mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/12/16 00:31:33

Browse source
This commit is contained in:
motikan2010-bot 2024-12-16 09:31:33 +09:00
parent 53f1d6f570
commit 0f6602ff3f
22 changed files with 222 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2017/CVE-2017-1000486.json
View file

@ -14,10 +14,10 @@
"description": "Primefaces <= 5.2.21, 5.3.8 or 6.0 - Remote Code Execution Exploit", "description": "Primefaces <= 5.2.21, 5.3.8 or 6.0 - Remote Code Execution Exploit",
"fork": false, "fork": false,
"created_at": "2018-09-03T03:11:24Z", "created_at": "2018-09-03T03:11:24Z",
"updated_at": "2024-10-27T16:31:54Z", "updated_at": "2024-12-15T22:44:35Z",
"pushed_at": "2024-02-27T11:56:02Z", "pushed_at": "2024-02-27T11:56:02Z",
"stargazers_count": 88, "stargazers_count": 89,
"watchers_count": 88, "watchers_count": 89,
"has_discussions": false, "has_discussions": false,
"forks_count": 25, "forks_count": 25,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 25, "forks": 25,
"watchers": 88, "watchers": 89,
"score": 0, "score": 0,
"subscribers_count": 2 "subscribers_count": 2
}, },

24
2020/CVE-2020-0041.json
View file

@ -14,10 +14,10 @@
"description": "Exploits for Android Binder bug CVE-2020-0041", "description": "Exploits for Android Binder bug CVE-2020-0041",
"fork": false, "fork": false,
"created_at": "2020-03-31T17:53:57Z", "created_at": "2020-03-31T17:53:57Z",
"updated_at": "2024-11-30T07:59:39Z", "updated_at": "2024-12-15T21:43:47Z",
"pushed_at": "2020-04-08T08:55:30Z", "pushed_at": "2020-04-08T08:55:30Z",
"stargazers_count": 222, "stargazers_count": 223,
"watchers_count": 222, "watchers_count": 223,
"has_discussions": false, "has_discussions": false,
"forks_count": 68, "forks_count": 68,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 68, "forks": 68,
"watchers": 222, "watchers": 223,
"score": 0, "score": 0,
"subscribers_count": 11 "subscribers_count": 11
}, },
@ -45,10 +45,10 @@
"description": null, "description": null,
"fork": false, "fork": false,
"created_at": "2020-08-10T21:34:16Z", "created_at": "2020-08-10T21:34:16Z",
"updated_at": "2024-08-08T04:22:28Z", "updated_at": "2024-12-15T21:39:25Z",
"pushed_at": "2024-12-14T15:52:43Z", "pushed_at": "2024-12-14T15:52:43Z",
"stargazers_count": 49, "stargazers_count": 50,
"watchers_count": 49, "watchers_count": 50,
"has_discussions": false, "has_discussions": false,
"forks_count": 22, "forks_count": 22,
"allow_forking": true, "allow_forking": true,
@ -57,7 +57,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 22, "forks": 22,
"watchers": 49, "watchers": 50,
"score": 0, "score": 0,
"subscribers_count": 4 "subscribers_count": 4
}, },
@ -138,10 +138,10 @@
"description": "Adapted CVE-2020-0041 root exploit for Pixel 3", "description": "Adapted CVE-2020-0041 root exploit for Pixel 3",
"fork": false, "fork": false,
"created_at": "2023-08-29T20:48:56Z", "created_at": "2023-08-29T20:48:56Z",
"updated_at": "2024-08-06T15:58:55Z", "updated_at": "2024-12-15T21:43:42Z",
"pushed_at": "2023-08-29T20:50:29Z", "pushed_at": "2023-08-29T20:50:29Z",
"stargazers_count": 4, "stargazers_count": 5,
"watchers_count": 4, "watchers_count": 5,
"has_discussions": false, "has_discussions": false,
"forks_count": 3, "forks_count": 3,
"allow_forking": true, "allow_forking": true,
@ -150,7 +150,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 3, "forks": 3,
"watchers": 4, "watchers": 5,
"score": 0, "score": 0,
"subscribers_count": 1 "subscribers_count": 1
} }

