From 0b3f3b30507dfb4bb09412b7e027c5e4b3edf537 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Mon, 10 Jun 2024 09:29:30 +0900 Subject: [PATCH] Auto Update 2024/06/10 00:29:30 --- 2019/CVE-2019-0623.json | 8 +++--- 2019/CVE-2019-0708.json | 8 +++--- 2019/CVE-2019-10092.json | 6 ++--- 2020/CVE-2020-13958.json | 2 +- 2020/CVE-2020-14321.json | 8 +++--- 2021/CVE-2021-28476.json | 8 +++--- 2021/CVE-2021-4034.json | 8 +++--- 2021/CVE-2021-42558.json | 38 +++++++++++++++++++++++++++ 2021/CVE-2021-42559.json | 39 ++++++++++++++++++++++++++++ 2021/CVE-2021-42560.json | 39 ++++++++++++++++++++++++++++ 2021/CVE-2021-42561.json | 39 ++++++++++++++++++++++++++++ 2021/CVE-2021-42562.json | 39 ++++++++++++++++++++++++++++ 2022/CVE-2022-32250.json | 30 +++++++++++++++++++++ 2022/CVE-2022-46638.json | 4 +-- 2023/CVE-2023-38831.json | 2 +- 2023/CVE-2023-43208.json | 30 +++++++++++++++++++++ 2023/CVE-2023-51467.json | 8 +++--- 2024/CVE-2024-1086.json | 8 +++--- 2024/CVE-2024-20404.json | 8 +++--- 2024/CVE-2024-20405.json | 32 +++++++++++++++++++++++ 2024/CVE-2024-20696.json | 4 +-- 2024/CVE-2024-24919.json | 24 ++++++++--------- 2024/CVE-2024-25600.json | 8 +++--- 2024/CVE-2024-4577.json | 50 ++++++++++++++++++++++++++++------- 2024/CVE-2024-4956.json | 30 +++++++++++++++++++++ README.md | 56 +++++++++++++++++++++++++++++++++++++--- 26 files changed, 466 insertions(+), 70 deletions(-) create mode 100644 2021/CVE-2021-42558.json create mode 100644 2021/CVE-2021-42559.json create mode 100644 2021/CVE-2021-42560.json create mode 100644 2021/CVE-2021-42561.json create mode 100644 2021/CVE-2021-42562.json create mode 100644 2024/CVE-2024-20405.json diff --git a/2019/CVE-2019-0623.json b/2019/CVE-2019-0623.json index 1a18a51901..33f8de854b 100644 --- a/2019/CVE-2019-0623.json +++ b/2019/CVE-2019-0623.json @@ -13,10 +13,10 @@ "description": "win32k", "fork": false, "created_at": "2022-08-23T09:40:24Z", - "updated_at": "2023-05-15T02:40:24Z", + "updated_at": "2024-06-09T21:25:48Z", "pushed_at": "2020-08-07T06:29:52Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 0 } diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index 9e4c974861..c10b241480 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -3077,10 +3077,10 @@ "description": "CVE-2019-0708 (BlueKeep) proof of concept allowing pre-auth RCE on Windows7", "fork": false, "created_at": "2020-03-15T19:33:53Z", - "updated_at": "2024-05-20T18:14:00Z", + "updated_at": "2024-06-09T21:49:22Z", "pushed_at": "2022-03-28T04:10:20Z", - "stargazers_count": 120, - "watchers_count": 120, + "stargazers_count": 121, + "watchers_count": 121, "has_discussions": false, "forks_count": 20, "allow_forking": true, @@ -3089,7 +3089,7 @@ "topics": [], "visibility": "public", "forks": 20, - "watchers": 120, + "watchers": 121, "score": 0, "subscribers_count": 4 }, diff --git a/2019/CVE-2019-10092.json b/2019/CVE-2019-10092.json index 5638537af0..4a6510c8a4 100644 --- a/2019/CVE-2019-10092.json +++ b/2019/CVE-2019-10092.json @@ -40,11 +40,11 @@ "html_url": "https:\/\/github.com\/mbadanoiu" }, "html_url": "https:\/\/github.com\/mbadanoiu\/CVE-2019-10092", - "description": "CVE-2019-10092: Limited Cross-Site Scripting in \"Proxy Error\" Page", + "description": "CVE-2019-10092: Limited Cross-Site Scripting via \"Proxy Error\" Page in Apache HTTP