Update Sun Mar 10 02:08:04 UTC 2024

2012/CVE-2012-1823.md

@@ -33,6 +33,7 @@ No PoCs from references.
 - https://github.com/R0B1NL1N/webappurls
 - https://github.com/RootUp/AutoSploit
 - https://github.com/SexyBeast233/SecBooks
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/Unix13/metasploitable2
 - https://github.com/Vibragence/Dockersploit
 - https://github.com/ajread4/cve_pull

2014/CVE-2014-5301.md

@@ -18,5 +18,6 @@ Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; Asse
 #### Github
 - https://github.com/0xMafty/Helpdesk
 - https://github.com/AndyCyberSec/OSCP
+- https://github.com/basicinfosecurity/exploits
 - https://github.com/hktalent/bug-bounty
 

2014/CVE-2014-6271.md

@@ -218,6 +218,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/Soldie/PayloadsAllTheThings
 - https://github.com/Soldie/Penetration-Testing
 - https://github.com/Soldie/awesome-pentest-listas
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/SureshKumarPakalapati/-Penetration-Testing
 - https://github.com/Swordfish-Security/Pentest-In-Docker
 - https://github.com/TalekarAkshay/HackingGuide

2018/CVE-2018-11776.md

@@ -71,6 +71,7 @@ Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo
 - https://github.com/Prodject/Kn0ck
 - https://github.com/Ra7mo0on/PayloadsAllTheThings
 - https://github.com/SexyBeast233/SecBooks
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/Steven1ay/S2-057
 - https://github.com/SummerSec/learning-codeql
 - https://github.com/Threekiii/Vulhub-Reproduce

2019/CVE-2019-10098.md

@@ -19,6 +19,7 @@ In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite tha
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/BitTheByte/Eagle
 - https://github.com/Solhack/Team_CSI_platform
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/alex14324/Eagel
 - https://github.com/alphaSeclab/sec-daily-2019
 - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network

2019/CVE-2019-2725.md

@@ -73,6 +73,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
 - https://github.com/S3cur3Th1sSh1t/Pentest-Tools
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/SkyBlueEternal/CNVD-C-2019-48814-CNNVD-201904-961
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/TopScrew/CVE-2019-2725
 - https://github.com/Waseem27-art/ART-TOOLKIT

2019/CVE-2019-3396.md

@@ -46,6 +46,7 @@ The Widget Connector macro in Atlassian Confluence Server before version 6.6.12
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/PetrusViet/cve-2019-3396
 - https://github.com/SexyBeast233/SecBooks
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Threekiii/Vulhub-Reproduce
 - https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting

2019/CVE-2019-5418.md

@@ -33,6 +33,7 @@ There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6
 - https://github.com/Miraitowa70/POC-Notes
 - https://github.com/NotoriousRebel/RailRoadBandit
 - https://github.com/SexyBeast233/SecBooks
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Threekiii/Vulhub-Reproduce
 - https://github.com/W01fh4cker/Serein

2019/CVE-2019-8451.md

@@ -31,6 +31,7 @@ No PoCs from references.
 - https://github.com/Miraitowa70/POC-Notes
 - https://github.com/NarbehJackson/python-flask-ssrfpdf-to-lfi
 - https://github.com/SexyBeast233/SecBooks
+- https://github.com/Soundaryakambhampati/test-6
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting
 - https://github.com/Z0fhack/Goby_POC

2020/CVE-2020-35606.md

@@ -28,5 +28,6 @@ Arbitrary command execution can occur in Webmin through 1.962. Any user authoriz
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/puckiestyle/CVE-2020-35606
+- https://github.com/tanjiti/sec_profile
 - https://github.com/tzwlhack/Vulnerability
 

2024/CVE-2024-2022.md

@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/tanjiti/sec_profile
 

2024/CVE-2024-2274.md

@@ -0,0 +1,18 @@
+### [CVE-2024-2274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2274)
+![](https://img.shields.io/static/v1?label=Product&message=G-Prescription%20Gynaecology%20%26%20OBS%20Consultation%20Software&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-2275.md

@@ -0,0 +1,18 @@
+### [CVE-2024-2275](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2275)
+![](https://img.shields.io/static/v1?label=Product&message=G-Prescription%20Gynaecology%20%26%20OBS%20Consultation%20Software&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-2276.md

@@ -0,0 +1,17 @@
+### [CVE-2024-2276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2276)
+![](https://img.shields.io/static/v1?label=Product&message=G-Prescription%20Gynaecology%20%26%20OBS%20Consultation%20Software&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument Venue map leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256045 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
+

2024/CVE-2024-2277.md

@@ -13,5 +13,5 @@ A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultatio
 - https://vuldb.com/?id.256046
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
 

2024/CVE-2024-2316.md

@@ -0,0 +1,17 @@
+### [CVE-2024-2316](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2316)
+![](https://img.shields.io/static/v1?label=Product&message=Hospital%20AutoManager&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240227%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
+

2024/CVE-2024-2317.md

@@ -0,0 +1,18 @@
+### [CVE-2024-2317](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2317)
+![](https://img.shields.io/static/v1?label=Product&message=Hospital%20AutoManager&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240227%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%20Improper%20Authorization&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
+- https://github.com/tanjiti/sec_profile
+

2024/CVE-2024-2332.md

@@ -0,0 +1,17 @@
+### [CVE-2024-2332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2332)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20Mobile%20Management%20Store&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-2333.md

@@ -0,0 +1,17 @@
+### [CVE-2024-2333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2333)
+![](https://img.shields.io/static/v1?label=Product&message=Membership%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-27198.md

@@ -20,6 +20,7 @@ No PoCs from references.
 - https://github.com/W01fh4cker/CVE-2024-27198-RCE
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/hcy-picus/emerging_threat_simulator
+- https://github.com/johe123qwe/github-trending
 - https://github.com/juev/links
 - https://github.com/labesterOct/CVE-2024-27198
 - https://github.com/nomi-sec/PoC-in-GitHub

2024/CVE-2024-27199.md

@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/CharonDefalt/CVE-2024-27198-RCE
 - https://github.com/W01fh4cker/CVE-2024-27198-RCE
 - https://github.com/hcy-picus/emerging_threat_simulator
+- https://github.com/johe123qwe/github-trending
 - https://github.com/juev/links
 - https://github.com/passwa11/CVE-2024-27198-RCE
 - https://github.com/rampantspark/CVE-2024-27198

2024/CVE-2024-27288.md

@@ -0,0 +1,17 @@
+### [CVE-2024-27288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27288)
+![](https://img.shields.io/static/v1?label=Product&message=1Panel&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.10.1-lts%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%3A%20Incorrect%20Authorization&color=brighgreen)
+
+### Description
+
+1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/tanjiti/sec_profile
+

2024/CVE-2024-27627.md

@@ -13,5 +13,6 @@ A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version
 - https://packetstormsecurity.com/files/177254/SuperCali-1.1.0-Cross-Site-Scripting.html
 
 #### Github
+- https://github.com/capture0x/My-CVE
 - https://github.com/fkie-cad/nvd-json-data-feeds