Update Sat May 18 18:06:54 UTC 2024

trickest · May 18, 2024 · ebe5ff6 · ebe5ff6
1 parent 7103711
commit ebe5ff6
Show file tree

Hide file tree

Showing 20 changed files with 222 additions and 2 deletions.
diff --git a/2010/CVE-2010-2800.md b/2010/CVE-2010-2800.md
@@ -0,0 +1,17 @@
+### [CVE-2010-2800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2800)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.
+
+### POC
+
+#### Reference
+- http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2012/CVE-2012-5574.md b/2012/CVE-2012-5574.md
@@ -0,0 +1,17 @@
+### [CVE-2012-5574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5574)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
+
+### POC
+
+#### Reference
+- https://bugs.gentoo.org/show_bug.cgi?id=444696
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2013/CVE-2013-4078.md b/2013/CVE-2013-4078.md
@@ -0,0 +1,17 @@
+### [CVE-2013-4078](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4078)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
+
+### POC
+
+#### Reference
+- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2017/CVE-2017-14604.md b/2017/CVE-2017-14604.md
@@ -15,5 +15,5 @@ GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the
 - https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/timothee-chauvin/eyeballvul
 
diff --git a/2019/CVE-2019-20748.md b/2019/CVE-2019-20748.md
@@ -0,0 +1,17 @@
+### [CVE-2019-20748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20748)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000060963/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0147
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2020/CVE-2020-8903.md b/2020/CVE-2020-8903.md
@@ -0,0 +1,17 @@
+### [CVE-2020-8903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8903)
+![](https://img.shields.io/static/v1?label=Product&message=guest-oslogin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=stable%3E%3D%2020190304%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen)
+
+### Description
+
+A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.
+
+### POC
+
+#### Reference
+- https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2020/CVE-2020-8907.md b/2020/CVE-2020-8907.md
@@ -0,0 +1,17 @@
+### [CVE-2020-8907](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8907)
+![](https://img.shields.io/static/v1?label=Product&message=guest-oslogin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=stable%3E%3D%2020190304%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen)
+
+### Description
+
+A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
+
+### POC
+
+#### Reference
+- https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2020/CVE-2020-8933.md b/2020/CVE-2020-8933.md
@@ -10,7 +10,7 @@ A vulnerability in Google Cloud Platform's guest-oslogin versions between 201903
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2024/CVE-2024-27460.md b/2024/CVE-2024-27460.md
@@ -13,6 +13,7 @@ A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and belo
 No PoCs from references.
 
 #### Github
+- https://github.com/10cks/CVE-2024-27460-installer
 - https://github.com/Alaatk/CVE-2024-27460
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/xct/CVE-2024-27460

diff --git a/2024/CVE-2024-27956.md b/2024/CVE-2024-27956.md
@@ -19,14 +19,19 @@ No PoCs from references.
 - https://github.com/Ostorlab/KEV
 - https://github.com/W3BW/CVE-2024-27956-RCE-File-Package
 - https://github.com/X-Projetion/CVE-2024-27956-WORDPRESS-RCE-PLUGIN
+- https://github.com/ZonghaoLi777/githubTrending
+- https://github.com/aneasystone/github-trending
 - https://github.com/diego-tella/CVE-2024-27956-RCE
+- https://github.com/fireinrain/github-trending
 - https://github.com/johe123qwe/github-trending
 - https://github.com/k3ppf0r/CVE-2024-27956
 - https://github.com/nancyariah4/CVE-2024-27956
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/sampsonv/github-trending
 - https://github.com/tanjiti/sec_profile
 - https://github.com/truonghuuphuc/CVE-2024-27956
 - https://github.com/wjlin0/poc-doc
 - https://github.com/wy876/POC
 - https://github.com/wy876/wiki
+- https://github.com/zhaoxiaoha/github-trending
 
diff --git a/2024/CVE-2024-29895.md b/2024/CVE-2024-29895.md
@@ -13,6 +13,7 @@ Cacti provides an operational monitoring and fault management framework. A comma
 - https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m
 
 #### Github
+- https://github.com/Rubioo02/CVE-2024-29895
 - https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/secunnix/CVE-2024-29895

diff --git a/2024/CVE-2024-32002.md b/2024/CVE-2024-32002.md
@@ -14,6 +14,7 @@ Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42
 No PoCs from references.
 
 #### Github
+- https://github.com/markuta/hooky
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/tanjiti/sec_profile
 
diff --git a/2024/CVE-2024-3437.md b/2024/CVE-2024-3437.md
@@ -13,5 +13,6 @@ A vulnerability was found in SourceCodester Prison Management System 1.0. It has
 - https://vuldb.com/?id.259631
 
 #### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/fubxx/CVE
 
diff --git a/2024/CVE-2024-3714.md b/2024/CVE-2024-3714.md
@@ -0,0 +1,17 @@
+### [CVE-2024-3714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3714)
+![](https://img.shields.io/static/v1?label=Product&message=GiveWP%20%E2%80%93%20Donation%20Plugin%20and%20Fundraising%20Platform&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.10.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode when used with a legacy form in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-3745.md b/2024/CVE-2024-3745.md
@@ -0,0 +1,17 @@
+### [CVE-2024-3745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3745)
+![](https://img.shields.io/static/v1?label=Product&message=MSI%20Afterburner&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.6.6.16381%20Beta%203%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)
+
+### Description
+
+MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
+
+### POC
+
+#### Reference
+- https://fluidattacks.com/advisories/gershwin/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-4374.md b/2024/CVE-2024-4374.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4374)
+![](https://img.shields.io/static/v1?label=Product&message=DethemeKit%20For%20Elementor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.1.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4865.md b/2024/CVE-2024-4865.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4865)
+![](https://img.shields.io/static/v1?label=Product&message=Happy%20Addons%20for%20Elementor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.10.8%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2024/CVE-2024-4891.md b/2024/CVE-2024-4891.md
@@ -0,0 +1,17 @@
+### [CVE-2024-4891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4891)
+![](https://img.shields.io/static/v1?label=Product&message=Essential%20Blocks%20%E2%80%93%20Page%20Builder%20Gutenberg%20Blocks%2C%20Patterns%20%26%20Templates&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%204.5.12%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+