Update Mon Apr 17 15:10:29 UTC 2023

2020/CVE-2020-8644.md

@@ -11,6 +11,7 @@ PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
 
 #### Reference
 - http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html
+- https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-28080.md

@@ -12,6 +12,7 @@ Royal Event Management System v1.0 was discovered to contain a SQL injection vul
 #### Reference
 - http://packetstormsecurity.com/files/167123/Royal-Event-Management-System-1.0-SQL-Injection.html
 - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated
+- https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-0221.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0221)
+![](https://img.shields.io/static/v1?label=Product&message=Application%20and%20Change%20Control&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%208.x%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20%E2%80%93%20Improper%20Privilege%20Management&color=brighgreen)
+
+### Description
+
+Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.
+
+### POC
+
+#### Reference
+- https://kcm.trellix.com/corporate/index?page=content&id=SB10370
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-0400.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0400)
+![](https://img.shields.io/static/v1?label=Product&message=Data%20Loss%20Prevention%20(DLP)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.9.100%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-670%20Always-Incorrect%20Control%20Flow%20Implementation&color=brighgreen)
+
+### Description
+
+The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data.
+
+### POC
+
+#### Reference
+- https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-0975.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0975)
+![](https://img.shields.io/static/v1?label=Product&message=Trellix%20Agent&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.7.8%3C%3D%205.7.8%20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-281%20Improper%20Preservation%20of%20Permissions&color=brighgreen)
+
+### Description
+
+A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.
+
+### POC
+
+#### Reference
+- https://kcm.trellix.com/corporate/index?page=content&id=SB10396
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-0977.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0977)
+![](https://img.shields.io/static/v1?label=Product&message=Trellix%20Agent&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.7.8%3C%3D%205.7.8%20%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen)
+
+### Description
+
+A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
+
+### POC
+
+#### Reference
+- https://kcm.trellix.com/corporate/index?page=content&id=SB10396
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-0978.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0978)
+![](https://img.shields.io/static/v1?label=Product&message=Trellix%20Intelligent%20Sandbox&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%205.0%3C%3D%20%205.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen)
+
+### Description
+
+A command injection vulnerability in Trellix Intelligent Sandbox CLI for version 5.2 and earlier, allows a local user to inject and execute arbitrary operating system commands using specially crafted strings. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI command. The vulnerability allows the attack
+
+### POC
+
+#### Reference
+- https://kcm.trellix.com/corporate/index?page=content&id=SB10397
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-22620.md

@@ -0,0 +1,17 @@
+### [CVE-2023-22620](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22620)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.
+
+### POC
+
+#### Reference
+- https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-30459.md

@@ -0,0 +1,17 @@
+### [CVE-2023-30459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30459)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).
+
+### POC
+
+#### Reference
+- https://smartptt.com
+
+#### Github
+No PoCs found on GitHub currently.
+

