security/advisory.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-15686.md b/2017/CVE-2017-15686.md
@@ -0,0 +1,17 @@
+### [CVE-2017-15686](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15686)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
+
+### POC
+
+#### Reference
+- https://docs.craftercms.org/en/3.0/security/advisory.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-18784.md b/2017/CVE-2017-18784.md
@@ -0,0 +1,17 @@
+### [CVE-2017-18784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18784)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000049535/Security-Advisory-for-Cross-Site-Scripting-on-Some-Routers-PSV-2017-2951
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-7736.md b/2018/CVE-2018-7736.md
@@ -10,6 +10,7 @@
 ### POC
 
 #### Reference
+- https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md
 - https://packetstormsecurity.com/files/147066/Z-Blog-1.5.1.1740-Cross-Site-Scripting.html
 - https://www.exploit-db.com/exploits/44406/
 

diff --git a/2018/CVE-2018-7737.md b/2018/CVE-2018-7737.md
@@ -10,6 +10,7 @@
 ### POC
 
 #### Reference
+- https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md#web-site-physical-path-leakage
 - https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html
 - https://www.exploit-db.com/exploits/44407/
 

diff --git a/2020/CVE-2020-10558.md b/2020/CVE-2020-10558.md
@@ -10,7 +10,7 @@ The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://cylect.io/blog/Tesla_Model_3_Vuln/
 
 #### Github
 - https://github.com/0xT11/CVE-POC

diff --git a/2020/CVE-2020-1472.md b/2020/CVE-2020-1472.md
@@ -130,6 +130,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
 - https://github.com/Rayyan-appsec/ALL-PENTESTING-BIBLE
 - https://github.com/ReAbout/web-sec
 - https://github.com/RicYaben/CVE-2020-1472-LAB
+- https://github.com/RinkuDas7857/Vuln
 - https://github.com/Rvn0xsy/ZeroLogon
 - https://github.com/RyanNgCT/EH-Assignment
 - https://github.com/S3N4T0R-0X0/AM0N-Eye

diff --git a/2021/CVE-2021-23840.md b/2021/CVE-2021-23840.md
@@ -30,6 +30,7 @@ Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow
 - https://github.com/fredrkl/trivy-demo
 - https://github.com/isgo-golgo13/gokit-gorillakit-enginesvc
 - https://github.com/jntass/TASSL-1.1.1k
+- https://github.com/neuvector/bamboo-plugin
 - https://github.com/thecyberbaby/Trivy-by-AquaSecurity
 - https://github.com/thecyberbaby/Trivy-by-aquaSecurity
 - https://github.com/vinamra28/tekton-image-scan-trivy

diff --git a/2021/CVE-2021-44228.md b/2021/CVE-2021-44228.md
@@ -408,6 +408,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/RenYuH/log4j-lookups-vulnerability
 - https://github.com/Retrospected/log4shell_selftest
 - https://github.com/ReynerGonzalez/Security-Log4J-Tester
+- https://github.com/RinkuDas7857/Vuln
 - https://github.com/Rk-000/Log4j_scan_Advance
 - https://github.com/RonnyLevy/vul
 - https://github.com/RrUZi/Awesome-CVE-2021-44228

diff --git a/2022/CVE-2022-22965.md b/2022/CVE-2022-22965.md
@@ -83,6 +83,7 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t
 - https://github.com/Qualys/spring4scanwin
 - https://github.com/Rakshithac183/Palo-Alto-Networks
 - https://github.com/Retrospected/spring-rce-poc
+- https://github.com/RinkuDas7857/Vuln
 - https://github.com/RogerSugit/spring_onekeyshell
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/SeanWrightSec/spring-rce-poc

diff --git a/2022/CVE-2022-30190.md b/2022/CVE-2022-30190.md
@@ -103,6 +103,7 @@
 - https://github.com/PaddlingCode/cve-2022-30190
 - https://github.com/PetitPrinc3/PyRATE
 - https://github.com/Riki744/MS-MSDT_Office_RCE_Follina
+- https://github.com/RinkuDas7857/Vuln
 - https://github.com/Rojacur/FollinaPatcherCLI
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/SilentExploitx/SilentExploit

diff --git a/2022/CVE-2022-35042.md b/2022/CVE-2022-35042.md
@@ -10,6 +10,7 @@ OTFCC commit 617837b was discovered to contain a heap buffer overflow via /relea
 ### POC
 
 #### Reference
+- https://drive.google.com/file/d/1Gj8rA1kD89lxUZVb_t-s3-18-ospJRJC/view?usp=sharing
 - https://github.com/Cvjark/Poc/blob/main/otfcc/CVE-2022-35042.md
 
 #### Github

diff --git a/2022/CVE-2022-41082.md b/2022/CVE-2022-41082.md
@@ -34,6 +34,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability
 - https://github.com/Mr-xn/Penetration_Testing_POC
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
+- https://github.com/RinkuDas7857/Vuln
 - https://github.com/SUPRAAA-1337/CVE-2022-41082
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/WhooAmii/POC_to_review