8
2021/CVE-2021-41773.json
View file

@ -2383,10 +2383,10 @@
"description": "Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773", "description": "Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773",
"fork": false, "fork": false,
"created_at": "2022-03-12T21:24:55Z", "created_at": "2022-03-12T21:24:55Z",
"updated_at": "2024-12-14T22:41:12Z", "updated_at": "2024-12-15T22:43:51Z",
"pushed_at": "2022-03-12T21:30:58Z", "pushed_at": "2022-03-12T21:30:58Z",
"stargazers_count": 102, "stargazers_count": 103,
"watchers_count": 102, "watchers_count": 103,
"has_discussions": false, "has_discussions": false,
"forks_count": 34, "forks_count": 34,
"allow_forking": true, "allow_forking": true,
@ -2404,7 +2404,7 @@
], ],
"visibility": "public", "visibility": "public",
"forks": 34, "forks": 34,
"watchers": 102, "watchers": 103,
"score": 0, "score": 0,
"subscribers_count": 2 "subscribers_count": 2
}, },

8
2022/CVE-2022-26134.json
View file

@ -441,10 +441,10 @@
"description": null, "description": null,
"fork": false, "fork": false,
"created_at": "2022-06-05T20:35:38Z", "created_at": "2022-06-05T20:35:38Z",
"updated_at": "2024-07-15T13:43:50Z", "updated_at": "2024-12-15T22:44:39Z",
"pushed_at": "2022-06-08T15:35:44Z", "pushed_at": "2022-06-08T15:35:44Z",
"stargazers_count": 6, "stargazers_count": 7,
"watchers_count": 6, "watchers_count": 7,
"has_discussions": false, "has_discussions": false,
"forks_count": 5, "forks_count": 5,
"allow_forking": true, "allow_forking": true,
@ -453,7 +453,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 5, "forks": 5,
"watchers": 6, "watchers": 7,
"score": 0, "score": 0,
"subscribers_count": 1 "subscribers_count": 1
}, },

4
2022/CVE-2022-27254.json
View file

@ -19,13 +19,13 @@
"stargazers_count": 454, "stargazers_count": 454,
"watchers_count": 454, "watchers_count": 454,
"has_discussions": false, "has_discussions": false,
"forks_count": 55, "forks_count": 56,
"allow_forking": true, "allow_forking": true,
"is_template": false, "is_template": false,
"web_commit_signoff_required": false, "web_commit_signoff_required": false,
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 55, "forks": 56,
"watchers": 454, "watchers": 454,
"score": 0, "score": 0,
"subscribers_count": 21 "subscribers_count": 21

8
2022/CVE-2022-34918.json
View file

@ -14,10 +14,10 @@
"description": null, "description": null,
"fork": false, "fork": false,
"created_at": "2022-07-19T12:46:45Z", "created_at": "2022-07-19T12:46:45Z",
"updated_at": "2024-11-06T09:16:42Z", "updated_at": "2024-12-15T22:43:28Z",
"pushed_at": "2022-09-06T14:05:22Z", "pushed_at": "2022-09-06T14:05:22Z",
"stargazers_count": 243, "stargazers_count": 244,
"watchers_count": 243, "watchers_count": 244,
"has_discussions": false, "has_discussions": false,
"forks_count": 35, "forks_count": 35,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 35, "forks": 35,
"watchers": 243, "watchers": 244,
"score": 0, "score": 0,
"subscribers_count": 12 "subscribers_count": 12
}, },

4
2022/CVE-2022-44268.json
View file

@ -112,7 +112,7 @@
"stargazers_count": 5, "stargazers_count": 5,
"watchers_count": 5, "watchers_count": 5,
"has_discussions": false, "has_discussions": false,
"forks_count": 0, "forks_count": 1,
"allow_forking": true, "allow_forking": true,
"is_template": false, "is_template": false,
"web_commit_signoff_required": false, "web_commit_signoff_required": false,
@ -121,7 +121,7 @@
"imagemagick" "imagemagick"
], ],
"visibility": "public", "visibility": "public",
"forks": 0, "forks": 1,
"watchers": 5, "watchers": 5,
"score": 0, "score": 0,
"subscribers_count": 3 "subscribers_count": 3

