-
Notifications
You must be signed in to change notification settings - Fork 776
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f195756
commit d51dc33
Showing
6 changed files
with
58 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-2804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2804) | ||
![](https://img.shields.io/static/v1?label=Product&message=Zoo%20Management%20System&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability was found in SourceCodester Zoo Management System. It has been classified as critical. Affected is an unknown function of the file /pages/apply_vacancy.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-206250 is the identifier assigned to this vulnerability. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://vuldb.com/?id.206250 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-2934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2934) | ||
![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=114.0.5735.90%3C%20114.0.5735.90%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Out%20of%20bounds%20memory%20access&color=brighgreen) | ||
|
||
### Description | ||
|
||
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2023-3439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3439) | ||
![](https://img.shields.io/static/v1?label=Product&message=Linux%20Kernel%20(mctp)&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416&color=brighgreen) | ||
|
||
### Description | ||
|
||
A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- http://www.openwall.com/lists/oss-security/2023/07/02/1 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters