mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-28 18:44:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2021/11/05 18:13:07

Browse source
This commit is contained in:
motikan2010-bot 2021-11-06 03:13:07 +09:00
parent 965fd4d7e3
commit 315e633485
30 changed files with 252 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2017/CVE-2017-9805.json
View file

@ -125,10 +125,10 @@
"description": "Exploit script for Apache Struts2 REST Plugin XStream RCE (CVE-2017-9805)",
"fork": false,
"created_at": "2017-11-24T14:46:35Z",
"updated_at": "2021-04-08T02:25:46Z",
"updated_at": "2021-11-05T12:17:34Z",
"pushed_at": "2020-11-26T18:35:29Z",
"stargazers_count": 13,
"watchers_count": 13,
"stargazers_count": 14,
"watchers_count": 14,
"forks_count": 12,
"allow_forking": true,
"is_template": false,
@ -140,7 +140,7 @@
],
"visibility": "public",
"forks": 12,
"watchers": 13,
"watchers": 14,
"score": 0
},
{

4
2018/CVE-2018-4233.json
View file

@ -17,12 +17,12 @@
"pushed_at": "2018-08-17T23:31:46Z",
"stargazers_count": 163,
"watchers_count": 163,
"forks_count": 33,
"forks_count": 32,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 33,
"forks": 32,
"watchers": 163,
"score": 0
}

4
2018/CVE-2018-4441.json
View file

@ -17,7 +17,7 @@
"pushed_at": "2019-03-08T18:42:56Z",
"stargazers_count": 202,
"watchers_count": 202,
"forks_count": 54,
"forks_count": 53,
"allow_forking": true,
"is_template": false,
"topics": [
@ -26,7 +26,7 @@
"webkit"
],
"visibility": "public",
"forks": 54,
"forks": 53,
"watchers": 202,
"score": 0
}

8
2018/CVE-2018-5955.json
View file

@ -40,10 +40,10 @@
"description": "一款功能强大的漏洞扫描器子域名爆破使用aioDNSasyncio异步快速扫描覆盖目标全方位资产进行批量漏洞扫描中间件信息收集自动收集ip代理探测Waf信息时自动使用来保护本机真实Ip在本机Ip被Waf杀死后自动切换代理Ip进行扫描Waf信息收集(国内外100+款waf信息)包括安全狗云锁阿里云云盾腾讯云等提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能",
"fork": false,
"created_at": "2019-12-21T22:45:55Z",
"updated_at": "2021-11-03T12:15:52Z",
"updated_at": "2021-11-05T13:50:09Z",
"pushed_at": "2020-01-05T21:46:25Z",
"stargazers_count": 468,
"watchers_count": 468,
"stargazers_count": 469,
"watchers_count": 469,
"forks_count": 111,
"allow_forking": true,
"is_template": false,
@ -63,7 +63,7 @@
],
"visibility": "public",
"forks": 111,
"watchers": 468,
"watchers": 469,
"score": 0
}
]

8
2018/CVE-2018-8120.json
View file

@ -40,10 +40,10 @@
"description": "CVE-2018-8120 Windows LPE exploit",
"fork": false,
"created_at": "2018-05-19T02:43:15Z",
"updated_at": "2021-10-28T10:54:13Z",
"updated_at": "2021-11-05T15:17:28Z",
"pushed_at": "2018-05-30T13:09:54Z",
"stargazers_count": 467,
"watchers_count": 467,
"stargazers_count": 468,
"watchers_count": 468,
"forks_count": 204,
"allow_forking": true,
"is_template": false,
@ -54,7 +54,7 @@
],
"visibility": "public",
"forks": 204,
"watchers": 467,
"watchers": 468,
"score": 0
},
{

8
2019/CVE-2019-11043.json
View file

@ -13,17 +13,17 @@
"description": "Exploit for CVE-2019-11043",
"fork": false,
"created_at": "2019-09-23T21:37:27Z",
"updated_at": "2021-11-04T16:25:08Z",
"updated_at": "2021-11-05T17:11:24Z",
"pushed_at": "2019-11-12T18:53:14Z",
"stargazers_count": 1686,
"watchers_count": 1686,
"stargazers_count": 1687,
"watchers_count": 1687,
"forks_count": 251,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 251,
"watchers": 1686,
"watchers": 1687,
"score": 0
},
{

