mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/02/27 18:26:59

Browse source
This commit is contained in:
motikan2010-bot 2024-02-28 03:26:59 +09:00
parent 2e5182993a
commit 03c0e097d5
33 changed files with 293 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
2017/CVE-2017-1000117.json
View file

@ -567,7 +567,7 @@
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
"subscribers_count": 1
},
{
"id": 187589348,

8
2017/CVE-2017-12615.json
View file

@ -13,10 +13,10 @@
"description": "POC Exploit for Apache Tomcat 7.0.x CVE-2017-12615 PUT JSP vulnerability.",
"fork": false,
"created_at": "2017-09-23T06:15:48Z",
"updated_at": "2024-02-20T09:38:04Z",
"updated_at": "2024-02-27T16:15:41Z",
"pushed_at": "2022-10-09T12:13:03Z",
"stargazers_count": 103,
"watchers_count": 103,
"stargazers_count": 104,
"watchers_count": 104,
"has_discussions": false,
"forks_count": 24,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 24,
"watchers": 103,
"watchers": 104,
"score": 0,
"subscribers_count": 5
},

32
2017/CVE-2017-2903.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 764081614,
"name": "dpx_work_CVE-2017-2903",
"full_name": "SpiralBL0CK\/dpx_work_CVE-2017-2903",
"owner": {
"login": "SpiralBL0CK",
"id": 25670930,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25670930?v=4",
"html_url": "https:\/\/github.com\/SpiralBL0CK"
},
"html_url": "https:\/\/github.com\/SpiralBL0CK\/dpx_work_CVE-2017-2903",
"description": "dpx file format parser + mallicous crafter for CVE-2017-2903",
"fork": false,
"created_at": "2024-02-27T12:55:32Z",
"updated_at": "2024-02-27T12:55:32Z",
"pushed_at": "2024-02-27T12:55:32Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2018/CVE-2018-14847.json
View file

@ -258,10 +258,10 @@
"description": "This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords. The vulnerability has long since been fixed, so this project has ended and will not be supported or updated anymore. You can fork it and update it yourself instead.",
"fork": false,
"created_at": "2021-04-21T16:42:31Z",
"updated_at": "2024-02-22T10:22:13Z",
"updated_at": "2024-02-27T13:22:05Z",
"pushed_at": "2021-04-21T16:46:37Z",
"stargazers_count": 32,
"watchers_count": 32,
"stargazers_count": 33,
"watchers_count": 33,
"has_discussions": false,
"forks_count": 13,
"allow_forking": true,
@ -270,7 +270,7 @@
"topics": [],
"visibility": "public",
"forks": 13,
"watchers": 32,
"watchers": 33,
"score": 0,
"subscribers_count": 3
},

8
2018/CVE-2018-15473.json
View file

@ -577,10 +577,10 @@
"description": "OpenSSH 2.3 < 7.7 - Username Enumeration",
"fork": false,
"created_at": "2020-11-29T17:36:11Z",
"updated_at": "2024-02-16T16:34:36Z",
"updated_at": "2024-02-27T13:41:55Z",
"pushed_at": "2023-09-04T20:57:42Z",
"stargazers_count": 32,
"watchers_count": 32,
"stargazers_count": 33,
"watchers_count": 33,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -589,7 +589,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 32,
"watchers": 33,
"score": 0,
"subscribers_count": 2
},

8
2019/CVE-2019-18634.json
View file

@ -43,10 +43,10 @@
"description": "Proof of Concept for CVE-2019-18634",
"fork": false,
"created_at": "2020-02-07T18:07:03Z",
"updated_at": "2024-02-21T00:08:20Z",
"updated_at": "2024-02-27T12:58:00Z",
"pushed_at": "2021-09-12T02:55:24Z",
"stargazers_count": 190,
"watchers_count": 190,
"stargazers_count": 191,
"watchers_count": 191,
"has_discussions": false,
"forks_count": 48,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 48,
"watchers": 190,
"watchers": 191,
"score": 0,
"subscribers_count": 3
},