4
2024/CVE-2024-0044.json
View file

@ -50,13 +50,13 @@
"stargazers_count": 264, "stargazers_count": 264,
"watchers_count": 264, "watchers_count": 264,
"has_discussions": false, "has_discussions": false,
"forks_count": 60, "forks_count": 61,
"allow_forking": true, "allow_forking": true,
"is_template": false, "is_template": false,
"web_commit_signoff_required": false, "web_commit_signoff_required": false,
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 60, "forks": 61,
"watchers": 264, "watchers": 264,
"score": 0, "score": 0,
"subscribers_count": 7 "subscribers_count": 7

31
2024/CVE-2024-0582.json
View file

@ -136,5 +136,36 @@
"watchers": 10, "watchers": 10,
"score": 0, "score": 0,
"subscribers_count": 1 "subscribers_count": 1
},
{
"id": 903915508,
"name": "CVE-2024-0582",
"full_name": "101010zyl\/CVE-2024-0582",
"owner": {
"login": "101010zyl",
"id": 64526492,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/64526492?v=4",
"html_url": "https:\/\/github.com\/101010zyl",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/101010zyl\/CVE-2024-0582",
"description": "A data-only attack based on CVE-2024-0582",
"fork": false,
"created_at": "2024-12-15T21:56:41Z",
"updated_at": "2024-12-15T22:21:17Z",
"pushed_at": "2024-12-15T22:21:14Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
} }
] ]

8
2024/CVE-2024-11680.json
View file

@ -14,10 +14,10 @@
"description": "This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.", "description": "This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.",
"fork": false, "fork": false,
"created_at": "2024-12-04T18:42:43Z", "created_at": "2024-12-04T18:42:43Z",
"updated_at": "2024-12-12T16:35:40Z", "updated_at": "2024-12-15T23:55:02Z",
"pushed_at": "2024-12-11T23:45:31Z", "pushed_at": "2024-12-11T23:45:31Z",
"stargazers_count": 11, "stargazers_count": 10,
"watchers_count": 11, "watchers_count": 10,
"has_discussions": false, "has_discussions": false,
"forks_count": 3, "forks_count": 3,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 3, "forks": 3,
"watchers": 11, "watchers": 10,
"score": 0, "score": 0,
"subscribers_count": 1 "subscribers_count": 1
} }

33
2024/CVE-2024-11972.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 903941456,
"name": "exploit-CVE-2024-11972",
"full_name": "JunTakemura\/exploit-CVE-2024-11972",
"owner": {
"login": "JunTakemura",
"id": 76585599,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76585599?v=4",
"html_url": "https:\/\/github.com\/JunTakemura",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/JunTakemura\/exploit-CVE-2024-11972",
"description": "Exploit for CVE-2024-11972, Hunk Companion < 1.9.0 Unauthorized Plugin Installation",
"fork": false,
"created_at": "2024-12-15T23:54:15Z",
"updated_at": "2024-12-16T00:15:27Z",
"pushed_at": "2024-12-16T00:15:23Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2024/CVE-2024-21413.json
View file

@ -45,10 +45,10 @@
"description": "Microsoft-Outlook-Remote-Code-Execution-Vulnerability", "description": "Microsoft-Outlook-Remote-Code-Execution-Vulnerability",
"fork": false, "fork": false,
"created_at": "2024-02-16T15:17:59Z", "created_at": "2024-02-16T15:17:59Z",
"updated_at": "2024-12-12T17:05:29Z", "updated_at": "2024-12-15T22:10:15Z",
"pushed_at": "2024-02-19T20:00:35Z", "pushed_at": "2024-02-19T20:00:35Z",
"stargazers_count": 708, "stargazers_count": 709,
"watchers_count": 708, "watchers_count": 709,
"has_discussions": false, "has_discussions": false,
"forks_count": 153, "forks_count": 153,
"allow_forking": true, "allow_forking": true,
@ -57,7 +57,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 153, "forks": 153,
"watchers": 708, "watchers": 709,
"score": 0, "score": 0,
"subscribers_count": 10 "subscribers_count": 10
}, },

33
2024/CVE-2024-21542.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 903920080,
"name": "Poc-CVE-2024-21542",
"full_name": "L3ster1337\/Poc-CVE-2024-21542",
"owner": {
"login": "L3ster1337",
"id": 44538226,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44538226?v=4",
"html_url": "https:\/\/github.com\/L3ster1337",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/L3ster1337\/Poc-CVE-2024-21542",
"description": null,
"fork": false,
"created_at": "2024-12-15T22:17:15Z",
"updated_at": "2024-12-15T22:33:02Z",
"pushed_at": "2024-12-15T22:32:58Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2024/CVE-2024-25600.json
View file

