diff --git a/2012/CVE-2012-5519.json b/2012/CVE-2012-5519.json index 798a7dd470..e87da703a2 100644 --- a/2012/CVE-2012-5519.json +++ b/2012/CVE-2012-5519.json @@ -14,10 +14,10 @@ "description": "cups-root-file-read.sh | CVE-2012-5519", "fork": false, "created_at": "2022-01-07T15:39:47Z", - "updated_at": "2024-06-16T09:44:49Z", + "updated_at": "2024-11-23T23:21:41Z", "pushed_at": "2022-06-30T10:54:51Z", - "stargazers_count": 8, - "watchers_count": 8, + "stargazers_count": 9, + "watchers_count": 9, "has_discussions": true, "forks_count": 1, "allow_forking": true, @@ -34,7 +34,7 @@ ], "visibility": "public", "forks": 1, - "watchers": 8, + "watchers": 9, "score": 0, "subscribers_count": 1 } diff --git a/2017/CVE-2017-11176.json b/2017/CVE-2017-11176.json index f351e01607..be47b1a7d3 100644 --- a/2017/CVE-2017-11176.json +++ b/2017/CVE-2017-11176.json @@ -188,5 +188,36 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 754620368, + "name": "CVE-2017-11176", + "full_name": "Yanoro\/CVE-2017-11176", + "owner": { + "login": "Yanoro", + "id": 50038395, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50038395?v=4", + "html_url": "https:\/\/github.com\/Yanoro", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Yanoro\/CVE-2017-11176", + "description": null, + "fork": false, + "created_at": "2024-02-08T12:49:53Z", + "updated_at": "2024-11-23T22:58:33Z", + "pushed_at": "2024-02-17T12:00:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-13151.json b/2020/CVE-2020-13151.json index 64120fc2ce..01ec703021 100644 --- a/2020/CVE-2020-13151.json +++ b/2020/CVE-2020-13151.json @@ -14,10 +14,10 @@ "description": "POC for CVE-2020-13151", "fork": false, "created_at": "2020-08-01T14:29:59Z", - "updated_at": "2024-10-23T18:55:55Z", + "updated_at": "2024-11-23T20:27:06Z", "pushed_at": "2020-08-03T18:55:37Z", - "stargazers_count": 27, - "watchers_count": 27, + "stargazers_count": 28, + "watchers_count": 28, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -29,7 +29,7 @@ ], "visibility": "public", "forks": 5, - "watchers": 27, + "watchers": 28, "score": 0, "subscribers_count": 1 } diff --git a/2020/CVE-2020-14364.json b/2020/CVE-2020-14364.json index b7d0bd87ce..41177c9d14 100644 --- a/2020/CVE-2020-14364.json +++ b/2020/CVE-2020-14364.json @@ -19,13 +19,13 @@ "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 2, "score": 0, "subscribers_count": 1 diff --git a/2020/CVE-2020-1938.json b/2020/CVE-2020-1938.json index c2bdd65f06..cbb98f7c44 100644 --- a/2020/CVE-2020-1938.json +++ b/2020/CVE-2020-1938.json @@ -1034,6 +1034,6 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2020/CVE-2020-35489.json b/2020/CVE-2020-35489.json index 653528f74d..5db7514e3c 100644 --- a/2020/CVE-2020-35489.json +++ b/2020/CVE-2020-35489.json @@ -169,6 +169,6 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2020/CVE-2020-5902.json b/2020/CVE-2020-5902.json index bf6f859652..0194f69174 100644 --- a/2020/CVE-2020-5902.json +++ b/2020/CVE-2020-5902.json @@ -1130,7 +1130,7 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 1 + "subscribers_count": 0 }, { "id": 278562778, @@ -1192,7 +1192,7 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 1 + "subscribers_count": 0 }, { "id": 278670349, diff --git a/2020/CVE-2020-9484.json b/2020/CVE-2020-9484.json index 4777efff73..f6eca2f7eb 100644 --- a/2020/CVE-2020-9484.json +++ b/2020/CVE-2020-9484.json @@ -492,10 +492,10 @@ "description": "Remake of CVE-2020-9484 by Pentestical", "fork": false, "created_at": "2024-09-16T18:17:52Z", - "updated_at": "2024-11-11T16:10:34Z", + "updated_at": "2024-11-23T23:35:14Z", "pushed_at": "2024-09-16T18:22:36Z", - "stargazers_count": 16, - "watchers_count": 16, + "stargazers_count": 17, + "watchers_count": 17, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -504,7 +504,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 16, + "watchers": 17, "score": 0, "subscribers_count": 1 }, diff --git a/2021/CVE-2021-20038.json b/2021/CVE-2021-20038.json index d75d31d330..d079dadfc9 100644 --- a/2021/CVE-2021-20038.json +++ b/2021/CVE-2021-20038.json @@ -1,39 +1,4 @@ [ - { - "id": 446650428, - "name": "badblood", - "full_name": "jbaines-r7\/badblood", - "owner": { - "login": "jbaines-r7", - "id": 91965877, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/91965877?v=4", - "html_url": "https:\/\/github.com\/jbaines-r7", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/jbaines-r7\/badblood", - "description": "SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)", - "fork": false, - "created_at": "2022-01-11T02:25:25Z", - "updated_at": "2024-11-12T12:44:27Z", - "pushed_at": "2022-01-11T11:22:06Z", - "stargazers_count": 92, - "watchers_count": 92, - "has_discussions": false, - "forks_count": 27, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2021-20038", - "exploit", - "rce" - ], - "visibility": "public", - "forks": 27, - "watchers": 92, - "score": 0, - "subscribers_count": 4 - }, { "id": 522394217, "name": "CVE-2021-20038-SonicWall-RCE", diff --git a/2021/CVE-2021-3560.json b/2021/CVE-2021-3560.json index 935dd15d96..588c80c09b 100644 --- a/2021/CVE-2021-3560.json +++ b/2021/CVE-2021-3560.json @@ -147,10 +147,10 @@ "description": null, "fork": false, "created_at": "2021-06-14T20:08:20Z", - "updated_at": "2024-11-16T19:05:00Z", + "updated_at": "2024-11-23T22:06:46Z", "pushed_at": "2022-11-16T13:14:56Z", - "stargazers_count": 111, - "watchers_count": 111, + "stargazers_count": 112, + "watchers_count": 112, "has_discussions": false, "forks_count": 51, "allow_forking": true, @@ -159,7 +159,7 @@ "topics": [], "visibility": "public", "forks": 51, - "watchers": 111, + "watchers": 112, "score": 0, "subscribers_count": 1 }, diff --git a/2021/CVE-2021-41703.json b/2021/CVE-2021-41703.json new file mode 100644 index 0000000000..19dcb36463 --- /dev/null +++ b/2021/CVE-2021-41703.json @@ -0,0 +1,33 @@ +[ + { + "id": 743697916, + "name": "CVE-2021-41703", + "full_name": "Yanoro\/CVE-2021-41703", + "owner": { + "login": "Yanoro", + "id": 50038395, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50038395?v=4", + "html_url": "https:\/\/github.com\/Yanoro", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Yanoro\/CVE-2021-41703", + "description": null, + "fork": false, + "created_at": "2024-01-15T19:43:48Z", + "updated_at": "2024-11-23T22:59:43Z", + "pushed_at": "2024-01-24T18:18:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-42278.json b/2021/CVE-2021-42278.json index aae49ec530..5edf1d9112 100644 --- a/2021/CVE-2021-42278.json +++ b/2021/CVE-2021-42278.json @@ -14,10 +14,10 @@ "description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ", "fork": false, "created_at": "2021-12-11T15:10:30Z", - "updated_at": "2024-11-21T05:14:16Z", + "updated_at": "2024-11-23T23:28:42Z", "pushed_at": "2022-07-10T22:23:13Z", - "stargazers_count": 985, - "watchers_count": 985, + "stargazers_count": 986, + "watchers_count": 986, "has_discussions": false, "forks_count": 189, "allow_forking": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 189, - "watchers": 985, + "watchers": 986, "score": 0, "subscribers_count": 24 }, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 455c6105d8..4035845d24 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -6188,10 +6188,10 @@ "description": null, "fork": false, "created_at": "2021-12-14T21:32:42Z", - "updated_at": "2024-09-06T23:07:26Z", + "updated_at": "2024-11-23T23:28:52Z", "pushed_at": "2021-12-15T11:23:38Z", - "stargazers_count": 15, - "watchers_count": 15, + "stargazers_count": 16, + "watchers_count": 16, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -6200,7 +6200,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 15, + "watchers": 16, "score": 0, "subscribers_count": 1 }, diff --git a/2022/CVE-2022-1015.json b/2022/CVE-2022-1015.json index d416b90a22..0642ccda8e 100644 --- a/2022/CVE-2022-1015.json +++ b/2022/CVE-2022-1015.json @@ -14,10 +14,10 @@ "description": "Local privilege escalation PoC for Linux kernel CVE-2022-1015", "fork": false, "created_at": "2022-04-02T03:27:11Z", - "updated_at": "2024-11-11T16:30:48Z", + "updated_at": "2024-11-23T19:24:29Z", "pushed_at": "2022-04-03T01:36:45Z", - "stargazers_count": 199, - "watchers_count": 199, + "stargazers_count": 200, + "watchers_count": 200, "has_discussions": false, "forks_count": 32, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 32, - "watchers": 199, + "watchers": 200, "score": 0, "subscribers_count": 7 }, diff --git a/2022/CVE-2022-21882.json b/2022/CVE-2022-21882.json index 5bc20d3e6e..7b4e7f5a95 100644 --- a/2022/CVE-2022-21882.json +++ b/2022/CVE-2022-21882.json @@ -14,10 +14,10 @@ "description": "win32k LPE ", "fork": false, "created_at": "2022-01-27T03:44:10Z", - "updated_at": "2024-11-23T10:36:35Z", + "updated_at": "2024-11-23T23:29:14Z", "pushed_at": "2022-01-27T04:18:18Z", - "stargazers_count": 459, - "watchers_count": 459, + "stargazers_count": 460, + "watchers_count": 460, "has_discussions": false, "forks_count": 134, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 134, - "watchers": 459, + "watchers": 460, "score": 0, "subscribers_count": 14 }, diff --git a/2022/CVE-2022-22963.json b/2022/CVE-2022-22963.json index e89d77c086..d92b8f9df9 100644 --- a/2022/CVE-2022-22963.json +++ b/2022/CVE-2022-22963.json @@ -14,10 +14,10 @@ "description": "spring-cloud \/ spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963", "fork": false, "created_at": "2022-03-26T01:40:04Z", - "updated_at": "2024-10-01T15:21:07Z", + "updated_at": "2024-11-23T23:33:13Z", "pushed_at": "2023-03-05T12:41:19Z", - "stargazers_count": 354, - "watchers_count": 354, + "stargazers_count": 355, + "watchers_count": 355, "has_discussions": false, "forks_count": 82, "allow_forking": true, @@ -36,7 +36,7 @@ ], "visibility": "public", "forks": 82, - "watchers": 354, + "watchers": 355, "score": 0, "subscribers_count": 11 }, diff --git a/2022/CVE-2022-25765.json b/2022/CVE-2022-25765.json index 56a62fa488..6cf987597f 100644 --- a/2022/CVE-2022-25765.json +++ b/2022/CVE-2022-25765.json @@ -179,10 +179,10 @@ "description": "Exploit for CVE-2022–25765 (pdfkit) - Command Injection", "fork": false, "created_at": "2023-02-10T00:50:35Z", - "updated_at": "2024-11-11T01:50:23Z", + "updated_at": "2024-11-23T22:33:04Z", "pushed_at": "2024-05-20T00:34:48Z", - "stargazers_count": 21, - "watchers_count": 21, + "stargazers_count": 22, + "watchers_count": 22, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -205,7 +205,7 @@ ], "visibility": "public", "forks": 3, - "watchers": 21, + "watchers": 22, "score": 0, "subscribers_count": 1 }, diff --git a/2022/CVE-2022-2588.json b/2022/CVE-2022-2588.json index c9ef3317c2..60e684f06a 100644 --- a/2022/CVE-2022-2588.json +++ b/2022/CVE-2022-2588.json @@ -14,10 +14,10 @@ "description": "exploit for CVE-2022-2588", "fork": false, "created_at": "2022-08-11T06:01:24Z", - "updated_at": "2024-10-28T18:14:27Z", + "updated_at": "2024-11-23T23:32:37Z", "pushed_at": "2023-03-04T05:52:28Z", - "stargazers_count": 466, - "watchers_count": 466, + "stargazers_count": 467, + "watchers_count": 467, "has_discussions": false, "forks_count": 68, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 68, - "watchers": 466, + "watchers": 467, "score": 0, "subscribers_count": 49 }, diff --git a/2022/CVE-2022-33679.json b/2022/CVE-2022-33679.json index e4a3c98222..888c21f6c6 100644 --- a/2022/CVE-2022-33679.json +++ b/2022/CVE-2022-33679.json @@ -14,10 +14,10 @@ "description": "One day based on https:\/\/googleprojectzero.blogspot.com\/2022\/10\/rc4-is-still-considered-harmful.html", "fork": false, "created_at": "2022-11-02T18:38:01Z", - "updated_at": "2024-11-15T16:44:19Z", + "updated_at": "2024-11-23T23:33:47Z", "pushed_at": "2024-11-10T17:21:28Z", - "stargazers_count": 394, - "watchers_count": 394, + "stargazers_count": 395, + "watchers_count": 395, "has_discussions": false, "forks_count": 69, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 69, - "watchers": 394, + "watchers": 395, "score": 0, "subscribers_count": 8 }, diff --git a/2022/CVE-2022-45354.json b/2022/CVE-2022-45354.json index f16d56a677..0d456dbc71 100644 --- a/2022/CVE-2022-45354.json +++ b/2022/CVE-2022-45354.json @@ -45,8 +45,8 @@ "description": "CVE-2022-45354 Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API", "fork": false, "created_at": "2024-11-23T09:56:19Z", - "updated_at": "2024-11-23T10:03:17Z", - "pushed_at": "2024-11-23T10:02:04Z", + "updated_at": "2024-11-24T00:04:48Z", + "pushed_at": "2024-11-24T00:04:45Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2023/CVE-2023-50094.json b/2023/CVE-2023-50094.json new file mode 100644 index 0000000000..ee9793e20c --- /dev/null +++ b/2023/CVE-2023-50094.json @@ -0,0 +1,33 @@ +[ + { + "id": 893203261, + "name": "CVE-2023-50094_POC", + "full_name": "Zierax\/CVE-2023-50094_POC", + "owner": { + "login": "Zierax", + "id": 153237520, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153237520?v=4", + "html_url": "https:\/\/github.com\/Zierax", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Zierax\/CVE-2023-50094_POC", + "description": "poc for CVE-2023-50094 (rengine command injection)", + "fork": false, + "created_at": "2024-11-23T20:00:29Z", + "updated_at": "2024-11-23T20:11:04Z", + "pushed_at": "2024-11-23T20:11:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2023/CVE-2023-7028.json b/2023/CVE-2023-7028.json index 0620b45f35..afe3fe0f98 100644 --- a/2023/CVE-2023-7028.json +++ b/2023/CVE-2023-7028.json @@ -380,15 +380,15 @@ { "id": 845342869, "name": "CVE-2023-7028", - "full_name": "fa-rrel\/CVE-2023-7028", + "full_name": "gh-ost00\/CVE-2023-7028", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2023-7028", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2023-7028", "description": "CVE-2023-7028 POC && Exploit", "fork": false, "created_at": "2024-08-21T04:14:55Z", diff --git a/2024/CVE-2024-0195.json b/2024/CVE-2024-0195.json index 217f661b39..d184c970a7 100644 --- a/2024/CVE-2024-0195.json +++ b/2024/CVE-2024-0195.json @@ -40,15 +40,15 @@ { "id": 850225780, "name": "CVE-2024-0195-SpiderFlow", - "full_name": "fa-rrel\/CVE-2024-0195-SpiderFlow", + "full_name": "gh-ost00\/CVE-2024-0195-SpiderFlow", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-0195-SpiderFlow", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-0195-SpiderFlow", "description": "CVE-2024-0195 Improper Control of Generation of Code ('Code Injection')", "fork": false, "created_at": "2024-08-31T07:37:55Z", diff --git a/2024/CVE-2024-1071.json b/2024/CVE-2024-1071.json index 80ec4b8d9c..1c8052d14a 100644 --- a/2024/CVE-2024-1071.json +++ b/2024/CVE-2024-1071.json @@ -126,15 +126,15 @@ { "id": 849694443, "name": "CVE-2024-1071-SQL-Injection", - "full_name": "fa-rrel\/CVE-2024-1071-SQL-Injection", + "full_name": "gh-ost00\/CVE-2024-1071-SQL-Injection", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-1071-SQL-Injection", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-1071-SQL-Injection", "description": "Proof of concept : CVE-2024-1071: WordPress Vulnerability Exploited", "fork": false, "created_at": "2024-08-30T04:23:04Z", diff --git a/2024/CVE-2024-11199.json b/2024/CVE-2024-11199.json