Update Sun Apr 28 02:03:56 UTC 2024

trickest · Apr 28, 2024 · aad423a · aad423a
1 parent 5d95cc5
commit aad423a
Show file tree

Hide file tree

Showing 18 changed files with 146 additions and 1 deletion.
diff --git a/2006/CVE-2006-2968.md b/2006/CVE-2006-2968.md
@@ -0,0 +1,17 @@
+### [CVE-2006-2968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2968)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter).
+
+### POC
+
+#### Reference
+- http://securityreason.com/securityalert/1092
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2016/CVE-2016-2781.md b/2016/CVE-2016-2781.md
@@ -41,6 +41,7 @@ No PoCs from references.
 - https://github.com/garethr/snykout
 - https://github.com/gp47/xef-scan-ex02
 - https://github.com/hartwork/antijack
+- https://github.com/khulnasoft-lab/vulnlist
 - https://github.com/khulnasoft-labs/griffon
 - https://github.com/metapull/attackfinder
 - https://github.com/nedenwalker/spring-boot-app-using-gradle

diff --git a/2017/CVE-2017-8806.md b/2017/CVE-2017-8806.md
@@ -16,5 +16,6 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/NeXTLinux/vunnel
 - https://github.com/anchore/vunnel
+- https://github.com/khulnasoft-lab/vulnlist
 - https://github.com/renovate-bot/NeXTLinux-_-vunnel
 
diff --git a/2018/CVE-2018-1000156.md b/2018/CVE-2018-1000156.md
@@ -22,6 +22,7 @@ GNU Patch version 2.7.6 contains an input validation vulnerability when processi
 - https://github.com/anchore/vunnel
 - https://github.com/andir/nixos-issue-db-example
 - https://github.com/irsl/gnu-patch-vulnerabilities
+- https://github.com/khulnasoft-lab/vulnlist
 - https://github.com/phonito/phonito-vulnerable-container
 - https://github.com/renovate-bot/NeXTLinux-_-vunnel
 
diff --git a/2022/CVE-2022-4052.md b/2022/CVE-2022-4052.md
@@ -0,0 +1,17 @@
+### [CVE-2022-4052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4052)
+![](https://img.shields.io/static/v1?label=Product&message=Student%20Attendance%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-707%20Improper%20Neutralization%20-%3E%20CWE-74%20Injection%20-%3E%20CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213845 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.213845
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-21345.md b/2024/CVE-2024-21345.md
@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/exploits-forsale/24h2-nt-exploit
+- https://github.com/exploits-forsale/CVE-2024-21345
 - https://github.com/nomi-sec/PoC-in-GitHub
 
diff --git a/2024/CVE-2024-26218.md b/2024/CVE-2024-26218.md
@@ -30,5 +30,6 @@ Windows Kernel Elevation of Privilege Vulnerability
 No PoCs from references.
 
 #### Github
+- https://github.com/exploits-forsale/CVE-2024-26218
 - https://github.com/nomi-sec/PoC-in-GitHub
 
diff --git a/2024/CVE-2024-27956.md b/2024/CVE-2024-27956.md
@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/NaInSec/CVE-LIST
+- https://github.com/nomi-sec/PoC-in-GitHub
 
diff --git a/2024/CVE-2024-3817.md b/2024/CVE-2024-3817.md
@@ -13,5 +13,6 @@ HashiCorp’s go-getter library is vulnerable to argument injection when executi
 No PoCs from references.
 
 #### Github
+- https://github.com/dellalibera/dellalibera
 - https://github.com/otms61/vex_dir
 
diff --git a/2024/CVE-2024-4040.md b/2024/CVE-2024-4040.md
@@ -15,6 +15,7 @@ A server side template injection vulnerability in CrushFTP in all versions befor
 #### Github
 - https://github.com/Mufti22/CVE-2024-4040
 - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI
+- https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
 - https://github.com/airbus-cert/CVE-2024-4040
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/getdrive/PoC

diff --git a/2024/CVE-2024-4126.md b/2024/CVE-2024-4126.md
@@ -10,7 +10,7 @@ A vulnerability was found in Tenda W15E 15.11.0.14 and classified as critical. T
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