4
2019/CVE-2019-11708.json
View file

@ -17,7 +17,7 @@
"pushed_at": "2020-06-13T17:40:14Z",
"stargazers_count": 595,
"watchers_count": 595,
"forks_count": 84,
"forks_count": 83,
"allow_forking": true,
"is_template": false,
"topics": [
@ -30,7 +30,7 @@
"sandbox-escape"
],
"visibility": "public",
"forks": 84,
"forks": 83,
"watchers": 595,
"score": 0
}

8
2019/CVE-2019-12586.json
View file

@ -13,10 +13,10 @@
"description": "Proof of Concept of ESP32\/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588)",
"fork": false,
"created_at": "2019-09-03T15:08:49Z",
"updated_at": "2021-11-05T01:17:49Z",
"updated_at": "2021-11-05T14:01:32Z",
"pushed_at": "2019-09-08T06:09:11Z",
"stargazers_count": 709,
"watchers_count": 709,
"stargazers_count": 710,
"watchers_count": 710,
"forks_count": 61,
"allow_forking": true,
"is_template": false,
@ -29,7 +29,7 @@
],
"visibility": "public",
"forks": 61,
"watchers": 709,
"watchers": 710,
"score": 0
}
]

8
2019/CVE-2019-2215.json
View file

@ -67,17 +67,17 @@
"description": "Temproot for Pixel 2 and Pixel 2 XL via CVE-2019-2215",
"fork": false,
"created_at": "2019-10-14T17:27:37Z",
"updated_at": "2021-11-04T02:56:18Z",
"updated_at": "2021-11-05T17:55:41Z",
"pushed_at": "2019-10-15T01:04:08Z",
"stargazers_count": 83,
"watchers_count": 83,
"stargazers_count": 84,
"watchers_count": 84,
"forks_count": 46,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 46,
"watchers": 83,
"watchers": 84,
"score": 0
},
{

8
2020/CVE-2020-0688.json
View file

@ -241,17 +241,17 @@
"description": "Exploit and detect tools for CVE-2020-0688",
"fork": false,
"created_at": "2020-03-01T12:57:32Z",
"updated_at": "2021-10-22T17:26:18Z",
"updated_at": "2021-11-05T14:46:43Z",
"pushed_at": "2020-03-21T05:44:48Z",
"stargazers_count": 307,
"watchers_count": 307,
"stargazers_count": 308,
"watchers_count": 308,
"forks_count": 75,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 75,
"watchers": 307,
"watchers": 308,
"score": 0
},
{

4
2020/CVE-2020-0796.json
View file

@ -1049,7 +1049,7 @@
"pushed_at": "2020-12-07T20:04:27Z",
"stargazers_count": 1159,
"watchers_count": 1159,
"forks_count": 363,
"forks_count": 364,
"allow_forking": true,
"is_template": false,
"topics": [
@ -1060,7 +1060,7 @@
"smbghost"
],
"visibility": "public",
"forks": 363,
"forks": 364,
"watchers": 1159,
"score": 0
},

8
2020/CVE-2020-15368.json
View file

@ -13,10 +13,10 @@
"description": "CVE-2020-15368, aka \"How to exploit a vulnerable driver\"",
"fork": false,
"created_at": "2021-06-29T04:38:24Z",
"updated_at": "2021-11-01T15:22:10Z",
"updated_at": "2021-11-05T15:15:21Z",
"pushed_at": "2021-10-29T07:46:53Z",
"stargazers_count": 296,
"watchers_count": 296,
"stargazers_count": 297,
"watchers_count": 297,
"forks_count": 30,
"allow_forking": true,
"is_template": false,
@ -28,7 +28,7 @@
],
"visibility": "public",
"forks": 30,
"watchers": 296,
"watchers": 297,
"score": 0
}
]