new file mode 100644 index 0000000000..1824b44434 --- /dev/null +++ b/2024/CVE-2024-11199.json @@ -0,0 +1,33 @@ +[ + { + "id": 893229030, + "name": "CVE-2024-11199", + "full_name": "windz3r0day\/CVE-2024-11199", + "owner": { + "login": "windz3r0day", + "id": 179751303, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/179751303?v=4", + "html_url": "https:\/\/github.com\/windz3r0day", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/windz3r0day\/CVE-2024-11199", + "description": "CVE-2024-11199 poc exploit", + "fork": false, + "created_at": "2024-11-23T21:43:20Z", + "updated_at": "2024-11-23T21:52:42Z", + "pushed_at": "2024-11-23T21:44:58Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-20356.json b/2024/CVE-2024-20356.json index 4b4750b6f1..b975cf4efe 100644 --- a/2024/CVE-2024-20356.json +++ b/2024/CVE-2024-20356.json @@ -14,10 +14,10 @@ "description": "This is a proof of concept for CVE-2024-20356, a Command Injection vulnerability in Cisco's CIMC.", "fork": false, "created_at": "2024-04-12T15:07:42Z", - "updated_at": "2024-11-23T05:51:45Z", + "updated_at": "2024-11-23T22:52:39Z", "pushed_at": "2024-04-18T14:31:34Z", - "stargazers_count": 49, - "watchers_count": 49, + "stargazers_count": 50, + "watchers_count": 50, "has_discussions": false, "forks_count": 11, "allow_forking": true, @@ -30,7 +30,7 @@ ], "visibility": "public", "forks": 11, - "watchers": 49, + "watchers": 50, "score": 0, "subscribers_count": 7 }, diff --git a/2024/CVE-2024-21413.json b/2024/CVE-2024-21413.json index 35676edcfb..f1304dc444 100644 --- a/2024/CVE-2024-21413.json +++ b/2024/CVE-2024-21413.json @@ -45,10 +45,10 @@ "description": "Microsoft-Outlook-Remote-Code-Execution-Vulnerability", "fork": false, "created_at": "2024-02-16T15:17:59Z", - "updated_at": "2024-11-23T17:18:52Z", + "updated_at": "2024-11-23T21:06:27Z", "pushed_at": "2024-02-19T20:00:35Z", - "stargazers_count": 689, - "watchers_count": 689, + "stargazers_count": 692, + "watchers_count": 692, "has_discussions": false, "forks_count": 152, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 152, - "watchers": 689, + "watchers": 692, "score": 0, "subscribers_count": 10 }, diff --git a/2024/CVE-2024-24809.json b/2024/CVE-2024-24809.json index 1d8f5e2e77..f076fdd620 100644 --- a/2024/CVE-2024-24809.json +++ b/2024/CVE-2024-24809.json @@ -2,15 +2,15 @@ { "id": 851552545, "name": "CVE-2024-24809-Proof-of-concept", - "full_name": "fa-rrel\/CVE-2024-24809-Proof-of-concept", + "full_name": "gh-ost00\/CVE-2024-24809-Proof-of-concept", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-24809-Proof-of-concept", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-24809-Proof-of-concept", "description": "Critical Flaws in Traccar GPS System Expose Users to Remote Attacks", "fork": false, "created_at": "2024-09-03T09:56:13Z", diff --git a/2024/CVE-2024-26218.json b/2024/CVE-2024-26218.json index 32bbcb23f5..7f80a5d101 100644 --- a/2024/CVE-2024-26218.json +++ b/2024/CVE-2024-26218.json @@ -14,10 +14,10 @@ "description": "Proof-of-Concept for CVE-2024-26218", "fork": false, "created_at": "2024-04-26T16:41:04Z", - "updated_at": "2024-11-22T06:02:01Z", + "updated_at": "2024-11-23T23:34:02Z", "pushed_at": "2024-04-26T16:46:15Z", - "stargazers_count": 47, - "watchers_count": 47, + "stargazers_count": 48, + "watchers_count": 48, "has_discussions": false, "forks_count": 16, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 16, - "watchers": 47, + "watchers": 48, "score": 0, "subscribers_count": 3 } diff --git a/2024/CVE-2024-27954.json b/2024/CVE-2024-27954.json index 953e8596c0..7272514c89 100644 --- a/2024/CVE-2024-27954.json +++ b/2024/CVE-2024-27954.json @@ -2,15 +2,15 @@ { "id": 880016834, "name": "CVE-2024-27954", - "full_name": "fa-rrel\/CVE-2024-27954", + "full_name": "gh-ost00\/CVE-2024-27954", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-27954", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-27954", "description": "Automatic Plugin for WordPress < 3.92.1 Multiples Vulnerabilities", "fork": false, "created_at": "2024-10-29T00:46:35Z", diff --git a/2024/CVE-2024-28987.json b/2024/CVE-2024-28987.json index ca84556832..091ddeb427 100644 --- a/2024/CVE-2024-28987.json +++ b/2024/CVE-2024-28987.json @@ -2,15 +2,15 @@ { "id": 852696537, "name": "CVE-2024-28987-POC", - "full_name": "fa-rrel\/CVE-2024-28987-POC", + "full_name": "gh-ost00\/CVE-2024-28987-POC", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-28987-POC", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-28987-POC", "description": "Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)", "fork": false, "created_at": "2024-09-05T09:01:58Z", diff --git a/2024/CVE-2024-4040.json b/2024/CVE-2024-4040.json index 9e9201afe0..6c6bd2105f 100644 --- a/2024/CVE-2024-4040.json +++ b/2024/CVE-2024-4040.json @@ -14,10 +14,10 @@ "description": "Scanner for CVE-2024-4040", "fork": false, "created_at": "2024-04-23T09:31:29Z", - "updated_at": "2024-11-20T16:30:45Z", + "updated_at": "2024-11-23T22:43:47Z", "pushed_at": "2024-05-17T06:48:43Z", - "stargazers_count": 47, - "watchers_count": 47, + "stargazers_count": 48, + "watchers_count": 48, "has_discussions": false, "forks_count": 8, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 8, - "watchers": 47, + "watchers": 48, "score": 0, "subscribers_count": 8 }, diff --git a/2024/CVE-2024-4358.json b/2024/CVE-2024-4358.json index f79701c7a2..6c3901d07e 100644 --- a/2024/CVE-2024-4358.json +++ b/2024/CVE-2024-4358.json @@ -162,15 +162,15 @@ { "id": 846915417, "name": "CVE-2024-4358", - "full_name": "fa-rrel\/CVE-2024-4358", + "full_name": "gh-ost00\/CVE-2024-4358", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-4358", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-4358", "description": "Telerik Report Server deserialization and authentication bypass exploit chain for CVE-2024-4358\/CVE-2024-1800", "fork": false, "created_at": "2024-08-24T10:09:09Z", diff --git a/2024/CVE-2024-4577.json b/2024/CVE-2024-4577.json index 22acf1c530..4c1f67a963 100644 --- a/2024/CVE-2024-4577.json +++ b/2024/CVE-2024-4577.json @@ -169,10 +169,10 @@ "description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC", "fork": false, "created_at": "2024-06-07T09:52:54Z", - "updated_at": "2024-11-22T18:42:57Z", + "updated_at": "2024-11-23T22:12:19Z", "pushed_at": "2024-06-22T15:13:52Z", - "stargazers_count": 234, - "watchers_count": 234, + "stargazers_count": 235, + "watchers_count": 235, "has_discussions": false, "forks_count": 52, "allow_forking": true, @@ -181,7 +181,7 @@ "topics": [], "visibility": "public", "forks": 52, - "watchers": 234, + "watchers": 235, "score": 0, "subscribers_count": 4 }, @@ -1456,15 +1456,15 @@ { "id": 844815719, "name": "CVE-2024-4577-RCE", - "full_name": "fa-rrel\/CVE-2024-4577-RCE", + "full_name": "gh-ost00\/CVE-2024-4577-RCE", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-4577-RCE", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-4577-RCE", "description": "PHP CGI Argument Injection (CVE-2024-4577) RCE", "fork": false, "created_at": "2024-08-20T02:56:03Z", diff --git a/2024/CVE-2024-4879.json b/2024/CVE-2024-4879.json index 42f5beeea8..f6cc1eb655 100644 --- a/2024/CVE-2024-4879.json +++ b/2024/CVE-2024-4879.json @@ -219,15 +219,15 @@ { "id": 848057101, "name": "CVE-2024-4879", - "full_name": "fa-rrel\/CVE-2024-4879", + "full_name": "gh-ost00\/CVE-2024-4879", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-4879", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-4879", "description": "Jelly Template Injection Vulnerability in ServiceNow | POC CVE-2024-4879", "fork": false, "created_at": "2024-08-27T03:43:28Z", diff --git a/2024/CVE-2024-48990.json b/2024/CVE-2024-48990.json index 1e5ff9c575..bd19b79e72 100644 --- a/2024/CVE-2024-48990.json +++ b/2024/CVE-2024-48990.json @@ -14,19 +14,19 @@ "description": "PoC for CVE-2024-48990", "fork": false, "created_at": "2024-11-20T18:41:25Z", - "updated_at": "2024-11-23T17:08:05Z", + "updated_at": "2024-11-23T23:12:29Z", "pushed_at": "2024-11-20T18:49:33Z", - "stargazers_count": 46, - "watchers_count": 46, + "stargazers_count": 50, + "watchers_count": 50, "has_discussions": false, - "forks_count": 6, + "forks_count": 9, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 6, - "watchers": 46, + "forks": 9, + "watchers": 50, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-5420.json b/2024/CVE-2024-5420.json index 4a29afdaae..87ed615f3b 100644 --- a/2024/CVE-2024-5420.json +++ b/2024/CVE-2024-5420.json @@ -2,15 +2,15 @@ { "id": 851185555, "name": "CVE-2024-5420-XSS", - "full_name": "fa-rrel\/CVE-2024-5420-XSS", + "full_name": "gh-ost00\/CVE-2024-5420-XSS", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-5420-XSS", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-5420-XSS", "description": "SEH utnserver Pro\/ProMAX \/ INU-100 20.1.22 - XSS ", "fork": false, "created_at": "2024-09-02T15:29:22Z", diff --git a/2024/CVE-2024-6387.json b/2024/CVE-2024-6387.json index 5e913a8bf4..8d568bc8ea 100644 --- a/2024/CVE-2024-6387.json +++ b/2024/CVE-2024-6387.json @@ -14,10 +14,10 @@ "description": "a signal handler race condition in OpenSSH's server (sshd)", "fork": false, "created_at": "2024-07-01T10:55:29Z", - "updated_at": "2024-11-21T05:21:18Z", + "updated_at": "2024-11-23T21:45:17Z", "pushed_at": "2024-07-01T10:54:02Z", - "stargazers_count": 461, - "watchers_count": 461, + "stargazers_count": 462, + "watchers_count": 462, "has_discussions": false, "forks_count": 182, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 182, - "watchers": 461, + "watchers": 462, "score": 0, "subscribers_count": 5 }, @@ -269,10 +269,10 @@ "description": "CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH", "fork": false, "created_at": "2024-07-01T20:33:20Z", - "updated_at": "2024-11-21T21:47:41Z", + "updated_at": "2024-11-23T21:43:26Z", "pushed_at": "2024-09-24T19:18:56Z", - "stargazers_count": 458, - "watchers_count": 458, + "stargazers_count": 459, + "watchers_count": 459, "has_discussions": false, "forks_count": 88, "allow_forking": true, @@ -287,7 +287,7 @@ ], "visibility": "public", "forks": 88, - "watchers": 458, + "watchers": 459, "score": 0, "subscribers_count": 7 }, @@ -684,10 +684,10 @@ "description": "This Python script exploits a remote code execution vulnerability (CVE-2024-6387) in OpenSSH.", "fork": false, "created_at": "2024-07-02T06:53:35Z", - "updated_at": "2024-11-21T13:13:49Z", + "updated_at": "2024-11-23T21:35:05Z", "pushed_at": "2024-07-04T20:04:30Z", - "stargazers_count": 31, - "watchers_count": 31, + "stargazers_count": 32, + "watchers_count": 32, "has_discussions": false, "forks_count": 11, "allow_forking": true, @@ -696,7 +696,7 @@ "topics": [], "visibility": "public", "forks": 11, - "watchers": 31, + "watchers": 32, "score": 0, "subscribers_count": 1 }, @@ -1386,10 +1386,10 @@ "description": "PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit) ", "fork": false, "created_at": "2024-07-02T18:32:46Z", - "updated_at": "2024-11-03T06:33:12Z", + "updated_at": "2024-11-23T21:43:00Z", "pushed_at": "2024-07-05T15:19:28Z", - "stargazers_count": 64, - "watchers_count": 64, + "stargazers_count": 65, + "watchers_count": 65, "has_discussions": false, "forks_count": 26, "allow_forking": true, @@ -1407,7 +1407,7 @@ ], "visibility": "public", "forks": 26, - "watchers": 64, + "watchers": 65, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-7120.json b/2024/CVE-2024-7120.json index 1c44828d34..73b4f493eb 100644 --- a/2024/CVE-2024-7120.json +++ b/2024/CVE-2024-7120.json @@ -2,15 +2,15 @@ { "id": 849964284, "name": "CVE-2024-7120", - "full_name": "fa-rrel\/CVE-2024-7120", + "full_name": "gh-ost00\/CVE-2024-7120", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-7120", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-7120", "description": "⚠️⚠️ CVE-2024-7120 Command Injection Vulnerability in RAISECOM Gateway Devices", "fork": false, "created_at": "2024-08-30T15:50:50Z", diff --git a/2024/CVE-2024-7928.json b/2024/CVE-2024-7928.json index ed03de989d..c09f528c64 100644 --- a/2024/CVE-2024-7928.json +++ b/2024/CVE-2024-7928.json @@ -33,15 +33,15 @@ { "id": 845013815, "name": "CVE-2024-7928", - "full_name": "fa-rrel\/CVE-2024-7928", + "full_name": "gh-ost00\/CVE-2024-7928", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-7928", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-7928", "description": "CVE-2024-7928 fastadmin vulnerability POC & Scanning", "fork": false, "created_at": "2024-08-20T12:15:48Z", diff --git a/2024/CVE-2024-7954.json b/2024/CVE-2024-7954.json index bb0639d934..947d26d5e8 100644 --- a/2024/CVE-2024-7954.json +++ b/2024/CVE-2024-7954.json @@ -64,15 +64,15 @@ { "id": 850636095, "name": "CVE-2024-7954-RCE", - "full_name": "fa-rrel\/CVE-2024-7954-RCE", + "full_name": "gh-ost00\/CVE-2024-7954-RCE", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-7954-RCE", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-7954-RCE", "description": "Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12 ", "fork": false, "created_at": "2024-09-01T10:59:45Z", diff --git a/2024/CVE-2024-8949.json b/2024/CVE-2024-8949.json index 479ae63098..1df0e8f6f4 100644 --- a/2024/CVE-2024-8949.json +++ b/2024/CVE-2024-8949.json @@ -2,15 +2,15 @@ { "id": 864585046, "name": "CVE-2024-8949-POC", - "full_name": "fa-rrel\/CVE-2024-8949-POC", + "full_name": "gh-ost00\/CVE-2024-8949-POC", "owner": { - "login": "fa-rrel", + "login": "gh-ost00", "id": 153366162, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/153366162?v=4", - "html_url": "https:\/\/github.com\/fa-rrel", + "html_url": "https:\/\/github.com\/gh-ost00", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/fa-rrel\/CVE-2024-8949-POC", + "html_url": "https:\/\/github.com\/gh-ost00\/CVE-2024-8949-POC", "description": "SourceCodester Online Eyewear Shop Remote File Inclusion Vulnerability", "fork": false, "created_at": "2024-09-28T15:58:54Z", diff --git a/README.md b/README.md index f9b77e487c..fb0b91b3d2 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ - [Cappricio-Securities/CVE-2024-0195](https://github.com/Cappricio-Securities/CVE-2024-0195) -- [fa-rrel/CVE-2024-0195-SpiderFlow](https://github.com/fa-rrel/CVE-2024-0195-SpiderFlow) +- [gh-ost00/CVE-2024-0195-SpiderFlow](https://github.com/gh-ost00/CVE-2024-0195-SpiderFlow) - [MuhammadWaseem29/CVE-2024-0195-SpiderFlow](https://github.com/MuhammadWaseem29/CVE-2024-0195-SpiderFlow) - [hack-with-rohit/CVE-2024-0195-SpiderFlow](https://github.com/hack-with-rohit/CVE-2024-0195-SpiderFlow) @@ -292,7 +292,7 @@ - [Trackflaw/CVE-2024-1071-Docker](https://github.com/Trackflaw/CVE-2024-1071-Docker) - [Matrexdz/CVE-2024-1071](https://github.com/Matrexdz/CVE-2024-1071) - [Matrexdz/CVE-2024-1071-Docker](https://github.com/Matrexdz/CVE-2024-1071-Docker) -- [fa-rrel/CVE-2024-1071-SQL-Injection](https://github.com/fa-rrel/CVE-2024-1071-SQL-Injection) +- [gh-ost00/CVE-2024-1071-SQL-Injection](https://github.com/gh-ost00/CVE-2024-1071-SQL-Injection) - [Dogu589/WordPress-Exploit-CVE-2024-1071](https://github.com/Dogu589/WordPress-Exploit-CVE-2024-1071) - [Spid3heX/CVE-2024-1071-PoC-Script](https://github.com/Spid3heX/CVE-2024-1071-PoC-Script) @@ -924,7 +924,7 @@ - [Harydhk7/CVE-2024-4358](https://github.com/Harydhk7/CVE-2024-4358) - [Sk1dr0wz/CVE-2024-4358_Mass_Exploit](https://github.com/Sk1dr0wz/CVE-2024-4358_Mass_Exploit) - [verylazytech/CVE-2024-4358](https://github.com/verylazytech/CVE-2024-4358) -- [fa-rrel/CVE-2024-4358](https://github.com/fa-rrel/CVE-2024-4358) +- [gh-ost00/CVE-2024-4358](https://github.com/gh-ost00/CVE-2024-4358) ### CVE-2024-4367 (2024-05-14) @@ -1018,7 +1018,7 @@ - [a-roshbaik/CVE-2024-4577-PHP-RCE](https://github.com/a-roshbaik/CVE-2024-4577-PHP-RCE) - [Jcccccx/CVE-2024-4577](https://github.com/Jcccccx/CVE-2024-4577) - [bughuntar/CVE-2024-4577](https://github.com/bughuntar/CVE-2024-4577) -- [fa-rrel/CVE-2024-4577-RCE](https://github.com/fa-rrel/CVE-2024-4577-RCE) +- [gh-ost00/CVE-2024-4577-RCE](https://github.com/gh-ost00/CVE-2024-4577-RCE) - [ywChen-NTUST/PHP-CGI-RCE-Scanner](https://github.com/ywChen-NTUST/PHP-CGI-RCE-Scanner) - [AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-](https://github.