8
2021/CVE-2021-21972.json
View file

@ -851,10 +851,10 @@
"description": "一款针对Vcenter的综合利用工具包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972\/31656以及log4j提供一键上传webshell命令执行或者上传公钥使用SSH免密连接",
"fork": false,
"created_at": "2022-10-04T03:39:27Z",
"updated_at": "2024-02-21T21:37:01Z",
"updated_at": "2024-02-27T15:51:56Z",
"pushed_at": "2024-02-01T06:53:03Z",
"stargazers_count": 1214,
"watchers_count": 1214,
"stargazers_count": 1215,
"watchers_count": 1215,
"has_discussions": false,
"forks_count": 154,
"allow_forking": true,
@ -870,7 +870,7 @@
],
"visibility": "public",
"forks": 154,
"watchers": 1214,
"watchers": 1215,
"score": 0,
"subscribers_count": 12
}

8
2021/CVE-2021-4034.json
View file

@ -938,10 +938,10 @@
"description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation",
"fork": false,
"created_at": "2022-01-26T14:26:10Z",
"updated_at": "2024-02-26T19:38:42Z",
"updated_at": "2024-02-27T13:17:41Z",
"pushed_at": "2022-06-21T14:52:05Z",
"stargazers_count": 957,
"watchers_count": 957,
"stargazers_count": 958,
"watchers_count": 958,
"has_discussions": false,
"forks_count": 181,
"allow_forking": true,
@ -952,7 +952,7 @@
],
"visibility": "public",
"forks": 181,
"watchers": 957,
"watchers": 958,
"score": 0,
"subscribers_count": 14
},

8
2021/CVE-2021-42013.json
View file

@ -167,10 +167,10 @@
"description": "PoC CVE-2021-42013 reverse shell Apache 2.4.50 with CGI",
"fork": false,
"created_at": "2021-10-24T12:57:55Z",
"updated_at": "2023-11-12T07:04:16Z",
"updated_at": "2024-02-27T16:58:36Z",
"pushed_at": "2021-10-24T13:26:02Z",
"stargazers_count": 5,
"watchers_count": 5,
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -179,7 +179,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 5,
"watchers": 6,
"score": 0,
"subscribers_count": 1
},

16
2021/CVE-2021-42278.json
View file

@ -13,10 +13,10 @@
"description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ",
"fork": false,
"created_at": "2021-12-11T15:10:30Z",
"updated_at": "2024-02-27T11:40:48Z",
"updated_at": "2024-02-27T13:14:15Z",
"pushed_at": "2022-07-10T22:23:13Z",
"stargazers_count": 949,
"watchers_count": 949,
"stargazers_count": 950,
"watchers_count": 950,
"has_discussions": false,
"forks_count": 193,
"allow_forking": true,
@ -30,7 +30,7 @@
],
"visibility": "public",
"forks": 193,
"watchers": 949,
"watchers": 950,
"score": 0,
"subscribers_count": 26
},
@ -108,10 +108,10 @@
"description": "Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)",
"fork": false,
"created_at": "2021-12-13T23:15:05Z",
"updated_at": "2024-02-24T11:42:37Z",
"updated_at": "2024-02-27T16:33:44Z",
"pushed_at": "2022-01-13T12:35:19Z",
"stargazers_count": 264,
"watchers_count": 264,
"stargazers_count": 265,
"watchers_count": 265,
"has_discussions": false,
"forks_count": 38,
"allow_forking": true,
@ -122,7 +122,7 @@
],
"visibility": "public",
"forks": 38,
"watchers": 264,
"watchers": 265,
"score": 0,
"subscribers_count": 7
},

8
2021/CVE-2021-42287.json
View file

@ -13,10 +13,10 @@
"description": "CVE-2021-42287\/CVE-2021-42278 Scanner & Exploiter.",
"fork": false,
"created_at": "2021-12-11T19:27:30Z",
"updated_at": "2024-02-26T20:56:10Z",
"updated_at": "2024-02-27T13:20:06Z",
"pushed_at": "2021-12-16T09:50:15Z",
"stargazers_count": 1285,
"watchers_count": 1285,
"stargazers_count": 1286,
"watchers_count": 1286,
"has_discussions": false,
"forks_count": 321,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 321,
"watchers": 1285,
"watchers": 1286,
"score": 0,
"subscribers_count": 27
},