Server", "fork": false, "created_at": "2024-05-27T20:09:36Z", - "updated_at": "2024-05-27T20:23:27Z", - "pushed_at": "2024-05-27T20:21:48Z", + "updated_at": "2024-06-09T20:19:02Z", + "pushed_at": "2024-06-09T20:18:45Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2020/CVE-2020-13958.json b/2020/CVE-2020-13958.json index f364fbf5d8..b9f9812083 100644 --- a/2020/CVE-2020-13958.json +++ b/2020/CVE-2020-13958.json @@ -27,6 +27,6 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2020/CVE-2020-14321.json b/2020/CVE-2020-14321.json index bca9c9c010..00a2147e8a 100644 --- a/2020/CVE-2020-14321.json +++ b/2020/CVE-2020-14321.json @@ -43,10 +43,10 @@ "description": "Python script to exploit CVE-2020-14321 - Moodle 3.9 - Course enrollments allowed privilege escalation from teacher role into manager role to RCE.", "fork": false, "created_at": "2021-04-28T19:46:55Z", - "updated_at": "2024-04-11T02:49:45Z", + "updated_at": "2024-06-09T23:37:04Z", "pushed_at": "2021-12-03T03:56:29Z", - "stargazers_count": 18, - "watchers_count": 18, + "stargazers_count": 19, + "watchers_count": 19, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -58,7 +58,7 @@ ], "visibility": "public", "forks": 3, - "watchers": 18, + "watchers": 19, "score": 0, "subscribers_count": 1 }, diff --git a/2021/CVE-2021-28476.json b/2021/CVE-2021-28476.json index 3bb7530bf3..92312605e0 100644 --- a/2021/CVE-2021-28476.json +++ b/2021/CVE-2021-28476.json @@ -13,10 +13,10 @@ "description": "PoC for CVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch.sys.", "fork": false, "created_at": "2021-05-31T18:02:39Z", - "updated_at": "2024-04-24T17:28:08Z", + "updated_at": "2024-06-09T18:35:06Z", "pushed_at": "2021-06-01T15:08:23Z", - "stargazers_count": 212, - "watchers_count": 212, + "stargazers_count": 211, + "watchers_count": 211, "has_discussions": false, "forks_count": 37, "allow_forking": true, @@ -33,7 +33,7 @@ ], "visibility": "public", "forks": 37, - "watchers": 212, + "watchers": 211, "score": 0, "subscribers_count": 4 }, diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index 72eb284c07..efcc266c24 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -938,10 +938,10 @@ "description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation", "fork": false, "created_at": "2022-01-26T14:26:10Z", - "updated_at": "2024-06-08T09:43:00Z", + "updated_at": "2024-06-09T21:54:32Z", "pushed_at": "2022-06-21T14:52:05Z", - "stargazers_count": 1003, - "watchers_count": 1003, + "stargazers_count": 1004, + "watchers_count": 1004, "has_discussions": false, "forks_count": 178, "allow_forking": true, @@ -952,7 +952,7 @@ ], "visibility": "public", "forks": 178, - "watchers": 1003, + "watchers": 1004, "score": 0, "subscribers_count": 14 }, diff --git a/2021/CVE-2021-42558.json b/2021/CVE-2021-42558.json new file mode 100644 index 0000000000..e80cf0cf5d --- /dev/null +++ b/2021/CVE-2021-42558.json @@ -0,0 +1,38 @@ +[ + { + "id": 812766804, + "name": "CVE-2021-42558", + "full_name": "mbadanoiu\/CVE-2021-42558", + "owner": { + "login": "mbadanoiu", + "id": 18383407, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18383407?v=4", + "html_url": "https:\/\/github.com\/mbadanoiu" + }, + "html_url": "https:\/\/github.com\/mbadanoiu\/CVE-2021-42558", + "description": "CVE-2021-42558: Multiple Cross-Site Scripting in MITRE