4
2020/CVE-2020-1938.json
View file

@ -287,12 +287,12 @@
"pushed_at": "2020-02-25T08:55:09Z",
"stargazers_count": 4,
"watchers_count": 4,
"forks_count": 1,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 1,
"forks": 3,
"watchers": 4,
"score": 0
},

8
2020/CVE-2020-6308.json
View file

@ -13,17 +13,17 @@
"description": "PoC CVE-2020-6308",
"fork": false,
"created_at": "2020-12-27T10:37:11Z",
"updated_at": "2021-08-05T02:53:04Z",
"updated_at": "2021-11-05T15:38:22Z",
"pushed_at": "2020-12-29T10:49:49Z",
"stargazers_count": 31,
"watchers_count": 31,
"stargazers_count": 32,
"watchers_count": 32,
"forks_count": 8,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 31,
"watchers": 32,
"score": 0
},
{

16
2021/CVE-2021-1675.json
View file

@ -40,17 +40,17 @@
"description": "C# and Impacket implementation of PrintNightmare CVE-2021-1675\/CVE-2021-34527",
"fork": false,
"created_at": "2021-06-29T17:24:14Z",
"updated_at": "2021-11-05T06:07:15Z",
"updated_at": "2021-11-05T13:09:36Z",
"pushed_at": "2021-07-20T15:28:13Z",
"stargazers_count": 1446,
"watchers_count": 1446,
"stargazers_count": 1447,
"watchers_count": 1447,
"forks_count": 529,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 529,
"watchers": 1446,
"watchers": 1447,
"score": 0
},
{
@ -855,17 +855,17 @@
"description": "PrintNightMare LPE提权漏洞的CS 反射加载插件。开箱即用、通过内存加载、混淆加载的驱动名称来ByPass Defender\/EDR。",
"fork": false,
"created_at": "2021-09-01T11:25:04Z",
"updated_at": "2021-10-24T06:07:42Z",
"updated_at": "2021-11-05T14:47:09Z",
"pushed_at": "2021-09-01T11:25:22Z",
"stargazers_count": 102,
"watchers_count": 102,
"stargazers_count": 103,
"watchers_count": 103,
"forks_count": 15,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 15,
"watchers": 102,
"watchers": 103,
"score": 0
},
{

4
2021/CVE-2021-20837.json
View file

@ -40,8 +40,8 @@
"description": "XMLRPC - RCE in MovableTypePoC",
"fork": false,
"created_at": "2021-10-30T09:15:56Z",
"updated_at": "2021-11-03T17:07:38Z",
"pushed_at": "2021-11-03T17:07:35Z",
"updated_at": "2021-11-05T17:48:04Z",
"pushed_at": "2021-11-05T17:48:01Z",
"stargazers_count": 13,
"watchers_count": 13,
"forks_count": 7,

8
2021/CVE-2021-21972.json
View file

@ -140,17 +140,17 @@
"description": "Proof of Concept Exploit for vCenter CVE-2021-21972",
"fork": false,
"created_at": "2021-02-24T16:31:34Z",
"updated_at": "2021-11-05T09:43:50Z",
"updated_at": "2021-11-05T14:38:25Z",
"pushed_at": "2021-02-25T16:05:02Z",
"stargazers_count": 163,
"watchers_count": 163,
"stargazers_count": 164,
"watchers_count": 164,
"forks_count": 61,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 61,
"watchers": 163,
"watchers": 164,
"score": 0
},
{