8
2022/CVE-2022-0847.json
View file

@ -1185,10 +1185,10 @@
"description": "A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.",
"fork": false,
"created_at": "2022-03-12T20:57:24Z",
"updated_at": "2024-02-24T14:42:08Z",
"updated_at": "2024-02-27T12:50:42Z",
"pushed_at": "2023-05-20T05:55:45Z",
"stargazers_count": 487,
"watchers_count": 487,
"stargazers_count": 488,
"watchers_count": 488,
"has_discussions": false,
"forks_count": 136,
"allow_forking": true,
@ -1197,7 +1197,7 @@
"topics": [],
"visibility": "public",
"forks": 136,
"watchers": 487,
"watchers": 488,
"score": 0,
"subscribers_count": 15
},

8
2022/CVE-2022-22954.json
View file

@ -796,10 +796,10 @@
"description": "一款针对Vcenter的综合利用工具包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972\/31656以及log4j提供一键上传webshell命令执行或者上传公钥使用SSH免密连接",
"fork": false,
"created_at": "2022-10-04T03:39:27Z",
"updated_at": "2024-02-21T21:37:01Z",
"updated_at": "2024-02-27T15:51:56Z",
"pushed_at": "2024-02-01T06:53:03Z",
"stargazers_count": 1214,
"watchers_count": 1214,
"stargazers_count": 1215,
"watchers_count": 1215,
"has_discussions": false,
"forks_count": 154,
"allow_forking": true,
@ -815,7 +815,7 @@
],
"visibility": "public",
"forks": 154,
"watchers": 1214,
"watchers": 1215,
"score": 0,
"subscribers_count": 12
},

30
2022/CVE-2022-44877.json
View file

@ -243,5 +243,35 @@
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 764149155,
"name": "CVE-2022-44877",
"full_name": "G01d3nW01f\/CVE-2022-44877",
"owner": {
"login": "G01d3nW01f",
"id": 75846902,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/75846902?v=4",
"html_url": "https:\/\/github.com\/G01d3nW01f"
},
"html_url": "https:\/\/github.com\/G01d3nW01f\/CVE-2022-44877",
"description": null,
"fork": false,
"created_at": "2024-02-27T15:09:50Z",
"updated_at": "2024-02-27T15:10:39Z",
"pushed_at": "2024-02-27T15:16:57Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2023/CVE-2023-2033.json
View file

@ -43,10 +43,10 @@
"description": "A collection of resources and information about CVE-2023-2033",
"fork": false,
"created_at": "2023-04-26T15:24:02Z",
"updated_at": "2023-10-11T08:20:02Z",
"updated_at": "2024-02-27T15:02:07Z",
"pushed_at": "2023-08-13T21:53:14Z",
"stargazers_count": 17,
"watchers_count": 17,
"stargazers_count": 18,
"watchers_count": 18,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -60,7 +60,7 @@
],
"visibility": "public",
"forks": 2,
"watchers": 17,
"watchers": 18,
"score": 0,
"subscribers_count": 1
},

4
2023/CVE-2023-22515.json
View file

@ -78,7 +78,7 @@
"stargazers_count": 124,
"watchers_count": 124,
"has_discussions": false,
"forks_count": 27,
"forks_count": 28,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -93,7 +93,7 @@
"vulnerability"
],
"visibility": "public",
"forks": 27,
"forks": 28,
"watchers": 124,
"score": 0,
"subscribers_count": 3

8
2023/CVE-2023-28432.json
View file

@ -136,10 +136,10 @@
"description": "CVE-2023-28432 POC",
"fork": false,
"created_at": "2023-03-24T08:27:32Z",
"updated_at": "2024-02-11T17:03:17Z",
"updated_at": "2024-02-27T17:47:37Z",
"pushed_at": "2023-03-24T08:53:49Z",
"stargazers_count": 7,
"watchers_count": 7,
"stargazers_count": 8,
"watchers_count": 8,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -148,7 +148,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 7,
"watchers": 8,
"score": 0,
"subscribers_count": 1
},

