From 150c8b76cd42ab2a6f3a319e38b18735d349d08b Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Fri, 13 May 2022 03:18:19 +0900 Subject: [PATCH] Auto Update 2022/05/12 18:18:19 --- 2002/CVE-2002-20001.json | 2 +- 2013/CVE-2013-2596.json | 29 ------------- 2014/CVE-2014-6271.json | 8 ++-- 2016/CVE-2016-3714.json | 4 +- 2017/CVE-2017-12149.json | 8 ++-- 2018/CVE-2018-15473.json | 4 +- 2018/CVE-2018-8897.json | 8 ++-- 2018/CVE-2018-9276.json | 8 ++-- 2019/CVE-2019-0708.json | 8 ++-- 2019/CVE-2019-7304.json | 8 ++-- 2020/CVE-2020-0601.json | 8 ++-- 2020/CVE-2020-0683.json | 8 ++-- 2020/CVE-2020-0688.json | 4 +- 2020/CVE-2020-0787.json | 8 ++-- 2020/CVE-2020-1472.json | 28 ++++++------- 2020/CVE-2020-17519.json | 8 ++-- 2020/CVE-2020-3952.json | 4 +- 2020/CVE-2020-5902.json | 8 ++-- 2021/CVE-2021-3129.json | 8 ++-- 2021/CVE-2021-3156.json | 16 ++++---- 2021/CVE-2021-4034.json | 12 +++--- 2021/CVE-2021-41773.json | 2 +- 2021/CVE-2021-42278.json | 8 ++-- 2021/CVE-2021-42287.json | 8 ++-- 2021/CVE-2021-44228.json | 16 ++++---- 2022/CVE-2022-1388.json | 89 ++++++++++++++++++++++++++++------------ 2022/CVE-2022-21449.json | 8 ++-- 2022/CVE-2022-21907.json | 8 ++-- 2022/CVE-2022-21999.json | 8 ++-- 2022/CVE-2022-22965.json | 8 ++-- 2022/CVE-2022-23253.json | 29 +++++++++++++ 2022/CVE-2022-26133.json | 12 +++--- 2022/CVE-2022-26923.json | 8 ++-- 2022/CVE-2022-30525.json | 34 +++++++++++++++ README.md | 27 ++++++++---- 35 files changed, 271 insertions(+), 193 deletions(-) delete mode 100644 2013/CVE-2013-2596.json create mode 100644 2022/CVE-2022-23253.json create mode 100644 2022/CVE-2022-30525.json diff --git a/2002/CVE-2002-20001.json b/2002/CVE-2002-20001.json index 6454a192d2..c03e1f772d 100644 --- a/2002/CVE-2002-20001.json +++ b/2002/CVE-2002-20001.json @@ -14,7 +14,7 @@ "fork": false, "created_at": "2021-08-31T09:51:12Z", "updated_at": "2022-05-11T20:58:08Z", - "pushed_at": "2022-05-06T08:11:45Z", + "pushed_at": "2022-05-12T14:31:23Z", "stargazers_count": 95, "watchers_count": 95, "forks_count": 8, diff --git a/2013/CVE-2013-2596.json b/2013/CVE-2013-2596.json deleted file mode 100644 index 29ae27ebab..0000000000 --- a/2013/CVE-2013-2596.json +++ /dev/null @@ -1,29 +0,0 @@ -[ - { - "id": 11447847, - "name": "libfb_mem_exploit", - "full_name": "hiikezoe\/libfb_mem_exploit", - "owner": { - "login": "hiikezoe", - "id": 188175, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/188175?v=4", - "html_url": "https:\/\/github.com\/hiikezoe" - }, - "html_url": "https:\/\/github.com\/hiikezoe\/libfb_mem_exploit", - "description": "CVE-2013-2596 exploit for android", - "fork": false, - "created_at": "2013-07-16T11:24:09Z", - "updated_at": "2021-08-04T05:58:22Z", - "pushed_at": "2013-07-17T03:18:50Z", - "stargazers_count": 5, - "watchers_count": 5, - "forks_count": 23, - "allow_forking": true, - "is_template": false, - "topics": [], - "visibility": "public", - "forks": 23, - "watchers": 5, - "score": 0 - } -] \ No newline at end of file diff --git a/2014/CVE-2014-6271.json b/2014/CVE-2014-6271.json index 9d308e73a7..f3f8bd974a 100644 --- a/2014/CVE-2014-6271.json +++ b/2014/CVE-2014-6271.json @@ -1071,10 +1071,10 @@ "description": "Shellshock exploit + vulnerable environment", "fork": false, "created_at": "2016-12-07T23:38:50Z", - "updated_at": "2022-05-06T00:54:08Z", + "updated_at": "2022-05-12T13:47:15Z", "pushed_at": "2017-10-30T22:46:11Z", - "stargazers_count": 130, - "watchers_count": 130, + "stargazers_count": 131, + "watchers_count": 131, "forks_count": 52, "allow_forking": true, "is_template": false, @@ -1088,7 +1088,7 @@ ], "visibility": "public", "forks": 52, - "watchers": 130, + "watchers": 131, "score": 0 }, { diff --git a/2016/CVE-2016-3714.json b/2016/CVE-2016-3714.json index e5c889ac47..ef37f0fee5 100644 --- a/2016/CVE-2016-3714.json +++ b/2016/CVE-2016-3714.json @@ -98,12 +98,12 @@ "pushed_at": "2016-05-29T17:27:10Z", "stargazers_count": 19, "watchers_count": 19, - "forks_count": 7, + "forks_count": 8, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 7, + "forks": 8, "watchers": 19, "score": 0 }, diff --git a/2017/CVE-2017-12149.json b/2017/CVE-2017-12149.json index dece23e313..83077ccd15 100644 --- a/2017/CVE-2017-12149.json +++ b/2017/CVE-2017-12149.json @@ -94,17 +94,17 @@ "description": "Jboss Java Deserialization RCE (CVE-2017-12149)", "fork": false, "created_at": "2019-08-22T21:06:09Z", - "updated_at": "2021-12-08T16:51:00Z", + "updated_at": "2022-05-12T15:53:05Z", "pushed_at": "2019-08-22T21:08:14Z", - "stargazers_count": 8, - "watchers_count": 8, + "stargazers_count": 7, + "watchers_count": 7, "forks_count": 2, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 2, - "watchers": 8, + "watchers": 7, "score": 0 }, { diff --git a/2018/CVE-2018-15473.json b/2018/CVE-2018-15473.json index d14a2b8a5b..5af6e011a1 100644 --- a/2018/CVE-2018-15473.json +++ b/2018/CVE-2018-15473.json @@ -114,12 +114,12 @@ "pushed_at": "2019-03-24T11:20:27Z", "stargazers_count": 46, "watchers_count": 46, - "forks_count": 18, + "forks_count": 19, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 18, + "forks": 19, "watchers": 46, "score": 0 }, diff --git a/2018/CVE-2018-8897.json b/2018/CVE-2018-8897.json index ade3df7955..6b1ce34ddc 100644 --- a/2018/CVE-2018-8897.json +++ b/2018/CVE-2018-8897.json @@ -94,17 +94,17 @@ "description": "Implements the POP\/MOV SS (CVE-2018-8897) vulnerability by leveraging SYSCALL to perform a local privilege escalation (LPE).", "fork": false, "created_at": "2018-08-08T20:04:56Z", - "updated_at": "2022-02-17T02:17:51Z", + "updated_at": "2022-05-12T15:00:00Z", "pushed_at": "2018-08-08T20:12:20Z", - "stargazers_count": 112, - "watchers_count": 112, + "stargazers_count": 113, + "watchers_count": 113, "forks_count": 25, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 25, - "watchers": 112, + "watchers": 113, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-9276.json b/2018/CVE-2018-9276.json index 38c515a18a..869039b4c6 100644 --- a/2018/CVE-2018-9276.json +++ b/2018/CVE-2018-9276.json @@ -13,17 +13,17 @@ "description": "CVE-2018-9276 PRTG < 18.2.39 Authenticated Command Injection (Reverse Shell)", "fork": false, "created_at": "2019-03-31T08:51:07Z", - "updated_at": "2022-01-27T05:07:25Z", + "updated_at": "2022-05-12T13:52:08Z", "pushed_at": "2020-12-03T11:22:15Z", - "stargazers_count": 30, - "watchers_count": 30, + "stargazers_count": 31, + "watchers_count": 31, "forks_count": 9, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 9, - "watchers": 30, + "watchers": 31, "score": 0 }, { diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index d5367653d8..6efa4ffffb 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -2861,17 +2861,17 @@ "description": "CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell", "fork": false, "created_at": "2020-01-21T02:22:29Z", - "updated_at": "2022-05-12T04:43:42Z", + "updated_at": "2022-05-12T13:40:59Z", "pushed_at": "2020-01-21T03:15:41Z", - "stargazers_count": 258, - "watchers_count": 258, + "stargazers_count": 259, + "watchers_count": 259, "forks_count": 69, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 69, - "watchers": 258, + "watchers": 259, "score": 0 }, { diff --git a/2019/CVE-2019-7304.json b/2019/CVE-2019-7304.json index 813d1164c6..65aaaf9117 100644 --- a/2019/CVE-2019-7304.json +++ b/2019/CVE-2019-7304.json @@ -13,10 +13,10 @@ "description": "Linux privilege escalation exploit via snapd (CVE-2019-7304)", "fork": false, "created_at": "2019-02-12T06:02:06Z", - "updated_at": "2022-05-12T02:43:02Z", + "updated_at": "2022-05-12T15:35:17Z", "pushed_at": "2019-05-09T21:34:26Z", - "stargazers_count": 622, - "watchers_count": 622, + "stargazers_count": 623, + "watchers_count": 623, "forks_count": 156, "allow_forking": true, "is_template": false, @@ -27,7 +27,7 @@ ], "visibility": "public", "forks": 156, - "watchers": 622, + "watchers": 623, "score": 0 }, { diff --git a/2020/CVE-2020-0601.json b/2020/CVE-2020-0601.json index 03d2fb60c1..8cb17faae9 