Caldera", + "fork": false, + "created_at": "2024-06-09T20:20:46Z", + "updated_at": "2024-06-09T20:34:14Z", + "pushed_at": "2024-06-09T20:32:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "0-day", + "cross-site-scripting", + "cve", + "cve-2021-42558", + "cves" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42559.json b/2021/CVE-2021-42559.json new file mode 100644 index 0000000000..657f89f907 --- /dev/null +++ b/2021/CVE-2021-42559.json @@ -0,0 +1,39 @@ +[ + { + "id": 812777593, + "name": "CVE-2021-42559", + "full_name": "mbadanoiu\/CVE-2021-42559", + "owner": { + "login": "mbadanoiu", + "id": 18383407, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18383407?v=4", + "html_url": "https:\/\/github.com\/mbadanoiu" + }, + "html_url": "https:\/\/github.com\/mbadanoiu\/CVE-2021-42559", + "description": "CVE-2021-42559: Command Injection via Configurations in MITRE Caldera", + "fork": false, + "created_at": "2024-06-09T21:07:16Z", + "updated_at": "2024-06-09T21:14:20Z", + "pushed_at": "2024-06-09T21:13:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "0-day", + "authenticated", + "cve", + "cve-2021-42559", + "cves", + "remote-code-execution" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42560.json b/2021/CVE-2021-42560.json new file mode 100644 index 0000000000..279a5952b5 --- /dev/null +++ b/2021/CVE-2021-42560.json @@ -0,0 +1,39 @@ +[ + { + "id": 812783452, + "name": "CVE-2021-42560", + "full_name": "mbadanoiu\/CVE-2021-42560", + "owner": { + "login": "mbadanoiu", + "id": 18383407, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18383407?v=4", + "html_url": "https:\/\/github.com\/mbadanoiu" + }, + "html_url": "https:\/\/github.com\/mbadanoiu\/CVE-2021-42560", + "description": "CVE-2021-42560: Unsafe XML Parsing in MITRE Caldera", + "fork": false, + "created_at": "2024-06-09T21:33:07Z", + "updated_at": "2024-06-09T21:42:54Z", + "pushed_at": "2024-06-09T21:40:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "0-day", + "authenticated", + "cve", + "cve-2021-42560", + "cves", + "xxe" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42561.json b/2021/CVE-2021-42561.json new file mode 100644 index 0000000000..e03e3b1e7b --- /dev/null +++ b/2021/CVE-2021-42561.json @@ -0,0 +1,39 @@ +[ + { + "id": 812797307, + "name": "CVE-2021-42561", + "full_name": "mbadanoiu\/CVE-2021-42561", + "owner": { + "login": "mbadanoiu", + "id": 18383407, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18383407?v=4", + "html_url": "https:\/\/github.com\/mbadanoiu" + }, + "html_url": "https:\/\/github.com\/mbadanoiu\/CVE-2021-42561", + "description": "CVE-2021-42561: Command Injection via the Human Plugin in MITRE Caldera", + "fork": false, + "created_at": "2024-06-09T22:39:46Z", + "updated_at": "2024-06-09T22:57:08Z", + "pushed_at": "2024-06-09T22:42:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "0-day", + "authenticated", + "cve", + "cve-2021-42561", + "cves", + "remote-code-execution" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42562.json b/2021/CVE-2021-42562.json new file mode 100644 index 0000000000..6eb093f2d1 --- /dev/null +++ b/2021/CVE-2021-42562.json @@ -0,0 +1,39 @@ +[ + { + "id": 812801922, + "name": "CVE-2021-42562", + "full_name": "mbadanoiu\/CVE-2021-42562", + "owner": { + "login": "mbadanoiu", + "id": 18383407, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18383407?v=4", + "html_url": "https:\/\/github.com\/mbadanoiu" + }, + "html_url": "https:\/\/github.com\/mbadanoiu\/CVE-2021-42562", + "description": "CVE-2021-42562: Improper Access Control in MITRE Caldera", + "fork": false, + "created_at": "2024-06-09T23:04:45Z", + "updated_at": "2024-06-09T23:25:44Z", + "pushed_at": "2024-06-09T23:23:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "0-day", + "authenticated", + "cve", + "cve-2021-42562", + "cves", + "insecure-direct-object-reference" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-32250.json b/2022/CVE-2022-32250.json index c4c682cdf1..54a0acdb8c 100644 --- a/2022/CVE-2022-32250.json +++ b/2022/CVE-2022-32250.json @@ -88,5 +88,35 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 812759874, + "name": "CVE-2022-32250", + "full_name": "Kristal-g\/CVE-2022-32250", + "owner": { + "login": "Kristal-g", + "id": 61376744, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/61376744?v=4", + "html_url": "https:\/\/github.com\/Kristal-g" + }, + "html_url": "https:\/\/github.com\/Kristal-g\/CVE-2022-32250", + "description": "My exploit for CVE-2022-32250 for linux kernel 5.18", + "fork": false, + "created_at": "2024-06-09T19:53:54Z", + "updated_at": "2024-06-09T20:03:01Z", + "pushed_at": "2024-06-09T20:02:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-46638.json b/2022/CVE-2022-46638.json index 2dcbd73da4..30dbaa94a7 100644 --- a/2022/CVE-2022-46638.json +++ b/2022/CVE-2022-46638.json @@ -18,13 +18,13 @@ "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 0, "score": 0, "subscribers_count": 0 diff --git a/2023/CVE-2023-38831.json b/2023/CVE-2023-38831.json index c4da2dc222..9427300876 100644 --- a/2023/CVE-2023-38831.json +++ b/2023/CVE-2023-38831.json @@ -43,7 +43,7 @@ "description": "CVE-2023-38831 winrar exploit generator", "fork": false, "created_at": "2023-08-25T09:44:08Z", - "updated_at": "2024-06-09T16:18:52Z", + "updated_at": "2024-06-09T18:46:51Z", "pushed_at": "2023-11-26T06:46:44Z", "stargazers_count": 769, "watchers_count": 769, diff --git a/2023/CVE-2023-43208.json b/2023/CVE-2023-43208.json index 489728b5db..db39b8ea15 100644 --- a/2023/CVE-2023-43208.json +++ b/2023/CVE-2023-43208.json @@ -72,5 +72,35 @@ "watchers": 2, "score": 0, "subscribers_count": 1 + }, + { + "id": 812794551, + "name": "CVE-2023-43208-MIRTHCONNECT", + "full_name": "J4F9S5D2Q7\/CVE-2023-43208-MIRTHCONNECT", + "owner": { + "login": "J4F9S5D2Q7", + "id": 171471588, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/171471588?v=4", + "html_url": "https:\/\/github.com\/J4F9S5D2Q7" + }, + "html_url": "https:\/\/github.com\/J4F9S5D2Q7\/CVE-2023-43208-MIRTHCONNECT", + "description": null, + "fork": false, + "created_at": "2024-06-09T22:25:22Z", + "updated_at": "2024-06-09T22:34:38Z", + "pushed_at": "2024-06-09T22:33:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-51467.json b/2023/CVE-2023-51467.json index 90b15baefd..0963fb7a3f 100644 --- a/2023/CVE-2023-51467.json +++ b/2023/CVE-2023-51467.json @@ -236,14 +236,14 @@ { "id": 742705000, "name": "BadBizness-CVE-2023-51467", - "full_name": "Jake123otte1\/BadBizness-CVE-2023-51467", + "full_name": "tw0point\/BadBizness-CVE-2023-51467", "owner": { - "login": "Jake123otte1", + "login": "tw0point", "id": 