8
2023/CVE-2023-32315.json
View file

@ -43,10 +43,10 @@
"description": "rce",
"fork": false,
"created_at": "2023-06-14T09:43:31Z",
"updated_at": "2024-02-27T01:20:53Z",
"updated_at": "2024-02-27T17:11:36Z",
"pushed_at": "2023-06-15T01:35:51Z",
"stargazers_count": 120,
"watchers_count": 120,
"stargazers_count": 122,
"watchers_count": 122,
"has_discussions": false,
"forks_count": 29,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 29,
"watchers": 120,
"watchers": 122,
"score": 0,
"subscribers_count": 5
},

8
2023/CVE-2023-33246.json
View file

@ -133,10 +133,10 @@
"description": "CVE-2023-33246 RocketMQ RCE Detect By Version and Exploit",
"fork": false,
"created_at": "2023-06-01T14:48:26Z",
"updated_at": "2024-02-04T08:39:59Z",
"updated_at": "2024-02-27T16:08:37Z",
"pushed_at": "2023-06-07T13:07:30Z",
"stargazers_count": 95,
"watchers_count": 95,
"stargazers_count": 96,
"watchers_count": 96,
"has_discussions": false,
"forks_count": 20,
"allow_forking": true,
@ -149,7 +149,7 @@
],
"visibility": "public",
"forks": 20,
"watchers": 95,
"watchers": 96,
"score": 0,
"subscribers_count": 3
},

10
2023/CVE-2023-38831.json
View file

@ -174,10 +174,10 @@
"description": "CVE-2023-38831 PoC (Proof Of Concept)",
"fork": false,
"created_at": "2023-08-28T04:56:10Z",
"updated_at": "2024-02-13T15:04:29Z",
"updated_at": "2024-02-27T14:58:33Z",
"pushed_at": "2023-08-28T20:41:57Z",
"stargazers_count": 51,
"watchers_count": 51,
"stargazers_count": 52,
"watchers_count": 52,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -186,7 +186,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 51,
"watchers": 52,
"score": 0,
"subscribers_count": 0
},
@ -613,7 +613,7 @@
"fork": false,
"created_at": "2023-09-03T14:03:45Z",
"updated_at": "2024-02-03T12:55:18Z",
"pushed_at": "2023-09-03T14:14:30Z",
"pushed_at": "2024-02-27T14:33:26Z",
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,

8
2023/CVE-2023-4450.json
View file

@ -13,10 +13,10 @@
"description": null,
"fork": false,
"created_at": "2024-02-07T03:51:34Z",
"updated_at": "2024-02-27T03:27:29Z",
"updated_at": "2024-02-27T12:46:32Z",
"pushed_at": "2024-02-07T06:34:02Z",
"stargazers_count": 5,
"watchers_count": 5,
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 5,
"watchers": 6,
"score": 0,
"subscribers_count": 1
}

12
2023/CVE-2023-46747.json
View file

@ -43,12 +43,12 @@
"description": "exploit for f5-big-ip RCE cve-2023-46747",
"fork": false,
"created_at": "2023-11-01T09:31:05Z",
"updated_at": "2024-02-20T15:40:13Z",
"updated_at": "2024-02-27T13:25:34Z",
"pushed_at": "2024-01-20T02:27:51Z",
"stargazers_count": 167,
"watchers_count": 167,
"stargazers_count": 168,
"watchers_count": 168,
"has_discussions": false,
"forks_count": 38,
"forks_count": 39,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -60,8 +60,8 @@
"redteam"
],
"visibility": "public",
"forks": 38,
"watchers": 167,
"forks": 39,
"watchers": 168,
"score": 0,
"subscribers_count": 2
},

