From 323ceba5f5652a834e695bae7ca11c0d787116a4 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sat, 3 Apr 2021 18:12:08 +0900 Subject: [PATCH] Auto Update 2021/04/03 18:12:08 --- 2017/CVE-2017-11176.json | 4 +- 2018/CVE-2018-0296.json | 23 + 2018/CVE-2018-0952.json | 25 ++ 2018/CVE-2018-1000134.json | 25 ++ 2018/CVE-2018-1000802.json | 25 ++ 2018/CVE-2018-1002105.json | 46 ++ 2018/CVE-2018-10517.json | 25 ++ 2018/CVE-2018-10920.json | 25 ++ 2018/CVE-2018-10933.json | 529 ++++++++++++++++++++++ 2018/CVE-2018-10936.json | 25 ++ 2018/CVE-2018-10949.json | 25 ++ 2018/CVE-2018-11235.json | 23 + 2018/CVE-2018-11759.json | 48 ++ 2018/CVE-2018-11761.json | 25 ++ 2018/CVE-2018-11776.json | 276 ++++++++++++ 2018/CVE-2018-11788.json | 25 ++ 2018/CVE-2018-12018.json | 25 ++ 2018/CVE-2018-12038.json | 25 ++ 2018/CVE-2018-12418.json | 25 ++ 2018/CVE-2018-12463.json | 25 ++ 2018/CVE-2018-12537.json | 25 ++ 2018/CVE-2018-12540.json | 25 ++ 2018/CVE-2018-1259.json | 25 ++ 2018/CVE-2018-12613.json | 23 + 2018/CVE-2018-1270.json | 46 ++ 2018/CVE-2018-1273.json | 46 ++ 2018/CVE-2018-12895.json | 25 ++ 2018/CVE-2018-1313.json | 25 ++ 2018/CVE-2018-1324.json | 25 ++ 2018/CVE-2018-13784.json | 25 ++ 2018/CVE-2018-13864.json | 25 ++ 2018/CVE-2018-14.json | 25 ++ 2018/CVE-2018-14083.json | 25 ++ 2018/CVE-2018-14442.json | 23 + 2018/CVE-2018-14634.json | 25 ++ 2018/CVE-2018-14665.json | 23 + 2018/CVE-2018-14667.json | 92 ++++ 2018/CVE-2018-14729.json | 25 ++ 2018/CVE-2018-14772.json | 25 ++ 2018/CVE-2018-14847.json | 77 +++- 2018/CVE-2018-15131.json | 25 ++ 2018/CVE-2018-15133.json | 23 + 2018/CVE-2018-15365.json | 25 ++ 2018/CVE-2018-15473.json | 92 ++++ 2018/CVE-2018-15499.json | 25 ++ 2018/CVE-2018-15727.json | 25 ++ 2018/CVE-2018-15832.json | 25 ++ 2018/CVE-2018-15912.json | 25 ++ 2018/CVE-2018-15961.json | 46 ++ 2018/CVE-2018-15982.json | 92 ++++ 2018/CVE-2018-16156.json | 25 ++ 2018/CVE-2018-16323.json | 25 ++ 2018/CVE-2018-16370.json | 25 ++ 2018/CVE-2018-16373.json | 25 ++ 2018/CVE-2018-16509.json | 46 ++ 2018/CVE-2018-16711.json | 25 ++ 2018/CVE-2018-16712.json | 25 ++ 2018/CVE-2018-16713.json | 25 ++ 2018/CVE-2018-16875.json | 25 ++ 2018/CVE-2018-16987.json | 25 ++ 2018/CVE-2018-17144.json | 48 ++ 2018/CVE-2018-17182.json | 71 +++ 2018/CVE-2018-17207.json | 25 ++ 2018/CVE-2018-17418.json | 25 ++ 2018/CVE-2018-17456.json | 46 ++ 2018/CVE-2018-17961.json | 25 ++ 2018/CVE-2018-18026.json | 25 ++ 2018/CVE-2018-18387.json | 25 ++ 2018/CVE-2018-18714.json | 25 ++ 2018/CVE-2018-18852.json | 23 + 2018/CVE-2018-19126.json | 25 ++ 2018/CVE-2018-19127.json | 25 ++ 2018/CVE-2018-19131.json | 25 ++ 2018/CVE-2018-19207.json | 23 + 2018/CVE-2018-19518.json | 25 ++ 2018/CVE-2018-19537.json | 25 ++ 2018/CVE-2018-19788.json | 94 ++++ 2018/CVE-2018-19911.json | 25 ++ 2018/CVE-2018-20165.json | 25 ++ 2018/CVE-2018-2628.json | 92 ++++ 2018/CVE-2018-2844.json | 25 ++ 2018/CVE-2018-2879.json | 23 + 2018/CVE-2018-2893.json | 138 ++++++ 2018/CVE-2018-2894.json | 46 ++ 2018/CVE-2018-3191.json | 117 +++++ 2018/CVE-2018-3245.json | 46 ++ 2018/CVE-2018-3252.json | 71 +++ 2018/CVE-2018-4013.json | 48 ++ 2018/CVE-2018-4121.json | 46 ++ 2018/CVE-2018-4233.json | 25 ++ 2018/CVE-2018-4242.json | 25 ++ 2018/CVE-2018-4327.json | 48 ++ 2018/CVE-2018-4330.json | 25 ++ 2018/CVE-2018-4407.json | 253 +++++++++++ 2018/CVE-2018-4415.json | 25 ++ 2018/CVE-2018-4431.json | 25 ++ 2018/CVE-2018-4878.json | 46 ++ 2018/CVE-2018-5740.json | 25 ++ 2018/CVE-2018-5955.json | 23 + 2018/CVE-2018-6389.json | 69 +++ 2018/CVE-2018-6546.json | 23 + 2018/CVE-2018-6574.json | 138 ++++++ 2018/CVE-2018-6643.json | 25 ++ 2018/CVE-2018-6961.json | 23 + 2018/CVE-2018-7422.json | 25 ++ 2018/CVE-2018-7489.json | 25 ++ 2018/CVE-2018-7600.json | 46 ++ 2018/CVE-2018-7602.json | 46 ++ 2018/CVE-2018-7690.json | 25 ++ 2018/CVE-2018-7691.json | 25 ++ 2018/CVE-2018-7750.json | 25 ++ 2018/CVE-2018-8021.json | 25 ++ 2018/CVE-2018-8038.json | 25 ++ 2018/CVE-2018-8039.json | 25 ++ 2018/CVE-2018-8090.json | 25 ++ 2018/CVE-2018-8120.json | 69 +++ 2018/CVE-2018-8172.json | 25 ++ 2018/CVE-2018-8174.json | 46 ++ 2018/CVE-2018-8208.json | 25 ++ 2018/CVE-2018-8353.json | 25 ++ 2018/CVE-2018-8420.json | 25 ++ 2018/CVE-2018-8440.json | 25 ++ 2018/CVE-2018-8453.json | 23 + 2018/CVE-2018-8495.json | 25 ++ 2018/CVE-2018-8581.json | 46 ++ 2018/CVE-2018-8897.json | 23 + 2018/CVE-2018-9075.json | 25 ++ 2018/CVE-2018-9206.json | 71 +++ 2018/CVE-2018-9207.json | 25 ++ 2018/CVE-2018-9208.json | 25 ++ 2018/CVE-2018-9411.json | 25 ++ 2018/CVE-2018-9539.json | 25 ++ 2018/CVE-2018-9948.json | 48 ++ 2018/CVE-2018-9995.json | 46 ++ 2019/CVE-2019-0708.json | 43 +- 2019/CVE-2019-13063.json | 25 ++ 2019/CVE-2019-3396.json | 23 + 2019/CVE-2019-5736.json | 8 +- 2019/CVE-2019-6225.json | 23 + 2020/CVE-2020-0796.json | 4 +- 2020/CVE-2020-14883.json | 8 +- 2020/CVE-2020-5902.json | 8 +- 2021/CVE-2021-1732.json | 8 +- 2021/CVE-2021-21315.json | 2 +- 2021/CVE-2021-21975.json | 8 +- 2021/CVE-2021-25646.json | 8 +- 2021/CVE-2021-26943.json | 8 +- 2021/CVE-2021-3156.json | 2 +- 2021/CVE-2021-3449.json | 8 +- README.md | 882 +++++++++++++++++++++++++++++++++++++ 150 files changed, 6663 insertions(+), 52 deletions(-) create mode 100644 2018/CVE-2018-0952.json create mode 100644 2018/CVE-2018-1000134.json create mode 100644 2018/CVE-2018-1000802.json create mode 100644 2018/CVE-2018-10517.json create mode 100644 2018/CVE-2018-10920.json create mode 100644 2018/CVE-2018-10936.json create mode 100644 2018/CVE-2018-10949.json create mode 100644 2018/CVE-2018-11759.json create mode 100644 2018/CVE-2018-11761.json create mode 100644 2018/CVE-2018-11788.json create mode 100644 2018/CVE-2018-12018.json create mode 100644 2018/CVE-2018-12038.json create mode 100644 2018/CVE-2018-12418.json create mode 100644 2018/CVE-2018-12463.json create mode 100644 2018/CVE-2018-12537.json create mode 100644 2018/CVE-2018-12540.json create mode 100644 2018/CVE-2018-1259.json create mode 100644 2018/CVE-2018-12895.json create mode 100644 2018/CVE-2018-1313.json create mode 100644 2018/CVE-2018-1324.json create mode 100644 2018/CVE-2018-13784.json create mode 100644 2018/CVE-2018-13864.json create mode 100644 2018/CVE-2018-14.json create mode 100644 2018/CVE-2018-14083.json create mode 100644 2018/CVE-2018-14634.json create mode 100644 2018/CVE-2018-14729.json create mode 100644 2018/CVE-2018-14772.json create mode 100644 2018/CVE-2018-15131.json create mode 100644 2018/CVE-2018-15365.json create mode 100644 2018/CVE-2018-15499.json create mode 100644 2018/CVE-2018-15727.json create mode 100644 2018/CVE-2018-15832.json create mode 100644 2018/CVE-2018-15912.json create mode 100644 2018/CVE-2018-16156.json create mode 100644 2018/CVE-2018-16323.json create mode 100644 2018/CVE-2018-16370.json create mode 100644 2018/CVE-2018-16373.json create mode 100644 2018/CVE-2018-16711.json create mode 100644 2018/CVE-2018-16712.json create mode 100644 2018/CVE-2018-16713.json create mode 100644 2018/CVE-2018-16875.json create mode 100644 2018/CVE-2018-16987.json create mode 100644 2018/CVE-2018-17144.json create mode 100644 2018/CVE-2018-17182.json create mode 100644 2018/CVE-2018-17207.json create mode 100644 2018/CVE-2018-17418.json create mode 100644 2018/CVE-2018-17961.json create mode 100644 2018/CVE-2018-18026.json create mode 100644 2018/CVE-2018-18387.json create mode 100644 2018/CVE-2018-18714.json create mode 100644 2018/CVE-2018-19126.json create mode 100644 2018/CVE-2018-19127.json create mode 100644 2018/CVE-2018-19131.json create mode 100644 2018/CVE-2018-19518.json create mode 100644 2018/CVE-2018-19537.json create mode 100644 2018/CVE-2018-19788.json create mode 100644 2018/CVE-2018-19911.json create mode 100644 2018/CVE-2018-20165.json create mode 100644 2018/CVE-2018-2844.json create mode 100644 2018/CVE-2018-3191.json create mode 100644 2018/CVE-2018-3252.json create mode 100644 2018/CVE-2018-4013.json create mode 100644 2018/CVE-2018-4233.json create mode 100644 2018/CVE-2018-4242.json create mode 100644 2018/CVE-2018-4327.json create mode 100644 2018/CVE-2018-4330.json create mode 100644 2018/CVE-2018-4415.json create mode 100644 2018/CVE-2018-4431.json create mode 100644 2018/CVE-2018-5740.json create mode 100644 2018/CVE-2018-6643.json create mode 100644 2018/CVE-2018-7422.json create mode 100644 2018/CVE-2018-7489.json create mode 100644 2018/CVE-2018-7690.json create mode 100644 2018/CVE-2018-7691.json create mode 100644 2018/CVE-2018-7750.json create mode 100644 2018/CVE-2018-8021.json create mode 100644 2018/CVE-2018-8038.json create mode 100644 2018/CVE-2018-8039.json create mode 100644 2018/CVE-2018-8090.json create mode 100644 2018/CVE-2018-8172.json create mode 100644 2018/CVE-2018-8208.json create mode 100644 2018/CVE-2018-8353.json create mode 100644 2018/CVE-2018-8420.json create mode 100644 2018/CVE-2018-8440.json create mode 100644 2018/CVE-2018-8495.json create mode 100644 2018/CVE-2018-9075.json create mode 100644 2018/CVE-2018-9206.json create mode 100644 2018/CVE-2018-9207.json create mode 100644 2018/CVE-2018-9208.json create mode 100644 2018/CVE-2018-9411.json create mode 100644 2018/CVE-2018-9539.json create mode 100644 2018/CVE-2018-9948.json create mode 100644 2019/CVE-2019-13063.json diff --git a/2017/CVE-2017-11176.json b/2017/CVE-2017-11176.json index 59d1b572a2..ac6377650c 100644 --- a/2017/CVE-2017-11176.json +++ b/2017/CVE-2017-11176.json @@ -128,8 +128,8 @@ "description": "Anaysis cve-2017-11176 \/ mq_notify issue", "fork": false, "created_at": "2020-09-15T05:01:34Z", - "updated_at": "2021-03-07T13:36:48Z", - "pushed_at": "2021-03-07T13:36:46Z", + "updated_at": "2021-04-03T05:38:28Z", + "pushed_at": "2021-04-03T05:38:26Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, diff --git a/2018/CVE-2018-0296.json b/2018/CVE-2018-0296.json index 7e3204a949..944f3b3e18 100644 --- a/2018/CVE-2018-0296.json +++ b/2018/CVE-2018-0296.json @@ -67,5 +67,28 @@ "forks": 2, "watchers": 1, "score": 0 + }, + { + "id": 162431036, + "name": "CVE-2018-0296", + "full_name": "qiantu88\/CVE-2018-0296", + "owner": { + "login": "qiantu88", + "id": 35452263, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/35452263?v=4", + "html_url": "https:\/\/github.com\/qiantu88" + }, + "html_url": "https:\/\/github.com\/qiantu88\/CVE-2018-0296", + "description": "https:\/\/github.com\/milo2012\/CVE-2018-0296.git", + "fork": false, + "created_at": "2018-12-19T11:57:43Z", + "updated_at": "2018-12-19T11:59:47Z", + "pushed_at": "2018-12-19T11:59:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-0952.json b/2018/CVE-2018-0952.json new file mode 100644 index 0000000000..3bb7e422a2 --- /dev/null +++ b/2018/CVE-2018-0952.json @@ -0,0 +1,25 @@ +[ + { + "id": 145615979, + "name": "CVE-2018-0952-SystemCollector", + "full_name": "atredispartners\/CVE-2018-0952-SystemCollector", + "owner": { + "login": "atredispartners", + "id": 7254370, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7254370?v=4", + "html_url": "https:\/\/github.com\/atredispartners" + }, + "html_url": "https:\/\/github.com\/atredispartners\/CVE-2018-0952-SystemCollector", + "description": "PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service", + "fork": false, + "created_at": "2018-08-21T20:29:10Z", + "updated_at": "2021-03-25T23:02:29Z", + "pushed_at": "2018-08-21T20:30:24Z", + "stargazers_count": 108, + "watchers_count": 108, + "forks_count": 36, + "forks": 36, + "watchers": 108, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-1000134.json b/2018/CVE-2018-1000134.json new file mode 100644 index 0000000000..0d223efbd5 --- /dev/null +++ b/2018/CVE-2018-1000134.json @@ -0,0 +1,25 @@ +[ + { + "id": 156499957, + "name": "cve-2018-1000134", + "full_name": "dragotime\/cve-2018-1000134", + "owner": { + "login": "dragotime", + "id": 43851975, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43851975?v=4", + "html_url": "https:\/\/github.com\/dragotime" + }, + "html_url": "https:\/\/github.com\/dragotime\/cve-2018-1000134", + "description": null, + "fork": false, + "created_at": "2018-11-07T06:22:47Z", + "updated_at": "2018-11-07T06:22:47Z", + "pushed_at": "2018-11-07T06:22:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-1000802.json b/2018/CVE-2018-1000802.json new file mode 100644 index 0000000000..4f7b78445b --- /dev/null +++ b/2018/CVE-2018-1000802.json @@ -0,0 +1,25 @@ +[ + { + "id": 148814288, + "name": "CVE-2018-1000802-PoC", + "full_name": "tna0y\/CVE-2018-1000802-PoC", + "owner": { + "login": "tna0y", + "id": 22504374, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22504374?v=4", + "html_url": "https:\/\/github.com\/tna0y" + }, + "html_url": "https:\/\/github.com\/tna0y\/CVE-2018-1000802-PoC", + "description": "Python CVE-2018-1000802 Proof-of-Concept", + "fork": false, + "created_at": "2018-09-14T16:22:12Z", + "updated_at": "2020-05-29T07:36:51Z", + "pushed_at": "2018-09-14T16:38:29Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 0, + "forks": 0, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-1002105.json b/2018/CVE-2018-1002105.json index a6a328a259..751425dc0a 100644 --- a/2018/CVE-2018-1002105.json +++ b/2018/CVE-2018-1002105.json @@ -1,4 +1,50 @@ [ + { + "id": 160451056, + "name": "cve-2018-1002105", + "full_name": "gravitational\/cve-2018-1002105", + "owner": { + "login": "gravitational", + "id": 10781132, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10781132?v=4", + "html_url": "https:\/\/github.com\/gravitational" + }, + "html_url": "https:\/\/github.com\/gravitational\/cve-2018-1002105", + "description": "Test utility for cve-2018-1002105", + "fork": false, + "created_at": "2018-12-05T02:51:43Z", + "updated_at": "2021-03-02T14:25:22Z", + "pushed_at": "2018-12-13T16:56:28Z", + "stargazers_count": 193, + "watchers_count": 193, + "forks_count": 25, + "forks": 25, + "watchers": 193, + "score": 0 + }, + { + "id": 160665138, + "name": "poc_CVE-2018-1002105", + "full_name": "evict\/poc_CVE-2018-1002105", + "owner": { + "login": "evict", + "id": 7238650, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7238650?v=4", + "html_url": "https:\/\/github.com\/evict" + }, + "html_url": "https:\/\/github.com\/evict\/poc_CVE-2018-1002105", + "description": "PoC for CVE-2018-1002105.", + "fork": false, + "created_at": "2018-12-06T11:28:02Z", + "updated_at": "2021-03-04T03:16:53Z", + "pushed_at": "2018-12-21T14:34:04Z", + "stargazers_count": 216, + "watchers_count": 216, + "forks_count": 39, + "forks": 39, + "watchers": 216, + "score": 0 + }, { "id": 161109755, "name": "Kubernetes-1.12.3-all-auto-install", diff --git a/2018/CVE-2018-10517.json b/2018/CVE-2018-10517.json new file mode 100644 index 0000000000..b0fa8639f7 --- /dev/null +++ b/2018/CVE-2018-10517.json @@ -0,0 +1,25 @@ +[ + { + "id": 156886365, + "name": "CVE-2018-10517", + "full_name": "0x00-0x00\/CVE-2018-10517", + "owner": { + "login": "0x00-0x00", + "id": 23364530, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23364530?v=4", + "html_url": "https:\/\/github.com\/0x00-0x00" + }, + "html_url": "https:\/\/github.com\/0x00-0x00\/CVE-2018-10517", + "description": "CMS Made Simple 2.2.7 RCE exploit", + "fork": false, + "created_at": "2018-11-09T16:09:39Z", + "updated_at": "2020-06-07T11:21:05Z", + "pushed_at": "2018-11-09T16:09:46Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 4, + "forks": 4, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-10920.json b/2018/CVE-2018-10920.json new file mode 100644 index 0000000000..89a253da63 --- /dev/null +++ b/2018/CVE-2018-10920.json @@ -0,0 +1,25 @@ +[ + { + "id": 167577440, + "name": "CVE-2018-10920_PoC", + "full_name": "shutingrz\/CVE-2018-10920_PoC", + "owner": { + "login": "shutingrz", + "id": 2587857, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2587857?v=4", + "html_url": "https:\/\/github.com\/shutingrz" + }, + "html_url": "https:\/\/github.com\/shutingrz\/CVE-2018-10920_PoC", + "description": "Knot Resolver CVE-2018-10920 \/ DO NOT ABUSE", + "fork": false, + "created_at": "2019-01-25T16:24:49Z", + "updated_at": "2019-01-25T16:26:11Z", + "pushed_at": "2019-01-25T16:26:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-10933.json b/2018/CVE-2018-10933.json index 3daa1578dd..bc39bc37a4 100644 --- a/2018/CVE-2018-10933.json +++ b/2018/CVE-2018-10933.json @@ -1,4 +1,27 @@ [ + { + "id": 153427159, + "name": "CVE-2018-10933", + "full_name": "SoledaD208\/CVE-2018-10933", + "owner": { + "login": "SoledaD208", + "id": 8731578, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8731578?v=4", + "html_url": "https:\/\/github.com\/SoledaD208" + }, + "html_url": "https:\/\/github.com\/SoledaD208\/CVE-2018-10933", + "description": "CVE-2018-10933 very simple POC", + "fork": false, + "created_at": "2018-10-17T09:01:44Z", + "updated_at": "2020-12-18T03:51:25Z", + "pushed_at": "2018-10-23T13:51:06Z", + "stargazers_count": 131, + "watchers_count": 131, + "forks_count": 40, + "forks": 40, + "watchers": 131, + "score": 0 + }, { "id": 153468806, "name": "CVE-2018-10933", @@ -22,6 +45,328 @@ "watchers": 469, "score": 0 }, + { + "id": 153477523, + "name": "CVE-2018-10933", + "full_name": "hook-s3c\/CVE-2018-10933", + "owner": { + "login": "hook-s3c", + "id": 31825993, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/31825993?v=4", + "html_url": "https:\/\/github.com\/hook-s3c" + }, + "html_url": "https:\/\/github.com\/hook-s3c\/CVE-2018-10933", + "description": "CVE-2018-10933 sshlib user authentication attack - docker lab, test and exploit", + "fork": false, + "created_at": "2018-10-17T15:09:41Z", + "updated_at": "2018-10-17T15:09:44Z", + "pushed_at": "2018-10-17T15:09:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 153506738, + "name": "CVE-2018-10933", + "full_name": "kn6869610\/CVE-2018-10933", + "owner": { + "login": "kn6869610", + "id": 6917744, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6917744?v=4", + "html_url": "https:\/\/github.com\/kn6869610" + }, + "html_url": "https:\/\/github.com\/kn6869610\/CVE-2018-10933", + "description": "Leveraging it is a simple matter of presenting the server with the SSH2_MSG_USERAUTH_SUCCESS message, which shows that the login already occurred without a problem. The server expects the message SSH2_MSG_USERAUTH_REQUEST to start the authentication procedure, but by skipping it an attacker can log in without showing any credentials.", + "fork": false, + "created_at": "2018-10-17T18:44:05Z", + "updated_at": "2018-10-22T03:02:27Z", + "pushed_at": "2018-10-17T18:45:30Z", + "stargazers_count": 13, + "watchers_count": 13, + "forks_count": 3, + "forks": 3, + "watchers": 13, + "score": 0 + }, + { + "id": 153534574, + "name": "libssh-scanner", + "full_name": "leapsecurity\/libssh-scanner", + "owner": { + "login": "leapsecurity", + "id": 40601062, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40601062?v=4", + "html_url": "https:\/\/github.com\/leapsecurity" + }, + "html_url": "https:\/\/github.com\/leapsecurity\/libssh-scanner", + "description": "Script to identify hosts vulnerable to CVE-2018-10933", + "fork": false, + "created_at": "2018-10-17T23:05:10Z", + "updated_at": "2021-03-27T04:56:42Z", + "pushed_at": "2018-11-04T17:29:33Z", + "stargazers_count": 230, + "watchers_count": 230, + "forks_count": 55, + "forks": 55, + "watchers": 230, + "score": 0 + }, + { + "id": 153562229, + "name": "CVE-2018-10933_ssh", + "full_name": "likescam\/CVE-2018-10933_ssh", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2018-10933_ssh", + "description": null, + "fork": false, + "created_at": "2018-10-18T04:10:25Z", + "updated_at": "2018-10-18T04:10:39Z", + "pushed_at": "2018-10-18T04:10:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 153562319, + "name": "bpnd-libssh", + "full_name": "trbpnd\/bpnd-libssh", + "owner": { + "login": "trbpnd", + "id": 39193403, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/39193403?v=4", + "html_url": "https:\/\/github.com\/trbpnd" + }, + "html_url": "https:\/\/github.com\/trbpnd\/bpnd-libssh", + "description": "Multi-threaded, reliable scanner for CVE-2018-10933.", + "fork": false, + "created_at": "2018-10-18T04:11:33Z", + "updated_at": "2018-10-23T03:13:35Z", + "pushed_at": "2018-10-22T16:44:13Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 2, + "forks": 2, + "watchers": 5, + "score": 0 + }, + { + "id": 153598283, + "name": "CVE-2018-10933-libSSH-Authentication-Bypass", + "full_name": "likescam\/CVE-2018-10933-libSSH-Authentication-Bypass", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2018-10933-libSSH-Authentication-Bypass", + "description": null, + "fork": false, + "created_at": "2018-10-18T09:27:08Z", + "updated_at": "2018-10-18T16:47:53Z", + "pushed_at": "2018-10-18T09:27:22Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 153643745, + "name": "hunt-for-cve-2018-10933", + "full_name": "marco-lancini\/hunt-for-cve-2018-10933", + "owner": { + "login": "marco-lancini", + "id": 1472968, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1472968?v=4", + "html_url": "https:\/\/github.com\/marco-lancini" + }, + "html_url": "https:\/\/github.com\/marco-lancini\/hunt-for-cve-2018-10933", + "description": "Hunt for and Exploit the libSSH Authentication Bypass (CVE-2018-10933)", + "fork": false, + "created_at": "2018-10-18T15:08:25Z", + "updated_at": "2020-10-25T16:36:25Z", + "pushed_at": "2018-10-18T15:11:35Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 4, + "forks": 4, + "watchers": 10, + "score": 0 + }, + { + "id": 153675108, + "name": "cve-2018-10933", + "full_name": "hackerhouse-opensource\/cve-2018-10933", + "owner": { + "login": "hackerhouse-opensource", + "id": 43967630, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43967630?v=4", + "html_url": "https:\/\/github.com\/hackerhouse-opensource" + }, + "html_url": "https:\/\/github.com\/hackerhouse-opensource\/cve-2018-10933", + "description": "cve-2018-10933 libssh authentication bypass", + "fork": false, + "created_at": "2018-10-18T19:13:45Z", + "updated_at": "2021-02-21T08:07:54Z", + "pushed_at": "2018-10-21T21:24:29Z", + "stargazers_count": 97, + "watchers_count": 97, + "forks_count": 31, + "forks": 31, + "watchers": 97, + "score": 0 + }, + { + "id": 153681539, + "name": "cve-2018-10933", + "full_name": "cve-2018\/cve-2018-10933", + "owner": { + "login": "cve-2018", + "id": 44275695, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44275695?v=4", + "html_url": "https:\/\/github.com\/cve-2018" + }, + "html_url": "https:\/\/github.com\/cve-2018\/cve-2018-10933", + "description": null, + "fork": false, + "created_at": "2018-10-18T20:11:22Z", + "updated_at": "2018-10-23T03:22:26Z", + "pushed_at": "2018-10-23T03:22:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 153855090, + "name": "CVE-2018-10933", + "full_name": "jas502n\/CVE-2018-10933", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-10933", + "description": "libssh CVE-2018-10933", + "fork": false, + "created_at": "2018-10-20T00:24:04Z", + "updated_at": "2019-07-31T09:33:04Z", + "pushed_at": "2018-10-20T00:29:04Z", + "stargazers_count": 19, + "watchers_count": 19, + "forks_count": 5, + "forks": 5, + "watchers": 19, + "score": 0 + }, + { + "id": 153856713, + "name": "cve-2018-10933_poc", + "full_name": "ninp0\/cve-2018-10933_poc", + "owner": { + "login": "ninp0", + "id": 1008583, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1008583?v=4", + "html_url": "https:\/\/github.com\/ninp0" + }, + "html_url": "https:\/\/github.com\/ninp0\/cve-2018-10933_poc", + "description": "Variant of hackerhouse-opensource\/cve-2018-10933", + "fork": false, + "created_at": "2018-10-20T00:53:24Z", + "updated_at": "2018-10-22T15:05:53Z", + "pushed_at": "2018-10-20T01:53:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 153878160, + "name": "CVE-2018-10933_Scanner", + "full_name": "pghook\/CVE-2018-10933_Scanner", + "owner": { + "login": "pghook", + "id": 14160529, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14160529?v=4", + "html_url": "https:\/\/github.com\/pghook" + }, + "html_url": "https:\/\/github.com\/pghook\/CVE-2018-10933_Scanner", + "description": null, + "fork": false, + "created_at": "2018-10-20T06:53:59Z", + "updated_at": "2020-05-15T17:20:56Z", + "pushed_at": "2018-10-20T04:54:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 3, + "forks": 3, + "watchers": 0, + "score": 0 + }, + { + "id": 153920395, + "name": "POC-CVE-2018-10933", + "full_name": "Virgula0\/POC-CVE-2018-10933", + "owner": { + "login": "Virgula0", + "id": 16546435, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16546435?v=4", + "html_url": "https:\/\/github.com\/Virgula0" + }, + "html_url": "https:\/\/github.com\/Virgula0\/POC-CVE-2018-10933", + "description": "LibSSH Authentication Bypass Exploit using RCE", + "fork": false, + "created_at": "2018-10-20T15:34:26Z", + "updated_at": "2021-03-03T11:40:37Z", + "pushed_at": "2018-10-25T18:23:52Z", + "stargazers_count": 12, + "watchers_count": 12, + "forks_count": 8, + "forks": 8, + "watchers": 12, + "score": 0 + }, + { + "id": 153975086, + "name": "pythonprojects-CVE-2018-10933", + "full_name": "shifa123\/pythonprojects-CVE-2018-10933", + "owner": { + "login": "shifa123", + "id": 18241082, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18241082?v=4", + "html_url": "https:\/\/github.com\/shifa123" + }, + "html_url": "https:\/\/github.com\/shifa123\/pythonprojects-CVE-2018-10933", + "description": "CVE-2018-10933", + "fork": false, + "created_at": "2018-10-21T05:01:12Z", + "updated_at": "2021-01-15T03:06:17Z", + "pushed_at": "2018-10-21T05:13:13Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 4, + "forks": 4, + "watchers": 2, + "score": 0 + }, { "id": 154050332, "name": "CVE-2018-10933", @@ -45,6 +390,190 @@ "watchers": 4, "score": 0 }, + { + "id": 154390432, + "name": "CVE-2018-10933", + "full_name": "Bifrozt\/CVE-2018-10933", + "owner": { + "login": "Bifrozt", + "id": 8437560, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8437560?v=4", + "html_url": "https:\/\/github.com\/Bifrozt" + }, + "html_url": "https:\/\/github.com\/Bifrozt\/CVE-2018-10933", + "description": "CVE-2018-10933", + "fork": false, + "created_at": "2018-10-23T20:11:35Z", + "updated_at": "2018-10-23T20:14:53Z", + "pushed_at": "2018-10-23T20:14:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 154398082, + "name": "CVE-2018-10933", + "full_name": "r3dxpl0it\/CVE-2018-10933", + "owner": { + "login": "r3dxpl0it", + "id": 43002597, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43002597?v=4", + "html_url": "https:\/\/github.com\/r3dxpl0it" + }, + "html_url": "https:\/\/github.com\/r3dxpl0it\/CVE-2018-10933", + "description": "CVE-2018-10933 POC (LIBSSH)", + "fork": false, + "created_at": "2018-10-23T21:17:52Z", + "updated_at": "2021-03-03T11:40:35Z", + "pushed_at": "2018-10-24T07:58:27Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 3, + "forks": 3, + "watchers": 2, + "score": 0 + }, + { + "id": 154500673, + "name": "libssh-scanner", + "full_name": "ivanacostarubio\/libssh-scanner", + "owner": { + "login": "ivanacostarubio", + "id": 16559, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16559?v=4", + "html_url": "https:\/\/github.com\/ivanacostarubio" + }, + "html_url": "https:\/\/github.com\/ivanacostarubio\/libssh-scanner", + "description": "A libssh CVE-2018-10933 scanner written in rust", + "fork": false, + "created_at": "2018-10-24T12:52:09Z", + "updated_at": "2019-02-24T23:51:07Z", + "pushed_at": "2018-10-24T12:52:31Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + }, + { + "id": 154520949, + "name": "precompiled-CVE-2018-10933", + "full_name": "throwawayaccount12312312\/precompiled-CVE-2018-10933", + "owner": { + "login": "throwawayaccount12312312", + "id": 44440605, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44440605?v=4", + "html_url": "https:\/\/github.com\/throwawayaccount12312312" + }, + "html_url": "https:\/\/github.com\/throwawayaccount12312312\/precompiled-CVE-2018-10933", + "description": null, + "fork": false, + "created_at": "2018-10-24T15:02:51Z", + "updated_at": "2018-10-24T15:04:19Z", + "pushed_at": "2018-10-24T15:04:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 154621353, + "name": "CVE-2018-10933", + "full_name": "ensimag-security\/CVE-2018-10933", + "owner": { + "login": "ensimag-security", + "id": 44459067, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44459067?v=4", + "html_url": "https:\/\/github.com\/ensimag-security" + }, + "html_url": "https:\/\/github.com\/ensimag-security\/CVE-2018-10933", + "description": null, + "fork": false, + "created_at": "2018-10-25T06:32:06Z", + "updated_at": "2018-11-28T14:11:24Z", + "pushed_at": "2018-11-28T14:14:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 157908147, + "name": "libSSH-bypass", + "full_name": "Ad1bDaw\/libSSH-bypass", + "owner": { + "login": "Ad1bDaw", + "id": 35436703, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/35436703?v=4", + "html_url": "https:\/\/github.com\/Ad1bDaw" + }, + "html_url": "https:\/\/github.com\/Ad1bDaw\/libSSH-bypass", + "description": "Implementation of CVE-2018-10933 with CIDR block scanner ", + "fork": false, + "created_at": "2018-11-16T18:46:28Z", + "updated_at": "2018-11-16T19:00:29Z", + "pushed_at": "2018-11-16T19:00:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 158524069, + "name": "CVE-2018-10933-POC", + "full_name": "sambiyal\/CVE-2018-10933-POC", + "owner": { + "login": "sambiyal", + "id": 25122043, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25122043?v=4", + "html_url": "https:\/\/github.com\/sambiyal" + }, + "html_url": "https:\/\/github.com\/sambiyal\/CVE-2018-10933-POC", + "description": "libSSH bypass", + "fork": false, + "created_at": "2018-11-21T09:34:12Z", + "updated_at": "2018-11-21T09:57:11Z", + "pushed_at": "2018-11-21T09:43:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 162456991, + "name": "LibSSH-Authentication-Bypass", + "full_name": "nikhil1232\/LibSSH-Authentication-Bypass", + "owner": { + "login": "nikhil1232", + "id": 39535219, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/39535219?v=4", + "html_url": "https:\/\/github.com\/nikhil1232" + }, + "html_url": "https:\/\/github.com\/nikhil1232\/LibSSH-Authentication-Bypass", + "description": "LibSSH Authentication Bypass CVE-2018-10933", + "fork": false, + "created_at": "2018-12-19T15:33:00Z", + "updated_at": "2020-01-09T05:02:59Z", + "pushed_at": "2018-12-19T15:46:37Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 1, + "forks": 1, + "watchers": 5, + "score": 0 + }, { "id": 169983604, "name": "LibSSH-exploit", diff --git a/2018/CVE-2018-10936.json b/2018/CVE-2018-10936.json new file mode 100644 index 0000000000..6c6a463ae4 --- /dev/null +++ b/2018/CVE-2018-10936.json @@ -0,0 +1,25 @@ +[ + { + "id": 158224861, + "name": "CVE-2018-10936", + "full_name": "tafamace\/CVE-2018-10936", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-10936", + "description": null, + "fork": false, + "created_at": "2018-11-19T13:09:47Z", + "updated_at": "2018-11-19T13:13:10Z", + "pushed_at": "2018-11-19T13:13:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-10949.json b/2018/CVE-2018-10949.json new file mode 100644 index 0000000000..8947766396 --- /dev/null +++ b/2018/CVE-2018-10949.json @@ -0,0 +1,25 @@ +[ + { + "id": 147528239, + "name": "CVE-2018-10949", + "full_name": "0x00-0x00\/CVE-2018-10949", + "owner": { + "login": "0x00-0x00", + "id": 23364530, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23364530?v=4", + "html_url": "https:\/\/github.com\/0x00-0x00" + }, + "html_url": "https:\/\/github.com\/0x00-0x00\/CVE-2018-10949", + "description": "Zimbra Collaboration Suite Username Enumeration ", + "fork": false, + "created_at": "2018-09-05T14:09:13Z", + "updated_at": "2020-10-20T18:45:33Z", + "pushed_at": "2018-09-05T14:10:09Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 3, + "forks": 3, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-11235.json b/2018/CVE-2018-11235.json index 6dcfc262d4..5acee83a25 100644 --- a/2018/CVE-2018-11235.json +++ b/2018/CVE-2018-11235.json @@ -137,6 +137,29 @@ "watchers": 1, "score": 0 }, + { + "id": 143149359, + "name": "CVE-2018-11235", + "full_name": "knqyf263\/CVE-2018-11235", + "owner": { + "login": "knqyf263", + "id": 2253692, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2253692?v=4", + "html_url": "https:\/\/github.com\/knqyf263" + }, + "html_url": "https:\/\/github.com\/knqyf263\/CVE-2018-11235", + "description": "CVE-2018-11235 (Git)", + "fork": false, + "created_at": "2018-08-01T11:52:54Z", + "updated_at": "2019-04-24T05:32:20Z", + "pushed_at": "2018-11-23T14:34:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 160238249, "name": "CVE-2018-11235", diff --git a/2018/CVE-2018-11759.json b/2018/CVE-2018-11759.json new file mode 100644 index 0000000000..45a1c0eeac --- /dev/null +++ b/2018/CVE-2018-11759.json @@ -0,0 +1,48 @@ +[ + { + "id": 155689679, + "name": "CVE-2018-11759", + "full_name": "immunIT\/CVE-2018-11759", + "owner": { + "login": "immunIT", + "id": 17569882, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/17569882?v=4", + "html_url": "https:\/\/github.com\/immunIT" + }, + "html_url": "https:\/\/github.com\/immunIT\/CVE-2018-11759", + "description": "Proof of concept showing how to exploit the CVE-2018-11759", + "fork": false, + "created_at": "2018-11-01T09:11:07Z", + "updated_at": "2020-07-13T15:43:59Z", + "pushed_at": "2018-12-11T12:59:26Z", + "stargazers_count": 35, + "watchers_count": 35, + "forks_count": 14, + "forks": 14, + "watchers": 35, + "score": 0 + }, + { + "id": 160896534, + "name": "Identificador-CVE-2018-11759", + "full_name": "Jul10l1r4\/Identificador-CVE-2018-11759", + "owner": { + "login": "Jul10l1r4", + "id": 32502168, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/32502168?v=4", + "html_url": "https:\/\/github.com\/Jul10l1r4" + }, + "html_url": "https:\/\/github.com\/Jul10l1r4\/Identificador-CVE-2018-11759", + "description": "This exploit for CVE 2018-11759, vulnerability in apache mod_jk, module for load-balancer", + "fork": false, + "created_at": "2018-12-08T02:32:14Z", + "updated_at": "2020-07-27T00:22:55Z", + "pushed_at": "2019-01-21T20:03:22Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 2, + "forks": 2, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-11761.json b/2018/CVE-2018-11761.json new file mode 100644 index 0000000000..fdf3c644aa --- /dev/null +++ b/2018/CVE-2018-11761.json @@ -0,0 +1,25 @@ +[ + { + "id": 167112093, + "name": "CVE-2018-11761", + "full_name": "brianwrf\/CVE-2018-11761", + "owner": { + "login": "brianwrf", + "id": 8141813, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8141813?v=4", + "html_url": "https:\/\/github.com\/brianwrf" + }, + "html_url": "https:\/\/github.com\/brianwrf\/CVE-2018-11761", + "description": "Apache Tika Denial of Service Vulnerability (CVE-2018-11761)", + "fork": false, + "created_at": "2019-01-23T03:40:26Z", + "updated_at": "2020-03-29T03:51:16Z", + "pushed_at": "2019-01-23T03:44:46Z", + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 0, + "forks": 0, + "watchers": 8, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-11776.json b/2018/CVE-2018-11776.json index 35792e9bae..a64a344f45 100644 --- a/2018/CVE-2018-11776.json +++ b/2018/CVE-2018-11776.json @@ -1,4 +1,27 @@ [ + { + "id": 145897861, + "name": "CVE-2018-11776", + "full_name": "trbpnd\/CVE-2018-11776", + "owner": { + "login": "trbpnd", + "id": 39193403, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/39193403?v=4", + "html_url": "https:\/\/github.com\/trbpnd" + }, + "html_url": "https:\/\/github.com\/trbpnd\/CVE-2018-11776", + "description": "Docker image for a vulnerable struts app", + "fork": false, + "created_at": "2018-08-23T19:25:26Z", + "updated_at": "2018-08-23T19:28:53Z", + "pushed_at": "2018-08-23T19:28:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 145901668, "name": "CVE-2018-11776", @@ -22,6 +45,259 @@ "watchers": 14, "score": 0 }, + { + "id": 145935231, + "name": "CVE-2018-11776", + "full_name": "jiguangin\/CVE-2018-11776", + "owner": { + "login": "jiguangin", + "id": 22545712, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22545712?v=4", + "html_url": "https:\/\/github.com\/jiguangin" + }, + "html_url": "https:\/\/github.com\/jiguangin\/CVE-2018-11776", + "description": "CVE-2018-11776(S2-057) EXPLOIT CODE", + "fork": false, + "created_at": "2018-08-24T03:01:29Z", + "updated_at": "2020-12-29T15:23:34Z", + "pushed_at": "2018-08-24T03:27:02Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 5, + "forks": 5, + "watchers": 10, + "score": 0 + }, + { + "id": 145985371, + "name": "CVE-2018-11776-Python-PoC", + "full_name": "hook-s3c\/CVE-2018-11776-Python-PoC", + "owner": { + "login": "hook-s3c", + "id": 31825993, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/31825993?v=4", + "html_url": "https:\/\/github.com\/hook-s3c" + }, + "html_url": "https:\/\/github.com\/hook-s3c\/CVE-2018-11776-Python-PoC", + "description": "Working Python test and PoC for CVE-2018-11776, includes Docker lab", + "fork": false, + "created_at": "2018-08-24T11:53:02Z", + "updated_at": "2021-03-01T18:21:49Z", + "pushed_at": "2018-08-25T02:14:49Z", + "stargazers_count": 118, + "watchers_count": 118, + "forks_count": 49, + "forks": 49, + "watchers": 118, + "score": 0 + }, + { + "id": 146056002, + "name": "struts-pwn_CVE-2018-11776", + "full_name": "mazen160\/struts-pwn_CVE-2018-11776", + "owner": { + "login": "mazen160", + "id": 8996052, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8996052?v=4", + "html_url": "https:\/\/github.com\/mazen160" + }, + "html_url": "https:\/\/github.com\/mazen160\/struts-pwn_CVE-2018-11776", + "description": " An exploit for Apache Struts CVE-2018-11776", + "fork": false, + "created_at": "2018-08-25T01:53:30Z", + "updated_at": "2021-03-27T09:06:12Z", + "pushed_at": "2018-08-26T02:31:39Z", + "stargazers_count": 299, + "watchers_count": 299, + "forks_count": 102, + "forks": 102, + "watchers": 299, + "score": 0 + }, + { + "id": 146060181, + "name": "CVE-2018-11776", + "full_name": "bhdresh\/CVE-2018-11776", + "owner": { + "login": "bhdresh", + "id": 8931885, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8931885?v=4", + "html_url": "https:\/\/github.com\/bhdresh" + }, + "html_url": "https:\/\/github.com\/bhdresh\/CVE-2018-11776", + "description": "Vulnerable docker container for CVE-2018-11776", + "fork": false, + "created_at": "2018-08-25T03:06:30Z", + "updated_at": "2020-01-06T22:41:00Z", + "pushed_at": "2018-08-25T04:53:35Z", + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 5, + "forks": 5, + "watchers": 8, + "score": 0 + }, + { + "id": 146094544, + "name": "CVE-2018-11776", + "full_name": "knqyf263\/CVE-2018-11776", + "owner": { + "login": "knqyf263", + "id": 2253692, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2253692?v=4", + "html_url": "https:\/\/github.com\/knqyf263" + }, + "html_url": "https:\/\/github.com\/knqyf263\/CVE-2018-11776", + "description": "Environment for CVE-2018-11776 \/ S2-057 (Apache Struts 2)", + "fork": false, + "created_at": "2018-08-25T12:45:15Z", + "updated_at": "2021-01-19T03:50:38Z", + "pushed_at": "2018-08-25T14:20:46Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 2, + "forks": 2, + "watchers": 4, + "score": 0 + }, + { + "id": 146330536, + "name": "Strutter", + "full_name": "Ekultek\/Strutter", + "owner": { + "login": "Ekultek", + "id": 14183473, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14183473?v=4", + "html_url": "https:\/\/github.com\/Ekultek" + }, + "html_url": "https:\/\/github.com\/Ekultek\/Strutter", + "description": "Proof of Concept for CVE-2018-11776", + "fork": false, + "created_at": "2018-08-27T17:22:16Z", + "updated_at": "2020-12-12T20:05:33Z", + "pushed_at": "2018-09-12T14:28:35Z", + "stargazers_count": 20, + "watchers_count": 20, + "forks_count": 3, + "forks": 3, + "watchers": 20, + "score": 0 + }, + { + "id": 146373342, + "name": "cve-2018-11776-docker", + "full_name": "tuxotron\/cve-2018-11776-docker", + "owner": { + "login": "tuxotron", + "id": 937637, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/937637?v=4", + "html_url": "https:\/\/github.com\/tuxotron" + }, + "html_url": "https:\/\/github.com\/tuxotron\/cve-2018-11776-docker", + "description": null, + "fork": false, + "created_at": "2018-08-28T01:14:52Z", + "updated_at": "2019-09-24T14:38:18Z", + "pushed_at": "2018-08-29T17:58:27Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 0, + "forks": 0, + "watchers": 3, + "score": 0 + }, + { + "id": 146519519, + "name": "S2-057-CVE-2018-11776", + "full_name": "brianwrf\/S2-057-CVE-2018-11776", + "owner": { + "login": "brianwrf", + "id": 8141813, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8141813?v=4", + "html_url": "https:\/\/github.com\/brianwrf" + }, + "html_url": "https:\/\/github.com\/brianwrf\/S2-057-CVE-2018-11776", + "description": "A simple exploit for Apache Struts RCE S2-057 (CVE-2018-11776)", + "fork": false, + "created_at": "2018-08-28T23:48:14Z", + "updated_at": "2018-12-23T03:47:07Z", + "pushed_at": "2018-08-29T00:03:56Z", + "stargazers_count": 15, + "watchers_count": 15, + "forks_count": 4, + "forks": 4, + "watchers": 15, + "score": 0 + }, + { + "id": 146650579, + "name": "Apache-Struts-Shodan-Exploit", + "full_name": "649\/Apache-Struts-Shodan-Exploit", + "owner": { + "login": "649", + "id": 23534047, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23534047?v=4", + "html_url": "https:\/\/github.com\/649" + }, + "html_url": "https:\/\/github.com\/649\/Apache-Struts-Shodan-Exploit", + "description": "This tool takes advantage of CVE-2018-11776 and Shodan to perform mass exploitation of verified and vulnerable Apache Struts servers.", + "fork": false, + "created_at": "2018-08-29T19:50:26Z", + "updated_at": "2021-03-25T22:36:46Z", + "pushed_at": "2018-08-30T00:16:01Z", + "stargazers_count": 53, + "watchers_count": 53, + "forks_count": 17, + "forks": 17, + "watchers": 53, + "score": 0 + }, + { + "id": 147746262, + "name": "CVE-2018-11776-Python-PoC", + "full_name": "jezzus\/CVE-2018-11776-Python-PoC", + "owner": { + "login": "jezzus", + "id": 9899999, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9899999?v=4", + "html_url": "https:\/\/github.com\/jezzus" + }, + "html_url": "https:\/\/github.com\/jezzus\/CVE-2018-11776-Python-PoC", + "description": null, + "fork": false, + "created_at": "2018-09-06T23:49:20Z", + "updated_at": "2018-09-06T23:49:20Z", + "pushed_at": "2018-09-06T23:49:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 164352202, + "name": "cve-2018-11776", + "full_name": "cved-sources\/cve-2018-11776", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-11776", + "description": "cve-2018-11776", + "fork": false, + "created_at": "2019-01-06T22:47:25Z", + "updated_at": "2019-09-12T19:52:44Z", + "pushed_at": "2019-02-01T21:29:54Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 2, + "forks": 2, + "watchers": 1, + "score": 0 + }, { "id": 193423029, "name": "apche-struts-vuln-demo-cve-2018-11776", diff --git a/2018/CVE-2018-11788.json b/2018/CVE-2018-11788.json new file mode 100644 index 0000000000..a299ef6997 --- /dev/null +++ b/2018/CVE-2018-11788.json @@ -0,0 +1,25 @@ +[ + { + "id": 164298909, + "name": "CVE-2018-11788", + "full_name": "brianwrf\/CVE-2018-11788", + "owner": { + "login": "brianwrf", + "id": 8141813, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8141813?v=4", + "html_url": "https:\/\/github.com\/brianwrf" + }, + "html_url": "https:\/\/github.com\/brianwrf\/CVE-2018-11788", + "description": "Apache Karaf XXE Vulnerability (CVE-2018-11788)", + "fork": false, + "created_at": "2019-01-06T11:01:39Z", + "updated_at": "2020-03-29T02:47:45Z", + "pushed_at": "2019-01-06T11:50:43Z", + "stargazers_count": 36, + "watchers_count": 36, + "forks_count": 5, + "forks": 5, + "watchers": 36, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12018.json b/2018/CVE-2018-12018.json new file mode 100644 index 0000000000..46fac5724c --- /dev/null +++ b/2018/CVE-2018-12018.json @@ -0,0 +1,25 @@ +[ + { + "id": 153770795, + "name": "CVE-2018-12018", + "full_name": "k3v142\/CVE-2018-12018", + "owner": { + "login": "k3v142", + "id": 12337759, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12337759?v=4", + "html_url": "https:\/\/github.com\/k3v142" + }, + "html_url": "https:\/\/github.com\/k3v142\/CVE-2018-12018", + "description": "EPoD (Ethereum Packet of Death)", + "fork": false, + "created_at": "2018-10-19T11:11:01Z", + "updated_at": "2019-12-14T15:32:33Z", + "pushed_at": "2018-10-20T21:07:42Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 0, + "forks": 0, + "watchers": 5, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12038.json b/2018/CVE-2018-12038.json new file mode 100644 index 0000000000..7f4e8c6f0e --- /dev/null +++ b/2018/CVE-2018-12038.json @@ -0,0 +1,25 @@ +[ + { + "id": 162155985, + "name": "remote-bitlocker-encryption-report", + "full_name": "gdraperi\/remote-bitlocker-encryption-report", + "owner": { + "login": "gdraperi", + "id": 33750242, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/33750242?v=4", + "html_url": "https:\/\/github.com\/gdraperi" + }, + "html_url": "https:\/\/github.com\/gdraperi\/remote-bitlocker-encryption-report", + "description": "PowerShell script to mitigate CVE-2018-12038. The script takes a list of PC as input, gets their BitLocker encryption type remotely, and outputs a report as a CSV file", + "fork": false, + "created_at": "2018-12-17T16:02:26Z", + "updated_at": "2019-02-11T14:30:38Z", + "pushed_at": "2018-12-07T20:11:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12418.json b/2018/CVE-2018-12418.json new file mode 100644 index 0000000000..d9d1b2ef1d --- /dev/null +++ b/2018/CVE-2018-12418.json @@ -0,0 +1,25 @@ +[ + { + "id": 158208279, + "name": "CVE-2018-12418", + "full_name": "tafamace\/CVE-2018-12418", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-12418", + "description": null, + "fork": false, + "created_at": "2018-11-19T11:12:00Z", + "updated_at": "2018-11-19T11:15:44Z", + "pushed_at": "2018-11-19T11:15:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12463.json b/2018/CVE-2018-12463.json new file mode 100644 index 0000000000..e2bd231fb6 --- /dev/null +++ b/2018/CVE-2018-12463.json @@ -0,0 +1,25 @@ +[ + { + "id": 140411928, + "name": "CVE-2018-12463", + "full_name": "alt3kx\/CVE-2018-12463", + "owner": { + "login": "alt3kx", + "id": 3140111, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3140111?v=4", + "html_url": "https:\/\/github.com\/alt3kx" + }, + "html_url": "https:\/\/github.com\/alt3kx\/CVE-2018-12463", + "description": "XML