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-) - [phirojshah/CVE-2024-4577](https://github.com/phirojshah/CVE-2024-4577) @@ -1060,7 +1060,7 @@ - [Praison001/CVE-2024-4879-ServiceNow](https://github.com/Praison001/CVE-2024-4879-ServiceNow) - [NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning](https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning) - [jdusane/CVE-2024-4879](https://github.com/jdusane/CVE-2024-4879) -- [fa-rrel/CVE-2024-4879](https://github.com/fa-rrel/CVE-2024-4879) +- [gh-ost00/CVE-2024-4879](https://github.com/gh-ost00/CVE-2024-4879) - [0xWhoami35/CVE-2024-4879](https://github.com/0xWhoami35/CVE-2024-4879) ### CVE-2024-4883 (2024-06-25) @@ -1175,7 +1175,7 @@ Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. -- [fa-rrel/CVE-2024-5420-XSS](https://github.com/fa-rrel/CVE-2024-5420-XSS) +- [gh-ost00/CVE-2024-5420-XSS](https://github.com/gh-ost00/CVE-2024-5420-XSS) - [K4yd0/CVE-2024-5420_XSS](https://github.com/K4yd0/CVE-2024-5420_XSS) ### CVE-2024-5452 (2024-06-06) @@ -1512,7 +1512,7 @@ Es wurde eine kritische Schwachstelle in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei list_base_config.php der Komponente Web Interface. Durch die Manipulation des Arguments template mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. -- [fa-rrel/CVE-2024-7120](https://github.com/fa-rrel/CVE-2024-7120) +- [gh-ost00/CVE-2024-7120](https://github.com/gh-ost00/CVE-2024-7120) ### CVE-2024-7124 (2024-11-14) @@ -1614,7 +1614,7 @@ - [bigb0x/CVE-2024-7928](https://github.com/bigb0x/CVE-2024-7928) -- [fa-rrel/CVE-2024-7928](https://github.com/fa-rrel/CVE-2024-7928) +- [gh-ost00/CVE-2024-7928](https://github.com/gh-ost00/CVE-2024-7928) - [wh6amiGit/CVE-2024-7928](https://github.com/wh6amiGit/CVE-2024-7928) - [th3gokul/CVE-2024-7928](https://github.com/th3gokul/CVE-2024-7928) @@ -1625,7 +1625,7 @@ - [Chocapikk/CVE-2024-7954](https://github.com/Chocapikk/CVE-2024-7954) - [bigb0x/CVE-2024-7954](https://github.com/bigb0x/CVE-2024-7954) -- [fa-rrel/CVE-2024-7954-RCE](https://github.com/fa-rrel/CVE-2024-7954-RCE) +- [gh-ost00/CVE-2024-7954-RCE](https://github.com/gh-ost00/CVE-2024-7954-RCE) - [TheCyberguy-17/RCE_CVE-2024-7954](https://github.com/TheCyberguy-17/RCE_CVE-2024-7954) - [MuhammadWaseem29/RCE-CVE-2024-7954](https://github.com/MuhammadWaseem29/RCE-CVE-2024-7954) - [issamiso/CVE-2024-7954](https://github.com/issamiso/CVE-2024-7954) @@ -1751,7 +1751,7 @@ Es wurde eine Schwachstelle in SourceCodester Online Eyewear Shop 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /classes/Master.php der Komponente Cart Content Handler. Mittels Manipulieren des Arguments cart_id/id mit unbekannten Daten kann eine improper ownership management-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. -- [fa-rrel/CVE-2024-8949-POC](https://github.com/fa-rrel/CVE-2024-8949-POC) +- [gh-ost00/CVE-2024-8949-POC](https://github.com/gh-ost00/CVE-2024-8949-POC) ### CVE-2024-8963 (2024-09-19) @@ -2111,6 +2111,13 @@ - [reinh3rz/CVE-2024-10958-WPPA-Exploit](https://github.com/reinh3rz/CVE-2024-10958-WPPA-Exploit) +### CVE-2024-11199 (2024-11-23) + +The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + + +- [windz3r0day/CVE-2024-11199](https://github.com/windz3r0day/CVE-2024-11199) + ### CVE-2024-11201 - [NSQAQ/CVE-2024-11201](https://github.com/NSQAQ/CVE-2024-11201) @@ -3248,7 +3255,7 @@ Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue. -- [fa-rrel/CVE-2024-24809-Proof-of-concept](https://github.com/fa-rrel/CVE-2024-24809-Proof-of-concept) +- [gh-ost00/CVE-2024-24809-Proof-of-concept](https://github.com/gh-ost00/CVE-2024-24809-Proof-of-concept) ### CVE-2024-24816 (2024-02-07) @@ -3827,7 +3834,7 @@ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. -- [fa-rrel/CVE-2024-27954](https://github.com/fa-rrel/CVE-2024-27954) +- [gh-ost00/CVE-2024-27954](https://github.com/gh-ost00/CVE-2024-27954) - [Quantum-Hacker/CVE-2024-27954](https://github.com/Quantum-Hacker/CVE-2024-27954) ### CVE-2024-27956 (2024-03-21) @@ -3969,7 +3976,7 @@ The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data. -- [fa-rrel/CVE-2024-28987-POC](https://github.com/fa-rrel/CVE-2024-28987-POC) +- [gh-ost00/CVE-2024-28987-POC](https://github.com/gh-ost00/CVE-2024-28987-POC) - [horizon3ai/CVE-2024-28987](https://github.com/horizon3ai/CVE-2024-28987) - [PlayerFridei/CVE-2024-28987](https://github.com/PlayerFridei/CVE-2024-28987) - [expl0itsecurity/CVE-2024-28987](https://github.com/expl0itsecurity/CVE-2024-28987) @@ -7836,62 +7843,30 @@ ### CVE-2023-4128 - [Trinadh465/linux-4.1.15_CVE-2023-4128](https://github.com/Trinadh465/linux-4.1.15_CVE-2023-4128) -### CVE-2023-4145 (2023-08-03) - -Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. - - +### CVE-2023-4145 - [miguelc49/CVE-2023-4145-2](https://github.com/miguelc49/CVE-2023-4145-2) - [miguelc49/CVE-2023-4145-1](https://github.com/miguelc49/CVE-2023-4145-1) - [miguelc49/CVE-2023-4145-3](https://github.com/miguelc49/CVE-2023-4145-3) -### CVE-2023-4165 (2023-08-05) - -Es wurde eine kritische Schwachstelle in Tongda OA gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei general/system/seal_manage/iweboffice/delete_seal.php. Dank der Manipulation des Arguments DELETE_STR mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 11.10 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. - - +### CVE-2023-4165 - [mvpyyds/CVE-2023-4165](https://github.com/mvpyyds/CVE-2023-4165) -### CVE-2023-4166 (2023-08-05) - -In Tongda OA wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei general/system/seal_manage/dianju/delete_log.php. Dank Manipulation des Arguments DELETE_STR mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 11.10 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. - - +### CVE-2023-4166 - [mvpyyds/CVE-2023-4166](https://github.com/mvpyyds/CVE-2023-4166) -### CVE-2023-4169 (2023-08-05) - -In Ruijie RG-EW1200G 1.0(1)B1P5 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /api/sys/set_passwd der Komponente Administrator Password Handler. Durch Manipulation mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-4169 - [thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415](https://github.com/thedarknessdied/CVE-2023-4169_CVE-2023-3306_CVE-2023-4415) -### CVE-2023-4174 (2023-08-06) - -In mooSocial mooStore 3.1.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode. Mittels Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. - - +### CVE-2023-4174 - [d0rb/CVE-2023-4174](https://github.com/d0rb/CVE-2023-4174) -### CVE-2023-4197 (2023-11-01) - -Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. - - +### CVE-2023-4197 - [alien-keric/CVE-2023-4197](https://github.com/alien-keric/CVE-2023-4197) -### CVE-2023-4206 (2023-09-06) - -A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.\n\nWhen route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\n\nWe recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.\n\n - - +### CVE-2023-4206 - [hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208](https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208) -### CVE-2023-4220 (2023-11-28) - -Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. - - +### CVE-2023-4220 - [m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc](https://github.com/m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc) - [dollarboysushil/Chamilo-LMS-Unauthenticated-File-Upload-CVE-2023-4220](https://github.com/dollarboysushil/Chamilo-LMS-Unauthenticated-File-Upload-CVE-2023-4220) - [charlesgargasson/CVE-2023-4220](https://github.com/charlesgargasson/CVE-2023-4220) @@ -7913,53 +7888,25 @@ - [oxapavan/CVE-2023-4220-HTB-PermX](https://github.com/oxapavan/CVE-2023-4220-HTB-PermX) - [numaan911098/CVE-2023-4220](https://github.com/numaan911098/CVE-2023-4220) -### CVE-2023-4226 (2023-11-28) - -Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. - - +### CVE-2023-4226 - [krishnan-tech/CVE-2023-4226-POC](https://github.com/krishnan-tech/CVE-2023-4226-POC) -### CVE-2023-4278 (2023-09-11) - -The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. - - +### CVE-2023-4278 - [revan-ar/CVE-2023-4278](https://github.com/revan-ar/CVE-2023-4278) -### CVE-2023-4279 (2023-09-04) - -This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. - - +### CVE-2023-4279 - [b0marek/CVE-2023-4279](https://github.com/b0marek/CVE-2023-4279) -### CVE-2023-4281 (2023-09-25) - -This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. - - +### CVE-2023-4281 - [b0marek/CVE-2023-4281](https://github.com/b0marek/CVE-2023-4281) -### CVE-2023-4294 (2023-09-11) - -The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. - - +### CVE-2023-4294 - [b0marek/CVE-2023-4294](https://github.com/b0marek/CVE-2023-4294) -### CVE-2023-4300 (2023-09-25) - -The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. - - +### CVE-2023-4300 - [bde574786/CVE-2023-4300](https://github.com/bde574786/CVE-2023-4300) -### CVE-2023-4357 (2023-08-15) - -Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) - - +### CVE-2023-4357 - [xcanwin/CVE-2023-4357-Chrome-XXE](https://github.com/xcanwin/CVE-2023-4357-Chrome-XXE) - [OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation](https://github.com/OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation) - [passwa11/CVE-2023-4357-APT-Style-exploitation](https://github.com/passwa11/CVE-2023-4357-APT-Style-exploitation) @@ -7968,161 +7915,73 @@ - [lon5948/CVE-2023-4357-Exploitation](https://github.com/lon5948/CVE-2023-4357-Exploitation) - [CamillaFranceschini/CVE-2023-4357](https://github.com/CamillaFranceschini/CVE-2023-4357) -### CVE-2023-4427 (2023-08-22) - -Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) - - +### CVE-2023-4427 - [tianstcht/CVE-2023-4427](https://github.com/tianstcht/CVE-2023-4427) -### CVE-2023-4450 (2023-08-21) - -In jeecgboot JimuReport bis 1.6.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Komponente Template Handler. Durch Manipulation mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.6.1 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. - - +### CVE-2023-4450 - [ilikeoyt/CVE-2023-4450-Attack](https://github.com/ilikeoyt/CVE-2023-4450-Attack) -### CVE-2023-4460 (2023-12-04) - -The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. - - +### CVE-2023-4460 - [0xn4d/poc-cve-xss-uploading-svg](https://github.com/0xn4d/poc-cve-xss-uploading-svg) -### CVE-2023-4542 (2023-08-25) - -Es wurde eine Schwachstelle in D-Link DAR-8000-10 bis 20230809 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /app/sys1.php. Durch das Manipulieren des Arguments cmd mit der Eingabe id mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-4542 - [PumpkinBridge/CVE-2023-4542](https://github.com/PumpkinBridge/CVE-2023-4542) -### CVE-2023-4549 (2023-09-25) - -The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form. - - +### CVE-2023-4549 - [b0marek/CVE-2023-4549](https://github.com/b0marek/CVE-2023-4549) -### CVE-2023-4568 (2023-09-13) - -PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. - - +### CVE-2023-4568 - [Cappricio-Securities/CVE-2023-4568](https://github.com/Cappricio-Securities/CVE-2023-4568) -### CVE-2023-4590 (2023-11-27) - -Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers. - - +### CVE-2023-4590 - [dgndrn/CVE-2023-4590](https://github.com/dgndrn/CVE-2023-4590) -### CVE-2023-4596 (2023-08-30) - -The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. - - +### CVE-2023-4596 - [E1A/CVE-2023-4596](https://github.com/E1A/CVE-2023-4596) - [X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version](https://github.com/X-Projetion/CVE-2023-4596-Vulnerable-Exploit-and-Checker-Version) - [X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker](https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker) -### CVE-2023-4622 (2023-09-06) - -A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\n\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\n\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.