8
2023/CVE-2023-47464.json
View file

@ -13,10 +13,10 @@
"description": "CVE-2023-47464 POC",
"fork": false,
"created_at": "2024-02-14T15:39:34Z",
"updated_at": "2024-02-15T03:55:27Z",
"updated_at": "2024-02-27T15:19:30Z",
"pushed_at": "2024-02-14T15:43:30Z",
"stargazers_count": 1,
"watchers_count": 1,
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 1,
"watchers": 2,
"score": 0,
"subscribers_count": 1
}

8
2023/CVE-2023-5961.json
View file

@ -13,10 +13,10 @@
"description": "moxa ioLogik E1212",
"fork": false,
"created_at": "2024-01-31T15:00:16Z",
"updated_at": "2024-02-01T00:58:01Z",
"updated_at": "2024-02-27T15:19:44Z",
"pushed_at": "2024-01-31T15:03:27Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
}

32
2023/CVE-2023-7016.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 764138202,
"name": "CVE-2023-7016-POC",
"full_name": "ewilded\/CVE-2023-7016-POC",
"owner": {
"login": "ewilded",
"id": 1158719,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1158719?v=4",
"html_url": "https:\/\/github.com\/ewilded"
},
"html_url": "https:\/\/github.com\/ewilded\/CVE-2023-7016-POC",
"description": "POC for the flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows that allows an attacker to execute code at a SYSTEM level via local access.",
"fork": false,
"created_at": "2024-02-27T14:48:19Z",
"updated_at": "2024-02-27T14:50:26Z",
"pushed_at": "2024-02-27T14:50:21Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

32
2024/CVE-2024-0197.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 764157453,
"name": "CVE-2024-0197-POC",
"full_name": "ewilded\/CVE-2024-0197-POC",
"owner": {
"login": "ewilded",
"id": 1158719,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1158719?v=4",
"html_url": "https:\/\/github.com\/ewilded"
},
"html_url": "https:\/\/github.com\/ewilded\/CVE-2024-0197-POC",
"description": "Proof of concept for Local Privilege Escalation in Thales Sentinel HASP LDK.",
"fork": false,
"created_at": "2024-02-27T15:25:58Z",
"updated_at": "2024-02-27T15:30:05Z",
"pushed_at": "2024-02-27T15:30:16Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2024/CVE-2024-1071.json
View file

@ -18,13 +18,13 @@
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"forks": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 0

12
2024/CVE-2024-1709.json
View file

@ -13,12 +13,12 @@
"description": "ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!",
"fork": false,
"created_at": "2024-02-21T09:42:04Z",
"updated_at": "2024-02-27T11:10:30Z",
"updated_at": "2024-02-27T18:16:04Z",
"pushed_at": "2024-02-22T05:22:35Z",
"stargazers_count": 74,
"watchers_count": 74,
"stargazers_count": 77,
"watchers_count": 77,
"has_discussions": false,
"forks_count": 16,
"forks_count": 18,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -33,8 +33,8 @@
"screenconnect"
],
"visibility": "public",
"forks": 16,
"watchers": 74,
"forks": 18,
"watchers": 77,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-21413.json
View file

@ -43,10 +43,10 @@
"description": "Microsoft-Outlook-Remote-Code-Execution-Vulnerability",
"fork": false,
"created_at": "2024-02-16T15:17:59Z",
"updated_at": "2024-02-27T09:52:52Z",
"updated_at": "2024-02-27T15:21:51Z",
"pushed_at": "2024-02-19T20:00:35Z",
"stargazers_count": 490,
"watchers_count": 490,
"stargazers_count": 492,
"watchers_count": 492,
"has_discussions": false,
"forks_count": 107,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 107,
"watchers": 490,
"watchers": 492,
"score": 0,
"subscribers_count": 6
},

8
2024/CVE-2024-22024.json
View file

@ -13,10 +13,10 @@
"description": "Check for CVE-2024-22024 vulnerability in Ivanti Connect Secure",
"fork": false,
"created_at": "2024-02-09T14:31:56Z",
"updated_at": "2024-02-26T07:17:00Z",
"updated_at": "2024-02-27T14:29:04Z",
"pushed_at": "2024-02-09T15:14:03Z",
"stargazers_count": 22,
"watchers_count": 22,
"stargazers_count": 23,
"watchers_count": 23,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 7,
"watchers": 22,
"watchers": 23,
"score": 0,
"subscribers_count": 2
},

