Update Mon Mar 18 10:02:43 UTC 2024

trickest · Mar 18, 2024 · 8e504c9 · 8e504c9
1 parent f5f650f
commit 8e504c9
Show file tree

Hide file tree

Showing 38 changed files with 508 additions and 6 deletions.
diff --git a/2014/CVE-2014-0160.md b/2014/CVE-2014-0160.md
@@ -39,6 +39,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/Addho/test
 - https://github.com/AfvanMoopen/tryhackme-
 - https://github.com/Al1ex/Awesome-Pentest
+- https://github.com/Amoolya-Reddy/Security-Debt-Analysis
 - https://github.com/Amousgrde/shmilytly
 - https://github.com/AnLoMinus/PenTest
 - https://github.com/Ar0xA/nessus2es
@@ -138,6 +139,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/MrE-Fog/heartbleeder
 - https://github.com/MrE-Fog/ssl-heartbleed.nse
 - https://github.com/Mre11i0t/a2sv
+- https://github.com/Muhammad-Hammad-Shafqat/awesome-pentest
 - https://github.com/Muhammd/Awesome-Payloads
 - https://github.com/Muhammd/Awesome-Pentest
 - https://github.com/MyKings/docker-vulnerability-environment
@@ -397,6 +399,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/mcampa/makeItBleed
 - https://github.com/merlinepedra/HACKING2
 - https://github.com/merlinepedra25/HACKING2
+- https://github.com/mhshafqat3/awesome-pentest
 - https://github.com/mikesir87/docker-nginx-patching-demo
 - https://github.com/minkhant-dotcom/awesome_security
 - https://github.com/morihisa/heartpot

diff --git a/2014/CVE-2014-6271.md b/2014/CVE-2014-6271.md
@@ -176,6 +176,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/Montana/openshift-network-policies
 - https://github.com/Mr-Cyb3rgh0st/Ethical-Hacking-Tutorials
 - https://github.com/MrCl0wnLab/ShellShockHunter
+- https://github.com/Muhammad-Hammad-Shafqat/awesome-pentest
 - https://github.com/Muhammd/Awesome-Payloads
 - https://github.com/Muhammd/Awesome-Pentest
 - https://github.com/MuirlandOracle/CVE-2014-6271-IPFire
@@ -449,6 +450,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/merlinepedra/nuclei-templates
 - https://github.com/merlinepedra25/HACKING2
 - https://github.com/merlinepedra25/nuclei-templates
+- https://github.com/mhshafqat3/awesome-pentest
 - https://github.com/milesbench/ShellshockScan
 - https://github.com/minkhant-dotcom/awesome_security
 - https://github.com/moayadalmalat/shellshock-exploit

diff --git a/2014/CVE-2014-6721.md b/2014/CVE-2014-6721.md
@@ -14,5 +14,5 @@ The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does
 - https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/sagisar1/CVE-2014-6721-exploit-Shellshock
 
diff --git a/2017/CVE-2017-7494.md b/2017/CVE-2017-7494.md
@@ -69,6 +69,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r
 - https://github.com/Mohamed8Saw/awesome-pentest
 - https://github.com/Montana/openshift-network-policies
 - https://github.com/Mr-Cyb3rgh0st/Ethical-Hacking-Tutorials
+- https://github.com/Muhammad-Hammad-Shafqat/awesome-pentest
 - https://github.com/NCSU-DANCE-Research-Group/CDL
 - https://github.com/NetW0rK1le3r/awesome-hacking-lists
 - https://github.com/NhutMinh2801/CVE_2017_7494
@@ -193,6 +194,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r
 - https://github.com/merlinepedra/Pentest-Tools
 - https://github.com/merlinepedra25/Pentest-Tools
 - https://github.com/merlinepedra25/Pentest-Tools-1
+- https://github.com/mhshafqat3/awesome-pentest
 - https://github.com/motikan2010/blog.motikan2010.com
 - https://github.com/n3masyst/n3masyst
 - https://github.com/nitishbadole/Pentest_Tools

diff --git a/2018/CVE-2018-2364.md b/2018/CVE-2018-2364.md
@@ -12,6 +12,7 @@ SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1.02, does
 ### POC
 