100644 --- a/2020/CVE-2020-0601.json +++ b/2020/CVE-2020-0601.json @@ -153,10 +153,10 @@ "description": "PoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)", "fork": false, "created_at": "2020-01-15T23:07:41Z", - "updated_at": "2022-03-04T16:01:21Z", + "updated_at": "2022-05-12T16:55:27Z", "pushed_at": "2020-01-20T23:33:19Z", - "stargazers_count": 875, - "watchers_count": 875, + "stargazers_count": 876, + "watchers_count": 876, "forks_count": 222, "allow_forking": true, "is_template": false, @@ -165,7 +165,7 @@ ], "visibility": "public", "forks": 222, - "watchers": 875, + "watchers": 876, "score": 0 }, { diff --git a/2020/CVE-2020-0683.json b/2020/CVE-2020-0683.json index 919d1004e9..c7bce68ec6 100644 --- a/2020/CVE-2020-0683.json +++ b/2020/CVE-2020-0683.json @@ -13,17 +13,17 @@ "description": "CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege", "fork": false, "created_at": "2020-02-11T16:42:34Z", - "updated_at": "2022-05-10T17:16:34Z", + "updated_at": "2022-05-12T12:23:04Z", "pushed_at": "2021-12-23T16:28:28Z", - "stargazers_count": 297, - "watchers_count": 297, + "stargazers_count": 298, + "watchers_count": 298, "forks_count": 53, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 53, - "watchers": 297, + "watchers": 298, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-0688.json b/2020/CVE-2020-0688.json index 2b95098a70..59bdcdc502 100644 --- a/2020/CVE-2020-0688.json +++ b/2020/CVE-2020-0688.json @@ -569,12 +569,12 @@ "pushed_at": "2022-05-12T04:04:15Z", "stargazers_count": 0, "watchers_count": 0, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 0, "score": 0 } diff --git a/2020/CVE-2020-0787.json b/2020/CVE-2020-0787.json index ec2f9dc5bc..14adea7e53 100644 --- a/2020/CVE-2020-0787.json +++ b/2020/CVE-2020-0787.json @@ -13,17 +13,17 @@ "description": "Support ALL Windows Version", "fork": false, "created_at": "2020-06-16T08:57:51Z", - "updated_at": "2022-05-12T10:35:34Z", + "updated_at": "2022-05-12T12:29:44Z", "pushed_at": "2020-09-11T07:38:22Z", - "stargazers_count": 618, - "watchers_count": 618, + "stargazers_count": 619, + "watchers_count": 619, "forks_count": 163, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 163, - "watchers": 618, + "watchers": 619, "score": 0 }, { diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index bd783145db..9006c62b68 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -40,17 +40,17 @@ "description": "Test tool for CVE-2020-1472", "fork": false, "created_at": "2020-09-08T08:58:37Z", - "updated_at": "2022-05-10T21:13:39Z", + "updated_at": "2022-05-12T13:21:00Z", "pushed_at": "2021-12-08T10:31:54Z", - "stargazers_count": 1450, - "watchers_count": 1450, + "stargazers_count": 1451, + "watchers_count": 1451, "forks_count": 332, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 332, - "watchers": 1450, + "watchers": 1451, "score": 0 }, { @@ -94,17 +94,17 @@ "description": "PoC for Zerologon - all research credits go to Tom Tervoort of Secura", "fork": false, "created_at": "2020-09-14T16:56:51Z", - "updated_at": "2022-05-10T15:02:26Z", + "updated_at": "2022-05-12T13:21:21Z", "pushed_at": "2020-11-03T09:45:24Z", - "stargazers_count": 924, - "watchers_count": 924, + "stargazers_count": 925, + "watchers_count": 925, "forks_count": 260, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 260, - "watchers": 924, + "watchers": 925, "score": 0 }, { @@ -155,17 +155,17 @@ "description": "Exploit for zerologon cve-2020-1472", "fork": false, "created_at": "2020-09-14T19:19:07Z", - "updated_at": "2022-05-11T13:30:28Z", + "updated_at": "2022-05-12T15:54:24Z", "pushed_at": "2020-10-15T18:31:15Z", - "stargazers_count": 426, - "watchers_count": 426, + "stargazers_count": 427, + "watchers_count": 427, "forks_count": 125, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 125, - "watchers": 426, + "watchers": 427, "score": 0 }, { @@ -402,12 +402,12 @@ "pushed_at": "2020-09-16T15:03:32Z", "stargazers_count": 76, "watchers_count": 76, - "forks_count": 