mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-28 18:44:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2022/02/12 00:15:31

Browse source
This commit is contained in:
motikan2010-bot 2022-02-12 09:15:31 +09:00
parent 16dc0727bb
commit 1f0aaac8cd
13 changed files with 95 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
2019/CVE-2019-0708.json
View file

@ -1488,12 +1488,12 @@
"pushed_at": "2019-06-22T21:48:45Z",
"stargazers_count": 843,
"watchers_count": 843,
"forks_count": 269,
"forks_count": 270,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 269,
"forks": 270,
"watchers": 843,
"score": 0
},

12
2019/CVE-2019-15514.json
View file

@ -13,11 +13,11 @@
"description": "telegram bug that discloses user's hidden phone number (still unpatched) (exploit included) ",
"fork": false,
"created_at": "2021-12-10T19:03:53Z",
"updated_at": "2022-02-01T12:17:08Z",
"updated_at": "2022-02-11T21:17:09Z",
"pushed_at": "2021-12-19T18:18:36Z",
"stargazers_count": 9,
"watchers_count": 9,
"forks_count": 2,
"stargazers_count": 11,
"watchers_count": 11,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"topics": [
@ -33,8 +33,8 @@
"telethon"
],
"visibility": "public",
"forks": 2,
"watchers": 9,
"forks": 3,
"watchers": 11,
"score": 0
}
]

2
2019/CVE-2019-5418.json
View file

@ -101,7 +101,7 @@
"fork": false,
"created_at": "2019-03-23T02:52:31Z",
"updated_at": "2021-12-15T14:35:59Z",
"pushed_at": "2021-10-12T19:01:21Z",
"pushed_at": "2022-02-11T22:47:13Z",
"stargazers_count": 120,
"watchers_count": 120,
"forks_count": 31,

8
2020/CVE-2020-1938.json
View file

@ -364,10 +364,10 @@
"description": "Ghostcat read file\/code execute,CNVD-2020-10487(CVE-2020-1938) ",
"fork": false,
"created_at": "2020-02-22T16:16:20Z",
"updated_at": "2022-02-06T20:47:06Z",
"updated_at": "2022-02-11T20:22:34Z",
"pushed_at": "2020-03-09T14:51:43Z",
"stargazers_count": 232,
"watchers_count": 232,
"stargazers_count": 233,
"watchers_count": 233,
"forks_count": 92,
"allow_forking": true,
"is_template": false,
@ -380,7 +380,7 @@
],
"visibility": "public",
"forks": 92,
"watchers": 232,
"watchers": 233,
"score": 0
},
{

8
2021/CVE-2021-1585.json
View file

@ -13,17 +13,17 @@
"description": "Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE",
"fork": false,
"created_at": "2022-02-10T21:52:24Z",
"updated_at": "2022-02-11T15:04:21Z",
"updated_at": "2022-02-11T20:53:21Z",
"pushed_at": "2022-02-11T17:20:32Z",
"stargazers_count": 1,
"watchers_count": 1,
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"watchers": 2,
"score": 0
}
]

8
2021/CVE-2021-22569.json
View file

@ -13,17 +13,17 @@
"description": "A potential Denial of Service issue in protobuf-java high severity GitHub Reviewed Published 5 days ago in protocolbuffers\/protobuf • Updated yesterday Vulnerability details Dependabot alerts 2 Package com.google.protobuf:protobuf-java (maven) Affected versions < 3.16.1 >= 3.18.0, < 3.18.2 >= 3.19.0, < 3.19.2 Patched versions 3.16.1 3.18.2 3.19.2 Package com.google.protobuf:protobuf-kotlin (maven) Affected versions >= 3.18.0, < 3.18.2 >= 3.19.0, < 3.19.2 Patched versions 3.18.2 3.19.2 Package google-protobuf (RubyGems) Affected versions < 3.19.2 Patched versions 3.19.2 Description Summary A potential Denial of Service issue in protobuf-java was discovered in the parsing procedure for binary data. Reporter: OSS-Fuzz Affected versions: All versions of Java Protobufs (including Kotlin and JRuby) prior to the versions listed below. Protobuf \"javalite\" users (typically Android) are not affected. Severity CVE-2021-22569 High - CVSS Score: 7.5, An implementation weakness in how unknown fields are parsed in Java. A small (~800 KB) malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated GC pauses. Proof of Concept For reproduction details, please refer to the oss-fuzz issue that identifies the specific inputs that exercise this parsing weakness. Remediation and Mitigation Please update to the latest available versions of the following packages: protobuf-java (3.16.1, 3.18.2, 3.19.2) protobuf-kotlin (3.18.2, 3.19.2) google-protobuf [JRuby gem only] (3.19.2) References GHSA-wrvw-hg22-4m67 https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22569 https:\/\/bugs.chromium.org\/p\/oss-fuzz\/issues\/detail?id=39330 https:\/\/cloud.google.com\/support\/bulletins#gcp-2022-001",
"fork": false,
"created_at": "2022-01-13T03:33:54Z",
"updated_at": "2022-01-17T18:13:30Z",
"updated_at": "2022-02-11T22:19:24Z",
"pushed_at": "2022-01-17T18:18:18Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0
}
]