16
2024/CVE-2024-23897.json
View file

@ -103,10 +103,10 @@
"description": "CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner. ",
"fork": false,
"created_at": "2024-01-26T19:00:03Z",
"updated_at": "2024-02-27T11:12:18Z",
"updated_at": "2024-02-27T16:33:41Z",
"pushed_at": "2024-02-26T19:43:34Z",
"stargazers_count": 31,
"watchers_count": 31,
"stargazers_count": 32,
"watchers_count": 32,
"has_discussions": false,
"forks_count": 13,
"allow_forking": true,
@ -115,7 +115,7 @@
"topics": [],
"visibility": "public",
"forks": 13,
"watchers": 31,
"watchers": 32,
"score": 0,
"subscribers_count": 2
},
@ -196,10 +196,10 @@
"description": "CVE-2024-23897 jenkins-cli",
"fork": false,
"created_at": "2024-01-27T12:57:28Z",
"updated_at": "2024-02-27T10:01:26Z",
"updated_at": "2024-02-27T13:35:16Z",
"pushed_at": "2024-01-27T13:10:37Z",
"stargazers_count": 8,
"watchers_count": 8,
"stargazers_count": 9,
"watchers_count": 9,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -208,7 +208,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 8,
"watchers": 9,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-25600.json
View file

@ -13,10 +13,10 @@
"description": "Unauthenticated Remote Code Execution Bricks <= 1.9.6",
"fork": false,
"created_at": "2024-02-20T20:16:09Z",
"updated_at": "2024-02-27T10:14:56Z",
"updated_at": "2024-02-27T18:22:07Z",
"pushed_at": "2024-02-25T21:50:09Z",
"stargazers_count": 83,
"watchers_count": 83,
"stargazers_count": 85,
"watchers_count": 85,
"has_discussions": false,
"forks_count": 16,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 16,
"watchers": 83,
"watchers": 85,
"score": 0,
"subscribers_count": 1
},

76
README.md
View file

@ -1,6 +1,13 @@
# PoC in GitHub
## 2024
### CVE-2024-0197 (2024-02-27)
<code>A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.\n\n
</code>
- [ewilded/CVE-2024-0197-POC](https://github.com/ewilded/CVE-2024-0197-POC)
### CVE-2024-0204 (2024-01-22)
<code>Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
@ -70,21 +77,21 @@
- [sajaljat/CVE-2024-1269](https://github.com/sajaljat/CVE-2024-1269)
### CVE-2024-1346 (-)
### CVE-2024-1346 (2024-02-19)
<code>Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants.
</code>
- [PeterGabaldon/CVE-2024-1346](https://github.com/PeterGabaldon/CVE-2024-1346)
### CVE-2024-1651 (-)
### CVE-2024-1651 (2024-02-19)
<code>Torrentpier version 2.4.1 allows executing arbitrary commands on the server.\n\nThis is possible because the application is vulnerable to insecure deserialization.\n\n\n\n\n
</code>
- [sharpicx/CVE-2024-1651-PoC](https://github.com/sharpicx/CVE-2024-1651-PoC)
### CVE-2024-1709 (-)
### CVE-2024-1709 (2024-02-21)
<code>ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel\n\n vulnerability, which may allow an attacker direct access to confidential information or \n\ncritical systems.\n\n
</code>
@ -113,7 +120,7 @@
- [RomanRybachek/CVE-2024-20698](https://github.com/RomanRybachek/CVE-2024-20698)
### CVE-2024-20931 (-)
### CVE-2024-20931 (2024-02-16)
<code>Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
</code>
@ -131,7 +138,7 @@
- [tandasat/CVE-2024-21305](https://github.com/tandasat/CVE-2024-21305)
### CVE-2024-21413 (-)
### CVE-2024-21413 (2024-02-13)
<code>Microsoft Outlook Remote Code Execution Vulnerability
</code>
@ -199,14 +206,14 @@
### CVE-2024-22145
- [RandomRobbieBF/CVE-2024-22145](https://github.com/RandomRobbieBF/CVE-2024-22145)
### CVE-2024-22243 (-)
### CVE-2024-22243 (2024-02-23)
<code>Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.\n
</code>
- [shellfeel/CVE-2024-22243-CVE-2024-22234](https://github.com/shellfeel/CVE-2024-22243-CVE-2024-22234)
### CVE-2024-22369 (-)
### CVE-2024-22369 (2024-02-20)
<code>Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0.\n\nUsers are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1\n\n
</code>
@ -281,7 +288,7 @@
### CVE-2024-22909
- [BurakSevben/CVE-2024-22909](https://github.com/BurakSevben/CVE-2024-22909)
### CVE-2024-22917 (-)
### CVE-2024-22917 (2024-02-26)
<code>SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.
</code>
@ -435,14 +442,14 @@
### CVE-2024-24094
- [ASR511-OO7/CVE-2024-24094](https://github.com/ASR511-OO7/CVE-2024-24094)
### CVE-2024-24095 (-)
### CVE-2024-24095 (2024-02-26)
<code>Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.
</code>
- [ASR511-OO7/CVE-2024-24095](https://github.com/ASR511-OO7/CVE-2024-24095)
### CVE-2024-24096 (-)
### CVE-2024-24096 (2024-02-26)
<code>Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.
</code>
@ -455,14 +462,14 @@
### CVE-2024-24098
- [ASR511-OO7/CVE-2024-24098](https://github.com/ASR511-OO7/CVE-2024-24098)
### CVE-2024-24099 (-)
### CVE-2024-24099 (2024-02-26)
<code>Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update.
</code>
- [ASR511-OO7/CVE-2024-24099](https://github.com/ASR511-OO7/CVE-2024-24099)
### CVE-2024-24100 (-)
### CVE-2024-24100 (2024-02-26)
<code>Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.
</code>
@ -526,7 +533,7 @@
- [BurakSevben/CVE-2024-24141](https://github.com/BurakSevben/CVE-2024-24141)
### CVE-2024-24142 (-)
### CVE-2024-24142 (2024-02-13)
<code>Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
</code>
@ -543,7 +550,7 @@
- [nitipoom-jar/CVE-2024-24337](https://github.com/nitipoom-jar/CVE-2024-24337)
### CVE-2024-24386 (-)
### CVE-2024-24386 (2024-02-15)
<code>An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder.
</code>
@ -571,14 +578,14 @@
- [trustcves/CVE-2024-24398](https://github.com/trustcves/CVE-2024-24398)
### CVE-2024-24401 (-)
### CVE-2024-24401 (2024-02-26)
<code>SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
</code>
- [MAWK0235/CVE-2024-24401](https://github.com/MAWK0235/CVE-2024-24401)
### CVE-2024-24402 (-)
### CVE-2024-24402 (2024-02-26)
<code>An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
</code>
@ -614,14 +621,14 @@
### CVE-2024-25202
- [Agampreet-Singh/CVE-2024-25202](https://github.com/Agampreet-Singh/CVE-2024-25202)