external entity (XXE) vulnerability in \/ssc\/fm-ws\/services in Fortify Software Security Center (SSC) 17.10, 17.20 & 18.10 (0day CVE-2018-12463)", + "fork": false, + "created_at": "2018-07-10T09:51:40Z", + "updated_at": "2021-01-12T12:20:23Z", + "pushed_at": "2018-07-17T08:13:34Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 1, + "forks": 1, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12537.json b/2018/CVE-2018-12537.json new file mode 100644 index 0000000000..c82a70d31d --- /dev/null +++ b/2018/CVE-2018-12537.json @@ -0,0 +1,25 @@ +[ + { + "id": 158209208, + "name": "CVE-2018-12537", + "full_name": "tafamace\/CVE-2018-12537", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-12537", + "description": null, + "fork": false, + "created_at": "2018-11-19T11:18:35Z", + "updated_at": "2018-11-19T11:32:44Z", + "pushed_at": "2018-11-19T11:32:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12540.json b/2018/CVE-2018-12540.json new file mode 100644 index 0000000000..5853ec7161 --- /dev/null +++ b/2018/CVE-2018-12540.json @@ -0,0 +1,25 @@ +[ + { + "id": 158212154, + "name": "CVE-2018-12540", + "full_name": "tafamace\/CVE-2018-12540", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-12540", + "description": null, + "fork": false, + "created_at": "2018-11-19T11:41:16Z", + "updated_at": "2018-11-19T11:46:57Z", + "pushed_at": "2018-11-19T11:46:55Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-1259.json b/2018/CVE-2018-1259.json new file mode 100644 index 0000000000..b82daca8e7 --- /dev/null +++ b/2018/CVE-2018-1259.json @@ -0,0 +1,25 @@ +[ + { + "id": 158194793, + "name": "CVE-2018-1259", + "full_name": "tafamace\/CVE-2018-1259", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-1259", + "description": null, + "fork": false, + "created_at": "2018-11-19T09:25:32Z", + "updated_at": "2018-11-19T09:32:46Z", + "pushed_at": "2018-11-19T09:32:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-12613.json b/2018/CVE-2018-12613.json index e0028c9090..3cc08760cb 100644 --- a/2018/CVE-2018-12613.json +++ b/2018/CVE-2018-12613.json @@ -1,4 +1,27 @@ [ + { + "id": 156870746, + "name": "CVE-2018-12613", + "full_name": "0x00-0x00\/CVE-2018-12613", + "owner": { + "login": "0x00-0x00", + "id": 23364530, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23364530?v=4", + "html_url": "https:\/\/github.com\/0x00-0x00" + }, + "html_url": "https:\/\/github.com\/0x00-0x00\/CVE-2018-12613", + "description": "PHPMyAdmin v4.8.0 and v.4.8.1 LFI exploit", + "fork": false, + "created_at": "2018-11-09T14:10:20Z", + "updated_at": "2020-03-11T07:23:14Z", + "pushed_at": "2018-11-09T14:42:23Z", + "stargazers_count": 6, + "watchers_count": 6, + "forks_count": 3, + "forks": 3, + "watchers": 6, + "score": 0 + }, { "id": 208791479, "name": "CVE-2018-12613", diff --git a/2018/CVE-2018-1270.json b/2018/CVE-2018-1270.json index 349eabd123..d15787e9e0 100644 --- a/2018/CVE-2018-1270.json +++ b/2018/CVE-2018-1270.json @@ -45,6 +45,52 @@ "watchers": 19, "score": 0 }, + { + "id": 158213121, + "name": "CVE-2018-1270", + "full_name": "tafamace\/CVE-2018-1270", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-1270", + "description": null, + "fork": false, + "created_at": "2018-11-19T11:47:40Z", + "updated_at": "2018-11-19T12:00:19Z", + "pushed_at": "2018-11-19T12:00:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 162062968, + "name": "CVE-2018-1270", + "full_name": "Venscor\/CVE-2018-1270", + "owner": { + "login": "Venscor", + "id": 13192497, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/13192497?v=4", + "html_url": "https:\/\/github.com\/Venscor" + }, + "html_url": "https:\/\/github.com\/Venscor\/CVE-2018-1270", + "description": "CVE-2018-1270 表达式RCE环境", + "fork": false, + "created_at": "2018-12-17T02:22:53Z", + "updated_at": "2018-12-17T02:28:09Z", + "pushed_at": "2018-12-17T02:28:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 295839871, "name": "owasp-formation-cve-2018-1270", diff --git a/2018/CVE-2018-1273.json b/2018/CVE-2018-1273.json index 12b1b6f094..67b278b1a8 100644 --- a/2018/CVE-2018-1273.json +++ b/2018/CVE-2018-1273.json @@ -45,6 +45,52 @@ "watchers": 21, "score": 0 }, + { + "id": 151734933, + "name": "poc-cve-2018-1273", + "full_name": "webr0ck\/poc-cve-2018-1273", + "owner": { + "login": "webr0ck", + "id": 30629042, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30629042?v=4", + "html_url": "https:\/\/github.com\/webr0ck" + }, + "html_url": "https:\/\/github.com\/webr0ck\/poc-cve-2018-1273", + "description": null, + "fork": false, + "created_at": "2018-10-05T14:42:07Z", + "updated_at": "2018-10-09T09:26:39Z", + "pushed_at": "2018-10-05T14:42:59Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 3, + "forks": 3, + "watchers": 1, + "score": 0 + }, + { + "id": 166271014, + "name": "cve-2018-1273", + "full_name": "cved-sources\/cve-2018-1273", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-1273", + "description": "cve-2018-1273", + "fork": false, + "created_at": "2019-01-17T17:55:17Z", + "updated_at": "2019-02-01T21:30:32Z", + "pushed_at": "2019-02-01T21:30:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 183995263, "name": "cve-2018-1273", diff --git a/2018/CVE-2018-12895.json b/2018/CVE-2018-12895.json new file mode 100644 index 0000000000..4cbe26e3c5 --- /dev/null +++ b/2018/CVE-2018-12895.json @@ -0,0 +1,25 @@ +[ + { + "id": 139890292, + "name": "cve-2018-12895-hotfix", + "full_name": "bloom-ux\/cve-2018-12895-hotfix", + "owner": { + "login": "bloom-ux", + "id": 22582007, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22582007?v=4", + "html_url": "https:\/\/github.com\/bloom-ux" + }, + "html_url": "https:\/\/github.com\/bloom-ux\/cve-2018-12895-hotfix", + "description": "Hotfix for file deletion to to code execution vulnerability in WordPress", + "fork": false, + "created_at": "2018-07-05T19:09:17Z", + "updated_at": "2018-07-05T19:48:44Z", + "pushed_at": "2018-07-05T19:48:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-1313.json b/2018/CVE-2018-1313.json new file mode 100644 index 0000000000..b9690923e6 --- /dev/null +++ b/2018/CVE-2018-1313.json @@ -0,0 +1,25 @@ +[ + { + "id": 158220324, + "name": "CVE-2018-1313", + "full_name": "tafamace\/CVE-2018-1313", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-1313", + "description": null, + "fork": false, + "created_at": "2018-11-19T12:38:21Z", + "updated_at": "2018-11-19T12:48:53Z", + "pushed_at": "2018-11-19T12:48:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-1324.json b/2018/CVE-2018-1324.json new file mode 100644 index 0000000000..109a44ac95 --- /dev/null +++ b/2018/CVE-2018-1324.json @@ -0,0 +1,25 @@ +[ + { + "id": 158221452, + "name": "CVE-2018-1324", + "full_name": "tafamace\/CVE-2018-1324", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-1324", + "description": null, + "fork": false, + "created_at": "2018-11-19T12:46:37Z", + "updated_at": "2018-11-19T13:04:11Z", + "pushed_at": "2018-11-19T13:04:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-13784.json b/2018/CVE-2018-13784.json new file mode 100644 index 0000000000..7adc138aa6 --- /dev/null +++ b/2018/CVE-2018-13784.json @@ -0,0 +1,25 @@ +[ + { + "id": 141165293, + "name": "prestashop-exploits", + "full_name": "ambionics\/prestashop-exploits", + "owner": { + "login": "ambionics", + "id": 29630660, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/29630660?v=4", + "html_url": "https:\/\/github.com\/ambionics" + }, + "html_url": "https:\/\/github.com\/ambionics\/prestashop-exploits", + "description": "Collection of exploits\/POC for PrestaShop cookie vulnerabilities (CVE-2018-13784)", + "fork": false, + "created_at": "2018-07-16T16:33:41Z", + "updated_at": "2021-03-17T03:38:56Z", + "pushed_at": "2018-07-17T09:02:34Z", + "stargazers_count": 46, + "watchers_count": 46, + "forks_count": 11, + "forks": 11, + "watchers": 46, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-13864.json b/2018/CVE-2018-13864.json new file mode 100644 index 0000000000..8ce59f8fe8 --- /dev/null +++ b/2018/CVE-2018-13864.json @@ -0,0 +1,25 @@ +[ + { + "id": 158196795, + "name": "CVE-2018-13864", + "full_name": "tafamace\/CVE-2018-13864", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-13864", + "description": null, + "fork": false, + "created_at": "2018-11-19T09:40:47Z", + "updated_at": "2018-11-19T09:45:34Z", + "pushed_at": "2018-11-19T09:45:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-14.json b/2018/CVE-2018-14.json new file mode 100644 index 0000000000..5071090734 --- /dev/null +++ b/2018/CVE-2018-14.json @@ -0,0 +1,25 @@ +[ + { + "id": 144012223, + "name": "legacySymfony", + "full_name": "lckJack\/legacySymfony", + "owner": { + "login": "lckJack", + "id": 38405856, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/38405856?v=4", + "html_url": "https:\/\/github.com\/lckJack" + }, + "html_url": "https:\/\/github.com\/lckJack\/legacySymfony", + "description": "Easy script to check if drupal 8.x-8.5.6 is vulnerable to CVE-2018-14.773", + "fork": false, + "created_at": "2018-08-08T12:42:56Z", + "updated_at": "2018-08-08T17:28:27Z", + "pushed_at": "2018-08-08T12:46:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-14083.json b/2018/CVE-2018-14083.json new file mode 100644 index 0000000000..ee85f59c8e --- /dev/null +++ b/2018/CVE-2018-14083.json @@ -0,0 +1,25 @@ +[ + { + "id": 142094467, + "name": "CVE-2018-14083", + "full_name": "pudding2\/CVE-2018-14083", + "owner": { + "login": "pudding2", + "id": 28480779, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/28480779?v=4", + "html_url": "https:\/\/github.com\/pudding2" + }, + "html_url": "https:\/\/github.com\/pudding2\/CVE-2018-14083", + "description": null, + "fork": false, + "created_at": "2018-07-24T02:36:08Z", + "updated_at": "2019-01-14T11:31:59Z", + "pushed_at": "2018-07-24T02:56:28Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-14442.json b/2018/CVE-2018-14442.json index e4b72f95a2..2a2d81a5a1 100644 --- a/2018/CVE-2018-14442.json +++ b/2018/CVE-2018-14442.json @@ -1,4 +1,27 @@ [ + { + "id": 163386526, + "name": "CVE-2018-14442", + "full_name": "payatu\/CVE-2018-14442", + "owner": { + "login": "payatu", + "id": 16715624, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16715624?v=4", + "html_url": "https:\/\/github.com\/payatu" + }, + "html_url": "https:\/\/github.com\/payatu\/CVE-2018-14442", + "description": "PoC for Foxit Reader CVE-2018-14442", + "fork": false, + "created_at": "2018-12-28T08:29:28Z", + "updated_at": "2021-03-26T15:16:17Z", + "pushed_at": "2018-12-28T09:46:29Z", + "stargazers_count": 56, + "watchers_count": 56, + "forks_count": 17, + "forks": 17, + "watchers": 56, + "score": 0 + }, { "id": 215229045, "name": "PS-2018-002---CVE-2018-14442", diff --git a/2018/CVE-2018-14634.json b/2018/CVE-2018-14634.json new file mode 100644 index 0000000000..4bab72572c --- /dev/null +++ b/2018/CVE-2018-14634.json @@ -0,0 +1,25 @@ +[ + { + "id": 152124947, + "name": "cve-2018-14634", + "full_name": "luan0ap\/cve-2018-14634", + "owner": { + "login": "luan0ap", + "id": 26953960, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26953960?v=4", + "html_url": "https:\/\/github.com\/luan0ap" + }, + "html_url": "https:\/\/github.com\/luan0ap\/cve-2018-14634", + "description": "proof-of-concept (PoC) for linux dists based on Debian, CentOS and RedHat - exploit 1", + "fork": false, + "created_at": "2018-10-08T18:12:03Z", + "updated_at": "2020-03-29T03:02:36Z", + "pushed_at": "2018-10-09T16:44:32Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 10, + "forks": 10, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-14665.json b/2018/CVE-2018-14665.json index d2f1c31e95..0340890173 100644 --- a/2018/CVE-2018-14665.json +++ b/2018/CVE-2018-14665.json @@ -1,4 +1,27 @@ [ + { + "id": 154950649, + "name": "CVE-2018-14665", + "full_name": "jas502n\/CVE-2018-14665", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-14665", + "description": "OpenBsd_CVE-2018-14665", + "fork": false, + "created_at": "2018-10-27T10:12:05Z", + "updated_at": "2020-10-26T10:10:05Z", + "pushed_at": "2018-10-27T10:44:35Z", + "stargazers_count": 14, + "watchers_count": 14, + "forks_count": 8, + "forks": 8, + "watchers": 14, + "score": 0 + }, { "id": 155795794, "name": "CVE-2018-14665", diff --git a/2018/CVE-2018-14667.json b/2018/CVE-2018-14667.json index b775e23798..b6046053cf 100644 --- a/2018/CVE-2018-14667.json +++ b/2018/CVE-2018-14667.json @@ -1,4 +1,96 @@ [ + { + "id": 158057391, + "name": "cve-2018-14667", + "full_name": "nareshmail\/cve-2018-14667", + "owner": { + "login": "nareshmail", + "id": 6008091, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6008091?v=4", + "html_url": "https:\/\/github.com\/nareshmail" + }, + "html_url": "https:\/\/github.com\/nareshmail\/cve-2018-14667", + "description": "cve-2018-14667 demo", + "fork": false, + "created_at": "2018-11-18T06:43:46Z", + "updated_at": "2020-04-01T03:46:35Z", + "pushed_at": "2018-11-17T04:13:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 158791727, + "name": "CVE-2018-14667", + "full_name": "zeroto01\/CVE-2018-14667", + "owner": { + "login": "zeroto01", + "id": 45281392, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45281392?v=4", + "html_url": "https:\/\/github.com\/zeroto01" + }, + "html_url": "https:\/\/github.com\/zeroto01\/CVE-2018-14667", + "description": null, + "fork": false, + "created_at": "2018-11-23T06:44:49Z", + "updated_at": "2018-11-27T04:22:10Z", + "pushed_at": "2018-11-23T06:50:53Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 159462372, + "name": "CVE-2018-14667", + "full_name": "r00t4dm\/CVE-2018-14667", + "owner": { + "login": "r00t4dm", + "id": 36941976, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/36941976?v=4", + "html_url": "https:\/\/github.com\/r00t4dm" + }, + "html_url": "https:\/\/github.com\/r00t4dm\/CVE-2018-14667", + "description": "about CVE-2018-14667 from RichFaces Framework 3.3.4", + "fork": false, + "created_at": "2018-11-28T07:35:28Z", + "updated_at": "2018-11-29T02:48:19Z", + "pushed_at": "2018-11-29T02:48:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 159766854, + "name": "CVE-2018-14667", + "full_name": "syriusbughunt\/CVE-2018-14667", + "owner": { + "login": "syriusbughunt", + "id": 45476916, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45476916?v=4", + "html_url": "https:\/\/github.com\/syriusbughunt" + }, + "html_url": "https:\/\/github.com\/syriusbughunt\/CVE-2018-14667", + "description": "All about CVE-2018-14667; From what it is to how to successfully exploit it.", + "fork": false, + "created_at": "2018-11-30T04:06:08Z", + "updated_at": "2021-02-18T03:16:19Z", + "pushed_at": "2018-11-30T07:10:44Z", + "stargazers_count": 41, + "watchers_count": 41, + "forks_count": 11, + "forks": 11, + "watchers": 41, + "score": 0 + }, { "id": 199370771, "name": "cve-2018-14667", diff --git a/2018/CVE-2018-14729.json b/2018/CVE-2018-14729.json new file mode 100644 index 0000000000..706672a827 --- /dev/null +++ b/2018/CVE-2018-14729.json @@ -0,0 +1,25 @@ +[ + { + "id": 146291248, + "name": "CVE-2018-14729", + "full_name": "FoolMitAh\/CVE-2018-14729", + "owner": { + "login": "FoolMitAh", + "id": 23001766, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23001766?v=4", + "html_url": "https:\/\/github.com\/FoolMitAh" + }, + "html_url": "https:\/\/github.com\/FoolMitAh\/CVE-2018-14729", + "description": "Discuz backend getshell", + "fork": false, + "created_at": "2018-08-27T11:58:49Z", + "updated_at": "2020-08-06T02:38:53Z", + "pushed_at": "2018-12-15T10:30:34Z", + "stargazers_count": 82, + "watchers_count": 82, + "forks_count": 21, + "forks": 21, + "watchers": 82, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-14772.json b/2018/CVE-2018-14772.json new file mode 100644 index 0000000000..cecbe13dfc --- /dev/null +++ b/2018/CVE-2018-14772.json @@ -0,0 +1,25 @@ +[ + { + "id": 148241935, + "name": "CVE-2018-14772", + "full_name": "spencerdodd\/CVE-2018-14772", + "owner": { + "login": "spencerdodd", + "id": 9969454, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9969454?v=4", + "html_url": "https:\/\/github.com\/spencerdodd" + }, + "html_url": "https:\/\/github.com\/spencerdodd\/CVE-2018-14772", + "description": "RCE exploit for CVE-2018-14772", + "fork": false, + "created_at": "2018-09-11T01:24:21Z", + "updated_at": "2020-10-21T22:16:16Z", + "pushed_at": "2018-11-01T01:47:17Z", + "stargazers_count": 9, + "watchers_count": 9, + "forks_count": 2, + "forks": 2, + "watchers": 9, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-14847.json b/2018/CVE-2018-14847.json index 6d9087a55b..f25444f329 100644 --- a/2018/CVE-2018-14847.json +++ b/2018/CVE-2018-14847.json @@ -13,13 +13,82 @@ "description": "Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)", "fork": false, "created_at": "2018-06-24T05:34:05Z", - "updated_at": "2021-03-30T13:22:40Z", + "updated_at": "2021-04-03T05:43:03Z", "pushed_at": "2020-10-16T12:09:45Z", - "stargazers_count": 413, - "watchers_count": 413, + "stargazers_count": 412, + "watchers_count": 412, "forks_count": 393, "forks": 393, - "watchers": 413, + "watchers": 412, + "score": 0 + }, + { + "id": 148370201, + "name": "WinboxExploit", + "full_name": "msterusky\/WinboxExploit", + "owner": { + "login": "msterusky", + "id": 29436829, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/29436829?v=4", + "html_url": "https:\/\/github.com\/msterusky" + }, + "html_url": "https:\/\/github.com\/msterusky\/WinboxExploit", + "description": "C# implementation of BasuCert\/WinboxPoC [Winbox Critical Vulnerability (CVE-2018-14847)]", + "fork": false, + "created_at": "2018-09-11T19:36:49Z", + "updated_at": "2021-03-13T16:56:42Z", + "pushed_at": "2018-09-11T20:12:25Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 4, + "forks": 4, + "watchers": 5, + "score": 0 + }, + { + "id": 152906288, + "name": "MikroRoot", + "full_name": "syrex1013\/MikroRoot", + "owner": { + "login": "syrex1013", + "id": 31669127, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/31669127?v=4", + "html_url": "https:\/\/github.com\/syrex1013" + }, + "html_url": "https:\/\/github.com\/syrex1013\/MikroRoot", + "description": "Automated version of CVE-2018-14847 (MikroTik Exploit)", + "fork": false, + "created_at": "2018-10-13T19:17:42Z", + "updated_at": "2020-11-02T06:16:27Z", + "pushed_at": "2018-10-14T08:39:24Z", + "stargazers_count": 13, + "watchers_count": 13, + "forks_count": 2, + "forks": 2, + "watchers": 13, + "score": 0 + }, + { + "id": 161894724, + "name": "CVE-2018-14847", + "full_name": "jas502n\/CVE-2018-14847", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-14847", + "description": "MikroTik RouterOS Winbox未经身份验证的任意文件读\/写漏洞", + "fork": false, + "created_at": "2018-12-15T10:38:26Z", + "updated_at": "2020-09-19T14:14:39Z", + "pushed_at": "2018-12-16T04:15:01Z", + "stargazers_count": 17, + "watchers_count": 17, + "forks_count": 8, + "forks": 8, + "watchers": 17, "score": 0 }, { diff --git a/2018/CVE-2018-15131.json b/2018/CVE-2018-15131.json new file mode 100644 index 0000000000..b7b59636fc --- /dev/null +++ b/2018/CVE-2018-15131.json @@ -0,0 +1,25 @@ +[ + { + "id": 147528539, + "name": "CVE-2018-15131", + "full_name": "0x00-0x00\/CVE-2018-15131", + "owner": { + "login": "0x00-0x00", + "id": 23364530, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23364530?v=4", + "html_url": "https:\/\/github.com\/0x00-0x00" + }, + "html_url": "https:\/\/github.com\/0x00-0x00\/CVE-2018-15131", + "description": "Zimbra Collaboration Suite Username Enumeration ", + "fork": false, + "created_at": "2018-09-05T14:11:16Z", + "updated_at": "2018-10-28T04:05:13Z", + "pushed_at": "2018-09-05T14:11:43Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-15133.json b/2018/CVE-2018-15133.json index 5fc3f75c8b..ab9f2f287f 100644 --- a/2018/CVE-2018-15133.json +++ b/2018/CVE-2018-15133.json @@ -1,4 +1,27 @@ [ + { + "id": 144760095, + "name": "laravel-poc-CVE-2018-15133", + "full_name": "kozmic\/laravel-poc-CVE-2018-15133", + "owner": { + "login": "kozmic", + "id": 6666, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6666?v=4", + "html_url": "https:\/\/github.com\/kozmic" + }, + "html_url": "https:\/\/github.com\/kozmic\/laravel-poc-CVE-2018-15133", + "description": "PoC for CVE-2018-15133 (Laravel unserialize vulnerability)", + "fork": false, + "created_at": "2018-08-14T18:51:50Z", + "updated_at": "2021-03-25T11:02:27Z", + "pushed_at": "2018-09-27T07:32:19Z", + "stargazers_count": 224, + "watchers_count": 224, + "forks_count": 43, + "forks": 43, + "watchers": 224, + "score": 0 + }, { "id": 243072477, "name": "Laravel-CVE-2018-15133", diff --git a/2018/CVE-2018-15365.json b/2018/CVE-2018-15365.json new file mode 100644 index 0000000000..8d6f56f35c --- /dev/null +++ b/2018/CVE-2018-15365.json @@ -0,0 +1,25 @@ +[ + { + "id": 150475298, + "name": "CVE-2018-15365", + "full_name": "nixwizard\/CVE-2018-15365", + "owner": { + "login": "nixwizard", + "id": 3982790, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3982790?v=4", + "html_url": "https:\/\/github.com\/nixwizard" + }, + "html_url": "https:\/\/github.com\/nixwizard\/CVE-2018-15365", + "description": null, + "fork": false, + "created_at": "2018-09-26T18:56:41Z", + "updated_at": "2018-09-27T07:31:12Z", + "pushed_at": "2018-09-27T07:31:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-15473.json b/2018/CVE-2018-15473.json index 2983008e46..79c7901796 100644 --- a/2018/CVE-2018-15473.json +++ b/2018/CVE-2018-15473.json @@ -22,6 +22,29 @@ "watchers": 123, "score": 0 }, + { + "id": 145296891, + "name": "opensshenum", + "full_name": "gbonacini\/opensshenum", + "owner": { + "login": "gbonacini", + "id": 5440458, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5440458?v=4", + "html_url": "https:\/\/github.com\/gbonacini" + }, + "html_url": "https:\/\/github.com\/gbonacini\/opensshenum", + "description": "CVE-2018-15473 - Opensshenum is an user enumerator exploiting an OpenSsh bug", + "fork": false, + "created_at": "2018-08-19T11:23:54Z", + "updated_at": "2019-09-15T11:44:34Z", + "pushed_at": "2018-10-17T12:27:40Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 0, + "forks": 0, + "watchers": 2, + "score": 0 + }, { "id": 145483388, "name": "CVE-2018-15473-Exploit", @@ -114,6 +137,75 @@ "watchers": 7, "score": 0 }, + { + "id": 155492594, + "name": "SSHUsernameBruter-SSHUB", + "full_name": "JoeBlackSecurity\/SSHUsernameBruter-SSHUB", + "owner": { + "login": "JoeBlackSecurity", + "id": 44617164, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44617164?v=4", + "html_url": "https:\/\/github.com\/JoeBlackSecurity" + }, + "html_url": "https:\/\/github.com\/JoeBlackSecurity\/SSHUsernameBruter-SSHUB", + "description": "Fully functional script for brute forcing SSH and trying credentials - CVE-2018-15473", + "fork": false, + "created_at": "2018-10-31T03:23:46Z", + "updated_at": "2020-04-23T05:36:20Z", + "pushed_at": "2018-12-05T12:04:40Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 3, + "forks": 3, + "watchers": 1, + "score": 0 + }, + { + "id": 165318682, + "name": "cve-2018-15473", + "full_name": "cved-sources\/cve-2018-15473", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-15473", + "description": "cve-2018-15473", + "fork": false, + "created_at": "2019-01-11T22:17:08Z", + "updated_at": "2019-02-01T21:35:54Z", + "pushed_at": "2019-02-01T21:35:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 167137381, + "name": "CVE-2018-15473-exp", + "full_name": "LINYIKAI\/CVE-2018-15473-exp", + "owner": { + "login": "LINYIKAI", + "id": 18764303, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18764303?v=4", + "html_url": "https:\/\/github.com\/LINYIKAI" + }, + "html_url": "https:\/\/github.com\/LINYIKAI\/CVE-2018-15473-exp", + "description": "This is a exp of CVE-2018-15473", + "fork": false, + "created_at": "2019-01-23T07:25:21Z", + "updated_at": "2019-09-06T06:03:44Z", + "pushed_at": "2019-01-23T07:30:48Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 4, + "forks": 4, + "watchers": 1, + "score": 0 + }, { "id": 183799054, "name": "enumpossible", diff --git a/2018/CVE-2018-15499.json b/2018/CVE-2018-15499.json new file mode 100644 index 0000000000..fa8ca9e9f9 --- /dev/null +++ b/2018/CVE-2018-15499.json @@ -0,0 +1,25 @@ +[ + { + "id": 145583266, + "name": "CVE-2018-15499", + "full_name": "DownWithUp\/CVE-2018-15499", + "owner": { + "login": "DownWithUp", + "id": 16905064, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16905064?v=4", + "html_url": "https:\/\/github.com\/DownWithUp" + }, + "html_url": "https:\/\/github.com\/DownWithUp\/CVE-2018-15499", + "description": "PoC code for CVE-2018-15499 (exploit race condition for BSoD)", + "fork": false, + "created_at": "2018-08-21T15:26:35Z", + "updated_at": "2021-02-27T22:04:13Z", + "pushed_at": "2018-08-23T12:55:23Z", + "stargazers_count": 9, + "watchers_count": 9, + "forks_count": 5, + "forks": 5, + "watchers": 9, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-15727.json b/2018/CVE-2018-15727.json new file mode 100644 index 0000000000..f1ef7e85e7 --- /dev/null +++ b/2018/CVE-2018-15727.json @@ -0,0 +1,25 @@ +[ + { + "id": 146628899, + "name": "grafana-CVE-2018-15727", + "full_name": "u238\/grafana-CVE-2018-15727", + "owner": { + "login": "u238", + "id": 2368573, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2368573?v=4", + "html_url": "https:\/\/github.com\/u238" + }, + "html_url": "https:\/\/github.com\/u238\/grafana-CVE-2018-15727", + "description": "a small utility to generate a cookie in order to exploit a grafana vulnerability (CVE-2018-15727)", + "fork": false, + "created_at": "2018-08-29T16:35:22Z", + "updated_at": "2020-07-29T06:48:10Z", + "pushed_at": "2018-08-31T20:31:12Z", + "stargazers_count": 21, + "watchers_count": 21, + "forks_count": 7, + "forks": 7, + "watchers": 21, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-15832.json b/2018/CVE-2018-15832.json new file mode 100644 index 0000000000..bb0e42cc39 --- /dev/null +++ b/2018/CVE-2018-15832.json @@ -0,0 +1,25 @@ +[ + { + "id": 148423840, + "name": "Ubisoft-Uplay-Desktop-Client-63.0.5699.0", + "full_name": "JacksonKuo\/Ubisoft-Uplay-Desktop-Client-63.0.5699.0", + "owner": { + "login": "JacksonKuo", + "id": 5520730, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5520730?v=4", + "html_url": "https:\/\/github.com\/JacksonKuo" + }, + "html_url": "https:\/\/github.com\/JacksonKuo\/Ubisoft-Uplay-Desktop-Client-63.0.5699.0", + "description": "CVE-2018-15832", + "fork": false, + "created_at": "2018-09-12T04:59:11Z", + "updated_at": "2018-09-12T05:05:37Z", + "pushed_at": "2018-09-12T05:00:01Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-15912.json b/2018/CVE-2018-15912.json new file mode 100644 index 0000000000..4f4569786e --- /dev/null +++ b/2018/CVE-2018-15912.json @@ -0,0 +1,25 @@ +[ + { + "id": 146484081, + "name": "CVE-2018-15912-PoC", + "full_name": "coderobe\/CVE-2018-15912-PoC", + "owner": { + "login": "coderobe", + "id": 8442384, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8442384?v=4", + "html_url": "https:\/\/github.com\/coderobe" + }, + "html_url": "https:\/\/github.com\/coderobe\/CVE-2018-15912-PoC", + "description": null, + "fork": false, + "created_at": "2018-08-28T17:40:52Z", + "updated_at": "2018-08-30T10:59:24Z", + "pushed_at": "2018-08-28T17:54:24Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 0, + "forks": 0, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-15961.json b/2018/CVE-2018-15961.json index edc568c344..d9f98abfc1 100644 --- a/2018/CVE-2018-15961.json +++ b/2018/CVE-2018-15961.json @@ -1,4 +1,50 @@ [ + { + "id": 160696698, + "name": "CVE-2018-15961", + "full_name": "vah13\/CVE-2018-15961", + "owner": { + "login": "vah13", + "id": 7976421, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7976421?v=4", + "html_url": "https:\/\/github.com\/vah13" + }, + "html_url": "https:\/\/github.com\/vah13\/CVE-2018-15961", + "description": "Unrestricted file upload in Adobe ColdFusion", + "fork": false, + "created_at": "2018-12-06T15:47:57Z", + "updated_at": "2019-10-21T04:12:24Z", + "pushed_at": "2018-12-11T16:06:39Z", + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 5, + "forks": 5, + "watchers": 8, + "score": 0 + }, + { + "id": 166859165, + "name": "cve-2018-15961", + "full_name": "cved-sources\/cve-2018-15961", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-15961", + "description": "cve-2018-15961", + "fork": false, + "created_at": "2019-01-21T18:15:17Z", + "updated_at": "2019-01-21T18:15:36Z", + "pushed_at": "2019-01-21T18:15:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 351227548, "name": "CVE-2018-15961", diff --git a/2018/CVE-2018-15982.json b/2018/CVE-2018-15982.json index 1a00f86092..442ddc57c7 100644 --- a/2018/CVE-2018-15982.json +++ b/2018/CVE-2018-15982.json @@ -1,4 +1,27 @@ [ + { + "id": 160592463, + "name": "CVE-2018-15982", + "full_name": "FlatL1neAPT\/CVE-2018-15982", + "owner": { + "login": "FlatL1neAPT", + "id": 33692082, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/33692082?v=4", + "html_url": "https:\/\/github.com\/FlatL1neAPT" + }, + "html_url": "https:\/\/github.com\/FlatL1neAPT\/CVE-2018-15982", + "description": "Flash sources for CVE-2018-15982 used by NK", + "fork": false, + "created_at": "2018-12-05T23:41:37Z", + "updated_at": "2020-03-30T04:44:32Z", + "pushed_at": "2018-12-05T21:42:10Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 15, + "forks": 15, + "watchers": 1, + "score": 0 + }, { "id": 160650543, "name": "CVE-2018-15982_PoC", @@ -22,6 +45,29 @@ "watchers": 14, "score": 0 }, + { + "id": 161118743, + "name": "CVE-2018-15982_EXP", + "full_name": "Ridter\/CVE-2018-15982_EXP", + "owner": { + "login": "Ridter", + "id": 6007471, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6007471?v=4", + "html_url": "https:\/\/github.com\/Ridter" + }, + "html_url": "https:\/\/github.com\/Ridter\/CVE-2018-15982_EXP", + "description": "exp of CVE-2018-15982", + "fork": false, + "created_at": "2018-12-10T04:53:31Z", + "updated_at": "2021-01-13T19:57:16Z", + "pushed_at": "2019-01-04T09:29:01Z", + "stargazers_count": 180, + "watchers_count": 180, + "forks_count": 65, + "forks": 65, + "watchers": 180, + "score": 0 + }, { "id": 161362902, "name": "adobe-flash-cve2018-15982", @@ -45,6 +91,29 @@ "watchers": 10, "score": 0 }, + { + "id": 161422909, + "name": "CVE-2018-15982_EXP_IE", + "full_name": "jas502n\/CVE-2018-15982_EXP_IE", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-15982_EXP_IE", + "description": "CVE-2018-15982_EXP_IE", + "fork": false, + "created_at": "2018-12-12T02:41:31Z", + "updated_at": "2020-04-06T10:50:19Z", + "pushed_at": "2018-12-12T02:54:01Z", + "stargazers_count": 12, + "watchers_count": 12, + "forks_count": 7, + "forks": 7, + "watchers": 12, + "score": 0 + }, { "id": 161431093, "name": "CVE-2018-15982", @@ -68,6 +137,29 @@ "watchers": 25, "score": 0 }, + { + "id": 162516879, + "name": "CVE-2018-15982", + "full_name": "SyFi\/CVE-2018-15982", + "owner": { + "login": "SyFi", + "id": 26314806, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26314806?v=4", + "html_url": "https:\/\/github.com\/SyFi" + }, + "html_url": "https:\/\/github.com\/SyFi\/CVE-2018-15982", + "description": "Flash 2018-15982 UAF ", + "fork": false, + "created_at": "2018-12-20T02:40:22Z", + "updated_at": "2020-02-13T14:33:56Z", + "pushed_at": "2018-12-20T11:14:56Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 3, + "forks": 3, + "watchers": 5, + "score": 0 + }, { "id": 219955315, "name": "CVE-2018-15982", diff --git a/2018/CVE-2018-16156.json b/2018/CVE-2018-16156.json new file mode 100644 index 0000000000..9897fb732e --- /dev/null +++ b/2018/CVE-2018-16156.json @@ -0,0 +1,25 @@ +[ + { + "id": 161401564, + "name": "CVE-2018-16156-Exploit", + "full_name": "securifera\/CVE-2018-16156-Exploit", + "owner": { + "login": "securifera", + "id": 12126525, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12126525?v=4", + "html_url": "https:\/\/github.com\/securifera" + }, + "html_url": "https:\/\/github.com\/securifera\/CVE-2018-16156-Exploit", + "description": null, + "fork": false, + "created_at": "2018-12-11T22:25:22Z", + "updated_at": "2020-03-30T03:50:41Z", + "pushed_at": "2018-12-11T22:29:58Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16323.json b/2018/CVE-2018-16323.json new file mode 100644 index 0000000000..8d13f3f419 --- /dev/null +++ b/2018/CVE-2018-16323.json @@ -0,0 +1,25 @@ +[ + { + "id": 158098266, + "name": "XBadManners", + "full_name": "ttffdd\/XBadManners", + "owner": { + "login": "ttffdd", + "id": 5412272, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5412272?v=4", + "html_url": "https:\/\/github.com\/ttffdd" + }, + "html_url": "https:\/\/github.com\/ttffdd\/XBadManners", + "description": "Tool for CVE-2018-16323", + "fork": false, + "created_at": "2018-11-18T15:30:46Z", + "updated_at": "2021-03-17T05:55:22Z", + "pushed_at": "2019-01-17T21:01:56Z", + "stargazers_count": 78, + "watchers_count": 78, + "forks_count": 9, + "forks": 9, + "watchers": 78, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16370.json b/2018/CVE-2018-16370.json new file mode 100644 index 0000000000..eb73d14940 --- /dev/null +++ b/2018/CVE-2018-16370.json @@ -0,0 +1,25 @@ +[ + { + "id": 147602690, + "name": "CVE-2018-16370", + "full_name": "snappyJack\/CVE-2018-16370", + "owner": { + "login": "snappyJack", + "id": 16055573, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16055573?v=4", + "html_url": "https:\/\/github.com\/snappyJack" + }, + "html_url": "https:\/\/github.com\/snappyJack\/CVE-2018-16370", + "description": "In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through \/Public\/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.", + "fork": false, + "created_at": "2018-09-06T01:52:47Z", + "updated_at": "2018-09-06T02:02:55Z", + "pushed_at": "2018-09-06T02:02:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16373.json b/2018/CVE-2018-16373.json new file mode 100644 index 0000000000..711ccf0be4 --- /dev/null +++ b/2018/CVE-2018-16373.json @@ -0,0 +1,25 @@ +[ + { + "id": 147603389, + "name": "CVE-2018-16373", + "full_name": "snappyJack\/CVE-2018-16373", + "owner": { + "login": "snappyJack", + "id": 16055573, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16055573?v=4", + "html_url": "https:\/\/github.com\/snappyJack" + }, + "html_url": "https:\/\/github.com\/snappyJack\/CVE-2018-16373", + "description": "Frog CMS 0.9.5 has an Upload > vulnerability that can create files via > \/admin\/?\/plugin\/file_manager\/save", + "fork": false, + "created_at": "2018-09-06T02:00:24Z", + "updated_at": "2018-09-06T02:01:33Z", + "pushed_at": "2018-09-06T02:01:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16509.json b/2018/CVE-2018-16509.json index 46336a2907..b18f21c381 100644 --- a/2018/CVE-2018-16509.json +++ b/2018/CVE-2018-16509.json @@ -22,6 +22,52 @@ "watchers": 20, "score": 0 }, + { + "id": 157982249, + "name": "CVE-2018-16509", + "full_name": "knqyf263\/CVE-2018-16509", + "owner": { + "login": "knqyf263", + "id": 2253692, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2253692?v=4", + "html_url": "https:\/\/github.com\/knqyf263" + }, + "html_url": "https:\/\/github.com\/knqyf263\/CVE-2018-16509", + "description": "CVE-2018-16509 (Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities)", + "fork": false, + "created_at": "2018-11-17T12:26:38Z", + "updated_at": "2020-05-07T13:31:56Z", + "pushed_at": "2019-02-01T05:14:34Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 2, + "forks": 2, + "watchers": 2, + "score": 0 + }, + { + "id": 165319040, + "name": "cve-2018-16509", + "full_name": "cved-sources\/cve-2018-16509", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-16509", + "description": "cve-2018-16509", + "fork": false, + "created_at": "2019-01-11T22:19:46Z", + "updated_at": "2019-01-11T22:20:11Z", + "pushed_at": "2019-01-11T22:20:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 200477390, "name": "CVE-2018-16509", diff --git a/2018/CVE-2018-16711.json b/2018/CVE-2018-16711.json new file mode 100644 index 0000000000..f7951f040b --- /dev/null +++ b/2018/CVE-2018-16711.json @@ -0,0 +1,25 @@ +[ + { + "id": 149358711, + "name": "CVE-2018-16711", + "full_name": "DownWithUp\/CVE-2018-16711", + "owner": { + "login": "DownWithUp", + "id": 16905064, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16905064?v=4", + "html_url": "https:\/\/github.com\/DownWithUp" + }, + "html_url": "https:\/\/github.com\/DownWithUp\/CVE-2018-16711", + "description": "PoC code for CVE-2018-16711 (exploit by wrmsr)", + "fork": false, + "created_at": "2018-09-18T22:18:32Z", + "updated_at": "2021-02-27T22:04:11Z", + "pushed_at": "2018-09-25T12:15:50Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 0, + "forks": 0, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16712.json b/2018/CVE-2018-16712.json new file mode 100644 index 0000000000..fdb79f33c6 --- /dev/null +++ b/2018/CVE-2018-16712.json @@ -0,0 +1,25 @@ +[ + { + "id": 150000695, + "name": "CVE-2018-16712", + "full_name": "DownWithUp\/CVE-2018-16712", + "owner": { + "login": "DownWithUp", + "id": 16905064, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16905064?v=4", + "html_url": "https:\/\/github.com\/DownWithUp" + }, + "html_url": "https:\/\/github.com\/DownWithUp\/CVE-2018-16712", + "description": "PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)", + "fork": false, + "created_at": "2018-09-23T16:03:06Z", + "updated_at": "2021-02-27T22:03:59Z", + "pushed_at": "2018-12-01T23:02:46Z", + "stargazers_count": 24, + "watchers_count": 24, + "forks_count": 5, + "forks": 5, + "watchers": 24, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16713.json b/2018/CVE-2018-16713.json new file mode 100644 index 0000000000..8766f84e7b --- /dev/null +++ b/2018/CVE-2018-16713.json @@ -0,0 +1,25 @@ +[ + { + "id": 148797728, + "name": "CVE-2018-16713", + "full_name": "DownWithUp\/CVE-2018-16713", + "owner": { + "login": "DownWithUp", + "id": 16905064, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16905064?v=4", + "html_url": "https:\/\/github.com\/DownWithUp" + }, + "html_url": "https:\/\/github.com\/DownWithUp\/CVE-2018-16713", + "description": "PoC code for CVE-2018-16713 (exploit by rdmsr)", + "fork": false, + "created_at": "2018-09-14T14:10:22Z", + "updated_at": "2021-02-27T22:04:10Z", + "pushed_at": "2018-09-25T12:15:56Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 0, + "forks": 0, + "watchers": 3, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16875.json b/2018/CVE-2018-16875.json new file mode 100644 index 0000000000..271ac7ddb3 --- /dev/null +++ b/2018/CVE-2018-16875.json @@ -0,0 +1,25 @@ +[ + { + "id": 161712530, + "name": "poc-cve-2018-16875", + "full_name": "alexzorin\/poc-cve-2018-16875", + "owner": { + "login": "alexzorin", + "id": 311534, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/311534?v=4", + "html_url": "https:\/\/github.com\/alexzorin" + }, + "html_url": "https:\/\/github.com\/alexzorin\/poc-cve-2018-16875", + "description": null, + "fork": false, + "created_at": "2018-12-14T00:53:46Z", + "updated_at": "2020-04-06T10:49:41Z", + "pushed_at": "2018-12-14T00:54:01Z", + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 3, + "forks": 3, + "watchers": 8, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-16987.json b/2018/CVE-2018-16987.json new file mode 100644 index 0000000000..3022ca9e77 --- /dev/null +++ b/2018/CVE-2018-16987.json @@ -0,0 +1,25 @@ +[ + { + "id": 148659258, + "name": "CVE-2018-16987", + "full_name": "gquere\/CVE-2018-16987", + "owner": { + "login": "gquere", + "id": 1585000, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1585000?v=4", + "html_url": "https:\/\/github.com\/gquere" + }, + "html_url": "https:\/\/github.com\/gquere\/CVE-2018-16987", + "description": "Details about CVE-2018-16987 - Cleartext storage of TA servers' passwords in Squash TM", + "fork": false, + "created_at": "2018-09-13T15:32:48Z", + "updated_at": "2018-09-14T06:17:55Z", + "pushed_at": "2018-09-13T16:47:29Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-17144.json b/2018/CVE-2018-17144.json new file mode 100644 index 0000000000..36ce860464 --- /dev/null +++ b/2018/CVE-2018-17144.json @@ -0,0 +1,48 @@ +[ + { + "id": 152480350, + "name": "ban-exploitable-bitcoin-nodes", + "full_name": "iioch\/ban-exploitable-bitcoin-nodes", + "owner": { + "login": "iioch", + "id": 18705326, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18705326?v=4", + "html_url": "https:\/\/github.com\/iioch" + }, + "html_url": "https:\/\/github.com\/iioch\/ban-exploitable-bitcoin-nodes", + "description": "Ban all denial-of-service vulnerability exploitable nodes from your node CVE-2018-17144 ", + "fork": false, + "created_at": "2018-10-10T19:44:09Z", + "updated_at": "2018-10-16T13:56:34Z", + "pushed_at": "2018-10-10T20:08:45Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + }, + { + "id": 155528435, + "name": "CVE-2018-17144_POC", + "full_name": "hikame\/CVE-2018-17144_POC", + "owner": { + "login": "hikame", + "id": 6397196, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6397196?v=4", + "html_url": "https:\/\/github.com\/hikame" + }, + "html_url": "https:\/\/github.com\/hikame\/CVE-2018-17144_POC", + "description": "Put the *.py files to test\/functional folder of bitcoin sourcecode (commit: 4901c00792c1dabae4bb01e6373c9b1ed9ef3008)", + "fork": false, + "created_at": "2018-10-31T09:07:35Z", + "updated_at": "2020-12-05T14:05:15Z", + "pushed_at": "2018-11-12T10:11:00Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 6, + "forks": 6, + "watchers": 10, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-17182.json b/2018/CVE-2018-17182.json new file mode 100644 index 0000000000..cd766d6e03 --- /dev/null +++ b/2018/CVE-2018-17182.json @@ -0,0 +1,71 @@ +[ + { + "id": 150880187, + "name": "CVE-2018-17182", + "full_name": "jas502n\/CVE-2018-17182", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-17182", + "description": "Linux 内核VMA-UAF 提权漏洞(CVE-2018-17182),0day", + "fork": false, + "created_at": "2018-09-29T15:58:55Z", + "updated_at": "2021-02-18T02:36:02Z", + "pushed_at": "2018-10-02T09:03:37Z", + "stargazers_count": 119, + "watchers_count": 119, + "forks_count": 49, + "forks": 49, + "watchers": 119, + "score": 0 + }, + { + "id": 151031561, + "name": "CVE-2018-17182", + "full_name": "likescam\/CVE-2018-17182", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2018-17182", + "description": null, + "fork": false, + "created_at": "2018-10-01T03:20:05Z", + "updated_at": "2018-10-01T03:20:17Z", + "pushed_at": "2018-10-01T03:20:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 151032211, + "name": "vmacache_CVE-2018-17182", + "full_name": "likescam\/vmacache_CVE-2018-17182", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/vmacache_CVE-2018-17182", + "description": null, + "fork": false, + "created_at": "2018-10-01T03:29:04Z", + "updated_at": "2018-10-01T16:07:20Z", + "pushed_at": "2018-10-01T03:34:18Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-17207.json b/2018/CVE-2018-17207.json new file mode 100644 index 0000000000..edd308e17e --- /dev/null +++ b/2018/CVE-2018-17207.json @@ -0,0 +1,25 @@ +[ + { + "id": 168757000, + "name": "cve-2018-17207", + "full_name": "cved-sources\/cve-2018-17207", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-17207", + "description": "cve-2018-17207", + "fork": false, + "created_at": "2019-02-01T20:36:08Z", + "updated_at": "2019-02-01T20:46:34Z", + "pushed_at": "2019-02-01T20:46:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-17418.json b/2018/CVE-2018-17418.json new file mode 100644 index 0000000000..2a99e71cf9 --- /dev/null +++ b/2018/CVE-2018-17418.json @@ -0,0 +1,25 @@ +[ + { + "id": 149421281, + "name": "monstra_cms-3.0.4--getshell", + "full_name": "AlwaysHereFight\/monstra_cms-3.0.4--getshell", + "owner": { + "login": "AlwaysHereFight", + "id": 21152658, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/21152658?v=4", + "html_url": "https:\/\/github.com\/AlwaysHereFight" + }, + "html_url": "https:\/\/github.com\/AlwaysHereFight\/monstra_cms-3.0.4--getshell", + "description": "monstra_cms-3.0.4-上传getshell CVE-2018-17418", + "fork": false, + "created_at": "2018-09-19T08:54:45Z", + "updated_at": "2018-10-09T06:40:44Z", + "pushed_at": "2018-09-24T15:58:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-17456.json b/2018/CVE-2018-17456.json index acd7963853..bf29a931f7 100644 --- a/2018/CVE-2018-17456.json +++ b/2018/CVE-2018-17456.json @@ -1,4 +1,50 @@ [ + { + "id": 154035813, + "name": "CVE-2018-17456", + "full_name": "shpik-kr\/CVE-2018-17456", + "owner": { + "login": "shpik-kr", + "id": 12602773, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/12602773?v=4", + "html_url": "https:\/\/github.com\/shpik-kr" + }, + "html_url": "https:\/\/github.com\/shpik-kr\/CVE-2018-17456", + "description": "1-day", + "fork": false, + "created_at": "2018-10-21T17:46:10Z", + "updated_at": "2018-10-23T11:22:27Z", + "pushed_at": "2018-10-23T11:22:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 156715728, + "name": "CVE-2018-17456", + "full_name": "matlink\/CVE-2018-17456", + "owner": { + "login": "matlink", + "id": 4450078, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4450078?v=4", + "html_url": "https:\/\/github.com\/matlink" + }, + "html_url": "https:\/\/github.com\/matlink\/CVE-2018-17456", + "description": null, + "fork": false, + "created_at": "2018-11-08T14:03:52Z", + "updated_at": "2018-11-08T14:21:16Z", + "pushed_at": "2018-11-08T14:21:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 190417594, "name": "CVE-2018-17456", diff --git a/2018/CVE-2018-17961.json b/2018/CVE-2018-17961.json new file mode 100644 index 0000000000..ca4e101a45 --- /dev/null +++ b/2018/CVE-2018-17961.json @@ -0,0 +1,25 @@ +[ + { + "id": 155720048, + "name": "CVE-2018-17961", + "full_name": "matlink\/CVE-2018-17961", + "owner": { + "login": "matlink", + "id": 4450078, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4450078?v=4", + "html_url": "https:\/\/github.com\/matlink" + }, + "html_url": "https:\/\/github.com\/matlink\/CVE-2018-17961", + "description": null, + "fork": false, + "created_at": "2018-11-01T13:33:12Z", + "updated_at": "2019-09-02T09:36:54Z", + "pushed_at": "2018-11-01T13:33:34Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-18026.json b/2018/CVE-2018-18026.json new file mode 100644 index 0000000000..abfd213f02 --- /dev/null +++ b/2018/CVE-2018-18026.json @@ -0,0 +1,25 @@ +[ + { + "id": 153657332, + "name": "CVE-2018-18026", + "full_name": "DownWithUp\/CVE-2018-18026", + "owner": { + "login": "DownWithUp", + "id": 16905064, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16905064?v=4", + "html_url": "https:\/\/github.com\/DownWithUp" + }, + "html_url": "https:\/\/github.com\/DownWithUp\/CVE-2018-18026", + "description": "PoC Code for CVE-2018-18026 (exploit by stack overflow)", + "fork": false, + "created_at": "2018-10-18T16:51:26Z", + "updated_at": "2021-02-27T22:04:04Z", + "pushed_at": "2018-11-07T04:00:59Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 0, + "forks": 0, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-18387.json b/2018/CVE-2018-18387.json new file mode 100644 index 0000000000..176611dbcc --- /dev/null +++ b/2018/CVE-2018-18387.json @@ -0,0 +1,25 @@ +[ + { + "id": 153663293, + "name": "CVE-2018-18387", + "full_name": "TheeBlind\/CVE-2018-18387", + "owner": { + "login": "TheeBlind", + "id": 26583110, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26583110?v=4", + "html_url": "https:\/\/github.com\/TheeBlind" + }, + "html_url": "https:\/\/github.com\/TheeBlind\/CVE-2018-18387", + "description": "playSMS < = 1.4.2 - Privilege escalation", + "fork": false, + "created_at": "2018-10-18T17:40:42Z", + "updated_at": "2021-03-03T11:40:30Z", + "pushed_at": "2018-10-26T16:00:05Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 3, + "forks": 3, + "watchers": 3, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-18714.json b/2018/CVE-2018-18714.json new file mode 100644 index 0000000000..192331e4f9 --- /dev/null +++ b/2018/CVE-2018-18714.json @@ -0,0 +1,25 @@ +[ + { + "id": 155772208, + "name": "CVE-2018-18714", + "full_name": "DownWithUp\/CVE-2018-18714", + "owner": { + "login": "DownWithUp", + "id": 16905064, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16905064?v=4", + "html_url": "https:\/\/github.com\/DownWithUp" + }, + "html_url": "https:\/\/github.com\/DownWithUp\/CVE-2018-18714", + "description": "PoC Code for CVE-2018-18714 (exploit by stack overflow)", + "fork": false, + "created_at": "2018-11-01T20:31:50Z", + "updated_at": "2021-02-27T22:04:02Z", + "pushed_at": "2018-11-09T21:08:46Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 0, + "forks": 0, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-18852.json b/2018/CVE-2018-18852.json index 82b5c11cc8..bdb0a7951f 100644 --- a/2018/CVE-2018-18852.json +++ b/2018/CVE-2018-18852.json @@ -1,4 +1,27 @@ [ + { + "id": 167646347, + "name": "CVE-2018-18852", + "full_name": "hook-s3c\/CVE-2018-18852", + "owner": { + "login": "hook-s3c", + "id": 31825993, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/31825993?v=4", + "html_url": "https:\/\/github.com\/hook-s3c" + }, + "html_url": "https:\/\/github.com\/hook-s3c\/CVE-2018-18852", + "description": "CERIO RCE CVE-2018-18852, authenticated (vendor defaults) web-based RCE as root user.", + "fork": false, + "created_at": "2019-01-26T03:41:24Z", + "updated_at": "2021-02-07T12:15:05Z", + "pushed_at": "2019-01-26T03:49:09Z", + "stargazers_count": 42, + "watchers_count": 42, + "forks_count": 15, + "forks": 15, + "watchers": 42, + "score": 0 + }, { "id": 197655822, "name": "CVE-2018-18852", diff --git a/2018/CVE-2018-19126.json b/2018/CVE-2018-19126.json new file mode 100644 index 0000000000..a5ba09aeaf --- /dev/null +++ b/2018/CVE-2018-19126.json @@ -0,0 +1,25 @@ +[ + { + "id": 159935158, + "name": "PrestaShop-CVE-2018-19126", + "full_name": "farisv\/PrestaShop-CVE-2018-19126", + "owner": { + "login": "farisv", + "id": 44131180, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44131180?v=4", + "html_url": "https:\/\/github.com\/farisv" + }, + "html_url": "https:\/\/github.com\/farisv\/PrestaShop-CVE-2018-19126", + "description": "PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4) Back Office Remote Code Execution (CVE-2018-19126)", + "fork": false, + "created_at": "2018-12-01T10:53:45Z", + "updated_at": "2020-11-28T10:03:37Z", + "pushed_at": "2018-12-12T22:11:45Z", + "stargazers_count": 38, + "watchers_count": 38, + "forks_count": 7, + "forks": 7, + "watchers": 38, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19127.json b/2018/CVE-2018-19127.json new file mode 100644 index 0000000000..5b897e73ff --- /dev/null +++ b/2018/CVE-2018-19127.json @@ -0,0 +1,25 @@ +[ + { + "id": 156842411, + "name": "phpcms-2008-CVE-2018-19127", + "full_name": "ab1gale\/phpcms-2008-CVE-2018-19127", + "owner": { + "login": "ab1gale", + "id": 5143253, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5143253?v=4", + "html_url": "https:\/\/github.com\/ab1gale" + }, + "html_url": "https:\/\/github.com\/ab1gale\/phpcms-2008-CVE-2018-19127", + "description": null, + "fork": false, + "created_at": "2018-11-09T09:51:26Z", + "updated_at": "2020-06-27T16:23:09Z", + "pushed_at": "2018-11-09T09:55:35Z", + "stargazers_count": 43, + "watchers_count": 43, + "forks_count": 7, + "forks": 7, + "watchers": 43, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19131.json b/2018/CVE-2018-19131.json new file mode 100644 index 0000000000..b0ae423a74 --- /dev/null +++ b/2018/CVE-2018-19131.json @@ -0,0 +1,25 @@ +[ + { + "id": 157386452, + "name": "CVE-2018-19131", + "full_name": "JonathanWilbur\/CVE-2018-19131", + "owner": { + "login": "JonathanWilbur", + "id": 20342114, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/20342114?v=4", + "html_url": "https:\/\/github.com\/JonathanWilbur" + }, + "html_url": "https:\/\/github.com\/JonathanWilbur\/CVE-2018-19131", + "description": "Proof-of-Concept exploit of CVE-2018-19131: Squid Proxy XSS via X.509 Certificate", + "fork": false, + "created_at": "2018-11-13T13:40:10Z", + "updated_at": "2020-09-12T08:28:34Z", + "pushed_at": "2018-11-14T02:40:24Z", + "stargazers_count": 13, + "watchers_count": 13, + "forks_count": 2, + "forks": 2, + "watchers": 13, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19207.json b/2018/CVE-2018-19207.json index 85681a1f6d..b202844007 100644 --- a/2018/CVE-2018-19207.json +++ b/2018/CVE-2018-19207.json @@ -1,4 +1,27 @@ [ + { + "id": 159347902, + "name": "WP-GDPR-Compliance-Plugin-Exploit", + "full_name": "aeroot\/WP-GDPR-Compliance-Plugin-Exploit", + "owner": { + "login": "aeroot", + "id": 281911, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/281911?v=4", + "html_url": "https:\/\/github.com\/aeroot" + }, + "html_url": "https:\/\/github.com\/aeroot\/WP-GDPR-Compliance-Plugin-Exploit", + "description": "Exploit of the privilege escalation vulnerability of the WordPress plugin \"WP GDPR Compliance\" by \"Van Ons\" (https:\/\/de.wordpress.org\/plugins\/wp-gdpr-compliance\/) CVE-2018-19207", + "fork": false, + "created_at": "2018-11-27T14:27:06Z", + "updated_at": "2019-05-02T21:05:50Z", + "pushed_at": "2018-11-27T14:51:02Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + }, { "id": 175869819, "name": "cve-2018-19207", diff --git a/2018/CVE-2018-19518.json b/2018/CVE-2018-19518.json new file mode 100644 index 0000000000..1d629d2a85 --- /dev/null +++ b/2018/CVE-2018-19518.json @@ -0,0 +1,25 @@ +[ + { + "id": 163683497, + "name": "CVE-2018-19518", + "full_name": "ensimag-security\/CVE-2018-19518", + "owner": { + "login": "ensimag-security", + "id": 44459067, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44459067?v=4", + "html_url": "https:\/\/github.com\/ensimag-security" + }, + "html_url": "https:\/\/github.com\/ensimag-security\/CVE-2018-19518", + "description": "some works on CVE-2018-19518 ", + "fork": false, + "created_at": "2018-12-31T16:36:49Z", + "updated_at": "2020-09-10T01:55:49Z", + "pushed_at": "2019-01-14T09:48:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19537.json b/2018/CVE-2018-19537.json new file mode 100644 index 0000000000..d784af0589 --- /dev/null +++ b/2018/CVE-2018-19537.json @@ -0,0 +1,25 @@ +[ + { + "id": 159082952, + "name": "TP-Link-ArcherC5-RCE", + "full_name": "JackDoan\/TP-Link-ArcherC5-RCE", + "owner": { + "login": "JackDoan", + "id": 1024837, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1024837?v=4", + "html_url": "https:\/\/github.com\/JackDoan" + }, + "html_url": "https:\/\/github.com\/JackDoan\/TP-Link-ArcherC5-RCE", + "description": "CVE-2018-19537", + "fork": false, + "created_at": "2018-11-25T23:03:19Z", + "updated_at": "2021-01-26T15:41:10Z", + "pushed_at": "2018-11-26T22:39:08Z", + "stargazers_count": 14, + "watchers_count": 14, + "forks_count": 5, + "forks": 5, + "watchers": 14, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19788.json b/2018/CVE-2018-19788.json new file mode 100644 index 0000000000..bda6966f4b --- /dev/null +++ b/2018/CVE-2018-19788.json @@ -0,0 +1,94 @@ +[ + { + "id": 160750436, + "name": "CVE-2018-19788", + "full_name": "AbsoZed\/CVE-2018-19788", + "owner": { + "login": "AbsoZed", + "id": 17788335, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/17788335?v=4", + "html_url": "https:\/\/github.com\/AbsoZed" + }, + "html_url": "https:\/\/github.com\/AbsoZed\/CVE-2018-19788", + "description": "Silly easy exploit for CVE-2018-19788", + "fork": false, + "created_at": "2018-12-07T00:42:35Z", + "updated_at": "2019-06-09T08:58:32Z", + "pushed_at": "2018-12-07T00:56:25Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 3, + "forks": 3, + "watchers": 5, + "score": 0 + }, + { + "id": 160872186, + "name": "CVE-2018-19788", + "full_name": "d4gh0s7\/CVE-2018-19788", + "owner": { + "login": "d4gh0s7", + "id": 29960687, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/29960687?v=4", + "html_url": "https:\/\/github.com\/d4gh0s7" + }, + "html_url": "https:\/\/github.com\/d4gh0s7\/CVE-2018-19788", + "description": "Ansible role to check the vulnerability tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on a wide range of Linux distributions", + "fork": false, + "created_at": "2018-12-07T20:27:01Z", + "updated_at": "2019-12-17T20:34:48Z", + "pushed_at": "2018-12-10T15:57:47Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 0, + "forks": 0, + "watchers": 3, + "score": 0 + }, + { + "id": 162179568, + "name": "PoC", + "full_name": "Ekultek\/PoC", + "owner": { + "login": "Ekultek", + "id": 14183473, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14183473?v=4", + "html_url": "https:\/\/github.com\/Ekultek" + }, + "html_url": "https:\/\/github.com\/Ekultek\/PoC", + "description": "Leveraging CVE-2018-19788 without root shells", + "fork": false, + "created_at": "2018-12-17T19:26:22Z", + "updated_at": "2020-11-10T06:38:31Z", + "pushed_at": "2018-12-18T19:11:25Z", + "stargazers_count": 16, + "watchers_count": 16, + "forks_count": 3, + "forks": 3, + "watchers": 16, + "score": 0 + }, + { + "id": 163684618, + "name": "CVE-2018-19788", + "full_name": "jhlongjr\/CVE-2018-19788", + "owner": { + "login": "jhlongjr", + "id": 39674727, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/39674727?v=4", + "html_url": "https:\/\/github.com\/jhlongjr" + }, + "html_url": "https:\/\/github.com\/jhlongjr\/CVE-2018-19788", + "description": "Exploiting The CVE-2018-19788 PolicyKit Bug", + "fork": false, + "created_at": "2018-12-31T16:54:58Z", + "updated_at": "2020-08-27T02:29:39Z", + "pushed_at": "2018-12-31T17:12:03Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-19911.json b/2018/CVE-2018-19911.json new file mode 100644 index 0000000000..1cc418730d --- /dev/null +++ b/2018/CVE-2018-19911.json @@ -0,0 +1,25 @@ +[ + { + "id": 160625335, + "name": "freeswitch_rce", + "full_name": "iSafeBlue\/freeswitch_rce", + "owner": { + "login": "iSafeBlue", + "id": 25784279, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25784279?v=4", + "html_url": "https:\/\/github.com\/iSafeBlue" + }, + "html_url": "https:\/\/github.com\/iSafeBlue\/freeswitch_rce", + "description": "freeswitch all version remote command execute (cve-2018-19911)", + "fork": false, + "created_at": "2018-12-06T05:48:02Z", + "updated_at": "2019-06-30T16:07:31Z", + "pushed_at": "2018-12-06T08:47:02Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 2, + "forks": 2, + "watchers": 3, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-20165.json b/2018/CVE-2018-20165.json new file mode 100644 index 0000000000..251147b42e --- /dev/null +++ b/2018/CVE-2018-20165.json @@ -0,0 +1,25 @@ +[ + { + "id": 167376412, + "name": "Reflected-XSS-on-Opentext-Portal-v7.4.4", + "full_name": "hect0rS\/Reflected-XSS-on-Opentext-Portal-v7.4.4", + "owner": { + "login": "hect0rS", + "id": 47000097, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/47000097?v=4", + "html_url": "https:\/\/github.com\/hect0rS" + }, + "html_url": "https:\/\/github.com\/hect0rS\/Reflected-XSS-on-Opentext-Portal-v7.4.4", + "description": "Reflected XSS on Opentext Portal v7.4.4: CVE-2018-20165", + "fork": false, + "created_at": "2019-01-24T13:59:14Z", + "updated_at": "2019-01-24T14:17:24Z", + "pushed_at": "2019-01-24T14:17:23Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-2628.json b/2018/CVE-2018-2628.json index 038cb8c482..fac6db51b5 100644 --- a/2018/CVE-2018-2628.json +++ b/2018/CVE-2018-2628.json @@ -344,6 +344,98 @@ "watchers": 0, "score": 0 }, + { + "id": 139417715, + "name": "CVE-2018-2628", + "full_name": "likescam\/CVE-2018-2628", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2018-2628", + "description": null, + "fork": false, + "created_at": "2018-07-02T09:00:34Z", + "updated_at": "2019-05-26T06:58:12Z", + "pushed_at": "2018-07-02T09:00:52Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 1, + "forks": 1, + "watchers": 3, + "score": 0 + }, + { + "id": 147341225, + "name": "WebLogic-RCE-exploit", + "full_name": "Nervous\/WebLogic-RCE-exploit", + "owner": { + "login": "Nervous", + "id": 172442, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/172442?v=4", + "html_url": "https:\/\/github.com\/Nervous" + }, + "html_url": "https:\/\/github.com\/Nervous\/WebLogic-RCE-exploit", + "description": "A remote code execution exploit for WebLogic based on CVE-2018-2628", + "fork": false, + "created_at": "2018-09-04T12:17:21Z", + "updated_at": "2019-10-11T08:19:19Z", + "pushed_at": "2018-09-04T12:21:21Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 3, + "forks": 3, + "watchers": 5, + "score": 0 + }, + { + "id": 155318699, + "name": "CVE-2018-2628", + "full_name": "Lighird\/CVE-2018-2628", + "owner": { + "login": "Lighird", + "id": 28284964, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/28284964?v=4", + "html_url": "https:\/\/github.com\/Lighird" + }, + "html_url": "https:\/\/github.com\/Lighird\/CVE-2018-2628", + "description": "CVE-2018-2628漏洞工具包", + "fork": false, + "created_at": "2018-10-30T03:26:16Z", + "updated_at": "2020-07-13T02:21:36Z", + "pushed_at": "2018-10-30T03:35:42Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 6, + "forks": 6, + "watchers": 4, + "score": 0 + }, + { + "id": 164424976, + "name": "CVE-2018-2628", + "full_name": "0xMJ\/CVE-2018-2628", + "owner": { + "login": "0xMJ", + "id": 31585175, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/31585175?v=4", + "html_url": "https:\/\/github.com\/0xMJ" + }, + "html_url": "https:\/\/github.com\/0xMJ\/CVE-2018-2628", + "description": "漏洞利用工具", + "fork": false, + "created_at": "2019-01-07T11:47:59Z", + "updated_at": "2020-04-04T06:55:15Z", + "pushed_at": "2019-01-07T12:13:37Z", + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 7, + "forks": 7, + "watchers": 8, + "score": 0 + }, { "id": 233997916, "name": "weblogicScanner", diff --git a/2018/CVE-2018-2844.json b/2018/CVE-2018-2844.json new file mode 100644 index 0000000000..a6cf343959 --- /dev/null +++ b/2018/CVE-2018-2844.json @@ -0,0 +1,25 @@ +[ + { + "id": 146413224, + "name": "virtualbox-cve-2018-2844", + "full_name": "renorobert\/virtualbox-cve-2018-2844", + "owner": { + "login": "renorobert", + "id": 4233909, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4233909?v=4", + "html_url": "https:\/\/github.com\/renorobert" + }, + "html_url": "https:\/\/github.com\/renorobert\/virtualbox-cve-2018-2844", + "description": null, + "fork": false, + "created_at": "2018-08-28T08:04:19Z", + "updated_at": "2021-02-08T17:01:33Z", + "pushed_at": "2018-08-28T08:06:21Z", + "stargazers_count": 93, + "watchers_count": 93, + "forks_count": 32, + "forks": 32, + "watchers": 93, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-2879.json b/2018/CVE-2018-2879.json index 665630b85d..06c4f4ee30 100644 --- a/2018/CVE-2018-2879.json +++ b/2018/CVE-2018-2879.json @@ -1,4 +1,27 @@ [ + { + "id": 142485401, + "name": "Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit", + "full_name": "MostafaSoliman\/Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit", + "owner": { + "login": "MostafaSoliman", + "id": 13528184, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/13528184?v=4", + "html_url": "https:\/\/github.com\/MostafaSoliman" + }, + "html_url": "https:\/\/github.com\/MostafaSoliman\/Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit", + "description": null, + "fork": false, + "created_at": "2018-07-26T19:31:45Z", + "updated_at": "2020-07-10T13:31:49Z", + "pushed_at": "2018-07-27T12:09:40Z", + "stargazers_count": 9, + "watchers_count": 9, + "forks_count": 6, + "forks": 6, + "watchers": 9, + "score": 0 + }, { "id": 142787515, "name": "oracle-oam-authentication-bypas-exploit", diff --git a/2018/CVE-2018-2893.json b/2018/CVE-2018-2893.json index 7bdf069de5..4c06ae88d5 100644 --- a/2018/CVE-2018-2893.json +++ b/2018/CVE-2018-2893.json @@ -1,4 +1,142 @@ [ + { + "id": 141531715, + "name": "CVE-2018-2893", + "full_name": "sry309\/CVE-2018-2893", + "owner": { + "login": "sry309", + "id": 15671013, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/15671013?v=4", + "html_url": "https:\/\/github.com\/sry309" + }, + "html_url": "https:\/\/github.com\/sry309\/CVE-2018-2893", + "description": "CVE-2018-2893", + "fork": false, + "created_at": "2018-07-19T06:06:10Z", + "updated_at": "2020-12-10T06:55:01Z", + "pushed_at": "2018-07-19T05:59:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 141534186, + "name": "CVE-2018-2893", + "full_name": "ryanInf\/CVE-2018-2893", + "owner": { + "login": "ryanInf", + "id": 19621374, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19621374?v=4", + "html_url": "https:\/\/github.com\/ryanInf" + }, + "html_url": "https:\/\/github.com\/ryanInf\/CVE-2018-2893", + "description": "CVE-2018-2893 PoC", + "fork": false, + "created_at": "2018-07-19T06:28:12Z", + "updated_at": "2020-12-16T09:58:12Z", + "pushed_at": "2018-07-19T06:12:51Z", + "stargazers_count": 28, + "watchers_count": 28, + "forks_count": 37, + "forks": 37, + "watchers": 28, + "score": 0 + }, + { + "id": 141678694, + "name": "CVE-2018-2893", + "full_name": "bigsizeme\/CVE-2018-2893", + "owner": { + "login": "bigsizeme", + "id": 17845094, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/17845094?v=4", + "html_url": "https:\/\/github.com\/bigsizeme" + }, + "html_url": "https:\/\/github.com\/bigsizeme\/CVE-2018-2893", + "description": "反弹shell生成器", + "fork": false, + "created_at": "2018-07-20T07:26:43Z", + "updated_at": "2019-04-22T04:46:36Z", + "pushed_at": "2018-07-23T04:31:27Z", + "stargazers_count": 17, + "watchers_count": 17, + "forks_count": 5, + "forks": 5, + "watchers": 17, + "score": 0 + }, + { + "id": 141856470, + "name": "CVE-2018-2893", + "full_name": "pyn3rd\/CVE-2018-2893", + "owner": { + "login": "pyn3rd", + "id": 41412951, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/41412951?v=4", + "html_url": "https:\/\/github.com\/pyn3rd" + }, + "html_url": "https:\/\/github.com\/pyn3rd\/CVE-2018-2893", + "description": "CVE-2018-2893-PoC", + "fork": false, + "created_at": "2018-07-22T01:15:58Z", + "updated_at": "2021-02-07T08:16:47Z", + "pushed_at": "2018-10-27T01:42:20Z", + "stargazers_count": 91, + "watchers_count": 91, + "forks_count": 37, + "forks": 37, + "watchers": 91, + "score": 0 + }, + { + "id": 142403659, + "name": "CVE-2018-2893", + "full_name": "qianl0ng\/CVE-2018-2893", + "owner": { + "login": "qianl0ng", + "id": 26949233, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26949233?v=4", + "html_url": "https:\/\/github.com\/qianl0ng" + }, + "html_url": "https:\/\/github.com\/qianl0ng\/CVE-2018-2893", + "description": "可以直接反弹shell", + "fork": false, + "created_at": "2018-07-26T07:16:38Z", + "updated_at": "2020-08-19T01:40:23Z", + "pushed_at": "2018-07-26T07:50:15Z", + "stargazers_count": 44, + "watchers_count": 44, + "forks_count": 14, + "forks": 14, + "watchers": 44, + "score": 0 + }, + { + "id": 151921677, + "name": "CVE-2018-2893", + "full_name": "jas502n\/CVE-2018-2893", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-2893", + "description": "CVE-2018-2893", + "fork": false, + "created_at": "2018-10-07T08:41:14Z", + "updated_at": "2020-12-16T08:25:44Z", + "pushed_at": "2018-10-07T09:53:54Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 9, + "forks": 9, + "watchers": 10, + "score": 0 + }, { "id": 219763712, "name": "CVE-2018-2893", diff --git a/2018/CVE-2018-2894.json b/2018/CVE-2018-2894.json index d59d30a742..ba6d8ebdb4 100644 --- a/2018/CVE-2018-2894.json +++ b/2018/CVE-2018-2894.json @@ -1,4 +1,50 @@ [ + { + "id": 141601079, + "name": "cve-2018-2894", + "full_name": "111ddea\/cve-2018-2894", + "owner": { + "login": "111ddea", + "id": 41444127, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/41444127?v=4", + "html_url": "https:\/\/github.com\/111ddea" + }, + "html_url": "https:\/\/github.com\/111ddea\/cve-2018-2894", + "description": "cve-2018-2894 不同别人的利用方法。", + "fork": false, + "created_at": "2018-07-19T15:50:35Z", + "updated_at": "2020-11-26T11:40:23Z", + "pushed_at": "2018-07-22T08:34:27Z", + "stargazers_count": 13, + "watchers_count": 13, + "forks_count": 7, + "forks": 7, + "watchers": 13, + "score": 0 + }, + { + "id": 141661586, + "name": "CVE-2018-2894", + "full_name": "LandGrey\/CVE-2018-2894", + "owner": { + "login": "LandGrey", + "id": 16769779, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16769779?v=4", + "html_url": "https:\/\/github.com\/LandGrey" + }, + "html_url": "https:\/\/github.com\/LandGrey\/CVE-2018-2894", + "description": "CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script", + "fork": false, + "created_at": "2018-07-20T03:59:18Z", + "updated_at": "2021-02-04T08:53:23Z", + "pushed_at": "2018-07-20T12:46:50Z", + "stargazers_count": 130, + "watchers_count": 130, + "forks_count": 50, + "forks": 50, + "watchers": 130, + "score": 0 + }, { "id": 151928392, "name": "CVE-2018-2894", diff --git a/2018/CVE-2018-3191.json b/2018/CVE-2018-3191.json new file mode 100644 index 0000000000..164140dc62 --- /dev/null +++ b/2018/CVE-2018-3191.json @@ -0,0 +1,117 @@ +[ + { + "id": 154076972, + "name": "CVE-2018-3191", + "full_name": "arongmh\/CVE-2018-3191", + "owner": { + "login": "arongmh", + "id": 30547070, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30547070?v=4", + "html_url": "https:\/\/github.com\/arongmh" + }, + "html_url": "https:\/\/github.com\/arongmh\/CVE-2018-3191", + "description": "CVE-2018-3191 payload generator", + "fork": false, + "created_at": "2018-10-22T02:29:12Z", + "updated_at": "2020-04-06T11:03:47Z", + "pushed_at": "2018-10-21T17:28:13Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 52, + "forks": 52, + "watchers": 1, + "score": 0 + }, + { + "id": 154250933, + "name": "CVE-2018-3191", + "full_name": "pyn3rd\/CVE-2018-3191", + "owner": { + "login": "pyn3rd", + "id": 41412951, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/41412951?v=4", + "html_url": "https:\/\/github.com\/pyn3rd" + }, + "html_url": "https:\/\/github.com\/pyn3rd\/CVE-2018-3191", + "description": "CVE-2018-3191-PoC", + "fork": false, + "created_at": "2018-10-23T02:43:39Z", + "updated_at": "2021-03-01T05:41:46Z", + "pushed_at": "2018-10-26T17:54:54Z", + "stargazers_count": 95, + "watchers_count": 95, + "forks_count": 43, + "forks": 43, + "watchers": 95, + "score": 0 + }, + { + "id": 154368972, + "name": "CVE-2018-3191", + "full_name": "Libraggbond\/CVE-2018-3191", + "owner": { + "login": "Libraggbond", + "id": 37012218, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37012218?v=4", + "html_url": "https:\/\/github.com\/Libraggbond" + }, + "html_url": "https:\/\/github.com\/Libraggbond\/CVE-2018-3191", + "description": "CVE-2018-3191 反弹shell", + "fork": false, + "created_at": "2018-10-23T17:24:43Z", + "updated_at": "2021-03-22T07:47:56Z", + "pushed_at": "2018-10-23T17:28:05Z", + "stargazers_count": 56, + "watchers_count": 56, + "forks_count": 31, + "forks": 31, + "watchers": 56, + "score": 0 + }, + { + "id": 154426418, + "name": "CVE-2018-3191", + "full_name": "jas502n\/CVE-2018-3191", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-3191", + "description": "Weblogic-CVE-2018-3191远程代码命令执行漏洞", + "fork": false, + "created_at": "2018-10-24T02:26:53Z", + "updated_at": "2020-12-22T15:35:45Z", + "pushed_at": "2018-10-24T17:42:47Z", + "stargazers_count": 62, + "watchers_count": 62, + "forks_count": 24, + "forks": 24, + "watchers": 62, + "score": 0 + }, + { + "id": 154477893, + "name": "CVE-2018-3191-Rce-Exploit", + "full_name": "mackleadmire\/CVE-2018-3191-Rce-Exploit", + "owner": { + "login": "mackleadmire", + "id": 10216868, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10216868?v=4", + "html_url": "https:\/\/github.com\/mackleadmire" + }, + "html_url": "https:\/\/github.com\/mackleadmire\/CVE-2018-3191-Rce-Exploit", + "description": null, + "fork": false, + "created_at": "2018-10-24T09:54:00Z", + "updated_at": "2020-11-19T04:08:52Z", + "pushed_at": "2018-10-25T08:12:46Z", + "stargazers_count": 19, + "watchers_count": 19, + "forks_count": 4, + "forks": 4, + "watchers": 19, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-3245.json b/2018/CVE-2018-3245.json index 42662a8f55..26acda74f0 100644 --- a/2018/CVE-2018-3245.json +++ b/2018/CVE-2018-3245.json @@ -1,4 +1,50 @@ [ + { + "id": 154452586, + "name": "CVE-2018-3245", + "full_name": "pyn3rd\/CVE-2018-3245", + "owner": { + "login": "pyn3rd", + "id": 41412951, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/41412951?v=4", + "html_url": "https:\/\/github.com\/pyn3rd" + }, + "html_url": "https:\/\/github.com\/pyn3rd\/CVE-2018-3245", + "description": "CVE-2018-3245-PoC", + "fork": false, + "created_at": "2018-10-24T06:49:33Z", + "updated_at": "2020-10-26T07:34:53Z", + "pushed_at": "2018-10-27T01:41:18Z", + "stargazers_count": 154, + "watchers_count": 154, + "forks_count": 62, + "forks": 62, + "watchers": 154, + "score": 0 + }, + { + "id": 154593773, + "name": "CVE-2018-3245", + "full_name": "jas502n\/CVE-2018-3245", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-3245", + "description": "CVE-2018-3245", + "fork": false, + "created_at": "2018-10-25T01:46:56Z", + "updated_at": "2019-08-23T03:53:49Z", + "pushed_at": "2018-10-25T02:01:39Z", + "stargazers_count": 12, + "watchers_count": 12, + "forks_count": 9, + "forks": 9, + "watchers": 12, + "score": 0 + }, { "id": 219765536, "name": "CVE-2018-3245", diff --git a/2018/CVE-2018-3252.json b/2018/CVE-2018-3252.json new file mode 100644 index 0000000000..0924666a3f --- /dev/null +++ b/2018/CVE-2018-3252.json @@ -0,0 +1,71 @@ +[ + { + "id": 154596948, + "name": "CVE-2018-3252", + "full_name": "jas502n\/CVE-2018-3252", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2018-3252", + "description": "Weblogic-CVE-2018-3252", + "fork": false, + "created_at": "2018-10-25T02:16:49Z", + "updated_at": "2019-03-12T05:44:19Z", + "pushed_at": "2018-10-25T02:16:50Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 1, + "forks": 1, + "watchers": 7, + "score": 0 + }, + { + "id": 160289379, + "name": "CVE-2018-3252", + "full_name": "b1ueb0y\/CVE-2018-3252", + "owner": { + "login": "b1ueb0y", + "id": 13690411, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/13690411?v=4", + "html_url": "https:\/\/github.com\/b1ueb0y" + }, + "html_url": "https:\/\/github.com\/b1ueb0y\/CVE-2018-3252", + "description": null, + "fork": false, + "created_at": "2018-12-04T03:14:21Z", + "updated_at": "2020-10-12T02:02:08Z", + "pushed_at": "2018-12-04T04:01:01Z", + "stargazers_count": 16, + "watchers_count": 16, + "forks_count": 2, + "forks": 2, + "watchers": 16, + "score": 0 + }, + { + "id": 160681161, + "name": "CVE-2018-3252", + "full_name": "pyn3rd\/CVE-2018-3252", + "owner": { + "login": "pyn3rd", + "id": 41412951, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/41412951?v=4", + "html_url": "https:\/\/github.com\/pyn3rd" + }, + "html_url": "https:\/\/github.com\/pyn3rd\/CVE-2018-3252", + "description": "CVE-2018-3252-PoC", + "fork": false, + "created_at": "2018-12-06T13:48:53Z", + "updated_at": "2020-05-22T02:13:16Z", + "pushed_at": "2018-12-07T04:31:50Z", + "stargazers_count": 70, + "watchers_count": 70, + "forks_count": 24, + "forks": 24, + "watchers": 70, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4013.json b/2018/CVE-2018-4013.json new file mode 100644 index 0000000000..a6fcf5f6f4 --- /dev/null +++ b/2018/CVE-2018-4013.json @@ -0,0 +1,48 @@ +[ + { + "id": 154464449, + "name": "cve-2018-4013", + "full_name": "DoubleMice\/cve-2018-4013", + "owner": { + "login": "DoubleMice", + "id": 22325256, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22325256?v=4", + "html_url": "https:\/\/github.com\/DoubleMice" + }, + "html_url": "https:\/\/github.com\/DoubleMice\/cve-2018-4013", + "description": "TALOS-2018-0684\/cve-2018-4013 poc", + "fork": false, + "created_at": "2018-10-24T08:19:25Z", + "updated_at": "2018-12-05T10:24:48Z", + "pushed_at": "2018-11-24T03:01:25Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 3, + "forks": 3, + "watchers": 7, + "score": 0 + }, + { + "id": 158950902, + "name": "RTSPServer-Code-Execution-Vulnerability", + "full_name": "r3dxpl0it\/RTSPServer-Code-Execution-Vulnerability", + "owner": { + "login": "r3dxpl0it", + "id": 43002597, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43002597?v=4", + "html_url": "https:\/\/github.com\/r3dxpl0it" + }, + "html_url": "https:\/\/github.com\/r3dxpl0it\/RTSPServer-Code-Execution-Vulnerability", + "description": "RTSPServer Code Execution Vulnerability CVE-2018-4013", + "fork": false, + "created_at": "2018-11-24T15:49:53Z", + "updated_at": "2020-08-06T07:17:07Z", + "pushed_at": "2018-11-26T23:35:57Z", + "stargazers_count": 11, + "watchers_count": 11, + "forks_count": 5, + "forks": 5, + "watchers": 11, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4121.json b/2018/CVE-2018-4121.json index a0d254d431..6a91b72aa0 100644 --- a/2018/CVE-2018-4121.json +++ b/2018/CVE-2018-4121.json @@ -21,5 +21,51 @@ "forks": 34, "watchers": 114, "score": 0 + }, + { + "id": 141314432, + "name": "CVE-2018-4121", + "full_name": "likescam\/CVE-2018-4121", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2018-4121", + "description": null, + "fork": false, + "created_at": "2018-07-17T16:15:29Z", + "updated_at": "2018-07-17T16:15:44Z", + "pushed_at": "2018-07-17T16:15:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 147746670, + "name": "CVE-2018-4121", + "full_name": "jezzus\/CVE-2018-4121", + "owner": { + "login": "jezzus", + "id": 9899999, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9899999?v=4", + "html_url": "https:\/\/github.com\/jezzus" + }, + "html_url": "https:\/\/github.com\/jezzus\/CVE-2018-4121", + "description": null, + "fork": false, + "created_at": "2018-09-06T23:55:43Z", + "updated_at": "2018-09-06T23:55:53Z", + "pushed_at": "2018-09-06T23:55:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-4233.json b/2018/CVE-2018-4233.json new file mode 100644 index 0000000000..4ee86d1d3a --- /dev/null +++ b/2018/CVE-2018-4233.json @@ -0,0 +1,25 @@ +[ + { + "id": 144027153, + "name": "cve-2018-4233", + "full_name": "saelo\/cve-2018-4233", + "owner": { + "login": "saelo", + "id": 2453290, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2453290?v=4", + "html_url": "https:\/\/github.com\/saelo" + }, + "html_url": "https:\/\/github.com\/saelo\/cve-2018-4233", + "description": "Exploit for CVE-2018-4233, a WebKit JIT optimization bug used during Pwn2Own 2018", + "fork": false, + "created_at": "2018-08-08T14:41:20Z", + "updated_at": "2021-03-25T12:25:48Z", + "pushed_at": "2018-08-17T23:31:46Z", + "stargazers_count": 157, + "watchers_count": 157, + "forks_count": 33, + "forks": 33, + "watchers": 157, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4242.json b/2018/CVE-2018-4242.json new file mode 100644 index 0000000000..81b7d9bfe1 --- /dev/null +++ b/2018/CVE-2018-4242.json @@ -0,0 +1,25 @@ +[ + { + "id": 160888223, + "name": "Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation-", + "full_name": "yeonnic\/Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation-", + "owner": { + "login": "yeonnic", + "id": 23390602, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23390602?v=4", + "html_url": "https:\/\/github.com\/yeonnic" + }, + "html_url": "https:\/\/github.com\/yeonnic\/Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation-", + "description": null, + "fork": false, + "created_at": "2018-12-08T00:13:28Z", + "updated_at": "2018-12-21T06:43:45Z", + "pushed_at": "2018-12-08T02:15:17Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4327.json b/2018/CVE-2018-4327.json new file mode 100644 index 0000000000..bc0fa42226 --- /dev/null +++ b/2018/CVE-2018-4327.json @@ -0,0 +1,48 @@ +[ + { + "id": 148367467, + "name": "brokentooth", + "full_name": "omerporze\/brokentooth", + "owner": { + "login": "omerporze", + "id": 6332303, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6332303?v=4", + "html_url": "https:\/\/github.com\/omerporze" + }, + "html_url": "https:\/\/github.com\/omerporze\/brokentooth", + "description": " POC for CVE-2018-4327", + "fork": false, + "created_at": "2018-09-11T19:15:09Z", + "updated_at": "2020-12-26T09:15:03Z", + "pushed_at": "2018-09-13T15:59:05Z", + "stargazers_count": 41, + "watchers_count": 41, + "forks_count": 8, + "forks": 8, + "watchers": 41, + "score": 0 + }, + { + "id": 148547298, + "name": "POC-CVE-2018-4327-and-CVE-2018-4330", + "full_name": "harryanon\/POC-CVE-2018-4327-and-CVE-2018-4330", + "owner": { + "login": "harryanon", + "id": 37672417, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37672417?v=4", + "html_url": "https:\/\/github.com\/harryanon" + }, + "html_url": "https:\/\/github.com\/harryanon\/POC-CVE-2018-4327-and-CVE-2018-4330", + "description": null, + "fork": false, + "created_at": "2018-09-12T22:00:58Z", + "updated_at": "2018-09-30T09:47:45Z", + "pushed_at": "2018-09-12T22:01:09Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4330.json b/2018/CVE-2018-4330.json new file mode 100644 index 0000000000..f5f6ecbf50 --- /dev/null +++ b/2018/CVE-2018-4330.json @@ -0,0 +1,25 @@ +[ + { + "id": 148663645, + "name": "toothfairy", + "full_name": "omerporze\/toothfairy", + "owner": { + "login": "omerporze", + "id": 6332303, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6332303?v=4", + "html_url": "https:\/\/github.com\/omerporze" + }, + "html_url": "https:\/\/github.com\/omerporze\/toothfairy", + "description": "CVE-2018-4330 POC for iOS", + "fork": false, + "created_at": "2018-09-13T16:05:20Z", + "updated_at": "2021-02-05T15:44:05Z", + "pushed_at": "2018-09-13T18:34:20Z", + "stargazers_count": 14, + "watchers_count": 14, + "forks_count": 2, + "forks": 2, + "watchers": 14, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4407.json b/2018/CVE-2018-4407.json index 60e9fa0190..24cde37f06 100644 --- a/2018/CVE-2018-4407.json +++ b/2018/CVE-2018-4407.json @@ -1,4 +1,96 @@ [ + { + "id": 155684007, + "name": "check_icmp_dos", + "full_name": "Pa55w0rd\/check_icmp_dos", + "owner": { + "login": "Pa55w0rd", + "id": 16274549, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16274549?v=4", + "html_url": "https:\/\/github.com\/Pa55w0rd" + }, + "html_url": "https:\/\/github.com\/Pa55w0rd\/check_icmp_dos", + "description": "iOS 12 \/ OS X Remote Kernel Heap Overflow (CVE-2018-4407) POC", + "fork": false, + "created_at": "2018-11-01T08:21:59Z", + "updated_at": "2020-04-06T11:00:33Z", + "pushed_at": "2018-11-01T08:53:23Z", + "stargazers_count": 59, + "watchers_count": 59, + "forks_count": 14, + "forks": 14, + "watchers": 59, + "score": 0 + }, + { + "id": 155748281, + "name": "cve-2018-4407", + "full_name": "unixpickle\/cve-2018-4407", + "owner": { + "login": "unixpickle", + "id": 406021, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/406021?v=4", + "html_url": "https:\/\/github.com\/unixpickle" + }, + "html_url": "https:\/\/github.com\/unixpickle\/cve-2018-4407", + "description": "Crash macOS and iOS devices with one packet", + "fork": false, + "created_at": "2018-11-01T17:03:25Z", + "updated_at": "2020-12-21T17:36:52Z", + "pushed_at": "2018-11-15T21:13:37Z", + "stargazers_count": 50, + "watchers_count": 50, + "forks_count": 19, + "forks": 19, + "watchers": 50, + "score": 0 + }, + { + "id": 155810193, + "name": "check_icmp_dos-CVE-2018-4407-", + "full_name": "s2339956\/check_icmp_dos-CVE-2018-4407-", + "owner": { + "login": "s2339956", + "id": 17181670, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/17181670?v=4", + "html_url": "https:\/\/github.com\/s2339956" + }, + "html_url": "https:\/\/github.com\/s2339956\/check_icmp_dos-CVE-2018-4407-", + "description": "CVE-2018-4407 概述與實現", + "fork": false, + "created_at": "2018-11-02T03:38:41Z", + "updated_at": "2018-11-02T03:48:36Z", + "pushed_at": "2018-11-02T03:48:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 155836421, + "name": "AppleDOS", + "full_name": "farisv\/AppleDOS", + "owner": { + "login": "farisv", + "id": 44131180, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/44131180?v=4", + "html_url": "https:\/\/github.com\/farisv" + }, + "html_url": "https:\/\/github.com\/farisv\/AppleDOS", + "description": "Messing Apple devices on the network with CVE-2018-4407 (heap overflow in bad packet handling)", + "fork": false, + "created_at": "2018-11-02T08:29:29Z", + "updated_at": "2020-10-03T07:29:19Z", + "pushed_at": "2018-12-04T08:21:43Z", + "stargazers_count": 24, + "watchers_count": 24, + "forks_count": 5, + "forks": 5, + "watchers": 24, + "score": 0 + }, { "id": 155837722, "name": "CVE-2018-4407", @@ -22,6 +114,167 @@ "watchers": 13, "score": 0 }, + { + "id": 155885238, + "name": "CVE-2018-4407-IOS", + "full_name": "zteeed\/CVE-2018-4407-IOS", + "owner": { + "login": "zteeed", + "id": 34286541, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/34286541?v=4", + "html_url": "https:\/\/github.com\/zteeed" + }, + "html_url": "https:\/\/github.com\/zteeed\/CVE-2018-4407-IOS", + "description": "POC: Heap buffer overflow in the networking code in the XNU operating system kernel", + "fork": false, + "created_at": "2018-11-02T15:26:47Z", + "updated_at": "2021-02-20T08:54:05Z", + "pushed_at": "2018-12-01T23:17:56Z", + "stargazers_count": 12, + "watchers_count": 12, + "forks_count": 1, + "forks": 1, + "watchers": 12, + "score": 0 + }, + { + "id": 155925880, + "name": "node-cve-2018-4407", + "full_name": "SamDecrock\/node-cve-2018-4407", + "owner": { + "login": "SamDecrock", + "id": 550487, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/550487?v=4", + "html_url": "https:\/\/github.com\/SamDecrock" + }, + "html_url": "https:\/\/github.com\/SamDecrock\/node-cve-2018-4407", + "description": "Node.js PoC exploit code for CVE-2018-4407", + "fork": false, + "created_at": "2018-11-02T22:00:17Z", + "updated_at": "2020-06-19T07:48:32Z", + "pushed_at": "2018-11-02T22:13:40Z", + "stargazers_count": 11, + "watchers_count": 11, + "forks_count": 6, + "forks": 6, + "watchers": 11, + "score": 0 + }, + { + "id": 156039963, + "name": "CVE-2018-4407", + "full_name": "r3dxpl0it\/CVE-2018-4407", + "owner": { + "login": "r3dxpl0it", + "id": 43002597, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43002597?v=4", + "html_url": "https:\/\/github.com\/r3dxpl0it" + }, + "html_url": "https:\/\/github.com\/r3dxpl0it\/CVE-2018-4407", + "description": "IOS\/MAC Denial-Of-Service [POC\/EXPLOIT FOR MASSIVE ATTACK TO IOS\/MAC IN NETWORK]", + "fork": false, + "created_at": "2018-11-04T01:47:05Z", + "updated_at": "2020-12-28T15:24:25Z", + "pushed_at": "2018-11-04T02:25:08Z", + "stargazers_count": 22, + "watchers_count": 22, + "forks_count": 9, + "forks": 9, + "watchers": 22, + "score": 0 + }, + { + "id": 156051346, + "name": "CVE-2018-4407", + "full_name": "lucagiovagnoli\/CVE-2018-4407", + "owner": { + "login": "lucagiovagnoli", + "id": 4341034, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4341034?v=4", + "html_url": "https:\/\/github.com\/lucagiovagnoli" + }, + "html_url": "https:\/\/github.com\/lucagiovagnoli\/CVE-2018-4407", + "description": "A buffer overflow vulnerability in the XNU kernel's ICMP error code causes IOS devices to crash (laptops and mobiles).", + "fork": false, + "created_at": "2018-11-04T05:10:38Z", + "updated_at": "2019-12-06T13:15:13Z", + "pushed_at": "2018-11-04T19:00:16Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 156611823, + "name": "Apple-Remote-Crash-Tool-CVE-2018-4407", + "full_name": "anonymouz4\/Apple-Remote-Crash-Tool-CVE-2018-4407", + "owner": { + "login": "anonymouz4", + "id": 32394757, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/32394757?v=4", + "html_url": "https:\/\/github.com\/anonymouz4" + }, + "html_url": "https:\/\/github.com\/anonymouz4\/Apple-Remote-Crash-Tool-CVE-2018-4407", + "description": "Crashes any macOS High Sierra or iOS 11 device that is on the same WiFi network", + "fork": false, + "created_at": "2018-11-07T21:41:39Z", + "updated_at": "2019-12-10T23:32:18Z", + "pushed_at": "2019-01-17T18:55:25Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 4, + "forks": 4, + "watchers": 4, + "score": 0 + }, + { + "id": 159180451, + "name": "wifi", + "full_name": "soccercab\/wifi", + "owner": { + "login": "soccercab", + "id": 26183552, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26183552?v=4", + "html_url": "https:\/\/github.com\/soccercab" + }, + "html_url": "https:\/\/github.com\/soccercab\/wifi", + "description": "iOS 11 WiFi Exploit - icmp_error_CVE-2018-4407", + "fork": false, + "created_at": "2018-11-26T14:14:55Z", + "updated_at": "2018-11-26T20:38:51Z", + "pushed_at": "2018-11-26T20:38:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 163652093, + "name": "CVE-2018-4407-iOS-exploit", + "full_name": "zeng9t\/CVE-2018-4407-iOS-exploit", + "owner": { + "login": "zeng9t", + "id": 10195620, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10195620?v=4", + "html_url": "https:\/\/github.com\/zeng9t" + }, + "html_url": "https:\/\/github.com\/zeng9t\/CVE-2018-4407-iOS-exploit", + "description": "CVE-2018-4407,iOS exploit", + "fork": false, + "created_at": "2018-12-31T08:24:06Z", + "updated_at": "2019-12-06T03:03:03Z", + "pushed_at": "2018-12-31T08:48:40Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 0, + "forks": 0, + "watchers": 2, + "score": 0 + }, { "id": 183878561, "name": "CVE-2018-4407", diff --git a/2018/CVE-2018-4415.json b/2018/CVE-2018-4415.json new file mode 100644 index 0000000000..0b195e01e1 --- /dev/null +++ b/2018/CVE-2018-4415.json @@ -0,0 +1,25 @@ +[ + { + "id": 159675683, + "name": "CVE-2018-4415", + "full_name": "T1V0h\/CVE-2018-4415", + "owner": { + "login": "T1V0h", + "id": 27940897, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/27940897?v=4", + "html_url": "https:\/\/github.com\/T1V0h" + }, + "html_url": "https:\/\/github.com\/T1V0h\/CVE-2018-4415", + "description": null, + "fork": false, + "created_at": "2018-11-29T14:06:50Z", + "updated_at": "2018-11-29T14:12:49Z", + "pushed_at": "2018-11-29T14:09:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4431.json b/2018/CVE-2018-4431.json new file mode 100644 index 0000000000..f26f4ce580 --- /dev/null +++ b/2018/CVE-2018-4431.json @@ -0,0 +1,25 @@ +[ + { + "id": 163434196, + "name": "PoC_iOS12", + "full_name": "ktiOSz\/PoC_iOS12", + "owner": { + "login": "ktiOSz", + "id": 37155945, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37155945?v=4", + "html_url": "https:\/\/github.com\/ktiOSz" + }, + "html_url": "https:\/\/github.com\/ktiOSz\/PoC_iOS12", + "description": "PoC Exploit iOS 12 to iOS 12.1 (CVE-2018-4431)", + "fork": false, + "created_at": "2018-12-28T17:26:35Z", + "updated_at": "2019-03-17T10:28:32Z", + "pushed_at": "2018-12-28T17:31:40Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 0, + "forks": 0, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4878.json b/2018/CVE-2018-4878.json index 7c7fd79c47..04a94d347d 100644 --- a/2018/CVE-2018-4878.json +++ b/2018/CVE-2018-4878.json @@ -160,6 +160,52 @@ "watchers": 0, "score": 0 }, + { + "id": 153381902, + "name": "CVE-2018-4878", + "full_name": "B0fH\/CVE-2018-4878", + "owner": { + "login": "B0fH", + "id": 1335037, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1335037?v=4", + "html_url": "https:\/\/github.com\/B0fH" + }, + "html_url": "https:\/\/github.com\/B0fH\/CVE-2018-4878", + "description": "Metasploit module for CVE-2018-4878", + "fork": false, + "created_at": "2018-10-17T02:11:24Z", + "updated_at": "2018-12-26T09:33:54Z", + "pushed_at": "2018-10-24T02:18:00Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + }, + { + "id": 162440583, + "name": "CVE-2018-4878", + "full_name": "Yable\/CVE-2018-4878", + "owner": { + "login": "Yable", + "id": 33931550, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/33931550?v=4", + "html_url": "https:\/\/github.com\/Yable" + }, + "html_url": "https:\/\/github.com\/Yable\/CVE-2018-4878", + "description": null, + "fork": false, + "created_at": "2018-12-19T13:22:03Z", + "updated_at": "2018-12-20T08:11:04Z", + "pushed_at": "2018-12-20T08:11:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 197427494, "name": "SoftwareSystemSecurity-2019", diff --git a/2018/CVE-2018-5740.json b/2018/CVE-2018-5740.json new file mode 100644 index 0000000000..d59d038d97 --- /dev/null +++ b/2018/CVE-2018-5740.json @@ -0,0 +1,25 @@ +[ + { + "id": 144792218, + "name": "cve-2018-5740", + "full_name": "sischkg\/cve-2018-5740", + "owner": { + "login": "sischkg", + "id": 3468384, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3468384?v=4", + "html_url": "https:\/\/github.com\/sischkg" + }, + "html_url": "https:\/\/github.com\/sischkg\/cve-2018-5740", + "description": null, + "fork": false, + "created_at": "2018-08-15T01:50:41Z", + "updated_at": "2019-02-25T15:06:06Z", + "pushed_at": "2018-08-15T06:25:14Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 0, + "forks": 0, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-5955.json b/2018/CVE-2018-5955.json index bc0682e9c6..0ca9b5cce7 100644 --- a/2018/CVE-2018-5955.json +++ b/2018/CVE-2018-5955.json @@ -1,4 +1,27 @@ [ + { + "id": 148261072, + "name": "GitStackRCE", + "full_name": "cisp\/GitStackRCE", + "owner": { + "login": "cisp", + "id": 11972644, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11972644?v=4", + "html_url": "https:\/\/github.com\/cisp" + }, + "html_url": "https:\/\/github.com\/cisp\/GitStackRCE", + "description": "GitStackRCE漏洞(CVE-2018-5955)EXP", + "fork": false, + "created_at": "2018-09-11T04:39:43Z", + "updated_at": "2018-09-21T15:13:18Z", + "pushed_at": "2018-09-11T04:40:52Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, { "id": 229491909, "name": "Cerberus", diff --git a/2018/CVE-2018-6389.json b/2018/CVE-2018-6389.json index 559c236ad9..fa257343f5 100644 --- a/2018/CVE-2018-6389.json +++ b/2018/CVE-2018-6389.json @@ -344,6 +344,75 @@ "watchers": 0, "score": 0 }, + { + "id": 146678844, + "name": "trellis-cve-2018-6389", + "full_name": "ItinerisLtd\/trellis-cve-2018-6389", + "owner": { + "login": "ItinerisLtd", + "id": 32365928, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/32365928?v=4", + "html_url": "https:\/\/github.com\/ItinerisLtd" + }, + "html_url": "https:\/\/github.com\/ItinerisLtd\/trellis-cve-2018-6389", + "description": "Mitigate CVE-2018-6389 WordPress load-scripts \/ load-styles attacks", + "fork": false, + "created_at": "2018-08-30T01:25:20Z", + "updated_at": "2020-08-11T04:43:27Z", + "pushed_at": "2018-08-30T01:47:48Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 0, + "forks": 0, + "watchers": 7, + "score": 0 + }, + { + "id": 155115549, + "name": "Wordpress-DOS", + "full_name": "Zazzzles\/Wordpress-DOS", + "owner": { + "login": "Zazzzles", + "id": 16189557, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16189557?v=4", + "html_url": "https:\/\/github.com\/Zazzzles" + }, + "html_url": "https:\/\/github.com\/Zazzzles\/Wordpress-DOS", + "description": "Exploit for vulnerability CVE-2018-6389 on wordpress sites", + "fork": false, + "created_at": "2018-10-28T21:05:04Z", + "updated_at": "2020-06-17T01:53:45Z", + "pushed_at": "2018-11-01T06:45:17Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 2, + "forks": 2, + "watchers": 4, + "score": 0 + }, + { + "id": 164352797, + "name": "tvsz", + "full_name": "fakedob\/tvsz", + "owner": { + "login": "fakedob", + "id": 8687970, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8687970?v=4", + "html_url": "https:\/\/github.com\/fakedob" + }, + "html_url": "https:\/\/github.com\/fakedob\/tvsz", + "description": "CVE-2018-6389 PoC node js multisite with proxy", + "fork": false, + "created_at": "2019-01-06T22:57:48Z", + "updated_at": "2019-07-08T20:41:54Z", + "pushed_at": "2019-01-06T23:37:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 220969745, "name": "Wordpress-DOS-Attack-CVE-2018-6389", diff --git a/2018/CVE-2018-6546.json b/2018/CVE-2018-6546.json index 5b68e3c274..f0b91e0906 100644 --- a/2018/CVE-2018-6546.json +++ b/2018/CVE-2018-6546.json @@ -21,5 +21,28 @@ "forks": 10, "watchers": 42, "score": 0 + }, + { + "id": 142284375, + "name": "CVE-2018-6546", + "full_name": "YanZiShuang\/CVE-2018-6546", + "owner": { + "login": "YanZiShuang", + "id": 41621080, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/41621080?v=4", + "html_url": "https:\/\/github.com\/YanZiShuang" + }, + "html_url": "https:\/\/github.com\/YanZiShuang\/CVE-2018-6546", + "description": null, + "fork": false, + "created_at": "2018-07-25T10:22:53Z", + "updated_at": "2019-09-02T13:24:16Z", + "pushed_at": "2018-07-25T11:59:09Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 0, + "forks": 0, + "watchers": 3, + "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-6574.json b/2018/CVE-2018-6574.json index 13cc5740d7..eb242cf725 100644 --- a/2018/CVE-2018-6574.json +++ b/2018/CVE-2018-6574.json @@ -114,6 +114,98 @@ "watchers": 0, "score": 0 }, + { + "id": 150020637, + "name": "cve-2018-6574", + "full_name": "kenprice\/cve-2018-6574", + "owner": { + "login": "kenprice", + "id": 8813522, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/8813522?v=4", + "html_url": "https:\/\/github.com\/kenprice" + }, + "html_url": "https:\/\/github.com\/kenprice\/cve-2018-6574", + "description": null, + "fork": false, + "created_at": "2018-09-23T20:00:38Z", + "updated_at": "2018-09-23T20:17:54Z", + "pushed_at": "2018-09-23T20:16:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 155760240, + "name": "cve-2018-6574", + "full_name": "redirected\/cve-2018-6574", + "owner": { + "login": "redirected", + "id": 11227335, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/11227335?v=4", + "html_url": "https:\/\/github.com\/redirected" + }, + "html_url": "https:\/\/github.com\/redirected\/cve-2018-6574", + "description": null, + "fork": false, + "created_at": "2018-11-01T18:44:35Z", + "updated_at": "2018-11-01T18:57:35Z", + "pushed_at": "2018-11-01T18:57:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 162044535, + "name": "CVE-2018-6574-POC", + "full_name": "20matan\/CVE-2018-6574-POC", + "owner": { + "login": "20matan", + "id": 10909504, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10909504?v=4", + "html_url": "https:\/\/github.com\/20matan" + }, + "html_url": "https:\/\/github.com\/20matan\/CVE-2018-6574-POC", + "description": null, + "fork": false, + "created_at": "2018-12-16T21:55:27Z", + "updated_at": "2018-12-16T22:02:50Z", + "pushed_at": "2018-12-16T22:02:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 163056409, + "name": "Zur-Go-GET-RCE-Solution", + "full_name": "zur250\/Zur-Go-GET-RCE-Solution", + "owner": { + "login": "zur250", + "id": 14151749, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/14151749?v=4", + "html_url": "https:\/\/github.com\/zur250" + }, + "html_url": "https:\/\/github.com\/zur250\/Zur-Go-GET-RCE-Solution", + "description": "CVE-2018-6574", + "fork": false, + "created_at": "2018-12-25T07:08:55Z", + "updated_at": "2018-12-25T07:48:09Z", + "pushed_at": "2020-05-05T05:28:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 163621881, "name": "cve-2018-6574", @@ -137,6 +229,52 @@ "watchers": 1, "score": 0 }, + { + "id": 165045501, + "name": "go-get-rce", + "full_name": "veter069\/go-get-rce", + "owner": { + "login": "veter069", + "id": 4894034, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4894034?v=4", + "html_url": "https:\/\/github.com\/veter069" + }, + "html_url": "https:\/\/github.com\/veter069\/go-get-rce", + "description": "CVE-2018-6574", + "fork": false, + "created_at": "2019-01-10T11:09:06Z", + "updated_at": "2019-01-11T05:02:16Z", + "pushed_at": "2019-01-11T05:02:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 166348598, + "name": "CVE-2018-6574-POC", + "full_name": "duckzsc2\/CVE-2018-6574-POC", + "owner": { + "login": "duckzsc2", + "id": 6966941, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6966941?v=4", + "html_url": "https:\/\/github.com\/duckzsc2" + }, + "html_url": "https:\/\/github.com\/duckzsc2\/CVE-2018-6574-POC", + "description": null, + "fork": false, + "created_at": "2019-01-18T05:22:25Z", + "updated_at": "2019-01-21T00:16:50Z", + "pushed_at": "2019-01-21T00:16:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 173063738, "name": "CVE-2018-6574", diff --git a/2018/CVE-2018-6643.json b/2018/CVE-2018-6643.json new file mode 100644 index 0000000000..178d45d2bb --- /dev/null +++ b/2018/CVE-2018-6643.json @@ -0,0 +1,25 @@ +[ + { + "id": 146195248, + "name": "CVE-2018-6643", + "full_name": "undefinedmode\/CVE-2018-6643", + "owner": { + "login": "undefinedmode", + "id": 4165481, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4165481?v=4", + "html_url": "https:\/\/github.com\/undefinedmode" + }, + "html_url": "https:\/\/github.com\/undefinedmode\/CVE-2018-6643", + "description": "CVE-2018-6643", + "fork": false, + "created_at": "2018-08-26T16:03:08Z", + "updated_at": "2018-08-27T13:36:10Z", + "pushed_at": "2018-08-28T23:03:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-6961.json b/2018/CVE-2018-6961.json index c3cfbe2cc4..ff5beacd12 100644 --- a/2018/CVE-2018-6961.json +++ b/2018/CVE-2018-6961.json @@ -1,4 +1,27 @@ [ + { + "id": 148533057, + "name": "CVE-2018-6961", + "full_name": "bokanrb\/CVE-2018-6961", + "owner": { + "login": "bokanrb", + "id": 25235094, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25235094?v=4", + "html_url": "https:\/\/github.com\/bokanrb" + }, + "html_url": "https:\/\/github.com\/bokanrb\/CVE-2018-6961", + "description": "veloCloud VMWare - Vulnerability", + "fork": false, + "created_at": "2018-09-12T19:44:15Z", + "updated_at": "2019-06-30T13:01:22Z", + "pushed_at": "2019-01-28T22:42:49Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, { "id": 169735606, "name": "CVE-2018-6961", diff --git a/2018/CVE-2018-7422.json b/2018/CVE-2018-7422.json new file mode 100644 index 0000000000..453eea5d4a --- /dev/null +++ b/2018/CVE-2018-7422.json @@ -0,0 +1,25 @@ +[ + { + "id": 156874990, + "name": "CVE-2018-7422", + "full_name": "0x00-0x00\/CVE-2018-7422", + "owner": { + "login": "0x00-0x00", + "id": 23364530, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23364530?v=4", + "html_url": "https:\/\/github.com\/0x00-0x00" + }, + "html_url": "https:\/\/github.com\/0x00-0x00\/CVE-2018-7422", + "description": "Wordpress plugin Site-Editor v1.1.1 LFI exploit", + "fork": false, + "created_at": "2018-11-09T14:42:57Z", + "updated_at": "2019-09-27T14:14:03Z", + "pushed_at": "2018-11-09T14:43:08Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-7489.json b/2018/CVE-2018-7489.json new file mode 100644 index 0000000000..13768fc252 --- /dev/null +++ b/2018/CVE-2018-7489.json @@ -0,0 +1,25 @@ +[ + { + "id": 158225407, + "name": "CVE-2018-7489", + "full_name": "tafamace\/CVE-2018-7489", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-7489", + "description": null, + "fork": false, + "created_at": "2018-11-19T13:13:27Z", + "updated_at": "2018-11-19T13:23:28Z", + "pushed_at": "2018-11-19T13:23:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-7600.json b/2018/CVE-2018-7600.json index 344e8f6e54..f5c614f9fe 100644 --- a/2018/CVE-2018-7600.json +++ b/2018/CVE-2018-7600.json @@ -390,6 +390,29 @@ "watchers": 0, "score": 0 }, + { + "id": 140643631, + "name": "CVE-2018-7600", + "full_name": "happynote3966\/CVE-2018-7600", + "owner": { + "login": "happynote3966", + "id": 19719330, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19719330?v=4", + "html_url": "https:\/\/github.com\/happynote3966" + }, + "html_url": "https:\/\/github.com\/happynote3966\/CVE-2018-7600", + "description": null, + "fork": false, + "created_at": "2018-07-12T01:12:44Z", + "updated_at": "2018-07-17T03:24:11Z", + "pushed_at": "2018-07-17T03:24:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 151199861, "name": "CVE-2018-7600-Drupal-RCE", @@ -436,6 +459,29 @@ "watchers": 4, "score": 0 }, + { + "id": 164355216, + "name": "cve-2018-7600", + "full_name": "cved-sources\/cve-2018-7600", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-7600", + "description": "cve-2018-7600", + "fork": false, + "created_at": "2019-01-06T23:41:33Z", + "updated_at": "2019-01-06T23:42:37Z", + "pushed_at": "2019-01-06T23:42:35Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 175778651, "name": "codeql-scanner", diff --git a/2018/CVE-2018-7602.json b/2018/CVE-2018-7602.json index ef011e25a9..a25e194e0e 100644 --- a/2018/CVE-2018-7602.json +++ b/2018/CVE-2018-7602.json @@ -22,6 +22,52 @@ "watchers": 5, "score": 0 }, + { + "id": 140663638, + "name": "CVE-2018-7602", + "full_name": "happynote3966\/CVE-2018-7602", + "owner": { + "login": "happynote3966", + "id": 19719330, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19719330?v=4", + "html_url": "https:\/\/github.com\/happynote3966" + }, + "html_url": "https:\/\/github.com\/happynote3966\/CVE-2018-7602", + "description": null, + "fork": false, + "created_at": "2018-07-12T05:08:14Z", + "updated_at": "2018-07-17T02:57:18Z", + "pushed_at": "2018-07-17T02:57:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 155205612, + "name": "CVE-2018-7602", + "full_name": "kastellanos\/CVE-2018-7602", + "owner": { + "login": "kastellanos", + "id": 4370845, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4370845?v=4", + "html_url": "https:\/\/github.com\/kastellanos" + }, + "html_url": "https:\/\/github.com\/kastellanos\/CVE-2018-7602", + "description": null, + "fork": false, + "created_at": "2018-10-29T12:08:53Z", + "updated_at": "2019-01-14T19:29:10Z", + "pushed_at": "2019-01-14T19:29:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 274906170, "name": "DrupalCVE-2018-7602", diff --git a/2018/CVE-2018-7690.json b/2018/CVE-2018-7690.json new file mode 100644 index 0000000000..416b898a6e --- /dev/null +++ b/2018/CVE-2018-7690.json @@ -0,0 +1,25 @@ +[ + { + "id": 159177319, + "name": "CVE-2018-7690", + "full_name": "alt3kx\/CVE-2018-7690", + "owner": { + "login": "alt3kx", + "id": 3140111, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3140111?v=4", + "html_url": "https:\/\/github.com\/alt3kx" + }, + "html_url": "https:\/\/github.com\/alt3kx\/CVE-2018-7690", + "description": "The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities in Fortify Software Security Center (SSC) 17.10, 17.20 & 18.10 ", + "fork": false, + "created_at": "2018-11-26T13:52:45Z", + "updated_at": "2018-12-15T11:14:26Z", + "pushed_at": "2018-12-15T11:14:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-7691.json b/2018/CVE-2018-7691.json new file mode 100644 index 0000000000..dfcef2582b --- /dev/null +++ b/2018/CVE-2018-7691.json @@ -0,0 +1,25 @@ +[ + { + "id": 159177517, + "name": "CVE-2018-7691", + "full_name": "alt3kx\/CVE-2018-7691", + "owner": { + "login": "alt3kx", + "id": 3140111, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3140111?v=4", + "html_url": "https:\/\/github.com\/alt3kx" + }, + "html_url": "https:\/\/github.com\/alt3kx\/CVE-2018-7691", + "description": "The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities in Fortify Software Security Center (SSC) 17.10, 17.20 & 18.10 ", + "fork": false, + "created_at": "2018-11-26T13:54:08Z", + "updated_at": "2020-12-28T14:43:04Z", + "pushed_at": "2018-12-15T11:18:54Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-7750.json b/2018/CVE-2018-7750.json new file mode 100644 index 0000000000..cab1dc65d7 --- /dev/null +++ b/2018/CVE-2018-7750.json @@ -0,0 +1,25 @@ +[ + { + "id": 156363089, + "name": "CVE-2018-7750", + "full_name": "jm33-m0\/CVE-2018-7750", + "owner": { + "login": "jm33-m0", + "id": 10167884, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10167884?v=4", + "html_url": "https:\/\/github.com\/jm33-m0" + }, + "html_url": "https:\/\/github.com\/jm33-m0\/CVE-2018-7750", + "description": "an RCE (remote command execution) approach of CVE-2018-7750", + "fork": false, + "created_at": "2018-11-06T10:01:13Z", + "updated_at": "2020-04-06T10:57:16Z", + "pushed_at": "2018-11-06T10:10:31Z", + "stargazers_count": 17, + "watchers_count": 17, + "forks_count": 8, + "forks": 8, + "watchers": 17, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8021.json b/2018/CVE-2018-8021.json new file mode 100644 index 0000000000..b29b64efee --- /dev/null +++ b/2018/CVE-2018-8021.json @@ -0,0 +1,25 @@ +[ + { + "id": 160079576, + "name": "Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021", + "full_name": "r3dxpl0it\/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021", + "owner": { + "login": "r3dxpl0it", + "id": 43002597, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43002597?v=4", + "html_url": "https:\/\/github.com\/r3dxpl0it" + }, + "html_url": "https:\/\/github.com\/r3dxpl0it\/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021", + "description": "CVE-2018-8021 Proof-Of-Concept and Exploit ", + "fork": false, + "created_at": "2018-12-02T19:01:17Z", + "updated_at": "2020-12-14T07:02:58Z", + "pushed_at": "2018-12-03T21:13:00Z", + "stargazers_count": 104, + "watchers_count": 104, + "forks_count": 18, + "forks": 18, + "watchers": 104, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8038.json b/2018/CVE-2018-8038.json new file mode 100644 index 0000000000..b64100d260 --- /dev/null +++ b/2018/CVE-2018-8038.json @@ -0,0 +1,25 @@ +[ + { + "id": 158217015, + "name": "CVE-2018-8038", + "full_name": "tafamace\/CVE-2018-8038", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-8038", + "description": null, + "fork": false, + "created_at": "2018-11-19T12:14:45Z", + "updated_at": "2018-11-19T12:37:32Z", + "pushed_at": "2018-11-19T12:37:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8039.json b/2018/CVE-2018-8039.json new file mode 100644 index 0000000000..744f3612c7 --- /dev/null +++ b/2018/CVE-2018-8039.json @@ -0,0 +1,25 @@ +[ + { + "id": 158216115, + "name": "CVE-2018-8039", + "full_name": "tafamace\/CVE-2018-8039", + "owner": { + "login": "tafamace", + "id": 45160113, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45160113?v=4", + "html_url": "https:\/\/github.com\/tafamace" + }, + "html_url": "https:\/\/github.com\/tafamace\/CVE-2018-8039", + "description": null, + "fork": false, + "created_at": "2018-11-19T12:08:07Z", + "updated_at": "2018-11-19T12:29:15Z", + "pushed_at": "2018-11-19T12:29:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8090.json b/2018/CVE-2018-8090.json new file mode 100644 index 0000000000..7bc3cc026a --- /dev/null +++ b/2018/CVE-2018-8090.json @@ -0,0 +1,25 @@ +[ + { + "id": 141976453, + "name": "CVE-2018-8090", + "full_name": "kernelm0de\/CVE-2018-8090", + "owner": { + "login": "kernelm0de", + "id": 30472260, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30472260?v=4", + "html_url": "https:\/\/github.com\/kernelm0de" + }, + "html_url": "https:\/\/github.com\/kernelm0de\/CVE-2018-8090", + "description": "DLL Hijacking in Quickheal Total Security\/ Internet Security\/ Antivirus Pro (Installers)", + "fork": false, + "created_at": "2018-07-23T07:17:07Z", + "updated_at": "2019-01-22T12:46:02Z", + "pushed_at": "2018-07-26T13:39:28Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 2, + "forks": 2, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8120.json b/2018/CVE-2018-8120.json index 1b7b6feab1..6aa5d83c4b 100644 --- a/2018/CVE-2018-8120.json +++ b/2018/CVE-2018-8120.json @@ -114,6 +114,75 @@ "watchers": 2, "score": 0 }, + { + "id": 140512208, + "name": "CVE-2018-8120", + "full_name": "EVOL4\/CVE-2018-8120", + "owner": { + "login": "EVOL4", + "id": 26862344, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26862344?v=4", + "html_url": "https:\/\/github.com\/EVOL4" + }, + "html_url": "https:\/\/github.com\/EVOL4\/CVE-2018-8120", + "description": "dd", + "fork": false, + "created_at": "2018-07-11T02:41:16Z", + "updated_at": "2018-11-16T12:24:05Z", + "pushed_at": "2018-08-10T13:06:04Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + }, + { + "id": 144975276, + "name": "CVE-2018-8120", + "full_name": "ozkanbilge\/CVE-2018-8120", + "owner": { + "login": "ozkanbilge", + "id": 39211596, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/39211596?v=4", + "html_url": "https:\/\/github.com\/ozkanbilge" + }, + "html_url": "https:\/\/github.com\/ozkanbilge\/CVE-2018-8120", + "description": "CVE-2018-8120 Windows LPE exploit", + "fork": false, + "created_at": "2018-08-16T10:51:00Z", + "updated_at": "2020-10-20T17:21:43Z", + "pushed_at": "2018-08-16T10:53:19Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + }, + { + "id": 162424739, + "name": "CVE-2018-8120", + "full_name": "qiantu88\/CVE-2018-8120", + "owner": { + "login": "qiantu88", + "id": 35452263, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/35452263?v=4", + "html_url": "https:\/\/github.com\/qiantu88" + }, + "html_url": "https:\/\/github.com\/qiantu88\/CVE-2018-8120", + "description": null, + "fork": false, + "created_at": "2018-12-19T10:58:55Z", + "updated_at": "2018-12-19T10:59:30Z", + "pushed_at": "2018-12-19T10:59:27Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 197940307, "name": "cve-2018-8120-exp", diff --git a/2018/CVE-2018-8172.json b/2018/CVE-2018-8172.json new file mode 100644 index 0000000000..5e4d083932 --- /dev/null +++ b/2018/CVE-2018-8172.json @@ -0,0 +1,25 @@ +[ + { + "id": 145187210, + "name": "CVE-2018-8172", + "full_name": "SyFi\/CVE-2018-8172", + "owner": { + "login": "SyFi", + "id": 26314806, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/26314806?v=4", + "html_url": "https:\/\/github.com\/SyFi" + }, + "html_url": "https:\/\/github.com\/SyFi\/CVE-2018-8172", + "description": "Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability", + "fork": false, + "created_at": "2018-08-18T03:37:15Z", + "updated_at": "2020-10-21T22:16:11Z", + "pushed_at": "2018-08-18T03:56:36Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 3, + "forks": 3, + "watchers": 3, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8174.json b/2018/CVE-2018-8174.json index 61882eeb98..fa9bf84e29 100644 --- a/2018/CVE-2018-8174.json +++ b/2018/CVE-2018-8174.json @@ -91,6 +91,52 @@ "watchers": 1, "score": 0 }, + { + "id": 140478620, + "name": "cve-2018-8174_analysis", + "full_name": "piotrflorczyk\/cve-2018-8174_analysis", + "owner": { + "login": "piotrflorczyk", + "id": 7830144, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7830144?v=4", + "html_url": "https:\/\/github.com\/piotrflorczyk" + }, + "html_url": "https:\/\/github.com\/piotrflorczyk\/cve-2018-8174_analysis", + "description": "Analysis of VBS exploit CVE-2018-8174", + "fork": false, + "created_at": "2018-07-10T19:31:25Z", + "updated_at": "2021-03-09T02:04:07Z", + "pushed_at": "2018-07-12T08:35:13Z", + "stargazers_count": 15, + "watchers_count": 15, + "forks_count": 16, + "forks": 16, + "watchers": 15, + "score": 0 + }, + { + "id": 147615569, + "name": "CVE-2018-8174-msf", + "full_name": "likescam\/CVE-2018-8174-msf", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2018-8174-msf", + "description": null, + "fork": false, + "created_at": "2018-09-06T04:03:25Z", + "updated_at": "2018-09-06T04:03:37Z", + "pushed_at": "2018-09-06T04:03:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 188212551, "name": "ie11_vbscript_exploit", diff --git a/2018/CVE-2018-8208.json b/2018/CVE-2018-8208.json new file mode 100644 index 0000000000..433d699d8b --- /dev/null +++ b/2018/CVE-2018-8208.json @@ -0,0 +1,25 @@ +[ + { + "id": 144541015, + "name": "CVE-2018-8208", + "full_name": "kaisaryousuf\/CVE-2018-8208", + "owner": { + "login": "kaisaryousuf", + "id": 27071719, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/27071719?v=4", + "html_url": "https:\/\/github.com\/kaisaryousuf" + }, + "html_url": "https:\/\/github.com\/kaisaryousuf\/CVE-2018-8208", + "description": null, + "fork": false, + "created_at": "2018-08-13T06:56:11Z", + "updated_at": "2018-11-12T16:22:38Z", + "pushed_at": "2018-06-21T15:06:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 2, + "forks": 2, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8353.json b/2018/CVE-2018-8353.json new file mode 100644 index 0000000000..24c17a3572 --- /dev/null +++ b/2018/CVE-2018-8353.json @@ -0,0 +1,25 @@ +[ + { + "id": 148192905, + "name": "CVE-2018-8353-POC", + "full_name": "whereisr0da\/CVE-2018-8353-POC", + "owner": { + "login": "whereisr0da", + "id": 37551872, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37551872?v=4", + "html_url": "https:\/\/github.com\/whereisr0da" + }, + "html_url": "https:\/\/github.com\/whereisr0da\/CVE-2018-8353-POC", + "description": "Simple poc of CVE-2018-8353 Microsoft Scripting Engine Use After