\n\n - - +### CVE-2023-4622 - [0range1337/CVE-CVE-2023-4622](https://github.com/0range1337/CVE-CVE-2023-4622) -### CVE-2023-4631 (2023-09-25) - -The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. - - +### CVE-2023-4631 - [b0marek/CVE-2023-4631](https://github.com/b0marek/CVE-2023-4631) -### CVE-2023-4634 (2023-09-06) - -The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible. - - +### CVE-2023-4634 - [Patrowl/CVE-2023-4634](https://github.com/Patrowl/CVE-2023-4634) -### CVE-2023-4636 (2023-09-05) - -The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. - - +### CVE-2023-4636 - [ThatNotEasy/CVE-2023-4636](https://github.com/ThatNotEasy/CVE-2023-4636) -### CVE-2023-4683 (2023-08-31) - -NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. - - +### CVE-2023-4683 - [Songg45/CVE-2023-4683-Test](https://github.com/Songg45/CVE-2023-4683-Test) -### CVE-2023-4696 (2023-09-01) - -Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. - - +### CVE-2023-4696 - [mnqazi/CVE-2023-4696](https://github.com/mnqazi/CVE-2023-4696) -### CVE-2023-4698 (2023-09-01) - -Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. - - +### CVE-2023-4698 - [mnqazi/CVE-2023-4698](https://github.com/mnqazi/CVE-2023-4698) -### CVE-2023-4699 (2023-11-06) - -Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC-F Series CPU modules, MELSEC iQ-F Series, MELSEC iQ-R series CPU modules, MELSEC iQ-R series, MELSEC iQ-L series, MELSEC Q series, MELSEC-L series, Mitsubishi Electric CNC M800V/M80V series, Mitsubishi Electric CNC M800/M80/E80 series and Mitsubishi Electric CNC M700V/M70V/E70 series allows a remote unauthenticated attacker to execute arbitrary commands by sending specific packets to the affected products. This could lead to disclose or tamper with information by reading or writing control programs, or cause a denial-of-service (DoS) condition on the products by resetting the memory contents of the products to factory settings or resetting the products remotely. - - +### CVE-2023-4699 - [Scottzxor/Citrix-Bleed-Buffer-Overread-Demo](https://github.com/Scottzxor/Citrix-Bleed-Buffer-Overread-Demo) -### CVE-2023-4741 (2023-09-03) - -In IBOS OA 4.5.5 wurde eine kritische Schwachstelle gefunden. Es geht um eine nicht näher bekannte Funktion der Datei ?r=diary/default/del der Komponente Delete Logs Handler. Durch das Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-4741 - [wudidike/CVE-2023-4741](https://github.com/wudidike/CVE-2023-4741) -### CVE-2023-4762 (2023-09-05) - -Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) - - +### CVE-2023-4762 - [buptsb/CVE-2023-4762](https://github.com/buptsb/CVE-2023-4762) - [sherlocksecurity/CVE-2023-4762-Code-Review](https://github.com/sherlocksecurity/CVE-2023-4762-Code-Review) -### CVE-2023-4771 (2023-11-16) - -A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information. - - +### CVE-2023-4771 - [sahar042/CVE-2023-4771](https://github.com/sahar042/CVE-2023-4771) -### CVE-2023-4800 (2023-10-16) - -The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users. - - +### CVE-2023-4800 - [b0marek/CVE-2023-4800](https://github.com/b0marek/CVE-2023-4800) -### CVE-2023-4813 (2023-09-12) - -A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. - - +### CVE-2023-4813 - [tnishiox/cve-2023-4813](https://github.com/tnishiox/cve-2023-4813) -### CVE-2023-4863 (2023-09-12) - -Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) - - +### CVE-2023-4863 - [mistymntncop/CVE-2023-4863](https://github.com/mistymntncop/CVE-2023-4863) - [bbaranoff/CVE-2023-4863](https://github.com/bbaranoff/CVE-2023-4863) - [talbeerysec/BAD-WEBP-CVE-2023-4863](https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863) @@ -8135,11 +7994,7 @@ - [CrackerCat/CVE-2023-4863-](https://github.com/CrackerCat/CVE-2023-4863-) - [sarsaeroth/CVE-2023-4863-POC](https://github.com/sarsaeroth/CVE-2023-4863-POC) -### CVE-2023-4911 (2023-10-03) - -A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. - - +### CVE-2023-4911 - [Green-Avocado/CVE-2023-4911](https://github.com/Green-Avocado/CVE-2023-4911) - [leesh3288/CVE-2023-4911](https://github.com/leesh3288/CVE-2023-4911) - [RickdeJager/CVE-2023-4911](https://github.com/RickdeJager/CVE-2023-4911) @@ -8157,11 +8012,7 @@ - [yanfernandess/Looney-Tunables-CVE-2023-4911](https://github.com/yanfernandess/Looney-Tunables-CVE-2023-4911) - [NishanthAnand21/CVE-2023-4911-PoC](https://github.com/NishanthAnand21/CVE-2023-4911-PoC) -### CVE-2023-4966 (2023-10-10) - -Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. \n\n\n\n - - +### CVE-2023-4966 - [Chocapikk/CVE-2023-4966](https://github.com/Chocapikk/CVE-2023-4966) - [dinosn/citrix_cve-2023-4966](https://github.com/dinosn/citrix_cve-2023-4966) - [senpaisamp/Netscaler-CVE-2023-4966-POC](https://github.com/senpaisamp/Netscaler-CVE-2023-4966-POC) @@ -8176,85 +8027,41 @@ - [morganwdavis/overread](https://github.com/morganwdavis/overread) - [LucasOneZ/CVE-2023-4966](https://github.com/LucasOneZ/CVE-2023-4966) -### CVE-2023-5024 (2023-09-17) - -Es wurde eine Schwachstelle in Planno 23.04.04 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente Comment Handler. Durch Beeinflussen mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-5024 - [PH03N1XSP/CVE-2023-5024](https://github.com/PH03N1XSP/CVE-2023-5024) -### CVE-2023-5043 (2023-10-25) - -Ingress nginx annotation injection causes arbitrary command execution.\n - - +### CVE-2023-5043 - [r0binak/CVE-2023-5043](https://github.com/r0binak/CVE-2023-5043) -### CVE-2023-5044 (2023-10-25) - -Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.\n - - +### CVE-2023-5044 - [r0binak/CVE-2023-5044](https://github.com/r0binak/CVE-2023-5044) - [4ARMED/cve-2023-5044](https://github.com/4ARMED/cve-2023-5044) - [KubernetesBachelor/CVE-2023-5044](https://github.com/KubernetesBachelor/CVE-2023-5044) -### CVE-2023-5070 (2023-10-20) - -The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords. - - +### CVE-2023-5070 - [RandomRobbieBF/CVE-2023-5070](https://github.com/RandomRobbieBF/CVE-2023-5070) -### CVE-2023-5089 (2023-10-16) - -The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. - - +### CVE-2023-5089 - [Cappricio-Securities/CVE-2023-5089](https://github.com/Cappricio-Securities/CVE-2023-5089) -### CVE-2023-5142 (2023-09-24) - -In H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 bis 20230908 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /userLogin.asp der Komponente Config File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-5142 - [kuangxiaotu/CVE-H3C-Report](https://github.com/kuangxiaotu/CVE-H3C-Report) -### CVE-2023-5178 (2023-11-01) - -A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. - - +### CVE-2023-5178 - [rockrid3r/CVE-2023-5178](https://github.com/rockrid3r/CVE-2023-5178) -### CVE-2023-5204 (2023-10-19) - -The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - - +### CVE-2023-5204 - [RandomRobbieBF/CVE-2023-5204](https://github.com/RandomRobbieBF/CVE-2023-5204) -### CVE-2023-5217 (2023-09-28) - -Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - +### CVE-2023-5217 - [UT-Security/cve-2023-5217-poc](https://github.com/UT-Security/cve-2023-5217-poc) - [Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217](https://github.com/Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217) - [Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217](https://github.com/Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217) -### CVE-2023-5324 (2023-10-01) - -In eeroOS bis 6.16.4-11 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente Ethernet Interface. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-5324 - [nomis/eero-zero-length-ipv6-options-header-dos](https://github.com/nomis/eero-zero-length-ipv6-options-header-dos) -### CVE-2023-5360 (2023-10-31) - -The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. - - +### CVE-2023-5360 - [sagsooz/CVE-2023-5360](https://github.com/sagsooz/CVE-2023-5360) - [phankz/Worpress-CVE-2023-5360](https://github.com/phankz/Worpress-CVE-2023-5360) - [nastar-id/CVE-2023-5360](https://github.com/nastar-id/CVE-2023-5360) @@ -8264,226 +8071,106 @@ - [Pushkarup/CVE-2023-5360](https://github.com/Pushkarup/CVE-2023-5360) - [angkerithhack001/CVE-2023-5360-PoC](https://github.com/angkerithhack001/CVE-2023-5360-PoC) -### CVE-2023-5412 (2023-10-31) - -The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - - +### CVE-2023-5412 - [RandomRobbieBF/CVE-2023-5412](https://github.com/RandomRobbieBF/CVE-2023-5412) -### CVE-2023-5521 (2023-10-11) - -Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. - - +### CVE-2023-5521 - [Ylarod/CVE-2023-5521](https://github.com/Ylarod/CVE-2023-5521) -### CVE-2023-5538 (2023-10-18) - -The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - - +### CVE-2023-5538 - [juweihuitao/MpOperationLogs](https://github.com/juweihuitao/MpOperationLogs) -### CVE-2023-5539 (2023-11-09) - -A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. - - +### CVE-2023-5539 - [cli-ish/CVE-2023-5539](https://github.com/cli-ish/CVE-2023-5539) -### CVE-2023-5540 (2023-11-09) - -A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. - - +### CVE-2023-5540 - [cli-ish/CVE-2023-5540](https://github.com/cli-ish/CVE-2023-5540) -### CVE-2023-5546 (2023-11-09) - -ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. - - +### CVE-2023-5546 - [obelia01/CVE-2023-5546](https://github.com/obelia01/CVE-2023-5546) -### CVE-2023-5561 (2023-10-16) - -WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack - - +### CVE-2023-5561 - [pog007/CVE-2023-5561-PoC](https://github.com/pog007/CVE-2023-5561-PoC) -### CVE-2023-5717 (2023-10-25) - -A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\n\n - - +### CVE-2023-5717 - [uthrasri/CVE-2023-5717](https://github.com/uthrasri/CVE-2023-5717) -### CVE-2023-5720 (2023-11-15) - -A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application. - - +### CVE-2023-5720 - [miguelc49/CVE-2023-5720-2](https://github.com/miguelc49/CVE-2023-5720-2) - [miguelc49/CVE-2023-5720-1](https://github.com/miguelc49/CVE-2023-5720-1) - [miguelc49/CVE-2023-5720-3](https://github.com/miguelc49/CVE-2023-5720-3) -### CVE-2023-5808 (2023-12-04) - -SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. - - +### CVE-2023-5808 - [Arszilla/CVE-2023-5808](https://github.com/Arszilla/CVE-2023-5808) -### CVE-2023-5961 (2023-12-23) - -A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.\n\n - - +### CVE-2023-5961 - [HadessCS/CVE-2023-5961](https://github.com/HadessCS/CVE-2023-5961) -### CVE-2023-5965 (2023-11-30) - -An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution. - - +### CVE-2023-5965 - [pedrojosenavasperez/cve-2023-5965](https://github.com/pedrojosenavasperez/cve-2023-5965) -### CVE-2023-5966 (2023-11-30) - -An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. - - +### CVE-2023-5966 - [pedrojosenavasperez/cve-2023-5966](https://github.com/pedrojosenavasperez/cve-2023-5966) -### CVE-2023-6019 (2023-11-16) - -A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 - - +### CVE-2023-6019 - [FireWolfWang/CVE-2023-6019](https://github.com/FireWolfWang/CVE-2023-6019) - [miguelc49/CVE-2023-6019-2](https://github.com/miguelc49/CVE-2023-6019-2) - [miguelc49/CVE-2023-6019-1](https://github.com/miguelc49/CVE-2023-6019-1) - [miguelc49/CVE-2023-6019-3](https://github.com/miguelc49/CVE-2023-6019-3) - [Clydeston/CVE-2023-6019](https://github.com/Clydeston/CVE-2023-6019) -### CVE-2023-6036 (2024-02-12) - -The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. - - +### CVE-2023-6036 - [pctripsesp/CVE-2023-6036](https://github.com/pctripsesp/CVE-2023-6036) -### CVE-2023-6063 (2023-12-04) - -The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. - - +### CVE-2023-6063 - [motikan2010/CVE-2023-6063-PoC](https://github.com/motikan2010/CVE-2023-6063-PoC) - [hackersroot/CVE-2023-6063-PoC](https://github.com/hackersroot/CVE-2023-6063-PoC) - [thesafdari/CVE-2023-6063](https://github.com/thesafdari/CVE-2023-6063) -### CVE-2023-6241 (2024-03-04) - -Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r11p0 through r25p0; Valhall GPU Kernel Driver: from r19p0 through r25p0, from r29p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.\n\n - - +### CVE-2023-6241 - [s1204IT/CVE-2023-6241](https://github.com/s1204IT/CVE-2023-6241) -### CVE-2023-6246 (2024-01-31) - -A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. - - +### CVE-2023-6246 - [elpe-pinillo/CVE-2023-6246](https://github.com/elpe-pinillo/CVE-2023-6246) -### CVE-2023-6275 (2023-11-24) - -Eine problematische Schwachstelle wurde in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /mobileredir/openApp.jsp der Komponente mobileredir. Dank Manipulation des Arguments redirectUrl/user mit der Eingabe "><script>alert(document.domain)</script> mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.7.1-231128, 1.8.0-231127 and 1.8.1-231127 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. - - +### CVE-2023-6275 - [erickfernandox/CVE-2023-6275](https://github.com/erickfernandox/CVE-2023-6275) -### CVE-2023-6289 (2023-12-18) - -The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. - - +### CVE-2023-6289 - [RandomRobbieBF/CVE-2023-6289](https://github.com/RandomRobbieBF/CVE-2023-6289) -### CVE-2023-6319 (2024-04-09) - -A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.\n\n * webOS 4.9.7 - 5.30.40 running on LG43UM7000PLA \n\n * webOS 5.5.0 - 04.50.51 running on OLED55CXPUA \n\n * webOS 6.3.3-442 (kisscurl-kinglake) - 03.36.50 running on OLED48C1PUB \n\n * webOS 7.3.1-43 (mullet-mebin) - 03.33.85 running on OLED55A23LA\n\n - - +### CVE-2023-6319 - [illixion/root-my-webos-tv](https://github.com/illixion/root-my-webos-tv) -### CVE-2023-6350 (2023-11-29) - -Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) - - +### CVE-2023-6350 - [dywsy21/CVE-2023-6350_Reproduction](https://github.com/dywsy21/CVE-2023-6350_Reproduction) -### CVE-2023-6421 (2024-01-01) - -The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one. - - +### CVE-2023-6421 - [RandomRobbieBF/CVE-2023-6421](https://github.com/RandomRobbieBF/CVE-2023-6421) -### CVE-2023-6444 (2024-03-11) - -The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request. - - +### CVE-2023-6444 - [Wayne-Ker/CVE-2023-6444-POC](https://github.com/Wayne-Ker/CVE-2023-6444-POC) -### CVE-2023-6538 (2023-12-11) - -SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. - - +### CVE-2023-6538 - [Arszilla/CVE-2023-6538](https://github.com/Arszilla/CVE-2023-6538) -### CVE-2023-6553 (2023-12-15) - -The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. - - +### CVE-2023-6553 - [Chocapikk/CVE-2023-6553](https://github.com/Chocapikk/CVE-2023-6553) - [motikan2010/CVE-2023-6553-PoC](https://github.com/motikan2010/CVE-2023-6553-PoC) - [kiddenta/CVE-2023-6553](https://github.com/kiddenta/CVE-2023-6553) - [cc3305/CVE-2023-6553](https://github.com/cc3305/CVE-2023-6553) - [Harshit-Mashru/CVE-2023-6553](https://github.com/Harshit-Mashru/CVE-2023-6553) -### CVE-2023-6567 (2024-01-11) - -The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - - +### CVE-2023-6567 - [mimiloveexe/CVE-2023-6567-poc](https://github.com/mimiloveexe/CVE-2023-6567-poc) -### CVE-2023-6595 (2023-12-14) - -In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold. - - +### CVE-2023-6595 - [sharmashreejaa/CVE-2023-6595](https://github.com/sharmashreejaa/CVE-2023-6595) -### CVE-2023-6634 (2024-01-11) - -The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution. - - +### CVE-2023-6634 - [krn966/CVE-2023-6634](https://github.com/krn966/CVE-2023-6634) -### CVE-2023-6654 (2023-12-10) - -In PHPEMS 6.x/7.x/8.x/9.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung in der Bibliothek lib/session.cls.php der Komponente Session Data Handler. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-6654 - [qfmy1024/CVE-2023-6654](https://github.com/qfmy1024/CVE-2023-6654) ### CVE-2023-6661 @@ -8492,71 +8179,35 @@ ### CVE-2023-6663 - [cli-ish/CVE-2023-6663](https://github.com/cli-ish/CVE-2023-6663) -### CVE-2023-6700 (2024-02-05) - -The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts. - - +### CVE-2023-6700 - [RandomRobbieBF/CVE-2023-6700](https://github.com/RandomRobbieBF/CVE-2023-6700) -### CVE-2023-6702 (2023-12-14) - -Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) - - +### CVE-2023-6702 - [kaist-hacking/CVE-2023-6702](https://github.com/kaist-hacking/CVE-2023-6702) -### CVE-2023-6710 (2023-12-12) - -A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. - - +### CVE-2023-6710 - [DedSec-47/Metasploit-Exploits-CVE-2023-6710](https://github.com/DedSec-47/Metasploit-Exploits-CVE-2023-6710) - [DedSec-47/CVE-2023-6710](https://github.com/DedSec-47/CVE-2023-6710) -### CVE-2023-6875 (2024-01-11) - -The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. - - +### CVE-2023-6875 - [UlyssesSaicha/CVE-2023-6875](https://github.com/UlyssesSaicha/CVE-2023-6875) - [gbrsh/CVE-2023-6875](https://github.com/gbrsh/CVE-2023-6875) - [hatlesswizard/CVE-2023-6875](https://github.com/hatlesswizard/CVE-2023-6875) -### CVE-2023-6895 (2023-12-17) - -In Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /php/ping.php. Mittels Manipulieren des Arguments jsondata[ip] mit der Eingabe netstat -ano mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 4.1.0 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. - - +### CVE-2023-6895 - [FuBoLuSec/CVE-2023-6895](https://github.com/FuBoLuSec/CVE-2023-6895) - [nles-crt/CVE-2023-6895](https://github.com/nles-crt/CVE-2023-6895) -### CVE-2023-6933 (2024-02-05) - -The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. - - +### CVE-2023-6933 - [w2xim3/CVE-2023-6933](https://github.com/w2xim3/CVE-2023-6933) -### CVE-2023-6985 (2024-02-05) - -The 10Web AI Assistant – AI content writing assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin AJAX action in all versions up to, and including, 1.0.18. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins that can be used to gain further access to a compromised site. - - +### CVE-2023-6985 - [RandomRobbieBF/CVE-2023-6985](https://github.com/RandomRobbieBF/CVE-2023-6985) -### CVE-2023-7016 (2024-02-27) - -A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access. - - +### CVE-2023-7016 - [ewilded/CVE-2023-7016-POC](https://github.com/ewilded/CVE-2023-7016-POC) -### CVE-2023-7028 (2024-01-12) - -An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. - - +### CVE-2023-7028 - [RandomRobbieBF/CVE-2023-7028](https://github.com/RandomRobbieBF/CVE-2023-7028) - [googlei1996/CVE-2023-7028](https://github.com/googlei1996/CVE-2023-7028) - [duy-31/CVE-2023-7028](https://github.com/duy-31/CVE-2023-7028) @@ -8569,27 +8220,15 @@ - [mochammadrafi/CVE-2023-7028](https://github.com/mochammadrafi/CVE-2023-7028) - [hackeremmen/gitlab-exploit](https://github.com/hackeremmen/gitlab-exploit) - [soltanali0/CVE-2023-7028](https://github.com/soltanali0/CVE-2023-7028) -- [fa-rrel/CVE-2023-7028](https://github.com/fa-rrel/CVE-2023-7028) - -### CVE-2023-7172 (2023-12-30) - -Eine kritische Schwachstelle wurde in PHPGurukul Hospital Management System 1.0 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente Admin Dashboard. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. - +- [gh-ost00/CVE-2023-7028](https://github.com/gh-ost00/CVE-2023-7028) +### CVE-2023-7172 - [sharathc213/CVE-2023-7172](https://github.com/sharathc213/CVE-2023-7172) -### CVE-2023-7173 (2023-12-30) - -Es wurde eine problematische Schwachstelle in PHPGurukul Hospital Management System 1.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei registration.php. Durch das Beeinflussen des Arguments First Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. - - +### CVE-2023-7173 - [sharathc213/CVE-2023-7173](https://github.com/sharathc213/CVE-2023-7173) -### CVE-2023-7261 (2024-06-07) - -Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) - - +### CVE-2023-7261 - [zerozenxlabs/CVE-2023-7261](https://github.com/zerozenxlabs/CVE-2023-7261) ### CVE-2023-20025 (2023-01-19) @@ -13679,131 +13318,59 @@ - [miguelc49/CVE-2023-43667-1](https://github.com/miguelc49/CVE-2023-43667-1) - [miguelc49/CVE-2023-43667-3](https://github.com/miguelc49/CVE-2023-43667-3) -### CVE-2023-43757 (2023-11-16) - -Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. - - +### CVE-2023-43757 - [sharmashreejaa/CVE-2023-43757](https://github.com/sharmashreejaa/CVE-2023-43757) -### CVE-2023-43770 (2023-09-22) - -Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. - - +### CVE-2023-43770 - [s3cb0y/CVE-2023-43770-POC](https://github.com/s3cb0y/CVE-2023-43770-POC) - [knight0x07/CVE-2023-43770-PoC](https://github.com/knight0x07/CVE-2023-43770-PoC) -### CVE-2023-43786 (2023-10-10) - -A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. - - +### CVE-2023-43786 - [jfrog/jfrog-CVE-2023-43786-libX11_DoS](https://github.com/jfrog/jfrog-CVE-2023-43786-libX11_DoS) -### CVE-2023-43838 (2023-10-04) - -An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. - - +### CVE-2023-43838 - [rootd4ddy/CVE-2023-43838](https://github.com/rootd4ddy/CVE-2023-43838) -### CVE-2023-43871 (2023-09-28) - -A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). - - +### CVE-2023-43871 - [sromanhu/CVE-2023-43871-WBCE-Arbitrary-File-Upload--XSS---Media](https://github.com/sromanhu/CVE-2023-43871-WBCE-Arbitrary-File-Upload--XSS---Media) -### CVE-2023-43872 (2023-09-28) - -A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). - - +### CVE-2023-43872 - [sromanhu/CVE-2023-43872-CMSmadesimple-Arbitrary-File-Upload--XSS---File-Manager](https://github.com/sromanhu/CVE-2023-43872-CMSmadesimple-Arbitrary-File-Upload--XSS---File-Manager) -### CVE-2023-43873 (2023-09-28) - -A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. - - +### CVE-2023-43873 - [sromanhu/CVE-2023-43873-e107-CMS-Stored-XSS---Manage](https://github.com/sromanhu/CVE-2023-43873-e107-CMS-Stored-XSS---Manage) -### CVE-2023-43874 (2023-09-28) - -Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. - - +### CVE-2023-43874 - [sromanhu/CVE-2023-43874-e107-CMS-Stored-XSS---MetaCustomTags](https://github.com/sromanhu/CVE-2023-43874-e107-CMS-Stored-XSS---MetaCustomTags) -### CVE-2023-43875 (2023-10-19) - -Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail. - - +### CVE-2023-43875 - [sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation](https://github.com/sromanhu/CVE-2023-43875-Subrion-CMS-Reflected-XSS---Installation) -### CVE-2023-43876 (2023-09-28) - -A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. - - +### CVE-2023-43876 - [sromanhu/CVE-2023-43876-October-CMS-Reflected-XSS---Installation](https://github.com/sromanhu/CVE-2023-43876-October-CMS-Reflected-XSS---Installation) -### CVE-2023-43877 (2023-10-04) - -Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. - - +### CVE-2023-43877 - [sromanhu/CVE-2023-43877-RiteCMS-Stored-XSS---Home](https://github.com/sromanhu/CVE-2023-43877-RiteCMS-Stored-XSS---Home) -### CVE-2023-43878 (2023-09-28) - -Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. - - +### CVE-2023-43878 - [sromanhu/CVE-2023-43878-RiteCMS-Stored-XSS---MainMenu](https://github.com/sromanhu/CVE-2023-43878-RiteCMS-Stored-XSS---MainMenu) -### CVE-2023-43879 (2023-09-28) - -Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. - - +### CVE-2023-43879 - [sromanhu/CVE-2023-43879-RiteCMS-Stored-XSS---GlobalContent](https://github.com/sromanhu/CVE-2023-43879-RiteCMS-Stored-XSS---GlobalContent) -### CVE-2023-43955 (2023-12-27) - -The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData. - - +### CVE-2023-43955 - [actuator/com.phlox.tvwebbrowser](https://github.com/actuator/com.phlox.tvwebbrowser) -### CVE-2023-44061 (2023-10-06) - -File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. - - +### CVE-2023-44061 - [soundarkutty/CVE-2023-44061](https://github.com/soundarkutty/CVE-2023-44061) -### CVE-2023-44451 (2024-05-03) - -Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897. - - +### CVE-2023-44451 - [febinrev/slippy-book-exploit](https://github.com/febinrev/slippy-book-exploit) -### CVE-2023-44452 (2024-05-03) - -Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132. - - +### CVE-2023-44452 - [febinrev/atril_cbt-inject-exploit](https://github.com/febinrev/atril_cbt-inject-exploit) -### CVE-2023-44487 (2023-10-10) - -The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. - - +### CVE-2023-44487 - [bcdannyboy/CVE-2023-44487](https://github.com/bcdannyboy/CVE-2023-44487) - [imabee101/CVE-2023-44487](https://github.com/imabee101/CVE-2023-44487) - [ByteHackr/CVE-2023-44487](https://github.com/ByteHackr/CVE-2023-44487) @@ -13818,252 +13385,116 @@ - [TYuan0816/cve-2023-44487](https://github.com/TYuan0816/cve-2023-44487) - [sn130hk/CVE-2023-44487](https://github.com/sn130hk/CVE-2023-44487) -### CVE-2023-44758 (2023-10-06) - -GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. - - +### CVE-2023-44758 - [sromanhu/CVE-2023-44758_GDidees-CMS-Stored-XSS---Title](https://github.com/sromanhu/CVE-2023-44758_GDidees-CMS-Stored-XSS---Title) -### CVE-2023-44760 (2023-10-23) - -Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. NOTE: the vendor disputes this because these header/footer changes can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. Also, the exploitation method claimed by "sromanhu" does not provide any access to a Concrete CMS session, because the Concrete CMS session cookie is configured as HttpOnly. - - +### CVE-2023-44760 - [sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes](https://github.com/sromanhu/CVE-2023-44760_ConcreteCMS-Stored-XSS---TrackingCodes) -### CVE-2023-44761 (2023-10-06) - -Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. - - +### CVE-2023-44761 - [sromanhu/CVE-2023-44761_ConcreteCMS-Stored-XSS---Forms](https://github.com/sromanhu/CVE-2023-44761_ConcreteCMS-Stored-XSS---Forms) -### CVE-2023-44762 (2023-10-06) - -A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. - - +### CVE-2023-44762 - [sromanhu/CVE-2023-44762_ConcreteCMS-Reflected-XSS---Tags](https://github.com/sromanhu/CVE-2023-44762_ConcreteCMS-Reflected-XSS---Tags) -### CVE-2023-44763 (2023-10-10) - -Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration. - - +### CVE-2023-44763 - [sromanhu/CVE-2023-44763_ConcreteCMS-Arbitrary-file-upload-Thumbnail](https://github.com/sromanhu/CVE-2023-44763_ConcreteCMS-Arbitrary-file-upload-Thumbnail) -### CVE-2023-44764 (2023-10-06) - -A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). - - +### CVE-2023-44764 - [sromanhu/CVE-2023-44764_ConcreteCMS-Stored-XSS---Site_Installation](https://github.com/sromanhu/CVE-2023-44764_ConcreteCMS-Stored-XSS---Site_Installation) -### CVE-2023-44765 (2023-10-06) - -A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. - - +### CVE-2023-44765 - [sromanhu/CVE-2023-44765_ConcreteCMS-Stored-XSS---Associations](https://github.com/sromanhu/CVE-2023-44765_ConcreteCMS-Stored-XSS---Associations) -### CVE-2023-44766 (2023-10-06) - -A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. NOTE: the vendor disputes this because this SEO-related header change can only be made by an admin, and allowing an admin to place JavaScript there is an intentional customization feature. - - +### CVE-2023-44766 - [sromanhu/CVE-2023-44766_ConcreteCMS-Stored-XSS---SEO](https://github.com/sromanhu/CVE-2023-44766_ConcreteCMS-Stored-XSS---SEO) -### CVE-2023-44767 (2023-10-24) - -A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. - - +### CVE-2023-44767 - [sromanhu/CVE-2023-44767_RiteCMS-File-Upload--XSS---Filemanager](https://github.com/sromanhu/CVE-2023-44767_RiteCMS-File-Upload--XSS---Filemanager) -### CVE-2023-44769 (2023-10-24) - -A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. - - +### CVE-2023-44769 - [sromanhu/CVE-2023-44769_ZenarioCMS--Reflected-XSS---Alias](https://github.com/sromanhu/CVE-2023-44769_ZenarioCMS--Reflected-XSS---Alias) -### CVE-2023-44770 (2023-10-06) - -A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. - - +### CVE-2023-44770 - [sromanhu/CVE-2023-44770_ZenarioCMS--Reflected-XSS---Organizer-Alias](https://github.com/sromanhu/CVE-2023-44770_ZenarioCMS--Reflected-XSS---Organizer-Alias) -### CVE-2023-44771 (2023-10-06) - -A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. - - +### CVE-2023-44771 - [sromanhu/CVE-2023-44771_ZenarioCMS--Stored-XSS---Page-Layout](https://github.com/sromanhu/CVE-2023-44771_ZenarioCMS--Stored-XSS---Page-Layout) -### CVE-2023-44811 (2023-10-09) - -Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. - - +### CVE-2023-44811 - [ahrixia/CVE-2023-44811](https://github.com/ahrixia/CVE-2023-44811) -### CVE-2023-44812 (2023-10-09) - -Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. - - +### CVE-2023-44812 - [ahrixia/CVE-2023-44812](https://github.com/ahrixia/CVE-2023-44812) -### CVE-2023-44813 (2023-10-09) - -Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. - - +### CVE-2023-44813 - [ahrixia/CVE-2023-44813](https://github.com/ahrixia/CVE-2023-44813) -### CVE-2023-44961 (2023-10-11) - -SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. - - +### CVE-2023-44961 - [ggb0n/CVE-2023-44961](https://github.com/ggb0n/CVE-2023-44961) -### CVE-2023-44962 (2023-10-11) - -File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. - - +### CVE-2023-44962 - [ggb0n/CVE-2023-44962](https://github.com/ggb0n/CVE-2023-44962) ### CVE-2023-44976 - [keowu/BadRentdrv2](https://github.com/keowu/BadRentdrv2) -### CVE-2023-45158 (2023-10-16) - -An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. - - +### CVE-2023-45158 - [Evan-Zhangyf/CVE-2023-45158](https://github.com/Evan-Zhangyf/CVE-2023-45158) -### CVE-2023-45182 (2023-12-14) - -\nIBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.\n\n - - +### CVE-2023-45182 - [afine-com/CVE-2023-45182](https://github.com/afine-com/CVE-2023-45182) -### CVE-2023-45184 (2023-12-14) - -IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270. - - +### CVE-2023-45184 - [afine-com/CVE-2023-45184](https://github.com/afine-com/CVE-2023-45184) -### CVE-2023-45185 (2023-12-14) - -IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273. - - +### CVE-2023-45185 - [afine-com/CVE-2023-45185](https://github.com/afine-com/CVE-2023-45185) -### CVE-2023-45239 (2023-10-06) - -A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. - - +### CVE-2023-45239 - [takeshixx/tac_plus-pre-auth-rce](https://github.com/takeshixx/tac_plus-pre-auth-rce) -### CVE-2023-45280 (2023-10-19) - -Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript. - - +### CVE-2023-45280 - [miguelc49/CVE-2023-45280-1](https://github.com/miguelc49/CVE-2023-45280-1) - [miguelc49/CVE-2023-45280-3](https://github.com/miguelc49/CVE-2023-45280-3) - [miguelc49/CVE-2023-45280-2](https://github.com/miguelc49/CVE-2023-45280-2) -### CVE-2023-45288 (2024-04-04) - -An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. - - +### CVE-2023-45288 - [hex0punk/cont-flood-poc](https://github.com/hex0punk/cont-flood-poc) -### CVE-2023-45471 (2023-10-20) - -The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated attackers to create a new index and inject a malicious web script into its name, that will execute whenever a user accesses the search page. - - +### CVE-2023-45471 - [mehdibelhajamor/CVE-2023-45471](https://github.com/mehdibelhajamor/CVE-2023-45471) -### CVE-2023-45503 (2024-04-15) - -SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. - - +### CVE-2023-45503 - [ally-petitt/CVE-2023-45503](https://github.com/ally-petitt/CVE-2023-45503) -### CVE-2023-45540 (2023-10-16) - -An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. - - +### CVE-2023-45540 - [soundarkutty/CVE-2023-45540](https://github.com/soundarkutty/CVE-2023-45540) -### CVE-2023-45542 (2023-10-16) - -Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function. - - +### CVE-2023-45542 - [ahrixia/CVE-2023-45542](https://github.com/ahrixia/CVE-2023-45542) -### CVE-2023-45657 (2023-11-06) - -Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.\n\n - - +### CVE-2023-45657 - [RandomRobbieBF/CVE-2023-45657](https://github.com/RandomRobbieBF/CVE-2023-45657) -### CVE-2023-45777 (2023-12-04) - -In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. - - +### CVE-2023-45777 - [michalbednarski/TheLastBundleMismatch](https://github.com/michalbednarski/TheLastBundleMismatch) -### CVE-2023-45779 (2023-12-04) - -In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.\n - - +### CVE-2023-45779 - [metaredteam/rtx-cve-2023-45779](https://github.com/metaredteam/rtx-cve-2023-45779) -### CVE-2023-45827 (2023-11-06) - -Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.