25, + "forks_count": 26, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 25, + "forks": 26, "watchers": 76, "score": 0 }, diff --git a/2020/CVE-2020-17519.json b/2020/CVE-2020-17519.json index 3800c3d6ca..8d61fa7c04 100644 --- a/2020/CVE-2020-17519.json +++ b/2020/CVE-2020-17519.json @@ -256,10 +256,10 @@ "description": "Tool check: CVE-2021-41773, CVE-2021-42013, CVE-2020-17519", "fork": false, "created_at": "2021-10-13T17:03:56Z", - "updated_at": "2022-02-28T17:25:24Z", + "updated_at": "2022-05-12T17:04:25Z", "pushed_at": "2021-10-14T21:11:44Z", - "stargazers_count": 54, - "watchers_count": 54, + "stargazers_count": 55, + "watchers_count": 55, "forks_count": 14, "allow_forking": true, "is_template": false, @@ -270,7 +270,7 @@ ], "visibility": "public", "forks": 14, - "watchers": 54, + "watchers": 55, "score": 0 }, { diff --git a/2020/CVE-2020-3952.json b/2020/CVE-2020-3952.json index 6449161130..21a73bb1de 100644 --- a/2020/CVE-2020-3952.json +++ b/2020/CVE-2020-3952.json @@ -71,12 +71,12 @@ "pushed_at": "2020-04-16T08:38:42Z", "stargazers_count": 261, "watchers_count": 261, - "forks_count": 63, + "forks_count": 64, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 63, + "forks": 64, "watchers": 261, "score": 0 }, diff --git a/2020/CVE-2020-5902.json b/2020/CVE-2020-5902.json index bef7e6ec73..2ee9a1cb44 100644 --- a/2020/CVE-2020-5902.json +++ b/2020/CVE-2020-5902.json @@ -1002,17 +1002,17 @@ "description": "Checker CVE-2020-5902: BIG-IP versions 15.0.0 through 15.1.0.3, 14.1.0 through 14.1.2.5, 13.1.0 through 13.1.3.3, 12.1.0 through 12.1.5.1, and 11.6.1 through 11.6.5.1 suffer from Traffic Management User Interface (TMUI) arbitrary file read and command execution vulnerabilities.", "fork": false, "created_at": "2020-07-10T07:00:35Z", - "updated_at": "2021-11-15T05:30:30Z", + "updated_at": "2022-05-12T17:04:34Z", "pushed_at": "2020-07-10T15:31:07Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "forks_count": 5, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 5, - "watchers": 4, + "watchers": 5, "score": 0 }, { diff --git a/2021/CVE-2021-3129.json b/2021/CVE-2021-3129.json index 7b79abe42f..aa8bb9a554 100644 --- a/2021/CVE-2021-3129.json +++ b/2021/CVE-2021-3129.json @@ -13,17 +13,17 @@ "description": "Exploit for CVE-2021-3129", "fork": false, "created_at": "2021-01-13T12:52:20Z", - "updated_at": "2022-05-07T23:47:53Z", + "updated_at": "2022-05-12T12:42:18Z", "pushed_at": "2021-01-29T13:59:07Z", - "stargazers_count": 210, - "watchers_count": 210, + "stargazers_count": 211, + "watchers_count": 211, "forks_count": 63, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 63, - "watchers": 210, + "watchers": 211, "score": 0 }, { diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index c6b0143f2a..19f3eb687d 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -71,12 +71,12 @@ "pushed_at": "2021-01-31T04:56:56Z", "stargazers_count": 115, "watchers_count": 115, - "forks_count": 45, + "forks_count": 44, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 45, + "forks": 44, "watchers": 115, "score": 0 }, @@ -969,17 +969,17 @@ "description": "Sudo Baron Samedit Exploit", "fork": false, "created_at": "2021-03-15T17:37:02Z", - "updated_at": "2022-05-12T09:50:27Z", + "updated_at": "2022-05-12T14:30:11Z", "pushed_at": "2022-01-13T05:48:01Z", - "stargazers_count": 496, - "watchers_count": 496, - "forks_count": 134, + "stargazers_count": 497, + "watchers_count": 497, + "forks_count": 133, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 134, - "watchers": 496, + "forks": 133, + "watchers": 497, "score": 0 }, { diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index f7239f3d14..2b848758c9 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -73,7 +73,7 @@ "description": "CVE-2021-4034 1day", "fork": false, "created_at": "2022-01-25T23:51:37Z", - "updated_at": "2022-05-11T00:41:42Z", + "updated_at": "2022-05-12T13:42:50Z", "pushed_at": "2022-01-30T14:22:23Z", "stargazers_count": 1520, "watchers_count": 1520, @@ -875,10 +875,10 @@ "description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation", "fork": false, "created_at": "2022-01-26T14:26:10Z", - "updated_at": "2022-05-11T13:37:00Z", + "updated_at": "2022-05-12T15:15:43Z", "pushed_at": "2022-01-27T20:09:24Z", - "stargazers_count": 503, - "watchers_count": 503, + "stargazers_count": 505, + "watchers_count": 505, "forks_count": 98, "allow_forking": true, "is_template": false, @@ -887,7 +887,7 @@ ], "visibility": "public", "forks": 98, - "watchers": 503, + "watchers": 505, "score": 0 }, { @@ -3120,7 +3120,7 @@ "description": "CVE-2021-4034 centos8可用版本", "fork": false, "created_at": "2022-02-15T02:34:48Z", - "updated_at": "2022-04-04T07:59:35Z", + "updated_at": "2022-05-12T16:31:20Z", "pushed_at": "2022-02-15T02:39:28Z", "stargazers_count": 6, "watchers_count": 6, diff --git a/2021/CVE-2021-41773.json b/2021/CVE-2021-41773.json index e3407916be..dbab80bbf3 100644 --- a/2021/CVE-2021-41773.json +++ b/2021/CVE-2021-41773.json @@ -40,7 +40,7 @@ "description": "Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE", "fork": false, "created_at": "2021-10-06T02:28:41Z", - "updated_at": "2022-05-07T16:03:31Z", + "updated_at": "2022-05-12T16:02:24Z", "pushed_at": "2021-12-22T23:54:18Z", "stargazers_count": 20, "watchers_count": 20, diff --git a/2021/CVE-2021-42278.json b/2021/CVE-2021-42278.json index 05876e6ae4..2fc30eb3fe 100644 --- a/2021/CVE-2021-42278.json +++ b/2021/CVE-2021-42278.json @@ -99,10 +99,10 @@ "description": "Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)", "fork": false, "created_at": "2021-12-13T23:15:05Z", - "updated_at": "2022-05-10T09:40:12Z", + "updated_at": "2022-05-12T15:16:22Z", "pushed_at": "2022-01-13T12:35:19Z", - "stargazers_count": 224, - "watchers_count": 224, + "stargazers_count": 225, + "watchers_count": 225, "forks_count": 31, "allow_forking": true, "is_template": false, @@ -111,7 +111,7 @@ ], "visibility": "public", "forks": 31, - "watchers": 224, + "watchers": 225, "score": 0 }, { diff --git a/2021/CVE-2021-42287.json b/2021/CVE-2021-42287.json index be97ff7736..f9a2822b8b 100644 --- a/2021/CVE-2021-42287.json +++ b/2021/CVE-2021-42287.json @@ -13,17 +13,17 @@ "description": "CVE-2021-42287\/CVE-2021-42278 Scanner & Exploiter.", "fork": false, "created_at": "2021-12-11T19:27:30Z", - "updated_at": "2022-05-11T06:00:33Z", + "updated_at": "2022-05-12T17:08:56Z", "pushed_at": "2021-12-16T09:50:15Z", - "stargazers_count": 1085, - "watchers_count": 1085, + "stargazers_count": 1086, + "watchers_count": 1086, "forks_count": 288, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 288, - "watchers": 1085, + "watchers": 1086, "score": 0 }, { diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 0305d50efa..457361ad09 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -1882,7 +1882,7 @@ "description": "CVE-2021-44228,log4j2 burp插件 Java版本,dnslog选取了非dnslog.cn域名", "fork": false, "created_at": "2021-12-12T01:24:39Z", - "updated_at": "2022-05-12T02:42:07Z", + "updated_at": "2022-05-12T16:11:17Z", "pushed_at": "2021-12-11T10:39:41Z", "stargazers_count": 13, "watchers_count": 13, @@ -3406,17 +3406,17 @@ "description": "A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 ", "fork": false, "created_at": "2021-12-13T03:57:50Z", - "updated_at": "2022-05-12T06:32:29Z", + "updated_at": "2022-05-12T16:19:47Z", "pushed_at": "2022-02-06T03:18:29Z", - "stargazers_count": 2864, - "watchers_count": 2864, - "forks_count": 706, + "stargazers_count": 2867, + "watchers_count": 2867, + "forks_count": 707, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 706, - "watchers": 2864, + "forks": 707, + "watchers": 2867, "score": 0 }, { @@ -10375,7 +10375,7 @@ "fork": false, "created_at": "2022-02-16T01:13:08Z", "updated_at": "2022-02-16T01:21:29Z", - "pushed_at": "2022-05-11T10:02:56Z", + "pushed_at": "2022-05-12T13:15:57Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, diff --git a/2022/CVE-2022-1388.json b/2022/CVE-2022-1388.json index 672e7f593c..cb422b809c 100644 --- a/2022/CVE-2022-1388.json +++ b/2022/CVE-2022-1388.json @@ -67,17 +67,17 @@ "description": "CVE-2022-1388 F5 BIG-IP RCE 批量检测", "fork": false, "created_at": "2022-05-07T17:54:08Z", - "updated_at": "2022-05-12T02:11:03Z", + "updated_at": "2022-05-12T13:32:36Z", "pushed_at": "2022-05-09T11:15:27Z", - "stargazers_count": 65, - "watchers_count": 65, + "stargazers_count": 66, + "watchers_count": 66, "forks_count": 20, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 20, - "watchers": 65, + "watchers": 66, "score": 0 }, { @@ -202,17 +202,17 @@ "description": "CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE", "fork": false, "created_at": "2022-05-09T10:22:31Z", - "updated_at": "2022-05-12T07:59:47Z", + "updated_at": "2022-05-12T17:28:58Z", "pushed_at": "2022-05-12T05:56:13Z", - "stargazers_count": 53, - "watchers_count": 53, + "stargazers_count": 56, + "watchers_count": 56, "forks_count": 21, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 21, - "watchers": 53, + "watchers": 56, "score": 0 }, { @@ -283,17 +283,17 @@ "description": "Exploit and Check Script for CVE 2022-1388", "fork": false, "created_at": "2022-05-09T11:30:09Z", - "updated_at": "2022-05-12T12:01:26Z", - "pushed_at": "2022-05-09T17:58:13Z", - "stargazers_count": 31, - "watchers_count": 31, - "forks_count": 17, + "updated_at": "2022-05-12T14:53:15Z", + "pushed_at": "2022-05-12T16:15:24Z", + "stargazers_count": 35, + "watchers_count": 35, + "forks_count": 18, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 17, - "watchers": 31, + "forks": 18, + "watchers": 35, "score": 0 }, { @@ -310,17 +310,17 @@ "description": "POC for CVE-2022-1388", "fork": false, "created_at": "2022-05-09T11:46:45Z", - "updated_at": "2022-05-12T09:03:28Z", + "updated_at": "2022-05-12T17:38:49Z", "pushed_at": "2022-05-09T20:52:07Z", - "stargazers_count": 164, - "watchers_count": 164, + "stargazers_count": 167, + "watchers_count": 167, "forks_count": 26, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 26, - "watchers": 164, + "watchers": 167, "score": 0 }, { @@ -583,11 +583,11 @@ "description": "CVE-2022-1388 is an authentication bypass vulnerability in the REST component of BIG-IP’s iControl API that was assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 could be exploited by an unauthenticated attacker with network access to the management port or self IP addresses of devices that use BIG-IP. Exploitation would allow the attacker to execute arbitrary system commands, create and delete files and disable services.", "fork": false, "created_at": "2022-05-10T04:10:46Z", - "updated_at": "2022-05-10T14:54:09Z", - "pushed_at": "2022-05-10T05:00:33Z", - "stargazers_count": 2, - "watchers_count": 2, - "forks_count": 0, + "updated_at": "2022-05-12T17:04:20Z", + "pushed_at": "2022-05-12T17:06:29Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 1, "allow_forking": true, "is_template": false, "topics": [ @@ -600,8 +600,8 @@ "nuclei-templates" ], "visibility": "public", - "forks": 0, - "watchers": 2, + "forks": 1, + "watchers": 3, "score": 0 }, { @@ -1154,7 +1154,7 @@ "fork": false, "created_at": "2022-05-12T12:17:11Z", "updated_at": "2022-05-12T12:17:11Z", - "pushed_at": "2022-05-12T12:20:18Z", + "pushed_at": "2022-05-12T12:32:38Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, @@ -1165,5 +1165,40 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 491598048, + "name": "CVE-2022-1388", + "full_name": "Zeyad-Azima\/CVE-2022-1388", + "owner": { + "login": "Zeyad-Azima", + "id": 62406753, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/62406753?v=4", + "html_url": "https:\/\/github.com\/Zeyad-Azima" + }, + "html_url": "https:\/\/github.com\/Zeyad-Azima\/CVE-2022-1388", + "description": "F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB", + "fork": false, + "created_at": "2022-05-12T16:54:52Z", + "updated_at": "2022-05-12T17:51:32Z", + "pushed_at": "2022-05-12T17:43:36Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "topics": [ + "cve", + "cve-2022-1388", + "exploit", + "f5", + "f5-bigip", + "icontrol", + "rest-api" + ], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-21449.json b/2022/CVE-2022-21449.json index e8378a0eb1..dc569da758 100644 --- a/2022/CVE-2022-21449.json +++ b/2022/CVE-2022-21449.json @@ -67,17 +67,17 @@ "description": "CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server", "fork": false, "created_at": "2022-04-20T20:31:15Z", - "updated_at": "2022-05-11T14:29:53Z", + "updated_at": "2022-05-12T14:31:58Z", "pushed_at": "2022-04-21T12:04:10Z", - "stargazers_count": 109, - "watchers_count": 109, + "stargazers_count": 108, + "watchers_count": 108, "forks_count": 24, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 24, - "watchers": 109, + "watchers": 108, "score": 0 }, { diff --git a/2022/CVE-2022-21907.json b/2022/CVE-2022-21907.json index 2d3bd41ce6..1e9b8330ba 100644 --- a/2022/CVE-2022-21907.json +++ b/2022/CVE-2022-21907.json @@ -195,17 +195,17 @@ "description": "A REAL DoS exploit for CVE-2022-21907", "fork": false, "created_at": "2022-04-04T10:53:28Z", - "updated_at": "2022-04-30T09:53:26Z", + "updated_at": "2022-05-12T14:34:15Z", "pushed_at": "2022-04-13T05:48:04Z", - "stargazers_count": 112, - "watchers_count": 112, + "stargazers_count": 111, + "watchers_count": 111, "forks_count": 27, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 27, - "watchers": 112, + "watchers": 111, "score": 0 }, { diff --git a/2022/CVE-2022-21999.json b/2022/CVE-2022-21999.json index a72de583e4..ed6d96313a 100644 --- a/2022/CVE-2022-21999.json +++ b/2022/CVE-2022-21999.json @@ -13,10 +13,10 @@ "description": "Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)", "fork": false, "created_at": "2022-02-08T17:25:44Z", - "updated_at": "2022-05-11T16:22:48Z", + "updated_at": "2022-05-12T15:15:30Z", "pushed_at": "2022-02-09T16:54:09Z", - "stargazers_count": 585, - "watchers_count": 585, + "stargazers_count": 586, + "watchers_count": 586, "forks_count": 118, "allow_forking": true, "is_template": false, @@ -26,7 +26,7 @@ ], "visibility": "public", "forks": 118, - "watchers": 585, + "watchers": 586, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index 073a1ac29a..c47409bf88 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -859,10 +859,10 @@ "description": "Nmap Spring4Shell NSE script for Spring Boot RCE (CVE-2022-22965) ", "fork": false, "created_at": "2022-04-03T01:27:28Z", - "updated_at": "2022-04-06T01:28:12Z", + "updated_at": "2022-05-12T15:42:24Z", "pushed_at": "2022-04-08T19:24:41Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "forks_count": 3, "allow_forking": true, "is_template": false, @@ -876,7 +876,7 @@ ], "visibility": "public", "forks": 3, - "watchers": 1, + "watchers": 2, "score": 0 }, { diff --git a/2022/CVE-2022-23253.json b/2022/CVE-2022-23253.json new file mode 100644 index 0000000000..0b3b344156 --- /dev/null +++ b/2022/CVE-2022-23253.json @@ -0,0 +1,29 @@ +[ + { + "id": 491521893, + "name": "CVE-2022-23253-PoC", + "full_name": "nettitude\/CVE-2022-23253-PoC", + "owner": { + "login": "nettitude", + "id": 11998401, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11998401?v=4", + "html_url": "https:\/\/github.com\/nettitude" + }, + "html_url": "https:\/\/github.com\/nettitude\/CVE-2022-23253-PoC", + "description": "CVE-2022-23253 PoC", + "fork": false, + "created_at": "2022-05-12T13:18:47Z", + "updated_at": "2022-05-12T13:18:47Z", + "pushed_at": "2022-05-12T13:18:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-26133.json b/2022/CVE-2022-26133.json index 10fbbb7ae8..4f170da454 100644 --- a/2022/CVE-2022-26133.json +++ b/2022/CVE-2022-26133.json @@ -13,17 +13,17 @@ "description": "Atlassian Bitbucket Data Center RCE(CVE-2022-26133) verification and exploitation.", "fork": false, "created_at": "2022-05-09T12:07:51Z", - "updated_at": "2022-05-12T12:16:39Z", + "updated_at": "2022-05-12T16:59:12Z", "pushed_at": "2022-05-11T02:02:59Z", - "stargazers_count": 83, - "watchers_count": 83, - "forks_count": 18, + "stargazers_count": 88, + "watchers_count": 88, + "forks_count": 20, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", - "forks": 18, - "watchers": 83, + "forks": 20, + "watchers": 88, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-26923.json b/2022/CVE-2022-26923.json index b358a6a689..ecf02b0889 100644 --- a/2022/CVE-2022-26923.json +++ b/2022/CVE-2022-26923.json @@ -13,17 +13,17 @@ "description": "Walkthrough on the exploitation of CVE-2022-26923, a vulnerability in AD Certificate Services", "fork": false, "created_at": "2022-05-12T02:31:50Z", - "updated_at": "2022-05-12T05:33:57Z", + "updated_at": "2022-05-12T16:30:25Z", "pushed_at": "2022-05-12T03:24:04Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 3, + "watchers_count": 3, "forks_count": 0, "allow_forking": true, "is_template": false, "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 3, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-30525.json b/2022/CVE-2022-30525.json new file mode 100644 index 0000000000..965baf17c8 --- /dev/null +++ b/2022/CVE-2022-30525.json @@ -0,0 +1,34 @@ +[ + { + "id": 490649255, + "name": "victorian_machinery", + "full_name": "jbaines-r7\/victorian_machinery", + "owner": { + "login": "jbaines-r7", + "id": 91965877, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/91965877?v=4", + "html_url": "https:\/\/github.com\/jbaines-r7" + }, + "html_url": "https:\/\/github.com\/jbaines-r7\/victorian_machinery", + "description": "Proof of concept exploit for CVE-2022-30525 (Zxyel firewall command injection)", + "fork": false, + "created_at": "2022-05-10T10:31:19Z", + "updated_at": "2022-05-12T14:36:33Z", + "pushed_at": "2022-05-12T10:37:44Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "topics": [ + "cve-2022-30525", + "exploit", + "poc", + "zyxel" + ], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/README.md b/README.md index 00154ee874..0e6d9660f7 100644 --- a/README.md +++ b/README.md @@ -319,6 +319,7 @@ On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. - [omnigodz/CVE-2022-1388](https://github.com/omnigodz/CVE-2022-1388) - [pauloink/CVE-2022-1388](https://github.com/pauloink/CVE-2022-1388) - [SecTheBit/CVE-2022-1388](https://github.com/SecTheBit/CVE-2022-1388) +- [Zeyad-Azima/CVE-2022-1388](https://github.com/Zeyad-Azima/CVE-2022-1388) ### CVE-2022-2333 - [shirouQwQ/CVE-2022-2333](https://github.com/shirouQwQ/CVE-2022-2333) @@ -776,6 +777,14 @@ In the case of instances where the SAML SSO authentication is enabled (non-defau - [kh4sh3i/CVE-2022-23131](https://github.com/kh4sh3i/CVE-2022-23131) - [Kazaf6s/CVE-2022-23131](https://github.com/Kazaf6s/CVE-2022-23131) +### CVE-2022-23253 (2022-03-09) + + +Point-to-Point Tunneling Protocol Denial of Service Vulnerability. + + +- [nettitude/CVE-2022-23253-PoC](https://github.com/nettitude/CVE-2022-23253-PoC) + ### CVE-2022-23305 (2022-01-18) @@ -1568,6 +1577,14 @@ thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack cal - [sprushed/CVE-2022-30292](https://github.com/sprushed/CVE-2022-30292) +### CVE-2022-30525 (2022-05-12) + + +A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. + + +- [jbaines-r7/victorian_machinery](https://github.com/jbaines-r7/victorian_machinery) + ## 2021 ### CVE-2021-0306 (2021-01-11) @@ -4836,7 +4853,7 @@ The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as param ### CVE-2021-42574 (2021-10-31) -An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. +** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm. - [maweil/bidi_char_detector](https://github.com/maweil/bidi_char_detector) @@ -24031,14 +24048,6 @@ The device-initialization functionality in the MSM camera driver for the Linux k - [fi01/libmsm_cameraconfig_exploit](https://github.com/fi01/libmsm_cameraconfig_exploit) -### CVE-2013-2596 (2013-04-12) - - -Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. - - -- [hiikezoe/libfb_mem_exploit](https://github.com/hiikezoe/libfb_mem_exploit) - ### CVE-2013-2597 (2014-08-31)