29
2021/CVE-2021-24807.json Normal file
View file

@ -0,0 +1,29 @@
[
{
"id": 414551720,
"name": "CVE-2021-24807",
"full_name": "itsjeffersonli\/CVE-2021-24807",
"owner": {
"login": "itsjeffersonli",
"id": 53053198,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/53053198?v=4",
"html_url": "https:\/\/github.com\/itsjeffersonli"
},
"html_url": "https:\/\/github.com\/itsjeffersonli\/CVE-2021-24807",
"description": "Support Board 3.3.4 Authenticated Stored XSS",
"fork": false,
"created_at": "2021-10-07T10:13:10Z",
"updated_at": "2021-11-14T20:35:20Z",
"pushed_at": "2021-10-07T10:31:30Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0
}
]

8
2021/CVE-2021-3129.json
View file

@ -67,17 +67,17 @@
"description": null,
"fork": false,
"created_at": "2021-01-25T08:42:28Z",
"updated_at": "2022-01-22T13:19:19Z",
"updated_at": "2022-02-11T19:05:00Z",
"pushed_at": "2021-01-25T08:49:59Z",
"stargazers_count": 28,
"watchers_count": 28,
"stargazers_count": 29,
"watchers_count": 29,
"forks_count": 19,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 19,
"watchers": 28,
"watchers": 29,
"score": 0
},
{

59
2021/CVE-2021-4034.json
View file

@ -104,17 +104,17 @@
"description": "CVE-2021-4034 1day",
"fork": false,
"created_at": "2022-01-25T23:51:37Z",
"updated_at": "2022-02-11T18:08:40Z",
"updated_at": "2022-02-11T20:24:03Z",
"pushed_at": "2022-01-30T14:22:23Z",
"stargazers_count": 1248,
"watchers_count": 1248,
"forks_count": 364,
"stargazers_count": 1251,
"watchers_count": 1251,
"forks_count": 365,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 364,
"watchers": 1248,
"forks": 365,
"watchers": 1251,
"score": 0
},
{
@ -185,11 +185,11 @@
"description": "PoC for PwnKit: Local Privilege Escalation Vulnerability in polkits pkexec (CVE-2021-4034)",
"fork": false,
"created_at": "2022-01-26T00:56:36Z",
"updated_at": "2022-02-11T13:08:27Z",
"updated_at": "2022-02-11T21:39:57Z",
"pushed_at": "2022-01-29T06:22:16Z",
"stargazers_count": 738,
"watchers_count": 738,
"forks_count": 238,
"stargazers_count": 740,
"watchers_count": 740,
"forks_count": 240,
"allow_forking": true,
"is_template": false,
"topics": [
@ -198,8 +198,8 @@
"poc"
],
"visibility": "public",
"forks": 238,
"watchers": 738,
"forks": 240,
"watchers": 740,
"score": 0
},
{
@ -892,33 +892,6 @@
"watchers": 0,
"score": 0
},
{
"id": 452304819,
"name": "cve-2021-4034",
"full_name": "binksjar\/cve-2021-4034",
"owner": {
"login": "binksjar",
"id": 79991211,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/79991211?v=4",
"html_url": "https:\/\/github.com\/binksjar"
},
"html_url": "https:\/\/github.com\/binksjar\/cve-2021-4034",
"description": "Simple POC Code",
"fork": false,
"created_at": "2022-01-26T14:22:33Z",
"updated_at": "2022-01-26T14:23:38Z",
"pushed_at": "2022-01-26T14:25:35Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0
},
{
"id": 452306200,
"name": "PwnKit",
@ -1286,10 +1259,10 @@
"description": "Proof of Concept (PoC) CVE-2021-4034 ",
"fork": false,
"created_at": "2022-01-26T18:01:26Z",
"updated_at": "2022-02-08T04:46:26Z",
"updated_at": "2022-02-11T21:04:36Z",
"pushed_at": "2022-02-07T15:42:00Z",
"stargazers_count": 22,
"watchers_count": 22,
"stargazers_count": 23,
"watchers_count": 23,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
@ -1312,7 +1285,7 @@
],
"visibility": "public",
"forks": 3,
"watchers": 22,
"watchers": 23,
"score": 0
},
{