\n - - +### CVE-2023-45827 - [200101WhoAmI/CVE-2023-45827](https://github.com/200101WhoAmI/CVE-2023-45827) ### CVE-2023-45828 - [RandomRobbieBF/CVE-2023-45828](https://github.com/RandomRobbieBF/CVE-2023-45828) -### CVE-2023-45857 (2023-11-08) - -An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. - - +### CVE-2023-45857 - [valentin-panov/CVE-2023-45857](https://github.com/valentin-panov/CVE-2023-45857) - [intercept6/CVE-2023-45857-Demo](https://github.com/intercept6/CVE-2023-45857-Demo) - [fuyuooumi1027/CVE-2023-45857-Demo](https://github.com/fuyuooumi1027/CVE-2023-45857-Demo) -### CVE-2023-45866 (2023-12-08) - -Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. - - +### CVE-2023-45866 - [pentestfunctions/BlueDucky](https://github.com/pentestfunctions/BlueDucky) - [Eason-zz/BluetoothDucky](https://github.com/Eason-zz/BluetoothDucky) - [jjjjjjjj987/cve-2023-45866-py](https://github.com/jjjjjjjj987/cve-2023-45866-py) @@ -14071,207 +13502,91 @@ - [AvishekDhakal/CVE-2023-45866_EXPLOITS](https://github.com/AvishekDhakal/CVE-2023-45866_EXPLOITS) - [Chedrian07/CVE-2023-45866-POC](https://github.com/Chedrian07/CVE-2023-45866-POC) -### CVE-2023-45966 (2023-10-23) - -umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. - - +### CVE-2023-45966 - [jet-pentest/CVE-2023-45966](https://github.com/jet-pentest/CVE-2023-45966) -### CVE-2023-45992 (2023-10-19) - -A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. - - +### CVE-2023-45992 - [harry935/CVE-2023-45992](https://github.com/harry935/CVE-2023-45992) -### CVE-2023-46003 (2023-10-21) - -I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. - - +### CVE-2023-46003 - [leekenghwa/CVE-2023-46003](https://github.com/leekenghwa/CVE-2023-46003) -### CVE-2023-46012 (2024-05-07) - -Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. - - +### CVE-2023-46012 - [dest-3/CVE-2023-46012](https://github.com/dest-3/CVE-2023-46012) -### CVE-2023-46014 (2023-11-13) - -SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters. - - +### CVE-2023-46014 - [ersinerenler/CVE-2023-46014-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability](https://github.com/ersinerenler/CVE-2023-46014-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability) -### CVE-2023-46015 (2023-11-13) - -Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. - - +### CVE-2023-46015 - [ersinerenler/CVE-2023-46015-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability](https://github.com/ersinerenler/CVE-2023-46015-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability) -### CVE-2023-46016 (2023-11-13) - -Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. - - +### CVE-2023-46016 - [ersinerenler/CVE-2023-46016-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability](https://github.com/ersinerenler/CVE-2023-46016-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability) -### CVE-2023-46017 (2023-11-13) - -SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. - - +### CVE-2023-46017 - [ersinerenler/CVE-2023-46017-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability](https://github.com/ersinerenler/CVE-2023-46017-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability) -### CVE-2023-46018 (2023-11-13) - -SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter. - - +### CVE-2023-46018 - [ersinerenler/CVE-2023-46018-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability](https://github.com/ersinerenler/CVE-2023-46018-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability) -### CVE-2023-46019 (2023-11-13) - -Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter. - - +### CVE-2023-46019 - [ersinerenler/CVE-2023-46019-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability](https://github.com/ersinerenler/CVE-2023-46019-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Site-Scripting-Vulnerability) -### CVE-2023-46020 (2023-11-13) - -Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters. - - +### CVE-2023-46020 - [ersinerenler/CVE-2023-46020-Code-Projects-Blood-Bank-1.0-Stored-Cross-Site-Scripting-Vulnerability](https://github.com/ersinerenler/CVE-2023-46020-Code-Projects-Blood-Bank-1.0-Stored-Cross-Site-Scripting-Vulnerability) -### CVE-2023-46021 (2023-11-13) - -SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter. - - +### CVE-2023-46021 - [ersinerenler/CVE-2023-46021-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability](https://github.com/ersinerenler/CVE-2023-46021-Code-Projects-Blood-Bank-1.0-SQL-Injection-Vulnerability) -### CVE-2023-46022 (2023-11-14) - -SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the 'bid' parameter. - - +### CVE-2023-46022 - [ersinerenler/CVE-2023-46022-Code-Projects-Blood-Bank-1.0-OOB-SQL-Injection-Vulnerability](https://github.com/ersinerenler/CVE-2023-46022-Code-Projects-Blood-Bank-1.0-OOB-SQL-Injection-Vulnerability) -### CVE-2023-46197 (2024-05-17) - -Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in supsystic.Com Popup by Supsystic allows Relative Path Traversal.This issue affects Popup by Supsystic: from n/a through 1.10.19. - - +### CVE-2023-46197 - [RandomRobbieBF/CVE-2023-46197](https://github.com/RandomRobbieBF/CVE-2023-46197) -### CVE-2023-46303 (2023-10-22) - -link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. - - +### CVE-2023-46303 - [0x1717/ssrf-via-img](https://github.com/0x1717/ssrf-via-img) -### CVE-2023-46304 (2024-04-30) - -modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load). - - +### CVE-2023-46304 - [jselliott/CVE-2023-46304](https://github.com/jselliott/CVE-2023-46304) -### CVE-2023-46344 (2024-02-02) - -A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base. - - +### CVE-2023-46344 - [vinnie1717/CVE-2023-46344](https://github.com/vinnie1717/CVE-2023-46344) -### CVE-2023-46371 (2023-10-24) - -TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. - - +### CVE-2023-46371 - [Jianchun-Ding/CVE-poc-update](https://github.com/Jianchun-Ding/CVE-poc-update) -### CVE-2023-46404 (2023-11-03) - -PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. - - +### CVE-2023-46404 - [windecks/CVE-2023-46404](https://github.com/windecks/CVE-2023-46404) -### CVE-2023-46442 (-) - -An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS). - - +### CVE-2023-46442 - [JAckLosingHeart/CVE-2023-46442_POC](https://github.com/JAckLosingHeart/CVE-2023-46442_POC) -### CVE-2023-46447 (2024-01-20) - -The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. - - +### CVE-2023-46447 - [actuator/rebel](https://github.com/actuator/rebel) -### CVE-2023-46449 (2023-10-26) - -Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. - - +### CVE-2023-46449 - [sajaljat/CVE-2023-46449](https://github.com/sajaljat/CVE-2023-46449) -### CVE-2023-46450 (2023-10-26) - -Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. - - +### CVE-2023-46450 - [yte121/-CVE-2023-46450](https://github.com/yte121/-CVE-2023-46450) -### CVE-2023-46451 (2023-10-31) - -Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. - - +### CVE-2023-46451 - [sajaljat/CVE-2023-46451](https://github.com/sajaljat/CVE-2023-46451) -### CVE-2023-46454 (2023-12-12) - -In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. - - +### CVE-2023-46454 - [cyberaz0r/GL.iNet-Multiple-Vulnerabilities](https://github.com/cyberaz0r/GL.iNet-Multiple-Vulnerabilities) -### CVE-2023-46474 (2024-01-11) - -File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. - - +### CVE-2023-46474 - [Xn2/CVE-2023-46474](https://github.com/Xn2/CVE-2023-46474) -### CVE-2023-46478 (2023-10-30) - -An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. - - +### CVE-2023-46478 - [mr-xmen786/CVE-2023-46478](https://github.com/mr-xmen786/CVE-2023-46478) -### CVE-2023-46501 (2023-11-07) - -An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. - - +### CVE-2023-46501 - [Cyber-Wo0dy/CVE-2023-46501](https://github.com/Cyber-Wo0dy/CVE-2023-46501) -### CVE-2023-46604 (2023-10-27) - -The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\n - - +### CVE-2023-46604 - [trganda/ActiveMQ-RCE](https://github.com/trganda/ActiveMQ-RCE) - [X1r0z/ActiveMQ-RCE](https://github.com/X1r0z/ActiveMQ-RCE) - [JaneMandy/ActiveMQ_RCE_Pro_Max](https://github.com/JaneMandy/ActiveMQ_RCE_Pro_Max) @@ -14300,25 +13615,13 @@ - [pulentoski/CVE-2023-46604](https://github.com/pulentoski/CVE-2023-46604) - [cuanh2333/CVE-2023-46604](https://github.com/cuanh2333/CVE-2023-46604) -### CVE-2023-46615 (2024-02-12) - -Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7.\n\n - - +### CVE-2023-46615 - [RandomRobbieBF/CVE-2023-46615](https://github.com/RandomRobbieBF/CVE-2023-46615) -### CVE-2023-46694 (-) - -Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager functionality. - - +### CVE-2023-46694 - [invisiblebyte/CVE-2023-46694](https://github.com/invisiblebyte/CVE-2023-46694) -### CVE-2023-46747 (2023-10-26) - -\n\n\nUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated\n\n - - +### CVE-2023-46747 - [bijaysenihang/CVE-2023-46747-Mass-RCE](https://github.com/bijaysenihang/CVE-2023-46747-Mass-RCE) - [W01fh4cker/CVE-2023-46747-RCE](https://github.com/W01fh4cker/CVE-2023-46747-RCE) - [fu2x2000/CVE-2023-46747](https://github.com/fu2x2000/CVE-2023-46747) @@ -14329,11 +13632,7 @@ - [vidura2/cve-2023-46747](https://github.com/vidura2/cve-2023-46747) - [rainbowhatrkn/CVE-2023-46747-RCE](https://github.com/rainbowhatrkn/CVE-2023-46747-RCE) -### CVE-2023-46805 (2024-01-12) - -An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. - - +### CVE-2023-46805 - [yoryio/CVE-2023-46805](https://github.com/yoryio/CVE-2023-46805) - [cbeek-r7/CVE-2023-46805](https://github.com/cbeek-r7/CVE-2023-46805) - [duy-31/CVE-2023-46805_CVE-2024-21887](https://github.com/duy-31/CVE-2023-46805_CVE-2024-21887) @@ -14343,382 +13642,174 @@ - [mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped](https://github.com/mickdec/CVE-2023-46805_CVE-2024-21887_scan_grouped) - [w2xim3/CVE-2023-46805](https://github.com/w2xim3/CVE-2023-46805) -### CVE-2023-46813 (2023-10-27) - -An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. - - +### CVE-2023-46813 - [Freax13/cve-2023-46813-poc](https://github.com/Freax13/cve-2023-46813-poc) -### CVE-2023-46818 (2023-10-27) - -An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. - - +### CVE-2023-46818 - [bipbopbup/CVE-2023-46818-python-exploit](https://github.com/bipbopbup/CVE-2023-46818-python-exploit) -### CVE-2023-46865 (2023-10-30) - -/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. - - +### CVE-2023-46865 - [asylumdx/Crater-CVE-2023-46865-RCE](https://github.com/asylumdx/Crater-CVE-2023-46865-RCE) -### CVE-2023-46870 (-) - -extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts. - - +### CVE-2023-46870 - [Chapoly1305/CVE-2023-46870](https://github.com/Chapoly1305/CVE-2023-46870) -### CVE-2023-46948 (2024-09-23) - -A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components. - - +### CVE-2023-46948 - [AzraelsBlade/CVE-2023-46948](https://github.com/AzraelsBlade/CVE-2023-46948) -### CVE-2023-46954 (2023-11-03) - -SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. - - +### CVE-2023-46954 - [jakedmurphy1/CVE-2023-46954](https://github.com/jakedmurphy1/CVE-2023-46954) -### CVE-2023-46974 (2023-12-07) - -Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. - - +### CVE-2023-46974 - [yte121/CVE-2023-46974](https://github.com/yte121/CVE-2023-46974) -### CVE-2023-46980 (2023-11-03) - -An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. - - +### CVE-2023-46980 - [sajaljat/CVE-2023-46980](https://github.com/sajaljat/CVE-2023-46980) -### CVE-2023-46998 (2023-11-07) - -Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. - - +### CVE-2023-46998 - [soy-oreocato/CVE-2023-46998](https://github.com/soy-oreocato/CVE-2023-46998) -### CVE-2023-47014 (2023-11-22) - -A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php. - - +### CVE-2023-47014 - [emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS](https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS) -### CVE-2023-47102 (2023-11-07) - -UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. - - +### CVE-2023-47102 - [nitipoom-jar/CVE-2023-47102](https://github.com/nitipoom-jar/CVE-2023-47102) -### CVE-2023-47108 (2023-11-10) - -OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`. - - +### CVE-2023-47108 - [bahe-msft/govuln-CVE-2023-47108](https://github.com/bahe-msft/govuln-CVE-2023-47108) -### CVE-2023-47119 (2023-11-10) - -Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. - - +### CVE-2023-47119 - [BaadMaro/CVE-2023-47119](https://github.com/BaadMaro/CVE-2023-47119) - [Cristiano100/CVE-2023-47119](https://github.com/Cristiano100/CVE-2023-47119) -### CVE-2023-47129 (2023-11-10) - -Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.\n - - +### CVE-2023-47129 - [Cyber-Wo0dy/CVE-2023-47129](https://github.com/Cyber-Wo0dy/CVE-2023-47129) ### CVE-2023-47179 - [RandomRobbieBF/CVE-2023-47179](https://github.com/RandomRobbieBF/CVE-2023-47179) -### CVE-2023-47218 (2024-02-13) - -An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n - - +### CVE-2023-47218 - [passwa11/CVE-2023-47218](https://github.com/passwa11/CVE-2023-47218) -### CVE-2023-47246 (2023-11-10) - -In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. - - +### CVE-2023-47246 - [W01fh4cker/CVE-2023-47246-EXP](https://github.com/W01fh4cker/CVE-2023-47246-EXP) - [rainbowhatrkn/CVE-2023-47246](https://github.com/rainbowhatrkn/CVE-2023-47246) - [tucommenceapousser/CVE-2023-47246](https://github.com/tucommenceapousser/CVE-2023-47246) - [XiaomingX/cve-2023-47246-poc](https://github.com/XiaomingX/cve-2023-47246-poc) -### CVE-2023-47253 (2023-11-06) - -Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. - - +### CVE-2023-47253 - [OpenXP-Research/CVE-2023-47253](https://github.com/OpenXP-Research/CVE-2023-47253) - [gmh5225/CVE-2023-47253](https://github.com/gmh5225/CVE-2023-47253) -### CVE-2023-47355 (2024-02-05) - -The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. - - +### CVE-2023-47355 - [actuator/com.eypcnnapps.quickreboot](https://github.com/actuator/com.eypcnnapps.quickreboot) ### CVE-2023-47400 - [LucasVanHaaren/CVE-2023-47400](https://github.com/LucasVanHaaren/CVE-2023-47400) -### CVE-2023-47437 (2023-11-27) - -A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script. - - +### CVE-2023-47437 - [herombey/CVE-2023-47437](https://github.com/herombey/CVE-2023-47437) -### CVE-2023-47459 (2024-01-16) - -An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component. - - +### CVE-2023-47459 - [aleksey-vi/CVE-2023-47459](https://github.com/aleksey-vi/CVE-2023-47459) -### CVE-2023-47460 (2024-01-16) - -SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. - - +### CVE-2023-47460 - [aleksey-vi/CVE-2023-47460](https://github.com/aleksey-vi/CVE-2023-47460) -### CVE-2023-47464 (2023-11-30) - -Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. - - +### CVE-2023-47464 - [HadessCS/CVE-2023-47464](https://github.com/HadessCS/CVE-2023-47464) -### CVE-2023-47488 (2023-11-09) - -Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page. - - +### CVE-2023-47488 - [nitipoom-jar/CVE-2023-47488](https://github.com/nitipoom-jar/CVE-2023-47488) -### CVE-2023-47489 (2023-11-09) - -CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. - - +### CVE-2023-47489 - [nitipoom-jar/CVE-2023-47489](https://github.com/nitipoom-jar/CVE-2023-47489) -### CVE-2023-47504 (2024-04-24) - -Improper Authentication vulnerability in Elementor Elementor Website Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Elementor Website Builder: from n/a through 3.16.4.