76
2021/CVE-2021-22205.json
View file

@ -13,17 +13,17 @@
"description": null,
"fork": false,
"created_at": "2021-06-05T15:42:16Z",
"updated_at": "2021-11-04T15:27:36Z",
"updated_at": "2021-11-05T14:44:40Z",
"pushed_at": "2021-11-02T14:45:24Z",
"stargazers_count": 150,
"watchers_count": 150,
"stargazers_count": 151,
"watchers_count": 151,
"forks_count": 32,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 32,
"watchers": 150,
"watchers": 151,
"score": 0
},
{
@ -121,10 +121,10 @@
"description": "CVE-2021-22205& GitLab CE\/EE RCE",
"fork": false,
"created_at": "2021-10-29T04:30:45Z",
"updated_at": "2021-11-05T06:49:50Z",
"updated_at": "2021-11-05T13:29:13Z",
"pushed_at": "2021-10-29T04:31:15Z",
"stargazers_count": 53,
"watchers_count": 53,
"stargazers_count": 54,
"watchers_count": 54,
"forks_count": 22,
"allow_forking": true,
"is_template": false,
@ -133,7 +133,7 @@
],
"visibility": "public",
"forks": 22,
"watchers": 53,
"watchers": 54,
"score": 0
},
{
@ -231,7 +231,7 @@
"description": "CVE-2021-22205未授权漏洞批量检测与利用工具",
"fork": false,
"created_at": "2021-10-31T04:15:30Z",
"updated_at": "2021-11-05T02:02:48Z",
"updated_at": "2021-11-05T13:26:04Z",
"pushed_at": "2021-11-04T12:49:58Z",
"stargazers_count": 7,
"watchers_count": 7,
@ -368,8 +368,8 @@
"description": null,
"fork": false,
"created_at": "2021-11-05T05:35:10Z",
"updated_at": "2021-11-05T05:35:10Z",
"pushed_at": "2021-11-05T05:35:11Z",
"updated_at": "2021-11-05T16:30:25Z",
"pushed_at": "2021-11-05T16:30:22Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
@ -380,5 +380,59 @@
"forks": 0,
"watchers": 0,
"score": 0
},
{
"id": 425020388,
"name": "Automated-Gitlab-RCE",
"full_name": "X1pe0\/Automated-Gitlab-RCE",
"owner": {
"login": "X1pe0",
"id": 9041120,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9041120?v=4",
"html_url": "https:\/\/github.com\/X1pe0"
},
"html_url": "https:\/\/github.com\/X1pe0\/Automated-Gitlab-RCE",
"description": "Automated Gitlab RCE via CVE-2021-22205",
"fork": false,
"created_at": "2021-11-05T16:48:11Z",
"updated_at": "2021-11-05T16:52:41Z",
"pushed_at": "2021-11-05T16:52:39Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0
},
{
"id": 425022767,
"name": "GitLab-CVE-2021-22205-",
"full_name": "runsel\/GitLab-CVE-2021-22205-",
"owner": {
"login": "runsel",
"id": 10703119,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10703119?v=4",
"html_url": "https:\/\/github.com\/runsel"
},
"html_url": "https:\/\/github.com\/runsel\/GitLab-CVE-2021-22205-",
"description": "Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution",
"fork": false,
"created_at": "2021-11-05T16:56:06Z",
"updated_at": "2021-11-05T17:05:31Z",
"pushed_at": "2021-11-05T17:05:29Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"score": 0
}
]

8
2021/CVE-2021-22986.json
View file

@ -40,17 +40,17 @@
"description": "cve-2021-22986 f5 rce 漏洞批量检测 poc",
"fork": false,
"created_at": "2021-03-19T18:50:22Z",
"updated_at": "2021-09-14T06:13:07Z",
"updated_at": "2021-11-05T14:04:31Z",
"pushed_at": "2021-03-27T10:02:59Z",
"stargazers_count": 24,
"watchers_count": 24,
"stargazers_count": 25,
"watchers_count": 25,
"forks_count": 6,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 6,
"watchers": 24,
"watchers": 25,
"score": 0
},
{

8
2021/CVE-2021-29200.json
View file

@ -13,17 +13,17 @@
"description": null,
"fork": false,
"created_at": "2021-05-11T10:40:20Z",
"updated_at": "2021-09-27T12:36:47Z",
"updated_at": "2021-11-05T15:53:38Z",
"pushed_at": "2021-05-11T10:42:40Z",
"stargazers_count": 27,
"watchers_count": 27,
"stargazers_count": 28,
"watchers_count": 28,
"forks_count": 8,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 27,
"watchers": 28,
"score": 0
}
]

8
2021/CVE-2021-30128.json
View file

@ -40,17 +40,17 @@
"description": "CVE-2021-30128 Apache OFBiz 反序列化漏洞远程代码执行",
"fork": false,
"created_at": "2021-05-04T16:21:55Z",
"updated_at": "2021-09-11T06:01:33Z",
"updated_at": "2021-11-05T15:50:59Z",
"pushed_at": "2021-05-10T02:08:26Z",
"stargazers_count": 14,
"watchers_count": 14,
"stargazers_count": 15,
"watchers_count": 15,
"forks_count": 7,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 7,
"watchers": 14,
"watchers": 15,
"score": 0
}
]

8
2021/CVE-2021-3129.json
View file

@ -179,17 +179,17 @@
"description": "Laravel <= v8.4.2 debug mode: Remote code execution (CVE-2021-3129)",
"fork": false,
"created_at": "2021-02-18T05:42:13Z",
"updated_at": "2021-11-03T17:51:45Z",
"updated_at": "2021-11-05T16:12:57Z",
"pushed_at": "2021-09-09T01:09:31Z",
"stargazers_count": 54,
"watchers_count": 54,
"stargazers_count": 55,
"watchers_count": 55,
"forks_count": 29,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 29,
"watchers": 54,
"watchers": 55,
"score": 0
},
{

8
2021/CVE-2021-3156.json
View file

@ -398,17 +398,17 @@
"description": "PoC for CVE-2021-3156 (sudo heap overflow)",
"fork": false,
"created_at": "2021-01-30T03:22:04Z",
"updated_at": "2021-11-05T00:54:24Z",
"updated_at": "2021-11-05T12:34:51Z",
"pushed_at": "2021-02-08T03:42:50Z",
"stargazers_count": 414,
"watchers_count": 414,
"stargazers_count": 415,
"watchers_count": 415,
"forks_count": 116,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 116,
"watchers": 414,
"watchers": 415,
"score": 0
},
{

29
2021/CVE-2021-33026.json Normal file
View file

@ -0,0 +1,29 @@
[
{
"id": 425043477,
"name": "CVE-2021-33026",
"full_name": "CarlosG13\/CVE-2021-33026",
"owner": {
"login": "CarlosG13",
"id": 69405457,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/69405457?v=4",
"html_url": "https:\/\/github.com\/CarlosG13"
},
"html_url": "https:\/\/github.com\/CarlosG13\/CVE-2021-33026",
"description": "Pickle Serialization Remote Code Execution - Memcached Poisoning",
"fork": false,
"created_at": "2021-11-05T18:11:54Z",
"updated_at": "2021-11-05T18:11:57Z",
"pushed_at": "2021-11-05T18:11:55Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0
}
]

8
2021/CVE-2021-33044.json
View file

@ -40,17 +40,17 @@
"description": "Dahua IPC\/VTH\/VTO devices auth bypass exploit",
"fork": false,
"created_at": "2021-10-18T16:02:41Z",
"updated_at": "2021-10-20T11:13:39Z",
"updated_at": "2021-11-05T14:23:47Z",
"pushed_at": "2021-10-18T16:09:44Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 4,
"watchers": 5,
"score": 0
}
]

8
2021/CVE-2021-3490.json
View file

@ -13,17 +13,17 @@
"description": null,
"fork": false,
"created_at": "2021-06-24T18:50:17Z",
"updated_at": "2021-11-05T08:22:10Z",
"updated_at": "2021-11-05T15:32:46Z",
"pushed_at": "2021-08-25T19:26:21Z",
"stargazers_count": 186,
"watchers_count": 186,
"stargazers_count": 187,
"watchers_count": 187,
"forks_count": 40,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 40,
"watchers": 186,
"watchers": 187,
"score": 0
}
]

4
2021/CVE-2021-40539.json
View file

@ -44,12 +44,12 @@
"pushed_at": "2021-11-03T14:52:06Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"forks": 1,
"watchers": 1,
"score": 0
}

4
2021/CVE-2021-42327.json
View file

@ -13,8 +13,8 @@
"description": "WIP kernel exploit for minor bug i found in amd gpu driver",
"fork": false,
"created_at": "2021-10-28T21:10:29Z",
"updated_at": "2021-11-05T04:08:03Z",
"pushed_at": "2021-11-05T04:08:01Z",
"updated_at": "2021-11-05T18:10:38Z",
"pushed_at": "2021-11-05T18:10:36Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,