16
2021/CVE-2021-44228.json
View file

@ -1374,7 +1374,7 @@
"fork": false,
"created_at": "2021-12-11T11:18:46Z",
"updated_at": "2022-02-10T06:01:08Z",
"pushed_at": "2022-02-11T15:39:06Z",
"pushed_at": "2022-02-11T23:47:44Z",
"stargazers_count": 764,
"watchers_count": 764,
"forks_count": 156,
@ -2413,10 +2413,10 @@
"description": "Abuse Log4J CVE-2021-44228 to patch CVE-2021-44228 in vulnerable Minecraft game sessions to prevent exploitation in the session :) ",
"fork": false,
"created_at": "2021-12-12T11:26:42Z",
"updated_at": "2022-01-30T03:42:50Z",
"updated_at": "2022-02-11T22:15:45Z",
"pushed_at": "2021-12-12T17:37:11Z",
"stargazers_count": 55,
"watchers_count": 55,
"stargazers_count": 54,
"watchers_count": 54,
"forks_count": 4,
"allow_forking": true,
"is_template": false,
@ -2431,7 +2431,7 @@
],
"visibility": "public",
"forks": 4,
"watchers": 55,
"watchers": 54,
"score": 0
},
{
@ -3546,12 +3546,12 @@
"pushed_at": "2022-02-06T03:18:29Z",
"stargazers_count": 2712,
"watchers_count": 2712,
"forks_count": 654,
"forks_count": 655,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 654,
"forks": 655,
"watchers": 2712,
"score": 0
},
@ -4520,7 +4520,7 @@
"fork": false,
"created_at": "2021-12-13T17:25:52Z",
"updated_at": "2022-02-09T10:00:20Z",
"pushed_at": "2022-02-11T15:50:43Z",
"pushed_at": "2022-02-11T21:37:08Z",
"stargazers_count": 18,
"watchers_count": 18,
"forks_count": 6,

8
2022/CVE-2022-20699.json
View file

@ -13,17 +13,17 @@
"description": "Cisco Anyconnect VPN unauth RCE (rwx stack)",
"fork": false,
"created_at": "2022-02-07T15:53:21Z",
"updated_at": "2022-02-11T16:37:33Z",
"updated_at": "2022-02-11T19:48:43Z",
"pushed_at": "2022-02-07T15:55:03Z",
"stargazers_count": 115,
"watchers_count": 115,
"stargazers_count": 117,
"watchers_count": 117,
"forks_count": 26,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 26,
"watchers": 115,
"watchers": 117,
"score": 0
},
{

8
2022/CVE-2022-21999.json
View file

@ -13,10 +13,10 @@
"description": "Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)",
"fork": false,
"created_at": "2022-02-08T17:25:44Z",
"updated_at": "2022-02-11T18:14:20Z",
"updated_at": "2022-02-11T21:53:13Z",
"pushed_at": "2022-02-09T16:54:09Z",
"stargazers_count": 362,
"watchers_count": 362,
"stargazers_count": 365,
"watchers_count": 365,
"forks_count": 62,
"allow_forking": true,
"is_template": false,
@ -26,7 +26,7 @@
],
"visibility": "public",
"forks": 62,
"watchers": 362,
"watchers": 365,
"score": 0
}
]

11
README.md
View file

@ -1,7 +1,7 @@
# PoC in GitHub
## 2022
### CVE-2022-0185 (-)
### CVE-2022-0185 (2022-02-11)
<code>
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
@ -730,7 +730,6 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
- [jostmart/-CVE-2021-4034](https://github.com/jostmart/-CVE-2021-4034)
- [c3l3si4n/pwnkit](https://github.com/c3l3si4n/pwnkit)
- [1nf1n17yk1ng/CVE-2021-4034](https://github.com/1nf1n17yk1ng/CVE-2021-4034)
- [binksjar/cve-2021-4034](https://github.com/binksjar/cve-2021-4034)
- [ly4k/PwnKit](https://github.com/ly4k/PwnKit)
- [san3ncrypt3d/CVE-2021-4034-POC](https://github.com/san3ncrypt3d/CVE-2021-4034-POC)
- [fdellwing/CVE-2021-4034](https://github.com/fdellwing/CVE-2021-4034)
@ -1374,6 +1373,14 @@ The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does n
- [fimtow/CVE-2021-24750](https://github.com/fimtow/CVE-2021-24750)
### CVE-2021-24807 (2021-11-08)
<code>
The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authenticated user go to the chat the XSS will be automatically executed.
</code>
- [itsjeffersonli/CVE-2021-24807](https://github.com/itsjeffersonli/CVE-2021-24807)
### CVE-2021-24884 (2021-10-25)
<code>