references.txt

@@ -61518,6 +61518,7 @@ CVE-2020-8636 - https://medium.com/@ph0rensic/three-cves-on-opmon-3ca775a262f5
 CVE-2020-8639 - http://packetstormsecurity.com/files/161401/TestLink-1.9.20-Shell-Upload.html
 CVE-2020-8641 - https://www.exploit-db.com/exploits/47985
 CVE-2020-8644 - http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html
+CVE-2020-8644 - https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/
 CVE-2020-8645 - https://github.com/niteosoft/simplejobscript/issues/9
 CVE-2020-8654 - http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html
 CVE-2020-8654 - http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html
@@ -70590,6 +70591,7 @@ CVE-2022-28079 - http://packetstormsecurity.com/files/167131/College-Management-
 CVE-2022-28079 - https://github.com/erengozaydin/College-Management-System-course_code-SQL-Injection-Authenticated
 CVE-2022-28080 - http://packetstormsecurity.com/files/167123/Royal-Event-Management-System-1.0-SQL-Injection.html
 CVE-2022-28080 - https://github.com/erengozaydin/Royal-Event-Management-System-todate-SQL-Injection-Authenticated
+CVE-2022-28080 - https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
 CVE-2022-28085 - https://github.com/michaelrsweet/htmldoc/issues/480
 CVE-2022-28099 - https://github.com/IbrahimEkimIsik/CVE-2022-28099/blob/main/SQL%20Injection%20For%20Poultry%20Farm%20Management%20system%201.0
 CVE-2022-28102 - https://github.com/housamz/php-mysql-admin-panel-generator/issues/19
@@ -74521,6 +74523,7 @@ CVE-2023-0164 - https://fluidattacks.com/advisories/queen/
 CVE-2023-0179 - http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html
 CVE-2023-0179 - https://seclists.org/oss-sec/2023/q1/20
 CVE-2023-0210 - https://securityonline.info/cve-2023-0210-flaw-in-linux-kernel-allows-unauthenticated-remote-dos-attacks/
+CVE-2023-0221 - https://kcm.trellix.com/corporate/index?page=content&id=SB10370
 CVE-2023-0227 - https://huntr.dev/bounties/af3101d7-fea6-463a-b7e4-a48be219e31b
 CVE-2023-0243 - https://github.com/yeyinshi/tuzicms/issues/12
 CVE-2023-0244 - https://github.com/yeyinshi/tuzicms/issues/13
@@ -74552,6 +74555,7 @@ CVE-2023-0323 - https://huntr.dev/bounties/129d6a4b-0504-4de1-a72c-3f12c4552343
 CVE-2023-0326 - https://gitlab.com/gitlab-org/gitlab/-/issues/388132
 CVE-2023-0358 - https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355
 CVE-2023-0398 - https://huntr.dev/bounties/0a852351-00ed-44d2-a650-9055b7beed58
+CVE-2023-0400 - https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US
 CVE-2023-0406 - https://huntr.dev/bounties/d7007f76-3dbc-48a7-a2fb-377040fe100c
 CVE-2023-0410 - https://huntr.dev/bounties/2da583f0-7f66-4ba7-9bed-8e7229aa578e
 CVE-2023-0432 - https://www.cisa.gov/news-events/ics-advisories/icsa-23-033-05
@@ -74668,6 +74672,9 @@ CVE-2023-0949 - https://huntr.dev/bounties/ef87be4e-493b-4ee9-9738-44c55b8acc19
 CVE-2023-0961 - https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20SQL%20Injection%202.md
 CVE-2023-0962 - https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20SQL%20Injection%203.md
 CVE-2023-0963 - https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20Broken%20Access%20Control.md
+CVE-2023-0975 - https://kcm.trellix.com/corporate/index?page=content&id=SB10396
+CVE-2023-0977 - https://kcm.trellix.com/corporate/index?page=content&id=SB10396
+CVE-2023-0978 - https://kcm.trellix.com/corporate/index?page=content&id=SB10397
 CVE-2023-0994 - https://huntr.dev/bounties/a281c586-9b97-4d17-88ff-ca91bb4c45ad
 CVE-2023-0995 - https://huntr.dev/bounties/2847b92b-22c2-4dbc-a9d9-56a7cd12fe5f
 CVE-2023-0999 - https://github.com/1MurasaKi/STMS_CSRF/blob/main/README.md
@@ -74884,6 +74891,7 @@ CVE-2023-22612 - https://research.nccgroup.com/2023/04/11/stepping-insyde-system
 CVE-2023-22613 - https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
 CVE-2023-22614 - https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
 CVE-2023-22616 - https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
+CVE-2023-22620 - https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2023-22620.txt
 CVE-2023-22629 - http://packetstormsecurity.com/files/171737/Titan-FTP-Path-Traversal.html
 CVE-2023-22629 - https://f20.be/cves/titan-ftp-vulnerabilities
 CVE-2023-22630 - https://github.com/orangecertcc/security-research/security/advisories/GHSA-j94f-5cg6-6j9j
@@ -75387,3 +75395,4 @@ CVE-2023-29205 - https://jira.xwiki.org/browse/XWIKI-18568
 CVE-2023-29383 - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
 CVE-2023-29383 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
 CVE-2023-29506 - https://jira.xwiki.org/browse/XWIKI-20335
+CVE-2023-30459 - https://smartptt.com