@ -14,10 +14,10 @@
"description": "Unauthenticated Remote Code Execution Bricks <= 1.9.6", "description": "Unauthenticated Remote Code Execution Bricks <= 1.9.6",
"fork": false, "fork": false,
"created_at": "2024-02-20T20:16:09Z", "created_at": "2024-02-20T20:16:09Z",
"updated_at": "2024-12-06T23:49:37Z", "updated_at": "2024-12-15T22:44:06Z",
"pushed_at": "2024-02-25T21:50:09Z", "pushed_at": "2024-02-25T21:50:09Z",
"stargazers_count": 152, "stargazers_count": 153,
"watchers_count": 152, "watchers_count": 153,
"has_discussions": false, "has_discussions": false,
"forks_count": 33, "forks_count": 33,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 33, "forks": 33,
"watchers": 152, "watchers": 153,
"score": 0, "score": 0,
"subscribers_count": 3 "subscribers_count": 3
}, },

8
2024/CVE-2024-35250.json
View file

@ -14,10 +14,10 @@
"description": "PoC for the Untrusted Pointer Dereference in the ks.sys driver", "description": "PoC for the Untrusted Pointer Dereference in the ks.sys driver",
"fork": false, "fork": false,
"created_at": "2024-10-13T19:30:20Z", "created_at": "2024-10-13T19:30:20Z",
"updated_at": "2024-12-14T18:10:42Z", "updated_at": "2024-12-16T00:30:08Z",
"pushed_at": "2024-11-29T16:56:23Z", "pushed_at": "2024-11-29T16:56:23Z",
"stargazers_count": 220, "stargazers_count": 221,
"watchers_count": 220, "watchers_count": 221,
"has_discussions": false, "has_discussions": false,
"forks_count": 46, "forks_count": 46,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 46, "forks": 46,
"watchers": 220, "watchers": 221,
"score": 0, "score": 0,
"subscribers_count": 6 "subscribers_count": 6
}, },

8
2024/CVE-2024-3806.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta", "description": "CVE-2024-3806: Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts CVE-2024-3807: Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta",
"fork": false, "fork": false,
"created_at": "2024-05-10T16:13:07Z", "created_at": "2024-05-10T16:13:07Z",
"updated_at": "2024-08-09T05:21:42Z", "updated_at": "2024-12-15T18:49:18Z",
"pushed_at": "2024-05-10T17:58:19Z", "pushed_at": "2024-05-10T17:58:19Z",
"stargazers_count": 7, "stargazers_count": 8,
"watchers_count": 7, "watchers_count": 8,
"has_discussions": false, "has_discussions": false,
"forks_count": 0, "forks_count": 0,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 0, "forks": 0,
"watchers": 7, "watchers": 8,
"score": 0, "score": 0,
"subscribers_count": 1 "subscribers_count": 1
} }

8
2024/CVE-2024-4040.json
View file

@ -138,10 +138,10 @@
"description": "CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support", "description": "CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support",
"fork": false, "fork": false,
"created_at": "2024-04-25T19:51:38Z", "created_at": "2024-04-25T19:51:38Z",
"updated_at": "2024-12-03T18:32:16Z", "updated_at": "2024-12-15T22:44:40Z",
"pushed_at": "2024-07-07T23:47:58Z", "pushed_at": "2024-07-07T23:47:58Z",
"stargazers_count": 55, "stargazers_count": 56,
"watchers_count": 55, "watchers_count": 56,
"has_discussions": false, "has_discussions": false,
"forks_count": 7, "forks_count": 7,
"allow_forking": true, "allow_forking": true,
@ -165,7 +165,7 @@
], ],
"visibility": "public", "visibility": "public",
"forks": 7, "forks": 7,
"watchers": 55, "watchers": 56,
"score": 0, "score": 0,
"subscribers_count": 2 "subscribers_count": 2
}, },

16
2024/CVE-2024-4367.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2024-4367 & CVE-2024-34342 Proof of Concept", "description": "CVE-2024-4367 & CVE-2024-34342 Proof of Concept",
"fork": false, "fork": false,
"created_at": "2024-05-20T10:02:23Z", "created_at": "2024-05-20T10:02:23Z",
"updated_at": "2024-12-05T08:06:40Z", "updated_at": "2024-12-15T22:43:58Z",
"pushed_at": "2024-06-07T03:28:00Z", "pushed_at": "2024-06-07T03:28:00Z",
"stargazers_count": 139, "stargazers_count": 140,
"watchers_count": 139, "watchers_count": 140,
"has_discussions": false, "has_discussions": false,
"forks_count": 20, "forks_count": 20,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 20, "forks": 20,
"watchers": 139, "watchers": 140,
"score": 0, "score": 0,
"subscribers_count": 2 "subscribers_count": 2
}, },
@ -216,10 +216,10 @@
"description": "This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367", "description": "This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367",
"fork": false, "fork": false,
"created_at": "2024-06-17T11:39:41Z", "created_at": "2024-06-17T11:39:41Z",
"updated_at": "2024-11-25T04:23:00Z", "updated_at": "2024-12-15T22:43:59Z",
"pushed_at": "2024-06-20T13:40:31Z", "pushed_at": "2024-06-20T13:40:31Z",
"stargazers_count": 7, "stargazers_count": 8,
"watchers_count": 7, "watchers_count": 8,
"has_discussions": false, "has_discussions": false,
"forks_count": 0, "forks_count": 0,
"allow_forking": true, "allow_forking": true,
@ -228,7 +228,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 0, "forks": 0,
"watchers": 7, "watchers": 8,
"score": 0, "score": 0,
"subscribers_count": 6 "subscribers_count": 6
}, },

16
2024/CVE-2024-4577.json
View file

@ -169,10 +169,10 @@
"description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC", "description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC",
"fork": false, "fork": false,
"created_at": "2024-06-07T09:52:54Z", "created_at": "2024-06-07T09:52:54Z",
"updated_at": "2024-12-14T02:25:02Z", "updated_at": "2024-12-15T22:44:00Z",
"pushed_at": "2024-06-22T15:13:52Z", "pushed_at": "2024-06-22T15:13:52Z",
"stargazers_count": 240, "stargazers_count": 241,
"watchers_count": 240, "watchers_count": 241,
"has_discussions": false, "has_discussions": false,
"forks_count": 52, "forks_count": 52,
"allow_forking": true, "allow_forking": true,
@ -181,7 +181,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 52, "forks": 52,
"watchers": 240, "watchers": 241,
"score": 0, "score": 0,
"subscribers_count": 4 "subscribers_count": 4
}, },
@ -510,10 +510,10 @@
"description": "PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template", "description": "PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template",
"fork": false, "fork": false,
"created_at": "2024-06-08T12:23:35Z", "created_at": "2024-06-08T12:23:35Z",
"updated_at": "2024-11-16T19:51:48Z", "updated_at": "2024-12-15T22:43:59Z",
"pushed_at": "2024-06-19T16:19:57Z", "pushed_at": "2024-06-19T16:19:57Z",
"stargazers_count": 24, "stargazers_count": 25,
"watchers_count": 24, "watchers_count": 25,
"has_discussions": false, "has_discussions": false,
"forks_count": 10, "forks_count": 10,
"allow_forking": true, "allow_forking": true,
@ -529,7 +529,7 @@
], ],
"visibility": "public", "visibility": "public",
"forks": 10, "forks": 10,
"watchers": 24, "watchers": 25,
"score": 0, "score": 0,
"subscribers_count": 1 "subscribers_count": 1
}, },

33
2024/CVE-2024-53376.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 903925414,
"name": "CVE-2024-53376",
"full_name": "ThottySploity\/CVE-2024-53376",
"owner": {
"login": "ThottySploity",
"id": 119318084,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/119318084?v=4",
"html_url": "https:\/\/github.com\/ThottySploity",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/ThottySploity\/CVE-2024-53376",
"description": "CyberPanel authenticated RCE < 2.3.8",
"fork": false,
"created_at": "2024-12-15T22:40:52Z",
"updated_at": "2024-12-15T23:04:47Z",
"pushed_at": "2024-12-15T23:04:43Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2024/CVE-2024-6387.json
View file

