Update Tue Jun 18 02:09:10 UTC 2024

2018/CVE-2018-10054.md

@@ -10,6 +10,7 @@
 ### POC
 
 #### Reference
+- https://github.com/h2database/h2database/issues/1225
 - https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.html
 - https://www.exploit-db.com/exploits/44422/
 

2020/CVE-2020-10136.md

@@ -1,11 +1,11 @@
 ### [CVE-2020-10136](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10136)
 ![](https://img.shields.io/static/v1?label=Product&message=RFC2003%20-%20IP%20Encapsulation%20within%20IP&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=STD%201%3D%20STD%201%20&color=brighgreen)
-![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-19%20Data%20Processing%20Errors&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20STD%201%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-290%20Authentication%20Bypass%20by%20Spoofing&color=brighgreen)
 
 ### Description
 
-Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors.
+IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
 
 ### POC
 

2020/CVE-2020-14966.md

@@ -11,6 +11,7 @@ An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It
 
 #### Reference
 - https://github.com/kjur/jsrsasign/issues/437
+- https://www.npmjs.com/package/jsrsasign
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2020/CVE-2020-14967.md

@@ -11,6 +11,7 @@ An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its
 
 #### Reference
 - https://github.com/kjur/jsrsasign/issues/439
+- https://www.npmjs.com/package/jsrsasign
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2020/CVE-2020-14968.md

@@ -11,6 +11,7 @@ An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its
 
 #### Reference
 - https://github.com/kjur/jsrsasign/issues/438
+- https://www.npmjs.com/package/jsrsasign
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-40149.md

@@ -10,7 +10,7 @@ Those using Jettison to parse untrusted XML or JSON data may be vulnerable to De
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/jettison-json/jettison/issues/45
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-40150.md

@@ -10,7 +10,7 @@ Those using Jettison to parse untrusted XML or JSON data may be vulnerable to De
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/jettison-json/jettison/issues/45
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2024/CVE-2024-23134.md

@@ -5,7 +5,7 @@
 
 ### Description
 
-A maliciously crafted IGS or IGES file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
+A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
 
 ### POC
 

2024/CVE-2024-25400.md

@@ -5,7 +5,7 @@
 
 ### Description
 
-Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php.
+** DISPUTED ** Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.
 
 ### POC
 

2024/CVE-2024-34833.md

@@ -0,0 +1,18 @@
+### [CVE-2024-34833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34833)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.
+
+### POC
+
+#### Reference
+- https://github.com/ShellUnease/payroll-management-system-rce
+- https://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-36581.md

@@ -0,0 +1,17 @@
+### [CVE-2024-36581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36581)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm.
+
+### POC
+
+#### Reference
+- https://gist.github.com/mestrtee/f6b2ed1b3b4bc0df994c7455fc6110bd
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-36667.md

@@ -0,0 +1,17 @@
+### [CVE-2024-36667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36667)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close
+
+### POC
+
+#### Reference
+- https://github.com/sigubbs/cms/blob/main/36/csrf.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-37619.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37619](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37619)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php.
+
+### POC
+
+#### Reference
+- https://github.com/Hebing123/cve/issues/45
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-37622.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37622)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php.
+
+### POC
+
+#### Reference
+- https://github.com/rainrocka/xinhu/issues/4
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-37623.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37623)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component.
+
+### POC
+
+#### Reference
+- https://github.com/rainrocka/xinhu/issues/5
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-37624.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37624](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37624)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.
+
+### POC
+
+#### Reference
+- https://github.com/rainrocka/xinhu/issues/6
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-37625.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37625)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php.
+
+### POC
+
+#### Reference
+- https://github.com/zhimengzhe/iBarn/issues/20
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-37661.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37661)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.
+
+### POC
+
+#### Reference
+- https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-37896.md

@@ -0,0 +1,17 @@
+### [CVE-2024-37896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37896)
+![](https://img.shields.io/static/v1?label=Product&message=gin-vue-admin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.6.6%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failing to properly enforce restrictions on user input could mean that even a basic form input field can be used to inject arbitrary and potentially dangerous SQL commands. This could lead to unauthorized access to the database, data leakage, data manipulation, or even complete compromise of the database server. This vulnerability has been addressed in commit `53d033821` which has been included in release version 2.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gf3r-h744-mqgp
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-38449.md

@@ -0,0 +1,17 @@
+### [CVE-2024-38449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38449)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application.
+
+### POC
+
+#### Reference
+- https://kasmweb.atlassian.net/servicedesk/customer/portal/3/topic/30ffee7f-4b85-4783-b118-6ae4fd8b0c52
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-38469.md

@@ -0,0 +1,17 @@
+### [CVE-2024-38469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38469)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php.
+
+### POC
+
+#### Reference
+- https://github.com/zhimengzhe/iBarn/issues/20
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-38470.md

@@ -0,0 +1,17 @@
+### [CVE-2024-38470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38470)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php.
+
+### POC
+
+#### Reference
+- https://github.com/zhimengzhe/iBarn/issues/20
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-4577.md

@@ -11,6 +11,7 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w
 
 #### Reference
 - https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
+- https://github.com/11whoami99/CVE-2024-4577
 - https://isc.sans.edu/diary/30994
 - https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
 

2024/CVE-2024-4729.md

@@ -0,0 +1,17 @@
+### [CVE-2024-4729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4729)
+![](https://img.shields.io/static/v1?label=Product&message=Legal%20Case%20Management%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Campcodes Legal Case Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/expense-type. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263807.
+
+### POC
+
+#### Reference
+- https://github.com/yylmm/CVE/blob/main/Legal%20Case%20Management%20System/xss_admin_expense-type.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-4809.md

@@ -10,7 +10,7 @@ A vulnerability has been found in SourceCodester Open Source Clinic Management S
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/CveSecLook/cve/issues/26
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-4927.md

@@ -10,7 +10,7 @@ A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/Hefei-Coffee/cve/blob/main/upload2.md
 
 #### Github
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-5981.md

@@ -0,0 +1,17 @@
+### [CVE-2024-5981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5981)
+![](https://img.shields.io/static/v1?label=Product&message=Online%20House%20Rental%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268458 is the identifier assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/LiuYongXiang-git/cve/issues/1
+
+#### Github
+No PoCs found on GitHub currently.
+