diff --git a/2024/CVE-2024-4252.md b/2024/CVE-2024-4252.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4252](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4252)
+![](https://img.shields.io/static/v1?label=Product&message=i22&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0.3(4687)%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+A vulnerability classified as critical has been found in Tenda i22 1.0.0.3(4687). This affects the function formSetUrlFilterRule. The manipulation of the argument groupIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i22/formSetUrlFilterRule.md
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4255.md b/2024/CVE-2024-4255.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4255)
+![](https://img.shields.io/static/v1?label=Product&message=RG-UAC&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240419%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240419. This issue affects some unknown processing of the file /view/network Config/GRE/gre_edit_commit.php. The manipulation of the argument name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262145 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4256.md b/2024/CVE-2024-4256.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4256)
+![](https://img.shields.io/static/v1?label=Product&message=Savsoft%20Quiz&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%206.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Techkshetra Info Solutions Savsoft Quiz 6.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /public/index.php/Qbank/editCategory of the component Category Page. The manipulation of the argument category_name with the input ><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4257.md b/2024/CVE-2024-4257.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4257)
+![](https://img.shields.io/static/v1?label=Product&message=Clinical%20Browsing%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.2.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262149 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4291.md b/2024/CVE-2024-4291.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4291)
+![](https://img.shields.io/static/v1?label=Product&message=A301&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2015.13.08.12_multi_TDE01%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/github.txt b/github.txt
@@ -22740,6 +22740,7 @@ CVE-2016-2781 - https://github.com/garethr/findcve
 CVE-2016-2781 - https://github.com/garethr/snykout
 CVE-2016-2781 - https://github.com/gp47/xef-scan-ex02
 CVE-2016-2781 - https://github.com/hartwork/antijack
+CVE-2016-2781 - https://github.com/khulnasoft-lab/vulnlist
 CVE-2016-2781 - https://github.com/khulnasoft-labs/griffon
 CVE-2016-2781 - https://github.com/metapull/attackfinder
 CVE-2016-2781 - https://github.com/nedenwalker/spring-boot-app-using-gradle
@@ -40290,6 +40291,7 @@ CVE-2017-8804 - https://github.com/yfoelling/yair
 CVE-2017-8806 - https://github.com/ARPSyndicate/cvemon
 CVE-2017-8806 - https://github.com/NeXTLinux/vunnel
 CVE-2017-8806 - https://github.com/anchore/vunnel
+CVE-2017-8806 - https://github.com/khulnasoft-lab/vulnlist
 CVE-2017-8806 - https://github.com/renovate-bot/NeXTLinux-_-vunnel
 CVE-2017-8809 - https://github.com/motikan2010/CVE-2017-8809_MediaWiki_RFD
 CVE-2017-8816 - https://github.com/ARPSyndicate/cvemon
@@ -42371,6 +42373,7 @@ CVE-2018-1000156 - https://github.com/NeXTLinux/vunnel
 CVE-2018-1000156 - https://github.com/anchore/vunnel
 CVE-2018-1000156 - https://github.com/andir/nixos-issue-db-example
 CVE-2018-1000156 - https://github.com/irsl/gnu-patch-vulnerabilities
+CVE-2018-1000156 - https://github.com/khulnasoft-lab/vulnlist
 CVE-2018-1000156 - https://github.com/phonito/phonito-vulnerable-container
 CVE-2018-1000156 - https://github.com/renovate-bot/NeXTLinux-_-vunnel
 CVE-2018-1000159 - https://github.com/ARPSyndicate/cvemon
@@ -153989,6 +153992,7 @@ CVE-2024-2134 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-21341 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-21342 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-21345 - https://github.com/exploits-forsale/24h2-nt-exploit
+CVE-2024-21345 - https://github.com/exploits-forsale/CVE-2024-21345
 CVE-2024-21345 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-2135 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities
 CVE-2024-2135 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -156313,6 +156317,7 @@ CVE-2024-26209 - https://github.com/EvanMcBroom/pocs
 CVE-2024-2621 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-2621 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-2621 - https://github.com/tanjiti/sec_profile
+CVE-2024-26218 - https://github.com/exploits-forsale/CVE-2024-26218
 CVE-2024-26218 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-2622 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-2622 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -156962,6 +156967,7 @@ CVE-2024-27949 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-27954 - https://github.com/wjlin0/poc-doc
 CVE-2024-27954 - https://github.com/wy876/POC
 CVE-2024-27956 - https://github.com/NaInSec/CVE-LIST
+CVE-2024-27956 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-27957 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-27958 - https://github.com/NaInSec/CVE-LIST
 CVE-2024-27959 - https://github.com/NaInSec/CVE-LIST
@@ -158526,6 +158532,7 @@ CVE-2024-3333 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-33342 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-33343 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-33344 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-33386 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-33438 - https://github.com/julio-cfa/CVE-2024-33438
 CVE-2024-33438 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-3358 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -158704,6 +158711,7 @@ CVE-2024-3784 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3785 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3786 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3797 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-3817 - https://github.com/dellalibera/dellalibera
 CVE-2024-3817 - https://github.com/otms61/vex_dir
 CVE-2024-3832 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-3833 - https://github.com/fkie-cad/nvd-json-data-feeds
@@ -158730,6 +158738,7 @@ CVE-2024-4024 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4031 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4040 - https://github.com/Mufti22/CVE-2024-4040
 CVE-2024-4040 - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI
+CVE-2024-4040 - https://github.com/Stuub/CVE-2024-4040-SSTI-LFI-PoC
 CVE-2024-4040 - https://github.com/airbus-cert/CVE-2024-4040
 CVE-2024-4040 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4040 - https://github.com/getdrive/PoC
@@ -158754,6 +158763,10 @@ CVE-2024-4234 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4235 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4236 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4237 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-4252 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-4255 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-4256 - https://github.com/fkie-cad/nvd-json-data-feeds
+CVE-2024-4257 - https://github.com/fkie-cad/nvd-json-data-feeds
 CVE-2024-4444 - https://github.com/JohnnyBradvo/CVE-2024-4444
 CVE-2024-4444 - https://github.com/nomi-sec/PoC-in-GitHub
 CVE-2024-48788 - https://github.com/mrobsidian1/CVE-2023-48788-Proof-of-concept-SQLinj