4
2021/CVE-2021-42574.json
View file

@ -67,8 +67,8 @@
"description": "Generate malicious files using recently published bidi-attack (CVE-2021-42574)",
"fork": false,
"created_at": "2021-11-02T15:32:38Z",
"updated_at": "2021-11-05T03:01:54Z",
"pushed_at": "2021-11-02T23:44:41Z",
"updated_at": "2021-11-05T16:51:05Z",
"pushed_at": "2021-11-05T16:51:02Z",
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 2,

73
README.md
View file

@ -898,6 +898,8 @@ An issue has been discovered in GitLab CE/EE affecting all versions starting fro
- [shang159/CVE-2021-22205-getshell](https://github.com/shang159/CVE-2021-22205-getshell)
- [devdanqtuan/CVE-2021-22205](https://github.com/devdanqtuan/CVE-2021-22205)
- [hh-hunter/cve-2021-22205](https://github.com/hh-hunter/cve-2021-22205)
- [X1pe0/Automated-Gitlab-RCE](https://github.com/X1pe0/Automated-Gitlab-RCE)
- [runsel/GitLab-CVE-2021-22205-](https://github.com/runsel/GitLab-CVE-2021-22205-)
### CVE-2021-22214 (2021-06-08)
@ -2077,6 +2079,14 @@ Squirrelly is a template engine implemented in JavaScript that works out of the
- [Abady0x1/CVE-2021-32819](https://github.com/Abady0x1/CVE-2021-32819)
### CVE-2021-33026 (2021-05-13)
<code>
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.
</code>
- [CarlosG13/CVE-2021-33026](https://github.com/CarlosG13/CVE-2021-33026)
### CVE-2021-33044 (2021-09-15)
<code>
@ -3155,31 +3165,76 @@ A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Onlin
- [TheHackingRabbi/CVE-2021-42662](https://github.com/TheHackingRabbi/CVE-2021-42662)
### CVE-2021-42663
### CVE-2021-42663 (2021-11-05)
<code>
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.
</code>
- [TheHackingRabbi/CVE-2021-42663](https://github.com/TheHackingRabbi/CVE-2021-42663)
### CVE-2021-42664
### CVE-2021-42664 (2021-11-05)
<code>
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
</code>
- [TheHackingRabbi/CVE-2021-42664](https://github.com/TheHackingRabbi/CVE-2021-42664)
### CVE-2021-42665
### CVE-2021-42665 (2021-11-05)
<code>
An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.
</code>
- [TheHackingRabbi/CVE-2021-42665](https://github.com/TheHackingRabbi/CVE-2021-42665)
### CVE-2021-42666
### CVE-2021-42666 (2021-11-05)
<code>
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
</code>
- [TheHackingRabbi/CVE-2021-42666](https://github.com/TheHackingRabbi/CVE-2021-42666)
### CVE-2021-42667
### CVE-2021-42667 (2021-11-05)
<code>
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
</code>
- [TheHackingRabbi/CVE-2021-42667](https://github.com/TheHackingRabbi/CVE-2021-42667)
### CVE-2021-42668
### CVE-2021-42668 (2021-11-05)
<code>
A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.
</code>
- [TheHackingRabbi/CVE-2021-42668](https://github.com/TheHackingRabbi/CVE-2021-42668)
### CVE-2021-42669
### CVE-2021-42669 (2021-11-05)
<code>
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing &quot;&lt;?php system($_GET[&quot;cmd&quot;]); ?&gt;&quot; the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.
</code>
- [TheHackingRabbi/CVE-2021-42669](https://github.com/TheHackingRabbi/CVE-2021-42669)
### CVE-2021-42670
### CVE-2021-42670 (2021-11-05)
<code>
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
</code>
- [TheHackingRabbi/CVE-2021-42670](https://github.com/TheHackingRabbi/CVE-2021-42670)
### CVE-2021-42671
### CVE-2021-42671 (2021-11-05)
<code>
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
</code>
- [TheHackingRabbi/CVE-2021-42671](https://github.com/TheHackingRabbi/CVE-2021-42671)
### CVE-2021-42694 (2021-10-31)