Update Thu Mar 28 09:59:48 UTC 2024

trickest · Mar 28, 2024 · e4fcccf · e4fcccf
1 parent 09ccccf
commit e4fcccf
Show file tree

Hide file tree

Showing 13 changed files with 216 additions and 0 deletions.
diff --git a/2011/CVE-2011-1127.md b/2011/CVE-2011-1127.md
@@ -0,0 +1,17 @@
+### [CVE-2011-1127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1127)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.
+
+### POC
+
+#### Reference
+- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2011/CVE-2011-1128.md b/2011/CVE-2011-1128.md
@@ -0,0 +1,17 @@
+### [CVE-2011-1128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1128)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack.
+
+### POC
+
+#### Reference
+- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2011/CVE-2011-1129.md b/2011/CVE-2011-1129.md
@@ -0,0 +1,17 @@
+### [CVE-2011-1129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1129)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.
+
+### POC
+
+#### Reference
+- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2011/CVE-2011-1130.md b/2011/CVE-2011-1130.md
@@ -0,0 +1,17 @@
+### [CVE-2011-1130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1130)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly validate the start parameter, which might allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value, related to the cleanRequest function in QueryString.php and the constructPageIndex function in Subs.php.
+
+### POC
+
+#### Reference
+- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2011/CVE-2011-1131.md b/2011/CVE-2011-1131.md
@@ -0,0 +1,17 @@
+### [CVE-2011-1131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1131)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, uses certain cached data in a situation where a temporary table has been created, even though this cached data is intended only for situations where a temporary table has not been created, which might allow remote attackers to obtain sensitive information via a search.
+
+### POC
+
+#### Reference
+- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2016/CVE-2016-9888.md b/2016/CVE-2016-9888.md
@@ -0,0 +1,17 @@
+### [CVE-2016-9888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9888)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
+
+### POC
+
+#### Reference
+- https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-2178.md b/2017/CVE-2017-2178.md
@@ -0,0 +1,17 @@
+### [CVE-2017-2178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2178)
+![](https://img.shields.io/static/v1?label=Product&message=Installer%20of%20electronic%20tendering%20and%20bid%20opening%20system&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Untrusted%20search%20path%20vulnerability&color=brighgreen)
+
+### Description
+
+Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
+
+### POC
+
+#### Reference
+- http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-2208.md b/2017/CVE-2017-2208.md
@@ -0,0 +1,17 @@
+### [CVE-2017-2208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2208)
+![](https://img.shields.io/static/v1?label=Product&message=Installer%20of%20electronic%20tendering%20and%20bid%20opening%20system&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Untrusted%20search%20path%20vulnerability&color=brighgreen)
+
+### Description
+
+Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
+
+### POC
+
+#### Reference
+- http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-5925.md b/2017/CVE-2017-5925.md
@@ -0,0 +1,17 @@
+### [CVE-2017-5925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5925)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
+
+### POC
+
+#### Reference
+- https://www.vusec.net/projects/anc
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-5926.md b/2017/CVE-2017-5926.md
@@ -0,0 +1,17 @@
+### [CVE-2017-5926](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5926)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
+
+### POC
+
+#### Reference
+- https://www.vusec.net/projects/anc
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-5927.md b/2017/CVE-2017-5927.md
@@ -0,0 +1,17 @@
+### [CVE-2017-5927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5927)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
+
+### POC
+
+#### Reference
+- https://www.vusec.net/projects/anc
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-5928.md b/2017/CVE-2017-5928.md
@@ -0,0 +1,17 @@
+### [CVE-2017-5928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5928)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code.
+
+### POC
+
+#### Reference
+- https://www.vusec.net/projects/anc
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -18583,6 +18583,11 @@ CVE-2011-1096 - http://www.csoonline.com/article/692366/widely-used-encryption-s
 CVE-2011-1099 - http://securityreason.com/securityalert/8121
 CVE-2011-1099 - http://www.exploit-db.com/exploits/16933
 CVE-2011-1100 - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4992.php
+CVE-2011-1127 - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+CVE-2011-1128 - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+CVE-2011-1129 - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+CVE-2011-1130 - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
+CVE-2011-1131 - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
 CVE-2011-1137 - http://www.exploit-db.com/exploits/16129/
 CVE-2011-1141 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5732
 CVE-2011-1150 - https://www.openwall.com/lists/oss-security/2011/03/14/20
@@ -39587,6 +39592,7 @@ CVE-2016-9844 - https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
 CVE-2016-9847 - https://www.phpmyadmin.net/security/PMASA-2016-58
 CVE-2016-9878 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
 CVE-2016-9878 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
+CVE-2016-9888 - https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
 CVE-2016-9892 - http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
 CVE-2016-9892 - http://seclists.org/fulldisclosure/2017/Feb/68
 CVE-2016-9899 - https://bugzilla.mozilla.org/show_bug.cgi?id=1317409
@@ -43494,7 +43500,9 @@ CVE-2017-2122 - https://www.tenable.com/security/tns-2017-01
 CVE-2017-2137 - https://kb.netgear.com/000038443/Security-Advisory-for-Insecure-SOAP-Access-in-ProSAFE-Plus-Configuration-Utility-PSV-2017-1997
 CVE-2017-2168 - https://wpvulndb.com/vulnerabilities/8830
 CVE-2017-2176 - http://www.mod.go.jp/asdf/information/index.html
+CVE-2017-2178 - http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html
 CVE-2017-2195 - https://wpvulndb.com/vulnerabilities/8844
+CVE-2017-2208 - http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html
 CVE-2017-2224 - https://wpvulndb.com/vulnerabilities/8859
 CVE-2017-2284 - https://wpvulndb.com/vulnerabilities/8878
 CVE-2017-2285 - https://wpvulndb.com/vulnerabilities/8879
@@ -44696,6 +44704,10 @@ CVE-2017-5896 - http://www.openwall.com/lists/oss-security/2017/02/06/3
 CVE-2017-5896 - https://bugs.ghostscript.com/show_bug.cgi?id=697515
 CVE-2017-5899 - http://www.openwall.com/lists/oss-security/2017/01/27/7
 CVE-2017-5900 - http://seclists.org/fulldisclosure/2017/Mar/75
+CVE-2017-5925 - https://www.vusec.net/projects/anc
+CVE-2017-5926 - https://www.vusec.net/projects/anc
+CVE-2017-5927 - https://www.vusec.net/projects/anc
+CVE-2017-5928 - https://www.vusec.net/projects/anc
 CVE-2017-5940 - https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f
 CVE-2017-5940 - https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef
 CVE-2017-5940 - https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863