Skip to content

Commit

Permalink
Update Sat Jan 7 13:49:20 UTC 2023
Browse files Browse the repository at this point in the history
  • Loading branch information
@trickest-workflows
trickest-workflows committed Jan 7, 2023
1 parent 2467b6b commit f70d596
Show file tree
Hide file tree
Showing 5 changed files with 72 additions and 0 deletions.
17 changes: 17 additions & 0 deletions 2011/CVE-2011-2122.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2011-2122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2122)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to rcsL substructures, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2119.

### POC

#### Reference
- http://www.securityfocus.com/archive/1/518439/100/0/threaded

#### Github
No PoCs found on GitHub currently.

17 changes: 17 additions & 0 deletions 2014/CVE-2014-3182.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2014-3182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3182)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.

### POC

#### Reference
- https://code.google.com/p/google-security-research/issues/detail?id=89

#### Github
No PoCs found on GitHub currently.

17 changes: 17 additions & 0 deletions 2020/CVE-2020-36642.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2020-36642](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36642)
![](https://img.shields.io/static/v1?label=Product&message=jobe&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen)

### Description

A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability.

### POC

#### Reference
- https://github.com/trampgeek/jobe/issues/39

#### Github
No PoCs found on GitHub currently.

17 changes: 17 additions & 0 deletions 2022/CVE-2022-44149.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
### [CVE-2022-44149](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44149)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.

### POC

#### Reference
- https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html

#### Github
No PoCs found on GitHub currently.

4 changes: 4 additions & 0 deletions references.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14850,6 +14850,7 @@ CVE-2011-2080 - http://securityreason.com/securityalert/8245
CVE-2011-2081 - http://securityreason.com/securityalert/8245
CVE-2011-2089 - http://www.exploit-db.com/exploits/17240
CVE-2011-2105 - http://www.kb.cert.org/vuls/id/264729
CVE-2011-2122 - http://www.securityfocus.com/archive/1/518439/100/0/threaded
CVE-2011-2151 - http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
CVE-2011-2154 - http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
CVE-2011-2155 - http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
Expand Down Expand Up @@ -20205,6 +20206,7 @@ CVE-2014-3148 - http://packetstormsecurity.com/files/128338/OKCupid-Cross-Site-S
CVE-2014-3149 - http://packetstormsecurity.com/files/127328/IP.Board-3.4.x-3.3.x-Cross-Site-Scripting.html
CVE-2014-3149 - http://www.christian-schneider.net/advisories/CVE-2014-3149.txt
CVE-2014-3158 - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
CVE-2014-3182 - https://code.google.com/p/google-security-research/issues/detail?id=89
CVE-2014-3187 - https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5
CVE-2014-3205 - https://www.exploit-db.com/exploits/33159/
CVE-2014-3206 - https://www.exploit-db.com/exploits/33159/
Expand Down Expand Up @@ -56738,6 +56740,7 @@ CVE-2020-3662 - https://www.qualcomm.com/company/product-security/bulletins/june
CVE-2020-36629 - https://github.com/SimbCo/httpster/pull/36
CVE-2020-3663 - https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin
CVE-2020-3664 - https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin
CVE-2020-36642 - https://github.com/trampgeek/jobe/issues/39
CVE-2020-3665 - https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin
CVE-2020-3666 - https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
CVE-2020-3667 - https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
Expand Down Expand Up @@ -67868,6 +67871,7 @@ CVE-2022-44108 - https://github.com/ldenoue/pdftojson/issues/3
CVE-2022-44109 - https://github.com/ldenoue/pdftojson/issues/4
CVE-2022-4413 - https://huntr.dev/bounties/70ac720d-c932-4ed3-98b1-dd2cbcb90185
CVE-2022-4414 - https://huntr.dev/bounties/131a41e5-c936-4c3f-84fc-e0e1f0e090b5
CVE-2022-44149 - https://packetstormsecurity.com/files/170366/Nexxt-Router-Firmware-42.103.1.5095-Remote-Code-Execution.html
CVE-2022-44204 - https://github.com/flamingo1616/iot_vuln/blob/main/D-Link/DIR-3060/5.md
CVE-2022-44235 - https://github.com/liong007/Zed-3/issues/1
CVE-2022-44262 - https://github.com/ff4j/ff4j/issues/624
Expand Down

0 comments on commit f70d596

Please sign in to comment.