### CVE-2024-25249 (-)
### CVE-2024-25249 (2024-02-21)
<code>An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
</code>
- [intbjw/CVE-2024-25249](https://github.com/intbjw/CVE-2024-25249)
### CVE-2024-25251 (-)
### CVE-2024-25251 (2024-02-21)
<code>code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control.
</code>
@ -646,21 +653,21 @@
### CVE-2024-25376
- [ewilded/CVE-2024-25376-POC](https://github.com/ewilded/CVE-2024-25376-POC)
### CVE-2024-25381 (-)
### CVE-2024-25381 (2024-02-21)
<code>There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
</code>
- [Ox130e07d/CVE-2024-25381](https://github.com/Ox130e07d/CVE-2024-25381)
### CVE-2024-25423 (-)
### CVE-2024-25423 (2024-02-21)
<code>An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file.
</code>
- [DriverUnload/cve-2024-25423](https://github.com/DriverUnload/cve-2024-25423)
### CVE-2024-25466 (-)
### CVE-2024-25466 (2024-02-16)
<code>Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.
</code>
@ -1863,6 +1870,13 @@
- [RandomRobbieBF/CVE-2023-6985](https://github.com/RandomRobbieBF/CVE-2023-6985)
### CVE-2023-7016 (2024-02-27)
<code>A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.
</code>
- [ewilded/CVE-2023-7016-POC](https://github.com/ewilded/CVE-2023-7016-POC)
### CVE-2023-7028 (2024-01-12)
<code>An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
@ -3811,7 +3825,7 @@
- [whypet/CVE-2023-31320](https://github.com/whypet/CVE-2023-31320)
### CVE-2023-31346 (-)
### CVE-2023-31346 (2024-02-13)
<code>Failure to initialize\nmemory in SEV Firmware may allow a privileged attacker to access stale data\nfrom other guests.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
</code>
@ -5628,7 +5642,7 @@
- [Trinadh465/platform_system_netd_AOSP10_r33_CVE-2023-40084](https://github.com/Trinadh465/platform_system_netd_AOSP10_r33_CVE-2023-40084)
### CVE-2023-40109 (-)
### CVE-2023-40109 (2024-02-15)
<code>In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
</code>
@ -5836,7 +5850,7 @@
### CVE-2023-41505
- [ASR511-OO7/CVE-2023-41505](https://github.com/ASR511-OO7/CVE-2023-41505)
### CVE-2023-41506 (-)
### CVE-2023-41506 (2024-02-26)
<code>An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
</code>
@ -7466,7 +7480,7 @@
- [febinrev/deepin-linux_reader_RCE-exploit](https://github.com/febinrev/deepin-linux_reader_RCE-exploit)
### CVE-2023-50387 (-)
### CVE-2023-50387 (2024-02-14)
<code>Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the &quot;KeyTrap&quot; issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
</code>
@ -7600,7 +7614,7 @@
- [Pastea/CVE-2023-51810](https://github.com/Pastea/CVE-2023-51810)
### CVE-2023-52160 (-)
### CVE-2023-52160 (2024-02-22)
<code>The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
</code>
@ -9582,7 +9596,7 @@
- [hadrian3689/phpipam_1.4.4](https://github.com/hadrian3689/phpipam_1.4.4)
- [bernauers/CVE-2022-23046](https://github.com/bernauers/CVE-2022-23046)
### CVE-2022-23093 (-)
### CVE-2022-23093 (2024-02-15)
<code>ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a &quot;quoted packet,&quot; which represents the packet that generated an ICMP error. The quoted packet again has an IP header and an ICMP header.\n\nThe pr_pack() copies received IP and ICMP headers into stack buffers for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.\n\nThe memory safety bugs described above can be triggered by a remote host, causing the ping program to crash.\n\nThe ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.
</code>
@ -13524,6 +13538,7 @@
- [RicYaben/CVE-2022-44877-LAB](https://github.com/RicYaben/CVE-2022-44877-LAB)
- [dkstar11q/CVE-2022-44877](https://github.com/dkstar11q/CVE-2022-44877)
- [rhymsc/CVE-2022-44877-RCE](https://github.com/rhymsc/CVE-2022-44877-RCE)
- [G01d3nW01f/CVE-2022-44877](https://github.com/G01d3nW01f/CVE-2022-44877)
### CVE-2022-44900 (2022-12-06)
@ -33455,6 +33470,13 @@
- [listenquiet/cve-2017-2824-reverse-shell](https://github.com/listenquiet/cve-2017-2824-reverse-shell)
### CVE-2017-2903 (2018-04-24)
<code>An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
</code>
- [SpiralBL0CK/dpx_work_CVE-2017-2903](https://github.com/SpiralBL0CK/dpx_work_CVE-2017-2903)
### CVE-2017-3000 (2017-03-14)
<code>Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.