@ -14,10 +14,10 @@
"description": "a signal handler race condition in OpenSSH's server (sshd)", "description": "a signal handler race condition in OpenSSH's server (sshd)",
"fork": false, "fork": false,
"created_at": "2024-07-01T10:55:29Z", "created_at": "2024-07-01T10:55:29Z",
"updated_at": "2024-12-14T04:05:34Z", "updated_at": "2024-12-15T23:08:09Z",
"pushed_at": "2024-07-01T10:54:02Z", "pushed_at": "2024-07-01T10:54:02Z",
"stargazers_count": 469, "stargazers_count": 470,
"watchers_count": 469, "watchers_count": 470,
"has_discussions": false, "has_discussions": false,
"forks_count": 181, "forks_count": 181,
"allow_forking": true, "allow_forking": true,
@ -26,7 +26,7 @@
"topics": [], "topics": [],
"visibility": "public", "visibility": "public",
"forks": 181, "forks": 181,
"watchers": 469, "watchers": 470,
"score": 0, "score": 0,
"subscribers_count": 5 "subscribers_count": 5
}, },

14
README.md
View file

@ -191,6 +191,7 @@
- [Forsaken0129/CVE-2024-0582](https://github.com/Forsaken0129/CVE-2024-0582) - [Forsaken0129/CVE-2024-0582](https://github.com/Forsaken0129/CVE-2024-0582)
- [0ptyx/cve-2024-0582](https://github.com/0ptyx/cve-2024-0582) - [0ptyx/cve-2024-0582](https://github.com/0ptyx/cve-2024-0582)
- [geniuszlyy/CVE-2024-0582](https://github.com/geniuszlyy/CVE-2024-0582) - [geniuszlyy/CVE-2024-0582](https://github.com/geniuszlyy/CVE-2024-0582)
- [101010zyl/CVE-2024-0582](https://github.com/101010zyl/CVE-2024-0582)
### CVE-2024-0588 (2024-04-09) ### CVE-2024-0588 (2024-04-09)
@ -2307,6 +2308,9 @@
- [samogod/CVE-2024-11728](https://github.com/samogod/CVE-2024-11728) - [samogod/CVE-2024-11728](https://github.com/samogod/CVE-2024-11728)
### CVE-2024-11972
- [JunTakemura/exploit-CVE-2024-11972](https://github.com/JunTakemura/exploit-CVE-2024-11972)
### CVE-2024-12155 (2024-12-06) ### CVE-2024-12155 (2024-12-06)
<code>The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. <code>The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
@ -2574,6 +2578,13 @@
- [XiaomingX/cve-2024-21534-poc](https://github.com/XiaomingX/cve-2024-21534-poc) - [XiaomingX/cve-2024-21534-poc](https://github.com/XiaomingX/cve-2024-21534-poc)
- [verylazytech/cve-2024-21534](https://github.com/verylazytech/cve-2024-21534) - [verylazytech/cve-2024-21534](https://github.com/verylazytech/cve-2024-21534)
### CVE-2024-21542 (2024-12-10)
<code>Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
</code>
- [L3ster1337/Poc-CVE-2024-21542](https://github.com/L3ster1337/Poc-CVE-2024-21542)
### CVE-2024-21626 (2024-01-31) ### CVE-2024-21626 (2024-01-31)
<code>runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (&quot;attack 2&quot;). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (&quot;attack 1&quot;). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (&quot;attack 3a&quot; and &quot;attack 3b&quot;). runc 1.1.12 includes patches for this issue. <code>runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (&quot;attack 2&quot;). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (&quot;attack 1&quot;). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (&quot;attack 3a&quot; and &quot;attack 3b&quot;). runc 1.1.12 includes patches for this issue.
@ -7415,6 +7426,9 @@
- [ThottySploity/CVE-2024-53375](https://github.com/ThottySploity/CVE-2024-53375) - [ThottySploity/CVE-2024-53375](https://github.com/ThottySploity/CVE-2024-53375)
### CVE-2024-53376
- [ThottySploity/CVE-2024-53376](https://github.com/ThottySploity/CVE-2024-53376)
### CVE-2024-53617 (2024-12-02) ### CVE-2024-53617 (2024-12-02)
<code>A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. <code>A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload.