Update Tue May 14 10:02:51 UTC 2024

trickest · May 14, 2024 · aef6364 · aef6364
1 parent 7d38d72
commit aef6364
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 0 deletions.
diff --git a/2005/CVE-2005-4761.md b/2005/CVE-2005-4761.md
@@ -10,6 +10,7 @@ BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlie
 ### POC
 
 #### Reference
+- http://dev2dev.bea.com/pub/advisory/152
 - http://www.securityfocus.com/bid/15052
 
 #### Github

diff --git a/2008/CVE-2008-1136.md b/2008/CVE-2008-1136.md
@@ -11,6 +11,7 @@ The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in
 
 #### Reference
 - http://securityreason.com/securityalert/3710
+- http://www.coresecurity.com/?action=item&id=2070
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2024/CVE-2024-3241.md b/2024/CVE-2024-3241.md
@@ -0,0 +1,17 @@
+### [CVE-2024-3241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3241)
+![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Blocks%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.7%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Ultimate Blocks  WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/a645daee-42ea-43f8-9480-ef3be69606e0/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-4853.md b/2024/CVE-2024-4853.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4853)
+![](https://img.shields.io/static/v1?label=Product&message=editcap&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.2.0%3C%204.2.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-762%3A%20Mismatched%20Memory%20Management%20Routines&color=brighgreen)
+
+### Description
+
+Memory handling issue in editcap could cause denial of service via crafted capture file
+
+### POC
+
+#### Reference
+- https://gitlab.com/wireshark/wireshark/-/issues/19724
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-4855.md b/2024/CVE-2024-4855.md
@@ -0,0 +1,19 @@
+### [CVE-2024-4855](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4855)
+![](https://img.shields.io/static/v1?label=Product&message=editcap&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=4.2.0%3C%204.2.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%3A%20Use%20After%20Free&color=brighgreen)
+
+### Description
+
+Use after free issue in editcap could cause denial of service via crafted capture file
+
+### POC
+
+#### Reference
+- https://gitlab.com/wireshark/wireshark/-/issues/19782
+- https://gitlab.com/wireshark/wireshark/-/issues/19783
+- https://gitlab.com/wireshark/wireshark/-/issues/19784
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -2548,6 +2548,7 @@ CVE-2005-4757 - http://www.securityfocus.com/bid/15052
 CVE-2005-4758 - http://www.securityfocus.com/bid/15052
 CVE-2005-4759 - http://www.securityfocus.com/bid/15052
 CVE-2005-4760 - http://www.securityfocus.com/bid/15052
+CVE-2005-4761 - http://dev2dev.bea.com/pub/advisory/152
 CVE-2005-4761 - http://www.securityfocus.com/bid/15052
 CVE-2005-4762 - http://www.securityfocus.com/bid/15052
 CVE-2005-4763 - http://www.securityfocus.com/bid/15052
@@ -9833,6 +9834,7 @@ CVE-2008-1125 - https://www.exploit-db.com/exploits/5200
 CVE-2008-1126 - https://www.exploit-db.com/exploits/5202
 CVE-2008-1127 - https://www.exploit-db.com/exploits/5201
 CVE-2008-1136 - http://securityreason.com/securityalert/3710
+CVE-2008-1136 - http://www.coresecurity.com/?action=item&id=2070
 CVE-2008-1137 - https://www.exploit-db.com/exploits/5178
 CVE-2008-1138 - https://www.exploit-db.com/exploits/5142
 CVE-2008-1139 - https://www.exploit-db.com/exploits/5143
@@ -95473,6 +95475,7 @@ CVE-2024-32404 - https://packetstormsecurity.com/2404-exploits/rlts-sstexec.txt
 CVE-2024-32405 - https://packetstormsecurity.com/files/178101/Relate-Cross-Site-Scripting.html
 CVE-2024-32405 - https://portswigger.net/web-security/cross-site-scripting/stored
 CVE-2024-32406 - https://packetstormsecurity.com/files/178251/Relate-Learning-And-Teaching-System-SSTI-Remote-Code-Execution.html
+CVE-2024-3241 - https://wpscan.com/vulnerability/a645daee-42ea-43f8-9480-ef3be69606e0/
 CVE-2024-32461 - https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34
 CVE-2024-32467 - https://github.com/metersphere/metersphere/security/advisories/GHSA-7499-q88f-mxqp
 CVE-2024-3247 - https://forum.xpdfreader.com/viewtopic.php?t=43597
@@ -95781,3 +95784,7 @@ CVE-2024-4594 - https://github.com/Hckwzh/cms/blob/main/25.md
 CVE-2024-4645 - https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/xss4.md
 CVE-2024-4653 - https://github.com/Hefei-Coffee/cve/blob/main/sql.md
 CVE-2024-4654 - https://github.com/Hefei-Coffee/cve/blob/main/sql2.md
+CVE-2024-4853 - https://gitlab.com/wireshark/wireshark/-/issues/19724
+CVE-2024-4855 - https://gitlab.com/wireshark/wireshark/-/issues/19782
+CVE-2024-4855 - https://gitlab.com/wireshark/wireshark/-/issues/19783
+CVE-2024-4855 - https://gitlab.com/wireshark/wireshark/-/issues/19784