39099220, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/39099220?v=4", - "html_url": "https:\/\/github.com\/Jake123otte1" + "html_url": "https:\/\/github.com\/tw0point" }, - "html_url": "https:\/\/github.com\/Jake123otte1\/BadBizness-CVE-2023-51467", + "html_url": "https:\/\/github.com\/tw0point\/BadBizness-CVE-2023-51467", "description": "Auto exploit script for the Java web framework OF Biz under CVE-2023-51467. ", "fork": false, "created_at": "2024-01-13T05:40:38Z", diff --git a/2024/CVE-2024-1086.json b/2024/CVE-2024-1086.json index 5ad9b49921..49351f8e92 100644 --- a/2024/CVE-2024-1086.json +++ b/2024/CVE-2024-1086.json @@ -13,10 +13,10 @@ "description": "Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.", "fork": false, "created_at": "2024-03-20T21:16:41Z", - "updated_at": "2024-06-09T07:31:17Z", + "updated_at": "2024-06-09T20:21:00Z", "pushed_at": "2024-04-17T16:09:54Z", - "stargazers_count": 2090, - "watchers_count": 2090, + "stargazers_count": 2091, + "watchers_count": 2091, "has_discussions": false, "forks_count": 267, "allow_forking": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 267, - "watchers": 2090, + "watchers": 2091, "score": 0, "subscribers_count": 24 }, diff --git a/2024/CVE-2024-20404.json b/2024/CVE-2024-20404.json index 79cdd2ea4d..0bc6970460 100644 --- a/2024/CVE-2024-20404.json +++ b/2024/CVE-2024-20404.json @@ -1,6 +1,6 @@ [ { - "id": 812737384, + "id": 812743717, "name": "CVE-2024-20404", "full_name": "AbdElRahmanEzzat1995\/CVE-2024-20404", "owner": { @@ -12,9 +12,9 @@ "html_url": "https:\/\/github.com\/AbdElRahmanEzzat1995\/CVE-2024-20404", "description": null, "fork": false, - "created_at": "2024-06-09T18:27:52Z", - "updated_at": "2024-06-09T18:31:09Z", - "pushed_at": "2024-06-09T18:29:43Z", + "created_at": "2024-06-09T18:50:59Z", + "updated_at": "2024-06-09T18:52:00Z", + "pushed_at": "2024-06-09T18:51:57Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-20405.json b/2024/CVE-2024-20405.json new file mode 100644 index 0000000000..5428a671b9 --- /dev/null +++ b/2024/CVE-2024-20405.json @@ -0,0 +1,32 @@ +[ + { + "id": 812744797, + "name": "CVE-2024-20405", + "full_name": "AbdElRahmanEzzat1995\/CVE-2024-20405", + "owner": { + "login": "AbdElRahmanEzzat1995", + "id": 67908228, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/67908228?v=4", + "html_url": "https:\/\/github.com\/AbdElRahmanEzzat1995" + }, + "html_url": "https:\/\/github.com\/AbdElRahmanEzzat1995\/CVE-2024-20405", + "description": null, + "fork": false, + "created_at": "2024-06-09T18:55:03Z", + "updated_at": "2024-06-09T18:55:47Z", + "pushed_at": "2024-06-09T18:55:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-20696.json b/2024/CVE-2024-20696.json index d146ff58a9..dbe209aa60 100644 --- a/2024/CVE-2024-20696.json +++ b/2024/CVE-2024-20696.json @@ -18,13 +18,13 @@ "stargazers_count": 3, "watchers_count": 3, "has_discussions": false, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 3, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-24919.json b/2024/CVE-2024-24919.json index 97111bd997..37daf11631 100644 --- a/2024/CVE-2024-24919.json +++ b/2024/CVE-2024-24919.json @@ -169,10 +169,10 @@ "description": "Quick and simple script that takes as input a file with multiple URLs to check for the CVE-2024-24919 vulnerability in CHECKPOINT", "fork": false, "created_at": "2024-05-30T20:14:19Z", - "updated_at": "2024-06-01T09:13:51Z", + "updated_at": "2024-06-09T20:21:52Z", "pushed_at": "2024-05-30T21:49:43Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -181,7 +181,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 1 }, @@ -540,10 +540,10 @@ "description": "CVE-2024-24919 exploit", "fork": false, "created_at": "2024-05-31T13:11:40Z", - "updated_at": "2024-06-06T15:21:26Z", + "updated_at": "2024-06-09T18:39:56Z", "pushed_at": "2024-05-31T15:50:57Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -552,7 +552,7 @@ "topics": [], "visibility": "public", "forks": 5, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 1 }, @@ -928,19 +928,19 @@ }, { "id": 809246469, - "name": "CVE-2024-24919", - "full_name": "J4F9S5D2Q7\/CVE-2024-24919", + "name": "CVE-2024-24919-CHECKPOINT", + "full_name": "J4F9S5D2Q7\/CVE-2024-24919-CHECKPOINT", "owner": { "login": "J4F9S5D2Q7", "id": 171471588, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/171471588?v=4", "html_url": "https:\/\/github.com\/J4F9S5D2Q7" }, - "html_url": "https:\/\/github.com\/J4F9S5D2Q7\/CVE-2024-24919", + "html_url": "https:\/\/github.com\/J4F9S5D2Q7\/CVE-2024-24919-CHECKPOINT", "description": null, "fork": false, "created_at": "2024-06-02T06:17:06Z", - "updated_at": "2024-06-02T21:57:46Z", + "updated_at": "2024-06-09T22:34:29Z", "pushed_at": "2024-06-02T07:19:16Z", "stargazers_count": 0, "watchers_count": 0, diff --git a/2024/CVE-2024-25600.json b/2024/CVE-2024-25600.json index a7c7d07092..913ba1228d 100644 --- a/2024/CVE-2024-25600.json +++ b/2024/CVE-2024-25600.json @@ -13,10 +13,10 @@ "description": "Unauthenticated Remote Code Execution – Bricks <= 1.9.6", "fork": false, "created_at": "2024-02-20T20:16:09Z", - "updated_at": "2024-06-09T08:50:33Z", + "updated_at": "2024-06-09T20:27:13Z", "pushed_at": "2024-02-25T21:50:09Z", - "stargazers_count": 130, - "watchers_count": 130, + "stargazers_count": 131, + "watchers_count": 131, "has_discussions": false, "forks_count": 31, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 31, - "watchers": 130, + "watchers": 131, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-4577.json b/2024/CVE-2024-4577.json index f37e137a2a..9aa5e3d625 100644 --- a/2024/CVE-2024-4577.json +++ b/2024/CVE-2024-4577.json @@ -163,19 +163,19 @@ "description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC", "fork": false, "created_at": "2024-06-07T09:52:54Z", - "updated_at": "2024-06-09T16:45:31Z", + "updated_at": "2024-06-09T20:43:38Z", "pushed_at": "2024-06-07T09:53:15Z", - "stargazers_count": 72, - "watchers_count": 72, + "stargazers_count": 74, + "watchers_count": 74, "has_discussions": false, - "forks_count": 13, + "forks_count": 15, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 13, - "watchers": 72, + "forks": 15, + "watchers": 74, "score": 0, "subscribers_count": 2 }, @@ -598,10 +598,40 @@ "description": "PHP CGI Argument Injection vulnerability", "fork": false, "created_at": "2024-06-09T14:18:21Z", - "updated_at": "2024-06-09T17:56:38Z", + "updated_at": "2024-06-09T20:57:35Z", "pushed_at": "2024-06-09T14:20:36Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, + "has_discussions": false, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 1, + "watchers": 3, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 812806796, + "name": "CVE-2024-4577-EXPLOIT", + "full_name": "K3ysTr0K3R\/CVE-2024-4577-EXPLOIT", + "owner": { + "login": "K3ysTr0K3R", + "id": 