\n\n - - +### CVE-2023-47504 - [davidxbors/CVE-2023-47504-POC](https://github.com/davidxbors/CVE-2023-47504-POC) -### CVE-2023-47529 (2023-11-23) - -Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.\n\n - - +### CVE-2023-47529 - [RandomRobbieBF/CVE-2023-47529](https://github.com/RandomRobbieBF/CVE-2023-47529) -### CVE-2023-47564 (2024-02-02) - -An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQsync Central 4.4.0.15 ( 2024/01/04 ) and later\nQsync Central 4.3.0.11 ( 2024/01/11 ) and later\n - - +### CVE-2023-47564 - [C411e/CVE-2023-47564](https://github.com/C411e/CVE-2023-47564) -### CVE-2023-47668 (2023-11-23) - -Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions. - - +### CVE-2023-47668 - [RandomRobbieBF/CVE-2023-47668](https://github.com/RandomRobbieBF/CVE-2023-47668) -### CVE-2023-47840 (2023-12-29) - -Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.\n\n - - +### CVE-2023-47840 - [RandomRobbieBF/CVE-2023-47840](https://github.com/RandomRobbieBF/CVE-2023-47840) -### CVE-2023-47882 (2023-12-27) - -The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. - - +### CVE-2023-47882 - [actuator/yi](https://github.com/actuator/yi) -### CVE-2023-47883 (2023-12-27) - -The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. - - +### CVE-2023-47883 - [actuator/com.altamirano.fabricio.tvbrowser](https://github.com/actuator/com.altamirano.fabricio.tvbrowser) -### CVE-2023-47889 (2024-02-06) - -The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. - - +### CVE-2023-47889 - [actuator/com.bdrm.superreboot](https://github.com/actuator/com.bdrm.superreboot) -### CVE-2023-48022 (2023-11-28) - -Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment - - +### CVE-2023-48022 - [0x656565/CVE-2023-48022](https://github.com/0x656565/CVE-2023-48022) - [jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022](https://github.com/jakabakos/ShadowRay-RCE-PoC-CVE-2023-48022) -### CVE-2023-48028 (2023-11-17) - -kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. - - +### CVE-2023-48028 - [nitipoom-jar/CVE-2023-48028](https://github.com/nitipoom-jar/CVE-2023-48028) -### CVE-2023-48029 (2023-11-17) - -Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator's computer. - - +### CVE-2023-48029 - [nitipoom-jar/CVE-2023-48029](https://github.com/nitipoom-jar/CVE-2023-48029) -### CVE-2023-48031 (2023-11-17) - -OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim's station via a crafted file upload operation. - - +### CVE-2023-48031 - [nitipoom-jar/CVE-2023-48031](https://github.com/nitipoom-jar/CVE-2023-48031) -### CVE-2023-48034 (2023-11-27) - -An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. - - +### CVE-2023-48034 - [aprkr/CVE-2023-48034](https://github.com/aprkr/CVE-2023-48034) -### CVE-2023-48084 (2023-12-14) - -Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. - - +### CVE-2023-48084 - [Hamibubu/CVE-2023-48084](https://github.com/Hamibubu/CVE-2023-48084) - [bucketcat/CVE-2023-48084](https://github.com/bucketcat/CVE-2023-48084) -### CVE-2023-48104 (2024-01-16) - -Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. - - +### CVE-2023-48104 - [E1tex/CVE-2023-48104](https://github.com/E1tex/CVE-2023-48104) -### CVE-2023-48123 (2023-12-06) - -An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. - - +### CVE-2023-48123 - [NHPT/CVE-2023-48123](https://github.com/NHPT/CVE-2023-48123) - [Farzan-Kh/CVE-2023-48123](https://github.com/Farzan-Kh/CVE-2023-48123) -### CVE-2023-48194 (2024-07-09) - -Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained. - - +### CVE-2023-48194 - [zt20xx/CVE-2023-48194](https://github.com/zt20xx/CVE-2023-48194) -### CVE-2023-48197 (2023-11-15) - -Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. - - +### CVE-2023-48197 - [nitipoom-jar/CVE-2023-48197](https://github.com/nitipoom-jar/CVE-2023-48197) -### CVE-2023-48198 (2023-11-15) - -A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies. - - +### CVE-2023-48198 - [nitipoom-jar/CVE-2023-48198](https://github.com/nitipoom-jar/CVE-2023-48198) -### CVE-2023-48199 (2023-11-15) - -HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not appropriately sanitized, enabling the injection of HTML tags through parameter values. The attacker can then manipulate page content in the QR code detail popup, often coupled with social engineering tactics, exploiting both the trust of users and the application's lack of proper input handling. - - +### CVE-2023-48199 - [nitipoom-jar/CVE-2023-48199](https://github.com/nitipoom-jar/CVE-2023-48199) -### CVE-2023-48200 (2023-11-15) - -Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component. - - +### CVE-2023-48200 - [nitipoom-jar/CVE-2023-48200](https://github.com/nitipoom-jar/CVE-2023-48200) -### CVE-2023-48777 (2024-03-26) - -Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1.\n\n - - +### CVE-2023-48777 - [AkuCyberSec/Elementor-3.18.0-Upload-Path-Traversal-RCE-CVE-2023-48777](https://github.com/AkuCyberSec/Elementor-3.18.0-Upload-Path-Traversal-RCE-CVE-2023-48777) -### CVE-2023-48788 (2024-03-12) - -A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets. - - +### CVE-2023-48788 - [horizon3ai/CVE-2023-48788](https://github.com/horizon3ai/CVE-2023-48788) -### CVE-2023-48842 (2023-12-01) - -D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. - - +### CVE-2023-48842 - [creacitysec/CVE-2023-48842](https://github.com/creacitysec/CVE-2023-48842) -### CVE-2023-48849 (2023-12-06) - -Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. - - +### CVE-2023-48849 - [delsploit/CVE-2023-48849](https://github.com/delsploit/CVE-2023-48849) -### CVE-2023-48858 (2024-01-17) - -A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part. - - +### CVE-2023-48858 - [Shumerez/CVE-2023-48858](https://github.com/Shumerez/CVE-2023-48858) -### CVE-2023-48866 (2023-12-04) - -A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to obtain the victim's cookies. - - +### CVE-2023-48866 - [nitipoom-jar/CVE-2023-48866](https://github.com/nitipoom-jar/CVE-2023-48866) -### CVE-2023-48974 (2024-02-08) - -Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. - - +### CVE-2023-48974 - [vinnie1717/CVE-2023-48974](https://github.com/vinnie1717/CVE-2023-48974) ### CVE-2023-48981 @@ -14730,39 +13821,19 @@ ### CVE-2023-48983 - [tristao-marinho/CVE-2023-48983](https://github.com/tristao-marinho/CVE-2023-48983) -### CVE-2023-49002 (2023-12-27) - -An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer v.1.2.5 allows an attacker to bypass intended access restrictions via interaction with com.funprime.calldialer.ui.activities.OutgoingActivity. - - +### CVE-2023-49002 - [actuator/com.sinous.voice.dialer](https://github.com/actuator/com.sinous.voice.dialer) -### CVE-2023-49003 (2023-12-27) - -An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker to bypass intended access restrictions via interaction with com.simplemobiletools.dialer.activities.DialerActivity. - - +### CVE-2023-49003 - [actuator/com.simplemobiletools.dialer](https://github.com/actuator/com.simplemobiletools.dialer) -### CVE-2023-49038 (2024-01-29) - -Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. - - +### CVE-2023-49038 - [christopher-pace/CVE-2023-49038](https://github.com/christopher-pace/CVE-2023-49038) -### CVE-2023-49052 (2023-11-30) - -File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. - - +### CVE-2023-49052 - [Cyber-Wo0dy/CVE-2023-49052](https://github.com/Cyber-Wo0dy/CVE-2023-49052) -### CVE-2023-49070 (2023-12-05) - -\nPre-auth RCE in Apache Ofbiz 18.12.09.\n\nIt's due to XML-RPC no longer maintained still present.\nThis issue affects Apache OFBiz: before 18.12.10. \nUsers are recommended to upgrade to version 18.12.10\n\n - - +### CVE-2023-49070 - [abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC](https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC) - [0xrobiul/CVE-2023-49070](https://github.com/0xrobiul/CVE-2023-49070) - [D0g3-8Bit/OFBiz-Attack](https://github.com/D0g3-8Bit/OFBiz-Attack) @@ -14770,337 +13841,156 @@ - [yukselberkay/CVE-2023-49070_CVE-2023-51467](https://github.com/yukselberkay/CVE-2023-49070_CVE-2023-51467) - [Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467](https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467) -### CVE-2023-49103 (2023-11-21) - -An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. - - +### CVE-2023-49103 - [creacitysec/CVE-2023-49103](https://github.com/creacitysec/CVE-2023-49103) - [merlin-ke/OwnCloud-CVE-2023-49103](https://github.com/merlin-ke/OwnCloud-CVE-2023-49103) - [d0rb/CVE-2023-49103](https://github.com/d0rb/CVE-2023-49103) -### CVE-2023-49105 (2023-11-21) - -An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0. - - +### CVE-2023-49105 - [ambionics/owncloud-exploits](https://github.com/ambionics/owncloud-exploits) -### CVE-2023-49313 (2023-11-28) - -A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data. - - +### CVE-2023-49313 - [louiselalanne/CVE-2023-49313](https://github.com/louiselalanne/CVE-2023-49313) -### CVE-2023-49314 (2023-11-28) - -Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack. - - +### CVE-2023-49314 - [louiselalanne/CVE-2023-49314](https://github.com/louiselalanne/CVE-2023-49314) -### CVE-2023-49339 (2024-02-13) - -Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. - - +### CVE-2023-49339 - [3zizme/CVE-2023-49339](https://github.com/3zizme/CVE-2023-49339) -### CVE-2023-49438 (2023-12-26) - -An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. - - +### CVE-2023-49438 - [brandon-t-elliott/CVE-2023-49438](https://github.com/brandon-t-elliott/CVE-2023-49438) -### CVE-2023-49453 (2024-03-12) - -Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. - - +### CVE-2023-49453 - [nitipoom-jar/CVE-2023-49453](https://github.com/nitipoom-jar/CVE-2023-49453) -### CVE-2023-49471 (2024-01-10) - -Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code. - - +### CVE-2023-49471 - [zunak/CVE-2023-49471](https://github.com/zunak/CVE-2023-49471) ### CVE-2023-49496 - [HuangYanQwQ/CVE-2023-49496](https://github.com/HuangYanQwQ/CVE-2023-49496) -### CVE-2023-49539 (2024-03-01) - -Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter. - - +### CVE-2023-49539 - [geraldoalcantara/CVE-2023-49539](https://github.com/geraldoalcantara/CVE-2023-49539) -### CVE-2023-49540 (2024-03-01) - -Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter. - - +### CVE-2023-49540 - [geraldoalcantara/CVE-2023-49540](https://github.com/geraldoalcantara/CVE-2023-49540) -### CVE-2023-49543 (2024-03-01) - -Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. - - +### CVE-2023-49543 - [geraldoalcantara/CVE-2023-49543](https://github.com/geraldoalcantara/CVE-2023-49543) -### CVE-2023-49544 (2024-03-01) - -A local file inclusion (LFI) in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customer_support/index.php. - - +### CVE-2023-49544 - [geraldoalcantara/CVE-2023-49544](https://github.com/geraldoalcantara/CVE-2023-49544) -### CVE-2023-49545 (2024-03-01) - -A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. - - +### CVE-2023-49545 - [geraldoalcantara/CVE-2023-49545](https://github.com/geraldoalcantara/CVE-2023-49545) -### CVE-2023-49546 (2024-03-04) - -Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php. - - +### CVE-2023-49546 - [geraldoalcantara/CVE-2023-49546](https://github.com/geraldoalcantara/CVE-2023-49546) -### CVE-2023-49547 (2024-03-04) - -Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login. - - +### CVE-2023-49547 - [geraldoalcantara/CVE-2023-49547](https://github.com/geraldoalcantara/CVE-2023-49547) -### CVE-2023-49548 (2024-03-04) - -Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user. - - +### CVE-2023-49548 - [geraldoalcantara/CVE-2023-49548](https://github.com/geraldoalcantara/CVE-2023-49548) -### CVE-2023-49606 (2024-05-01) - -A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability. - - +### CVE-2023-49606 - [d0rb/CVE-2023-49606](https://github.com/d0rb/CVE-2023-49606) -### CVE-2023-49950 (2024-02-03) - -The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure. - - +### CVE-2023-49950 - [shrikeinfosec/cve-2023-49950](https://github.com/shrikeinfosec/cve-2023-49950) -### CVE-2023-49954 (2023-12-25) - -The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. - - +### CVE-2023-49954 - [CVE-2023-49954/CVE-2023-49954.github.io](https://github.com/CVE-2023-49954/CVE-2023-49954.github.io) -### CVE-2023-49964 (2023-12-11) - -An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873. - - +### CVE-2023-49964 - [mbadanoiu/CVE-2023-49964](https://github.com/mbadanoiu/CVE-2023-49964) -### CVE-2023-49965 (2024-04-05) - -SpaceX Starlink Wi-Fi router Gen 2 before 2023.48.0 allows XSS via the ssid and password parameters on the Setup Page. - - +### CVE-2023-49965 - [yoshida-git-ai/SpaceX-Starlink-Router-Gen-2-XSS](https://github.com/yoshida-git-ai/SpaceX-Starlink-Router-Gen-2-XSS) -### CVE-2023-49968 (2024-03-04) - -Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php. - - +### CVE-2023-49968 - [geraldoalcantara/CVE-2023-49968](https://github.com/geraldoalcantara/CVE-2023-49968) -### CVE-2023-49969 (2024-03-04) - -Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer. - - +### CVE-2023-49969 - [geraldoalcantara/CVE-2023-49969](https://github.com/geraldoalcantara/CVE-2023-49969) -### CVE-2023-49970 (2024-03-04) - -Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. - - +### CVE-2023-49970 - [geraldoalcantara/CVE-2023-49970](https://github.com/geraldoalcantara/CVE-2023-49970) -### CVE-2023-49971 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. - - +### CVE-2023-49971 - [geraldoalcantara/CVE-2023-49971](https://github.com/geraldoalcantara/CVE-2023-49971) -### CVE-2023-49973 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. - - +### CVE-2023-49973 - [geraldoalcantara/CVE-2023-49973](https://github.com/geraldoalcantara/CVE-2023-49973) -### CVE-2023-49974 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. - - +### CVE-2023-49974 - [geraldoalcantara/CVE-2023-49974](https://github.com/geraldoalcantara/CVE-2023-49974) -### CVE-2023-49976 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket. - - +### CVE-2023-49976 - [geraldoalcantara/CVE-2023-49976](https://github.com/geraldoalcantara/CVE-2023-49976) -### CVE-2023-49977 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer. - - +### CVE-2023-49977 - [geraldoalcantara/CVE-2023-49977](https://github.com/geraldoalcantara/CVE-2023-49977) -### CVE-2023-49978 (2024-03-06) - -Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators. - - +### CVE-2023-49978 - [geraldoalcantara/CVE-2023-49978](https://github.com/geraldoalcantara/CVE-2023-49978) -### CVE-2023-49979 (2024-03-06) - -A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. - - +### CVE-2023-49979 - [geraldoalcantara/CVE-2023-49979](https://github.com/geraldoalcantara/CVE-2023-49979) -### CVE-2023-49980 (2024-03-06) - -A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. - - +### CVE-2023-49980 - [geraldoalcantara/CVE-2023-49980](https://github.com/geraldoalcantara/CVE-2023-49980) -### CVE-2023-49981 (2024-03-06) - -A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authorization. - - +### CVE-2023-49981 - [geraldoalcantara/CVE-2023-49981](https://github.com/geraldoalcantara/CVE-2023-49981) -### CVE-2023-49982 (2024-03-06) - -Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and deleting user accounts. - - +### CVE-2023-49982 - [geraldoalcantara/CVE-2023-49982](https://github.com/geraldoalcantara/CVE-2023-49982) -### CVE-2023-49983 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. - - +### CVE-2023-49983 - [geraldoalcantara/CVE-2023-49983](https://github.com/geraldoalcantara/CVE-2023-49983) -### CVE-2023-49984 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. - - +### CVE-2023-49984 - [geraldoalcantara/CVE-2023-49984](https://github.com/geraldoalcantara/CVE-2023-49984) -### CVE-2023-49985 (2024-03-06) - -A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter. - - +### CVE-2023-49985 - [geraldoalcantara/CVE-2023-49985](https://github.com/geraldoalcantara/CVE-2023-49985) -### CVE-2023-49986 (2024-03-07) - -A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. - - +### CVE-2023-49986 - [geraldoalcantara/CVE-2023-49986](https://github.com/geraldoalcantara/CVE-2023-49986) -### CVE-2023-49987 (2024-03-07) - -A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter. - - +### CVE-2023-49987 - [geraldoalcantara/CVE-2023-49987](https://github.com/geraldoalcantara/CVE-2023-49987) -### CVE-2023-49988 (2024-03-07) - -Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. - - +### CVE-2023-49988 - [geraldoalcantara/CVE-2023-49988](https://github.com/geraldoalcantara/CVE-2023-49988) -### CVE-2023-49989 (2024-03-07) - -Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. - - +### CVE-2023-49989 - [geraldoalcantara/CVE-2023-49989](https://github.com/geraldoalcantara/CVE-2023-49989) -### CVE-2023-50029 (2024-06-24) - -PHP Injection vulnerability in the module "M4 PDF Extensions" (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate() method. - - +### CVE-2023-50029 - [absholi7ly/PHP-Injection-in-M4-PDF-Extensions](https://github.com/absholi7ly/PHP-Injection-in-M4-PDF-Extensions) -### CVE-2023-50070 (2023-12-29) - -Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. - - +### CVE-2023-50070 - [geraldoalcantara/CVE-2023-50070](https://github.com/geraldoalcantara/CVE-2023-50070) -### CVE-2023-50071 (2023-12-29) - -Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. - - +### CVE-2023-50071 - [geraldoalcantara/CVE-2023-50071](https://github.com/geraldoalcantara/CVE-2023-50071) -### CVE-2023-50072 (2024-01-13) - -A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS. - - +### CVE-2023-50072 - [ahrixia/CVE-2023-50072](https://github.com/ahrixia/CVE-2023-50072) +### CVE-2023-50094 +- [Zierax/CVE-2023-50094_POC](https://github.com/Zierax/CVE-2023-50094_POC) + ### CVE-2023-50131 - [sajaljat/CVE-2023-50131](https://github.com/sajaljat/CVE-2023-50131) ### CVE-2023-50132 - [sajaljat/CVE-2023-50132](https://github.com/sajaljat/CVE-2023-50132) -### CVE-2023-50164 (2023-12-07) - -An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.\n - - +### CVE-2023-50164 - [minhbao15677/CVE-2023-50164](https://github.com/minhbao15677/CVE-2023-50164) - [jakabakos/CVE-2023-50164-Apache-Struts-RCE](https://github.com/jakabakos/CVE-2023-50164-Apache-Struts-RCE) - [bcdannyboy/CVE-2023-50164](https://github.com/bcdannyboy/CVE-2023-50164) @@ -15116,54 +14006,26 @@ - [NikitaPark/CVE-2023-50164-PoC](https://github.com/NikitaPark/CVE-2023-50164-PoC) - [Trackflaw/CVE-2024-10924-Wordpress-Docker](https://github.com/Trackflaw/CVE-2024-10924-Wordpress-Docker) -### CVE-2023-50226 (2024-05-03) - -Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Updater service. By creating a symbolic link, an attacker can abuse the service to move arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.\n. Was ZDI-CAN-21227. - - +### CVE-2023-50226 - [kn32/parallels-file-move-privesc](https://github.com/kn32/parallels-file-move-privesc) -### CVE-2023-50245 (2023-12-11) - -OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1. - - +### CVE-2023-50245 - [200101WhoAmI/CVE-2023-50245](https://github.com/200101WhoAmI/CVE-2023-50245) -### CVE-2023-50254 (2023-12-22) - -Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue. - - +### CVE-2023-50254 - [febinrev/deepin-linux_reader_RCE-exploit](https://github.com/febinrev/deepin-linux_reader_RCE-exploit) -### CVE-2023-50386 (2024-02-09) - -Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nIn the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.\nWhen backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).\nIf the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.\n\nWhen Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nIn these versions, the following protections have been added:\n\n * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.\n * The Backup API restricts saving backups to directories that are used in the ClassLoader.\n\n - - +### CVE-2023-50386 - [vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC](https://github.com/vvmdx/Apache-Solr-RCE_CVE-2023-50386_POC) -### CVE-2023-50387 (2024-02-14) - -Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. - - +### CVE-2023-50387 - [knqyf263/CVE-2023-50387](https://github.com/knqyf263/CVE-2023-50387) - [Meirelez/SSR-DNSSEC](https://github.com/Meirelez/SSR-DNSSEC) -### CVE-2023-50465 (2023-12-11) - -A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user. - - +### CVE-2023-50465 - [Ev3rR3d/CVE-2023-50465](https://github.com/Ev3rR3d/CVE-2023-50465) -### CVE-2023-50564 (2023-12-14) - -An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. - - +### CVE-2023-50564 - [Rai2en/CVE-2023-50564_Pluck-v4.7.18_PoC](https://github.com/Rai2en/CVE-2023-50564_Pluck-v4.7.18_PoC) - [ipuig/CVE-2023-50564](https://github.com/ipuig/CVE-2023-50564) - [rwexecute/CVE-2023-50564](https://github.com/rwexecute/CVE-2023-50564) @@ -15174,76 +14036,40 @@ ### CVE-2023-50596 - [chandraprarikraj/CVE-2023-50596](https://github.com/chandraprarikraj/CVE-2023-50596) -### CVE-2023-50643 (2024-01-09) - -An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. - - +### CVE-2023-50643 - [giovannipajeu1/CVE-2023-50643](https://github.com/giovannipajeu1/CVE-2023-50643) -### CVE-2023-50685 (2024-05-02) - -An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter. - - +### CVE-2023-50685 - [MaximilianJungblut/Hipcam-RTSP-Format-Validation-Vulnerability](https://github.com/MaximilianJungblut/Hipcam-RTSP-Format-Validation-Vulnerability) -### CVE-2023-50868 (2024-02-14) - -The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. - - +### CVE-2023-50868 - [Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack](https://github.com/Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack) -### CVE-2023-50917 (2023-12-15) - -MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. - - +### CVE-2023-50917 - [Chocapikk/CVE-2023-50917](https://github.com/Chocapikk/CVE-2023-50917) ### CVE-2023-51000 - [Team-Byerus/CVE-2023-51000](https://github.com/Team-Byerus/CVE-2023-51000) -### CVE-2023-51073 (2024-01-11) - -An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. - - +### CVE-2023-51073 - [christopher-pace/CVE-2023-51073](https://github.com/christopher-pace/CVE-2023-51073) ### CVE-2023-51119 - [OscarAkaElvis/CVE-2023-51119](https://github.com/OscarAkaElvis/CVE-2023-51119) -### CVE-2023-51126 (2024-01-10) - -Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. - - +### CVE-2023-51126 - [risuxx/CVE-2023-51126](https://github.com/risuxx/CVE-2023-51126) -### CVE-2023-51127 (2024-01-10) - -FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. - - +### CVE-2023-51127 - [risuxx/CVE-2023-51127](https://github.com/risuxx/CVE-2023-51127) ### CVE-2023-51214 - [chandraprarikraj/CVE-2023-51214](https://github.com/chandraprarikraj/CVE-2023-51214) -### CVE-2023-51281 (2024-03-07) - -Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. - - +### CVE-2023-51281 - [geraldoalcantara/CVE-2023-51281](https://github.com/geraldoalcantara/CVE-2023-51281) -### CVE-2023-51385 (2023-12-18) - -In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. - - +### CVE-2023-51385 - [vin01/poc-proxycommand-vulnerable](https://github.com/vin01/poc-proxycommand-vulnerable) - [FeatherStark/CVE-2023-51385](https://github.com/FeatherStark/CVE-2023-51385) - [watarium/poc-cve-2023-51385](https://github.com/watarium/poc-cve-2023-51385) @@ -15265,25 +14091,13 @@ - [MiningBot-eth/CVE-2023-51385-exploit](https://github.com/MiningBot-eth/CVE-2023-51385-exploit) - [Featherw1t/CVE-2023-51385_test](https://github.com/Featherw1t/CVE-2023-51385_test) -### CVE-2023-51409 (2024-04-12) - -Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.\n\n - - +### CVE-2023-51409 - [RandomRobbieBF/CVE-2023-51409](https://github.com/RandomRobbieBF/CVE-2023-51409) -### CVE-2023-51448 (2023-12-22) - -Cacti provides an operational monitoring and fault management framework. Version 1.2.25 has a Blind SQL Injection (SQLi) vulnerability within the SNMP Notification Receivers feature in the file `‘managers.php’`. An authenticated attacker with the “Settings/Utilities” permission can send a crafted HTTP GET request to the endpoint `‘/cacti/managers.php’` with an SQLi payload in the `‘selected_graphs_array’` HTTP GET parameter. As of time of publication, no patched versions exist. - - +### CVE-2023-51448 - [jakabakos/CVE-2023-51448-cacti-sqli-poc](https://github.com/jakabakos/CVE-2023-51448-cacti-sqli-poc) -### CVE-2023-51467 (2023-12-26) - -The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code\n\n - - +### CVE-2023-51467 - [JaneMandy/CVE-2023-51467](https://github.com/JaneMandy/CVE-2023-51467) - [Chocapikk/CVE-2023-51467](https://github.com/Chocapikk/CVE-2023-51467) - [K3ysTr0K3R/CVE-2023-51467-EXPLOIT](https://github.com/K3ysTr0K3R/CVE-2023-51467-EXPLOIT) @@ -15294,84 +14108,40 @@ - [2ptr/BadBizness-CVE-2023-51467](https://github.com/2ptr/BadBizness-CVE-2023-51467) - [AhmedMansour93/Event-ID-217-Rule-Name-SOC254-Apache-OFBiz-Auth-Bypass-and-Code-Injection-0Day-CVE-2023-51467-](https://github.com/AhmedMansour93/Event-ID-217-Rule-Name-SOC254-Apache-OFBiz-Auth-Bypass-and-Code-Injection-0Day-CVE-2023-51467-) -### CVE-2023-51504 (2024-02-05) - -Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan Dulaney Dan's Embedder for Google Calendar allows Stored XSS.This issue affects Dan's Embedder for Google Calendar: from n/a through 1.2.\n\n - - +### CVE-2023-51504 - [Sybelle03/CVE-2023-51504](https://github.com/Sybelle03/CVE-2023-51504) -### CVE-2023-51518 (2024-02-27) - -Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data.\nGiven a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation.\nNote that by default JMX endpoint is only bound locally.\n\nWe recommend users to:\n - Upgrade to a non-vulnerable Apache James version\n\n - Run Apache James isolated from other processes (docker - dedicated virtual machine)\n - If possible turn off JMX\n\n - - +### CVE-2023-51518 - [mbadanoiu/CVE-2023-51518](https://github.com/mbadanoiu/CVE-2023-51518) -### CVE-2023-51764 (2023-12-24) - -Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9. - - +### CVE-2023-51764 - [duy-31/CVE-2023-51764](https://github.com/duy-31/CVE-2023-51764) - [eeenvik1/CVE-2023-51764](https://github.com/eeenvik1/CVE-2023-51764) - [d4op/CVE-2023-51764-POC](https://github.com/d4op/CVE-2023-51764-POC) - [Double-q1015/CVE-2023-51764](https://github.com/Double-q1015/CVE-2023-51764) -### CVE-2023-51800 (2024-02-29) - -Cross Site Scripting (XSS) vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the main_settings component in the phone, address, bank, acc_name, acc_number parameters, new_class and cname parameter, add_new_parent function in the name email parameters, new_term function in the tname parameter, and the edit_student function in the name parameter. - - +### CVE-2023-51800 - [geraldoalcantara/CVE-2023-51800](https://github.com/geraldoalcantara/CVE-2023-51800) -### CVE-2023-51801 (2024-02-29) - -SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. - - +### CVE-2023-51801 - [geraldoalcantara/CVE-2023-51801](https://github.com/geraldoalcantara/CVE-2023-51801) -### CVE-2023-51802 (2024-02-29) - -Cross Site Scripting (XSS) vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the page or class_month parameter in the /php-attendance/attendance_report component. - - +### CVE-2023-51802 - [geraldoalcantara/CVE-2023-51802](https://github.com/geraldoalcantara/CVE-2023-51802) -### CVE-2023-51810 (2024-01-16) - -SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module. - - +### CVE-2023-51810 - [Pastea/CVE-2023-51810](https://github.com/Pastea/CVE-2023-51810) -### CVE-2023-52160 (2024-02-22) - -The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. - - +### CVE-2023-52160 - [Helica-core/eap_pwn](https://github.com/Helica-core/eap_pwn) -### CVE-2023-52251 (2024-01-25) - -An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. - - +### CVE-2023-52251 - [BobTheShoplifter/CVE-2023-52251-POC](https://github.com/BobTheShoplifter/CVE-2023-52251-POC) -### CVE-2023-52268 (2024-11-12) - -The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub. - - +### CVE-2023-52268 - [squ1dw3rm/CVE-2023-52268](https://github.com/squ1dw3rm/CVE-2023-52268) -### CVE-2023-52654 (2024-05-09) - -In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/af_unix: disable sending io_uring over sockets\n\nFile reference cycles have caused lots of problems for io_uring\nin the past, and it still doesn't work exactly right and races with\nunix_stream_read_generic(). The safest fix would be to completely\ndisallow sending io_uring files via sockets via SCM_RIGHT, so there\nare no possible cycles invloving registered files and thus rendering\nSCM accounting on the io_uring side unnecessary. - - +### CVE-2023-52654 - [FoxyProxys/CVE-2023-52654](https://github.com/FoxyProxys/CVE-2023-52654) ### CVE-2023-52709 @@ -23545,7 +22315,6 @@ A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. -- [jbaines-r7/badblood](https://github.com/jbaines-r7/badblood) - [vesperp/CVE-2021-20038-SonicWall-RCE](https://github.com/vesperp/CVE-2021-20038-SonicWall-RCE) ### CVE-2021-20138 (2021-12-09) @@ -27101,6 +25870,9 @@ - [likeww/CVE-2021-41653](https://github.com/likeww/CVE-2021-41653) +### CVE-2021-41703 +- [Yanoro/CVE-2021-41703](https://github.com/Yanoro/CVE-2021-41703) + ### CVE-2021-41730 - [yezeting/CVE-2021-41730](https://github.com/yezeting/CVE-2021-41730) @@ -43293,6 +42065,7 @@ - [leonardo1101/cve-2017-11176](https://github.com/leonardo1101/cve-2017-11176) - [c3r34lk1ll3r/CVE-2017-11176](https://github.com/c3r34lk1ll3r/CVE-2017-11176) - [Sama-Ayman-Mokhtar/CVE-2017-11176](https://github.com/Sama-Ayman-Mokhtar/CVE-2017-11176) +- [Yanoro/CVE-2017-11176](https://github.com/Yanoro/CVE-2017-11176) ### CVE-2017-11317 (2017-08-23)