diff --git a/references.txt b/references.txt
@@ -3717,6 +3717,7 @@ CVE-2006-2962 - https://www.exploit-db.com/exploits/1895
 CVE-2006-2965 - http://securityreason.com/securityalert/1071
 CVE-2006-2966 - http://securityreason.com/securityalert/1070
 CVE-2006-2967 - http://securityreason.com/securityalert/1077
+CVE-2006-2968 - http://securityreason.com/securityalert/1092
 CVE-2006-2969 - http://securityreason.com/securityalert/1091
 CVE-2006-2970 - http://securityreason.com/securityalert/1091
 CVE-2006-2982 - https://www.exploit-db.com/exploits/1891
@@ -84790,6 +84791,7 @@ CVE-2022-4049 - https://wpscan.com/vulnerability/9b0781e2-ad62-4308-bafc-d45b9a2
 CVE-2022-40494 - https://blog.carrot2.cn/2022/08/cve-2022-40494.html
 CVE-2022-4050 - https://wpscan.com/vulnerability/5c96bb40-4c2d-4e91-8339-e0ddce25912f
 CVE-2022-4051 - https://github.com/itzmehedi/Hostel-searching-project-using-PHP-Mysql/issues/1
+CVE-2022-4052 - https://vuldb.com/?id.213845
 CVE-2022-4053 - https://vuldb.com/?id.213846
 CVE-2022-4057 - https://wpscan.com/vulnerability/95ee1b9c-1971-4c35-8527-5764e9ed64af
 CVE-2022-4058 - https://wpscan.com/vulnerability/89656cb3-4611-4ae7-b7f8-1b22eb75cfc4
@@ -94422,8 +94424,11 @@ CVE-2024-4064 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC
 CVE-2024-4065 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md
 CVE-2024-4119 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formIPMacBindDel.md
 CVE-2024-4119 - https://vuldb.com/?id.261862
+CVE-2024-4126 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formSetSysTime.md
 CVE-2024-4166 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md
 CVE-2024-4169 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md
 CVE-2024-4237 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/R7WebsSecurityHandler.md
 CVE-2024-4244 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/fromDhcpSetSer.md
 CVE-2024-4247 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManage_auto.md
+CVE-2024-4252 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i22/formSetUrlFilterRule.md
+CVE-2024-4291 - https://github.com/L1ziang/Vulnerability/blob/main/formAddMacfilterRule.md