 #### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
 - https://launchpad.support.sap.com/#/notes/2541700
 
 #### Github

diff --git a/2018/CVE-2018-2365.md b/2018/CVE-2018-2365.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2365)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20Portal%20WebDynpro%20RunTime&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.30%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2367.md b/2018/CVE-2018-2367.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2367)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BASIS%20(ABAP%20File%20Interface)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20from%207.00%20to%207.02%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Directory%20Traversal&color=brighgreen)
+
+### Description
+
+ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2368.md b/2018/CVE-2018-2368.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2368)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20System%20Landscape%20Directory%2C%20LM-Core&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authentication%20Check&color=brighgreen)
+
+### Description
+
+SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2369.md b/2018/CVE-2018-2369.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2369)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20HANA&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.00%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticated attacker to access information which would otherwise be restricted. An attacker can misuse the authentication function of the SAP HANA server on its SQL interface and disclose 8 bytes of the server process memory. The attacker cannot influence or predict the location of the leaked memory.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2370.md b/2018/CVE-2018-2370.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2370)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BI%20Launchpad&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.00%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Server%20Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
+
+### Description
+
+Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, from 4.30, could allow a malicious user to use common techniques to determine which ports are in use on the backend server.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2371.md b/2018/CVE-2018-2371.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2371)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20Java%20Web%20Application&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.50%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2372.md b/2018/CVE-2018-2372.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2372)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20HANA%20Extended%20Application%20Services&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2373.md b/2018/CVE-2018-2373.md
@@ -10,7 +10,7 @@ Under certain circumstances, a specific endpoint of the Controller's API could b
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
 
 #### Github
 - https://github.com/lmkalg/my_cves

diff --git a/2018/CVE-2018-2374.md b/2018/CVE-2018-2374.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2374)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20HANA%20Extended%20Application%20Services&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2375.md b/2018/CVE-2018-2375.md
@@ -10,7 +10,7 @@ In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceA
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
 
 #### Github
 - https://github.com/lmkalg/my_cves

diff --git a/2018/CVE-2018-2376.md b/2018/CVE-2018-2376.md
@@ -10,7 +10,7 @@ In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceA
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
 
 #### Github
 - https://github.com/lmkalg/my_cves

diff --git a/2018/CVE-2018-2377.md b/2018/CVE-2018-2377.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2377)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20HANA%20Extended%20Application%20Services&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2378.md b/2018/CVE-2018-2378.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2378](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2378)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20HANA%20Extended%20Application%20Services&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+In SAP HANA Extended Application Services, 1.0, unauthorized users can read statistical data about deployed applications including resource consumption.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2379.md b/2018/CVE-2018-2379.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2379)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20HANA%20Extended%20Application%20Services&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2380.md b/2018/CVE-2018-2380.md
@@ -10,6 +10,7 @@ SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insuff
 ### POC
 
 #### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
 - https://github.com/erpscanteam/CVE-2018-2380
 - https://www.exploit-db.com/exploits/44292/
 

diff --git a/2018/CVE-2018-2381.md b/2018/CVE-2018-2381.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2381)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20ERP%20Financials%20Information%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%202.00%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authorization%20Check&color=brighgreen)
+
+### Description
+
+SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2382.md b/2018/CVE-2018-2382.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2382)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Internet%20Graphics%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2383.md b/2018/CVE-2018-2383.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2383)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Internet%20Graphics%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Reflected%20Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2384.md b/2018/CVE-2018-2384.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2384)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Internet%20Graphics%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial-of-Service&color=brighgreen)
+
+### Description
+
+Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-2385.md b/2018/CVE-2018-2385.md
@@ -0,0 +1,17 @@
+### [CVE-2018-2385](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2385)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Internet%20Graphics%20Server&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%207.20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial-of-Service&color=brighgreen)
+
+### Description
+
+Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
+
+### POC
+
+#### Reference
+- https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
+
+#### Github
+No PoCs found on GitHub currently.
+