70909693, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/70909693?v=4", + "html_url": "https:\/\/github.com\/K3ysTr0K3R" + }, + "html_url": "https:\/\/github.com\/K3ysTr0K3R\/CVE-2024-4577-EXPLOIT", + "description": null, + "fork": false, + "created_at": "2024-06-09T23:32:11Z", + "updated_at": "2024-06-09T23:32:15Z", + "pushed_at": "2024-06-09T23:32:12Z", + "stargazers_count": 0, + "watchers_count": 0, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -610,7 +640,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 0, "score": 0, "subscribers_count": 0 } diff --git a/2024/CVE-2024-4956.json b/2024/CVE-2024-4956.json index 9f4d360020..1879444870 100644 --- a/2024/CVE-2024-4956.json +++ b/2024/CVE-2024-4956.json @@ -59,6 +59,36 @@ "score": 0, "subscribers_count": 1 }, + { + "id": 804844993, + "name": "CVE-2024-4956", + "full_name": "erickfernandox\/CVE-2024-4956", + "owner": { + "login": "erickfernandox", + "id": 2186082, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2186082?v=4", + "html_url": "https:\/\/github.com\/erickfernandox" + }, + "html_url": "https:\/\/github.com\/erickfernandox\/CVE-2024-4956", + "description": "Unauthenticated Path Traversal in Nexus Repository 3 ", + "fork": false, + "created_at": "2024-05-23T11:39:06Z", + "updated_at": "2024-06-09T23:12:10Z", + "pushed_at": "2024-05-23T20:59:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 1 + }, { "id": 805374933, "name": "CVE-2024-4956", diff --git a/README.md b/README.md index 1ee5997130..cc552e76da 100644 --- a/README.md +++ b/README.md @@ -620,7 +620,11 @@ - [truonghuuphuc/CVE-2024-4443-Poc](https://github.com/truonghuuphuc/CVE-2024-4443-Poc) -### CVE-2024-4577 +### CVE-2024-4577 (2024-06-09) + +In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. + + - [TAM-K592/CVE-2024-4577](https://github.com/TAM-K592/CVE-2024-4577) - [ohhhh693/CVE-2024-4577](https://github.com/ohhhh693/CVE-2024-4577) - [Junp0/CVE-2024-4577](https://github.com/Junp0/CVE-2024-4577) @@ -641,6 +645,7 @@ - [xcanwin/CVE-2024-4577-PHP-RCE](https://github.com/xcanwin/CVE-2024-4577-PHP-RCE) - [dbyMelina/CVE-2024-4577](https://github.com/dbyMelina/CVE-2024-4577) - [Chocapikk/CVE-2024-4577](https://github.com/Chocapikk/CVE-2024-4577) +- [K3ysTr0K3R/CVE-2024-4577-EXPLOIT](https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT) ### CVE-2024-4701 (2024-05-10) @@ -670,6 +675,7 @@ - [banditzCyber0x/CVE-2024-4956](https://github.com/banditzCyber0x/CVE-2024-4956) - [xungzzz/CVE-2024-4956](https://github.com/xungzzz/CVE-2024-4956) +- [erickfernandox/CVE-2024-4956](https://github.com/erickfernandox/CVE-2024-4956) - [gmh5225/CVE-2024-4956](https://github.com/gmh5225/CVE-2024-4956) - [ifconfig-me/CVE-2024-4956-Bulk-Scanner](https://github.com/ifconfig-me/CVE-2024-4956-Bulk-Scanner) - [thinhap/CVE-2024-4956-PoC](https://github.com/thinhap/CVE-2024-4956-PoC) @@ -725,6 +731,13 @@ - [AbdElRahmanEzzat1995/CVE-2024-20404](https://github.com/AbdElRahmanEzzat1995/CVE-2024-20404) +### CVE-2024-20405 (2024-06-05) + +A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. \r\n\r This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive information on the affected device. + + +- [AbdElRahmanEzzat1995/CVE-2024-20405](https://github.com/AbdElRahmanEzzat1995/CVE-2024-20405) + ### CVE-2024-20656 (2024-01-09) Visual Studio Elevation of Privilege Vulnerability @@ -1504,7 +1517,7 @@ - [ifconfig-me/CVE-2024-24919-Bulk-Scanner](https://github.com/ifconfig-me/CVE-2024-24919-Bulk-Scanner) - [r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check](https://github.com/r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check) - [r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN](https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN) -- [J4F9S5D2Q7/CVE-2024-24919](https://github.com/J4F9S5D2Q7/CVE-2024-24919) +- [J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT](https://github.com/J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT) - [mr-kasim-mehar/CVE-2024-24919-Exploit](https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit) - [B1naryo/CVE-2024-24919-POC](https://github.com/B1naryo/CVE-2024-24919-POC) - [Expl0itD0g/CVE-2024-24919---Poc](https://github.com/Expl0itD0g/CVE-2024-24919---Poc) @@ -8466,6 +8479,7 @@ - [K3ysTr0K3R/CVE-2023-43208-EXPLOIT](https://github.com/K3ysTr0K3R/CVE-2023-43208-EXPLOIT) - [jakabakos/CVE-2023-43208-mirth-connect-rce-poc](https://github.com/jakabakos/CVE-2023-43208-mirth-connect-rce-poc) +- [J4F9S5D2Q7/CVE-2023-43208-MIRTHCONNECT](https://github.com/J4F9S5D2Q7/CVE-2023-43208-MIRTHCONNECT) ### CVE-2023-43261 (2023-10-04) @@ -10246,7 +10260,7 @@ - [Subha-BOO7/Exploit_CVE-2023-51467](https://github.com/Subha-BOO7/Exploit_CVE-2023-51467) - [JaneMandy/CVE-2023-51467-Exploit](https://github.com/JaneMandy/CVE-2023-51467-Exploit) - [vulncheck-oss/cve-2023-51467](https://github.com/vulncheck-oss/cve-2023-51467) -- [Jake123otte1/BadBizness-CVE-2023-51467](https://github.com/Jake123otte1/BadBizness-CVE-2023-51467) +- [tw0point/BadBizness-CVE-2023-51467](https://github.com/tw0point/BadBizness-CVE-2023-51467) ### CVE-2023-51504 (2024-02-05) @@ -14639,6 +14653,7 @@ - [theori-io/CVE-2022-32250-exploit](https://github.com/theori-io/CVE-2022-32250-exploit) - [ysanatomic/CVE-2022-32250-LPE](https://github.com/ysanatomic/CVE-2022-32250-LPE) - [Decstor5/2022-32250LPE](https://github.com/Decstor5/2022-32250LPE) +- [Kristal-g/CVE-2022-32250](https://github.com/Kristal-g/CVE-2022-32250) ### CVE-2022-32532 (2022-06-28) @@ -22131,6 +22146,41 @@ - [cybersecurityworks553/CVE-2021-42392-Detect](https://github.com/cybersecurityworks553/CVE-2021-42392-Detect) +### CVE-2021-42558 (2022-01-12) + +An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers. + + +- [mbadanoiu/CVE-2021-42558](https://github.com/mbadanoiu/CVE-2021-42558) + +### CVE-2021-42559 (2022-01-12) + +An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute commands when starting the server. Because these commands can be changed via the REST API, an authenticated user can insert arbitrary commands that will execute when the server is restarted. + + +- [mbadanoiu/CVE-2021-42559](https://github.com/mbadanoiu/CVE-2021-42559) + +### CVE-2021-42560 (2022-01-12) + +An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.). + + +- [mbadanoiu/CVE-2021-42560](https://github.com/mbadanoiu/CVE-2021-42560) + +### CVE-2021-42561 (2022-01-12) + +An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands. + + +- [mbadanoiu/CVE-2021-42561](https://github.com/mbadanoiu/CVE-2021-42561) + +### CVE-2021-42562 (2022-01-12) + +An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users. + + +- [mbadanoiu/CVE-2021-42562](https://github.com/mbadanoiu/CVE-2021-42562) + ### CVE-2021-42574 (2021-11-01) An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.