Update Mon Mar 11 18:10:18 UTC 2024

2017/CVE-2017-20072.md

@@ -10,6 +10,7 @@ A vulnerability, which was classified as critical, was found in Hindu Matrimonia
 ### POC
 
 #### Reference
+- https://vuldb.com/?id.95412
 - https://www.exploit-db.com/exploits/41044/
 
 #### Github

2017/CVE-2017-20078.md

@@ -10,6 +10,7 @@ A vulnerability classified as critical has been found in Hindu Matrimonial Scrip
 ### POC
 
 #### Reference
+- https://vuldb.com/?id.95418
 - https://www.exploit-db.com/exploits/41044/
 
 #### Github

2017/CVE-2017-20079.md

@@ -10,6 +10,7 @@ A vulnerability classified as critical was found in Hindu Matrimonial Script. Af
 ### POC
 
 #### Reference
+- https://vuldb.com/?id.95419
 - https://www.exploit-db.com/exploits/41044/
 
 #### Github

2017/CVE-2017-20104.md

@@ -11,6 +11,7 @@ A vulnerability was found in Simplessus 3.7.7. It has been declared as critical.
 
 #### Reference
 - http://seclists.org/bugtraq/2017/Feb/39
+- https://vuldb.com/?id.97252
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2579.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2018/CVE-2018-2588.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2599.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2602.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2018/CVE-2018-2603.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2618.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2018/CVE-2018-2629.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2633.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 - https://github.com/HackJava/JNDI

2018/CVE-2018-2634.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2637.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2641.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2663.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-2677.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subc
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 - https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet

2018/CVE-2018-2678.md

@@ -12,6 +12,7 @@ Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java
 #### Reference
 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
+- https://usn.ubuntu.com/3614-1/
 
 #### Github
 No PoCs found on GitHub currently.

2021/CVE-2021-42646.md

@@ -11,6 +11,7 @@ XML External Entity (XXE) vulnerability in the file based service provider creat
 
 #### Reference
 - http://packetstormsecurity.com/files/167465/WSO2-Management-Console-XML-Injection.html
+- https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1289/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2024/CVE-2024-1828.md

@@ -10,6 +10,7 @@ A vulnerability was found in code-projects Library System 1.0. It has been class
 ### POC
 
 #### Reference
+- https://github.com/jxp98/VulResearch/blob/main/2024/02/3.3Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_reg.md
 - https://vuldb.com/?id.254616
 
 #### Github

2024/CVE-2024-1977.md

@@ -0,0 +1,17 @@
+### [CVE-2024-1977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1977)
+![](https://img.shields.io/static/v1?label=Product&message=Restaurant%20Solutions%20%E2%80%93%20Checklist&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
+
+### POC
+
+#### Reference
+- https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2022-004
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-26339.md

@@ -10,7 +10,7 @@ swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/s
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/matthiaskramm/swftools/issues/225
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-27287.md

@@ -0,0 +1,17 @@
+### [CVE-2024-27287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27287)
+![](https://img.shields.io/static/v1?label=Product&message=esphome&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202023.12.9%2C%20%3C%202024.2.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves unsanitized data with `Content-Type: text/html; charset=UTF-8`, allowing a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. It is possible for a malicious authenticated user to inject arbitrary Javascript in configuration files using a POST request to the /edit endpoint, the configuration parameter allows to specify the file to write. To trigger the XSS vulnerability, the victim must visit the page` /edit?configuration=[xss file]`. Abusing this vulnerability a malicious actor could perform operations on the dashboard on the behalf of a logged user, access sensitive information, create, edit and delete configuration files and flash firmware on managed boards.In addition to this, cookies are not correctly secured, allowing the exfiltration of session cookie values. Version 2024.2.2 contains a patch for this issue.
+
+### POC
+
+#### Reference
+- https://github.com/esphome/esphome/security/advisories/GHSA-9p43-hj5j-96h5
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-28089.md

@@ -10,7 +10,7 @@ Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker with
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089
 
 #### Github
 - https://github.com/actuator/cve