Free", + "fork": false, + "created_at": "2018-09-10T17:28:05Z", + "updated_at": "2018-10-15T01:07:56Z", + "pushed_at": "2018-09-10T17:32:49Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 4, + "forks": 4, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8420.json b/2018/CVE-2018-8420.json new file mode 100644 index 0000000000..7023a6c566 --- /dev/null +++ b/2018/CVE-2018-8420.json @@ -0,0 +1,25 @@ +[ + { + "id": 148446677, + "name": "CVE-2018-8420", + "full_name": "idkwim\/CVE-2018-8420", + "owner": { + "login": "idkwim", + "id": 4337087, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4337087?v=4", + "html_url": "https:\/\/github.com\/idkwim" + }, + "html_url": "https:\/\/github.com\/idkwim\/CVE-2018-8420", + "description": null, + "fork": false, + "created_at": "2018-09-12T08:22:54Z", + "updated_at": "2020-10-21T22:16:16Z", + "pushed_at": "2018-09-12T03:50:14Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 53, + "forks": 53, + "watchers": 3, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8440.json b/2018/CVE-2018-8440.json new file mode 100644 index 0000000000..afce0f88f3 --- /dev/null +++ b/2018/CVE-2018-8440.json @@ -0,0 +1,25 @@ +[ + { + "id": 155593957, + "name": "CVE-2018-8440", + "full_name": "sourceincite\/CVE-2018-8440", + "owner": { + "login": "sourceincite", + "id": 13770985, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/13770985?v=4", + "html_url": "https:\/\/github.com\/sourceincite" + }, + "html_url": "https:\/\/github.com\/sourceincite\/CVE-2018-8440", + "description": "CVE-2018-8440 standalone exploit", + "fork": false, + "created_at": "2018-10-31T17:00:43Z", + "updated_at": "2021-03-01T08:16:12Z", + "pushed_at": "2018-10-31T19:05:17Z", + "stargazers_count": 72, + "watchers_count": 72, + "forks_count": 23, + "forks": 23, + "watchers": 72, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8453.json b/2018/CVE-2018-8453.json index d3760e4bc1..fa50b9b37a 100644 --- a/2018/CVE-2018-8453.json +++ b/2018/CVE-2018-8453.json @@ -1,4 +1,27 @@ [ + { + "id": 166348798, + "name": "cve-2018-8453-exp", + "full_name": "Mkv4\/cve-2018-8453-exp", + "owner": { + "login": "Mkv4", + "id": 28436576, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/28436576?v=4", + "html_url": "https:\/\/github.com\/Mkv4" + }, + "html_url": "https:\/\/github.com\/Mkv4\/cve-2018-8453-exp", + "description": "cve-2018-8453 exp", + "fork": false, + "created_at": "2019-01-18T05:24:22Z", + "updated_at": "2020-02-26T06:25:56Z", + "pushed_at": "2019-01-18T05:23:54Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 9, + "forks": 9, + "watchers": 1, + "score": 0 + }, { "id": 166389170, "name": "cve-2018-8453-exp", diff --git a/2018/CVE-2018-8495.json b/2018/CVE-2018-8495.json new file mode 100644 index 0000000000..980b31a679 --- /dev/null +++ b/2018/CVE-2018-8495.json @@ -0,0 +1,25 @@ +[ + { + "id": 152781400, + "name": "CVE-2018-8495-POC", + "full_name": "whereisr0da\/CVE-2018-8495-POC", + "owner": { + "login": "whereisr0da", + "id": 37551872, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37551872?v=4", + "html_url": "https:\/\/github.com\/whereisr0da" + }, + "html_url": "https:\/\/github.com\/whereisr0da\/CVE-2018-8495-POC", + "description": "Simple poc of CVE-2018-8495 Microsoft Edge Remote Code Execution", + "fork": false, + "created_at": "2018-10-12T16:49:57Z", + "updated_at": "2019-01-11T09:07:45Z", + "pushed_at": "2018-10-12T16:52:34Z", + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 8, + "forks": 8, + "watchers": 8, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-8581.json b/2018/CVE-2018-8581.json index bdc5b714bf..7889f5a93f 100644 --- a/2018/CVE-2018-8581.json +++ b/2018/CVE-2018-8581.json @@ -1,4 +1,50 @@ [ + { + "id": 163256409, + "name": "CVE-2018-8581", + "full_name": "WyAtu\/CVE-2018-8581", + "owner": { + "login": "WyAtu", + "id": 23521935, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23521935?v=4", + "html_url": "https:\/\/github.com\/WyAtu" + }, + "html_url": "https:\/\/github.com\/WyAtu\/CVE-2018-8581", + "description": "CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability", + "fork": false, + "created_at": "2018-12-27T06:30:32Z", + "updated_at": "2021-03-28T06:04:00Z", + "pushed_at": "2018-12-30T11:53:08Z", + "stargazers_count": 322, + "watchers_count": 322, + "forks_count": 113, + "forks": 113, + "watchers": 322, + "score": 0 + }, + { + "id": 163425981, + "name": "CVE-2018-8581", + "full_name": "qiantu88\/CVE-2018-8581", + "owner": { + "login": "qiantu88", + "id": 35452263, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/35452263?v=4", + "html_url": "https:\/\/github.com\/qiantu88" + }, + "html_url": "https:\/\/github.com\/qiantu88\/CVE-2018-8581", + "description": "CVE-2018-8581", + "fork": false, + "created_at": "2018-12-28T15:47:32Z", + "updated_at": "2019-02-07T04:37:49Z", + "pushed_at": "2018-12-28T15:47:53Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 0, + "forks": 0, + "watchers": 5, + "score": 0 + }, { "id": 167313064, "name": "Exchange2domain", diff --git a/2018/CVE-2018-8897.json b/2018/CVE-2018-8897.json index c2c02827fa..60f2c4e43e 100644 --- a/2018/CVE-2018-8897.json +++ b/2018/CVE-2018-8897.json @@ -67,5 +67,28 @@ "forks": 109, "watchers": 389, "score": 0 + }, + { + "id": 144062105, + "name": "syscall_exploit_CVE-2018-8897", + "full_name": "nmulasmajic\/syscall_exploit_CVE-2018-8897", + "owner": { + "login": "nmulasmajic", + "id": 30013958, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30013958?v=4", + "html_url": "https:\/\/github.com\/nmulasmajic" + }, + "html_url": "https:\/\/github.com\/nmulasmajic\/syscall_exploit_CVE-2018-8897", + "description": "Implements the POP\/MOV SS (CVE-2018-8897) vulnerability by leveraging SYSCALL to perform a local privilege escalation (LPE).", + "fork": false, + "created_at": "2018-08-08T20:04:56Z", + "updated_at": "2021-03-15T13:20:03Z", + "pushed_at": "2018-08-08T20:12:20Z", + "stargazers_count": 108, + "watchers_count": 108, + "forks_count": 25, + "forks": 25, + "watchers": 108, + "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-9075.json b/2018/CVE-2018-9075.json new file mode 100644 index 0000000000..231478bd8a --- /dev/null +++ b/2018/CVE-2018-9075.json @@ -0,0 +1,25 @@ +[ + { + "id": 150627369, + "name": "cve-2018-9075", + "full_name": "beverlymiller818\/cve-2018-9075", + "owner": { + "login": "beverlymiller818", + "id": 43651541, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43651541?v=4", + "html_url": "https:\/\/github.com\/beverlymiller818" + }, + "html_url": "https:\/\/github.com\/beverlymiller818\/cve-2018-9075", + "description": null, + "fork": false, + "created_at": "2018-09-27T17:58:00Z", + "updated_at": "2018-09-27T19:26:57Z", + "pushed_at": "2018-09-27T19:27:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9206.json b/2018/CVE-2018-9206.json new file mode 100644 index 0000000000..22db8bb197 --- /dev/null +++ b/2018/CVE-2018-9206.json @@ -0,0 +1,71 @@ +[ + { + "id": 154178141, + "name": "CVE-2018-9206", + "full_name": "Den1al\/CVE-2018-9206", + "owner": { + "login": "Den1al", + "id": 7230603, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7230603?v=4", + "html_url": "https:\/\/github.com\/Den1al" + }, + "html_url": "https:\/\/github.com\/Den1al\/CVE-2018-9206", + "description": "A Python PoC for CVE-2018-9206", + "fork": false, + "created_at": "2018-10-22T16:33:22Z", + "updated_at": "2021-02-20T07:43:16Z", + "pushed_at": "2018-10-22T16:49:08Z", + "stargazers_count": 14, + "watchers_count": 14, + "forks_count": 12, + "forks": 12, + "watchers": 14, + "score": 0 + }, + { + "id": 154564555, + "name": "JQShell", + "full_name": "Stahlz\/JQShell", + "owner": { + "login": "Stahlz", + "id": 4689086, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4689086?v=4", + "html_url": "https:\/\/github.com\/Stahlz" + }, + "html_url": "https:\/\/github.com\/Stahlz\/JQShell", + "description": "A weaponized version of CVE-2018-9206", + "fork": false, + "created_at": "2018-10-24T20:24:20Z", + "updated_at": "2020-10-26T09:05:01Z", + "pushed_at": "2018-10-30T01:48:42Z", + "stargazers_count": 63, + "watchers_count": 63, + "forks_count": 16, + "forks": 16, + "watchers": 63, + "score": 0 + }, + { + "id": 165319420, + "name": "cve-2018-9206", + "full_name": "cved-sources\/cve-2018-9206", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-9206", + "description": "cve-2018-9206", + "fork": false, + "created_at": "2019-01-11T22:23:06Z", + "updated_at": "2019-02-01T21:33:23Z", + "pushed_at": "2019-02-01T21:33:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9207.json b/2018/CVE-2018-9207.json new file mode 100644 index 0000000000..9a2917bcb1 --- /dev/null +++ b/2018/CVE-2018-9207.json @@ -0,0 +1,25 @@ +[ + { + "id": 165325751, + "name": "cve-2018-9207", + "full_name": "cved-sources\/cve-2018-9207", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-9207", + "description": "cve-2018-9207", + "fork": false, + "created_at": "2019-01-11T23:34:00Z", + "updated_at": "2019-02-01T21:34:00Z", + "pushed_at": "2019-02-01T21:33:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9208.json b/2018/CVE-2018-9208.json new file mode 100644 index 0000000000..bb4ad76294 --- /dev/null +++ b/2018/CVE-2018-9208.json @@ -0,0 +1,25 @@ +[ + { + "id": 165319911, + "name": "cve-2018-9208", + "full_name": "cved-sources\/cve-2018-9208", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2018-9208", + "description": "cve-2018-9208", + "fork": false, + "created_at": "2019-01-11T22:28:36Z", + "updated_at": "2019-02-01T21:34:49Z", + "pushed_at": "2019-02-01T21:34:47Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9411.json b/2018/CVE-2018-9411.json new file mode 100644 index 0000000000..5adca1c6bf --- /dev/null +++ b/2018/CVE-2018-9411.json @@ -0,0 +1,25 @@ +[ + { + "id": 155439217, + "name": "CVE-2018-9411", + "full_name": "tamirzb\/CVE-2018-9411", + "owner": { + "login": "tamirzb", + "id": 1054209, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1054209?v=4", + "html_url": "https:\/\/github.com\/tamirzb" + }, + "html_url": "https:\/\/github.com\/tamirzb\/CVE-2018-9411", + "description": "Exploit code for CVE-2018-9411 for MediaCasService", + "fork": false, + "created_at": "2018-10-30T18:48:20Z", + "updated_at": "2021-02-18T07:26:59Z", + "pushed_at": "2018-10-30T21:51:16Z", + "stargazers_count": 48, + "watchers_count": 48, + "forks_count": 14, + "forks": 14, + "watchers": 48, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9539.json b/2018/CVE-2018-9539.json new file mode 100644 index 0000000000..8735a38386 --- /dev/null +++ b/2018/CVE-2018-9539.json @@ -0,0 +1,25 @@ +[ + { + "id": 157086233, + "name": "CVE-2018-9539", + "full_name": "tamirzb\/CVE-2018-9539", + "owner": { + "login": "tamirzb", + "id": 1054209, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1054209?v=4", + "html_url": "https:\/\/github.com\/tamirzb" + }, + "html_url": "https:\/\/github.com\/tamirzb\/CVE-2018-9539", + "description": " PoC code for CVE-2018-9539", + "fork": false, + "created_at": "2018-11-11T14:14:04Z", + "updated_at": "2019-07-11T00:57:55Z", + "pushed_at": "2018-11-11T14:19:32Z", + "stargazers_count": 18, + "watchers_count": 18, + "forks_count": 8, + "forks": 8, + "watchers": 18, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9948.json b/2018/CVE-2018-9948.json new file mode 100644 index 0000000000..3d9694695a --- /dev/null +++ b/2018/CVE-2018-9948.json @@ -0,0 +1,48 @@ +[ + { + "id": 143491453, + "name": "Foxit-Reader-RCE-with-virualalloc-and-shellcode-for-CVE-2018-9948-and-CVE-2018-9958", + "full_name": "manojcode\/Foxit-Reader-RCE-with-virualalloc-and-shellcode-for-CVE-2018-9948-and-CVE-2018-9958", + "owner": { + "login": "manojcode", + "id": 17510282, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/17510282?v=4", + "html_url": "https:\/\/github.com\/manojcode" + }, + "html_url": "https:\/\/github.com\/manojcode\/Foxit-Reader-RCE-with-virualalloc-and-shellcode-for-CVE-2018-9948-and-CVE-2018-9958", + "description": "Foxit Reader version 9.0.1.1049 Use After Free with ASLR and DEP bypass on heap", + "fork": false, + "created_at": "2018-08-04T02:32:28Z", + "updated_at": "2021-03-26T07:34:59Z", + "pushed_at": "2018-09-11T14:19:07Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 2, + "forks": 2, + "watchers": 4, + "score": 0 + }, + { + "id": 145526091, + "name": "cve-2018-9948-9958-exp", + "full_name": "orangepirate\/cve-2018-9948-9958-exp", + "owner": { + "login": "orangepirate", + "id": 40813235, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/40813235?v=4", + "html_url": "https:\/\/github.com\/orangepirate" + }, + "html_url": "https:\/\/github.com\/orangepirate\/cve-2018-9948-9958-exp", + "description": "a exp for cve-2018-9948\/9958 , current shellcode called win-calc ", + "fork": false, + "created_at": "2018-08-21T07:43:38Z", + "updated_at": "2018-08-24T00:18:07Z", + "pushed_at": "2018-08-24T00:18:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-9995.json b/2018/CVE-2018-9995.json index 8f6b52b103..dfe7101618 100644 --- a/2018/CVE-2018-9995.json +++ b/2018/CVE-2018-9995.json @@ -114,6 +114,52 @@ "watchers": 4, "score": 0 }, + { + "id": 150025071, + "name": "DVR-Exploiter", + "full_name": "Cyb0r9\/DVR-Exploiter", + "owner": { + "login": "Cyb0r9", + "id": 43474676, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/43474676?v=4", + "html_url": "https:\/\/github.com\/Cyb0r9" + }, + "html_url": "https:\/\/github.com\/Cyb0r9\/DVR-Exploiter", + "description": "DVR-Exploiter a Bash Script Program Exploit The DVR's Based on CVE-2018-9995", + "fork": false, + "created_at": "2018-09-23T20:58:40Z", + "updated_at": "2020-12-23T20:45:44Z", + "pushed_at": "2018-10-11T16:54:31Z", + "stargazers_count": 81, + "watchers_count": 81, + "forks_count": 42, + "forks": 42, + "watchers": 81, + "score": 0 + }, + { + "id": 167874136, + "name": "CVE-2018-9995", + "full_name": "codeholic2k18\/CVE-2018-9995", + "owner": { + "login": "codeholic2k18", + "id": 47091820, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/47091820?v=4", + "html_url": "https:\/\/github.com\/codeholic2k18" + }, + "html_url": "https:\/\/github.com\/codeholic2k18\/CVE-2018-9995", + "description": "DVR username password recovery.", + "fork": false, + "created_at": "2019-01-28T00:16:48Z", + "updated_at": "2019-01-28T00:26:11Z", + "pushed_at": "2019-01-28T00:26:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 182380838, "name": "CVE-2018-9995-ModifiedByGwolfs", diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index 6b35be7151..4233df0ed6 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -1485,13 +1485,13 @@ "description": "An Attempt to Port BlueKeep PoC from @Ekultek to actual exploits", "fork": false, "created_at": "2019-05-31T00:04:12Z", - "updated_at": "2021-03-29T12:56:53Z", + "updated_at": "2021-04-03T08:09:25Z", "pushed_at": "2021-01-10T04:31:22Z", - "stargazers_count": 343, - "watchers_count": 343, - "forks_count": 120, - "forks": 120, - "watchers": 343, + "stargazers_count": 344, + "watchers_count": 344, + "forks_count": 121, + "forks": 121, + "watchers": 344, "score": 0 }, { @@ -2405,13 +2405,13 @@ "description": "CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell", "fork": false, "created_at": "2020-01-21T02:22:29Z", - "updated_at": "2021-03-29T06:43:02Z", + "updated_at": "2021-04-03T08:25:11Z", "pushed_at": "2020-01-21T03:15:41Z", - "stargazers_count": 198, - "watchers_count": 198, + "stargazers_count": 199, + "watchers_count": 199, "forks_count": 50, "forks": 50, - "watchers": 198, + "watchers": 199, "score": 0 }, { @@ -2529,6 +2529,29 @@ "watchers": 1, "score": 0 }, + { + "id": 318113571, + "name": "Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit", + "full_name": "DeathStroke-source\/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit", + "owner": { + "login": "DeathStroke-source", + "id": 23089257, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/23089257?v=4", + "html_url": "https:\/\/github.com\/DeathStroke-source" + }, + "html_url": "https:\/\/github.com\/DeathStroke-source\/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit", + "description": "Scan through given ip list", + "fork": false, + "created_at": "2020-12-03T07:40:19Z", + "updated_at": "2021-01-29T14:08:43Z", + "pushed_at": "2019-05-22T22:32:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 324765199, "name": "CVE-2019-0708", diff --git a/2019/CVE-2019-13063.json b/2019/CVE-2019-13063.json new file mode 100644 index 0000000000..035005a8a8 --- /dev/null +++ b/2019/CVE-2019-13063.json @@ -0,0 +1,25 @@ +[ + { + "id": 196970646, + "name": "CVE-2019-13063-POC", + "full_name": "0x6b7966\/CVE-2019-13063-POC", + "owner": { + "login": "0x6b7966", + "id": 22814832, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/22814832?v=4", + "html_url": "https:\/\/github.com\/0x6b7966" + }, + "html_url": "https:\/\/github.com\/0x6b7966\/CVE-2019-13063-POC", + "description": "Proof of concept tool to exploit the directory traversal and local file inclusion vulnerability that resides in the Sahi-pro web application CVE-2019-13063", + "fork": false, + "created_at": "2019-07-15T09:45:36Z", + "updated_at": "2019-08-18T02:47:49Z", + "pushed_at": "2019-07-01T19:16:03Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-3396.json b/2019/CVE-2019-3396.json index 4bbf7d53c5..a85e9021a5 100644 --- a/2019/CVE-2019-3396.json +++ b/2019/CVE-2019-3396.json @@ -206,6 +206,29 @@ "watchers": 0, "score": 0 }, + { + "id": 194643451, + "name": "test1", + "full_name": "tanw923\/test1", + "owner": { + "login": "tanw923", + "id": 49778932, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/49778932?v=4", + "html_url": "https:\/\/github.com\/tanw923" + }, + "html_url": "https:\/\/github.com\/tanw923\/test1", + "description": "https:\/\/github.com\/Yt1g3r\/CVE-2019-3396_EXP.git", + "fork": false, + "created_at": "2019-07-01T09:35:17Z", + "updated_at": "2019-07-02T15:24:32Z", + "pushed_at": "2019-07-02T15:24:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 203499284, "name": "CVE-2019-3396-confluence-poc", diff --git a/2019/CVE-2019-5736.json b/2019/CVE-2019-5736.json index 0d78a2c34a..e591ab1aff 100644 --- a/2019/CVE-2019-5736.json +++ b/2019/CVE-2019-5736.json @@ -13,13 +13,13 @@ "description": "Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)", "fork": false, "created_at": "2019-02-12T22:07:47Z", - "updated_at": "2021-03-07T23:42:08Z", + "updated_at": "2021-04-03T03:24:03Z", "pushed_at": "2019-02-20T15:35:34Z", - "stargazers_count": 182, - "watchers_count": 182, + "stargazers_count": 183, + "watchers_count": 183, "forks_count": 62, "forks": 62, - "watchers": 182, + "watchers": 183, "score": 0 }, { diff --git a/2019/CVE-2019-6225.json b/2019/CVE-2019-6225.json index c1bbb1a3de..215af62295 100644 --- a/2019/CVE-2019-6225.json +++ b/2019/CVE-2019-6225.json @@ -44,5 +44,28 @@ "forks": 2, "watchers": 2, "score": 0 + }, + { + "id": 201224192, + "name": "jailbreak-iOS12", + "full_name": "raystyle\/jailbreak-iOS12", + "owner": { + "login": "raystyle", + "id": 3284570, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3284570?v=4", + "html_url": "https:\/\/github.com\/raystyle" + }, + "html_url": "https:\/\/github.com\/raystyle\/jailbreak-iOS12", + "description": "OS 12.0 & 12.1.2 - Jailbreak with CVE-2019-6225", + "fork": false, + "created_at": "2019-08-08T09:22:57Z", + "updated_at": "2019-09-28T04:38:14Z", + "pushed_at": "2019-02-27T12:57:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index 296a204f70..b96a5f9ed4 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -1443,8 +1443,8 @@ "pushed_at": "2020-09-17T01:55:48Z", "stargazers_count": 51, "watchers_count": 51, - "forks_count": 13, - "forks": 13, + "forks_count": 14, + "forks": 14, "watchers": 51, "score": 0 }, diff --git a/2020/CVE-2020-14883.json b/2020/CVE-2020-14883.json index 0137900d7d..ae05324ff6 100644 --- a/2020/CVE-2020-14883.json +++ b/2020/CVE-2020-14883.json @@ -105,13 +105,13 @@ "description": "Alibaba-Nacos-Unauthorized\/ApacheDruid-RCE_CVE-2021-25646\/MS-Exchange-SSRF-CVE-2021-26885\/Oracle-WebLogic-CVE-2021-2109_RCE\/RG-CNVD-2021-14536\/RJ-SSL-VPN-UltraVires\/Redis-Unauthorized-RCE\/TDOA-V11.7-GetOnlineCookie\/VMware-vCenter-GetAnyFile\/yongyou-GRP-U8-XXE\/Oracle-WebLogic-CVE-2020-14883\/Oracle-WebLogic-CVE-2020-14882\/Apache-Solr-GetAnyFile\/F5-BIG-IP-CVE-2021-22986\/Sonicwall-SSL-VPN-RCE\/GitLab-Graphql-CNVD-2021-14193\/D-Link-DCS-CVE-2020-25078\/WLAN-AP-WEA453e-RCE", "fork": false, "created_at": "2021-03-11T22:49:17Z", - "updated_at": "2021-04-02T16:17:00Z", + "updated_at": "2021-04-03T03:55:09Z", "pushed_at": "2021-04-01T13:40:34Z", - "stargazers_count": 297, - "watchers_count": 297, + "stargazers_count": 298, + "watchers_count": 298, "forks_count": 68, "forks": 68, - "watchers": 297, + "watchers": 298, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-5902.json b/2020/CVE-2020-5902.json index b8e981d463..92e648748c 100644 --- a/2020/CVE-2020-5902.json +++ b/2020/CVE-2020-5902.json @@ -1071,13 +1071,13 @@ "description": "Automated F5 Big IP Remote Code Execution (CVE-2020-5902) Scanner Written In Python 3", "fork": false, "created_at": "2020-08-09T11:46:23Z", - "updated_at": "2021-03-15T06:13:38Z", + "updated_at": "2021-04-03T06:58:51Z", "pushed_at": "2020-08-09T12:10:16Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "forks_count": 2, "forks": 2, - "watchers": 6, + "watchers": 7, "score": 0 }, { diff --git a/2021/CVE-2021-1732.json b/2021/CVE-2021-1732.json index ca85301697..c9ac76e1f1 100644 --- a/2021/CVE-2021-1732.json +++ b/2021/CVE-2021-1732.json @@ -13,13 +13,13 @@ "description": "CVE-2021-1732 Exploit", "fork": false, "created_at": "2021-03-05T02:11:10Z", - "updated_at": "2021-04-01T07:16:37Z", + "updated_at": "2021-04-03T07:01:39Z", "pushed_at": "2021-03-05T03:10:26Z", - "stargazers_count": 272, - "watchers_count": 272, + "stargazers_count": 273, + "watchers_count": 273, "forks_count": 59, "forks": 59, - "watchers": 272, + "watchers": 273, "score": 0 }, { diff --git a/2021/CVE-2021-21315.json b/2021/CVE-2021-21315.json index 96b4c4690f..6e177ec85c 100644 --- a/2021/CVE-2021-21315.json +++ b/2021/CVE-2021-21315.json @@ -13,7 +13,7 @@ "description": "CVE 2021-21315 PoC", "fork": false, "created_at": "2021-03-01T18:52:41Z", - "updated_at": "2021-03-28T14:29:45Z", + "updated_at": "2021-04-03T08:29:48Z", "pushed_at": "2021-03-02T00:27:47Z", "stargazers_count": 109, "watchers_count": 109, diff --git a/2021/CVE-2021-21975.json b/2021/CVE-2021-21975.json index 538ace7601..62edcd9294 100644 --- a/2021/CVE-2021-21975.json +++ b/2021/CVE-2021-21975.json @@ -105,13 +105,13 @@ "description": "[CVE-2021-21975] VMware vRealize Operations Manager API Server Side Request Forgery (SSRF)", "fork": false, "created_at": "2021-04-02T21:14:06Z", - "updated_at": "2021-04-02T23:06:50Z", + "updated_at": "2021-04-03T08:56:32Z", "pushed_at": "2021-04-02T23:06:48Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "forks_count": 0, "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-25646.json b/2021/CVE-2021-25646.json index d189ba9fa2..f298858de4 100644 --- a/2021/CVE-2021-25646.json +++ b/2021/CVE-2021-25646.json @@ -105,13 +105,13 @@ "description": "Alibaba-Nacos-Unauthorized\/ApacheDruid-RCE_CVE-2021-25646\/MS-Exchange-SSRF-CVE-2021-26885\/Oracle-WebLogic-CVE-2021-2109_RCE\/RG-CNVD-2021-14536\/RJ-SSL-VPN-UltraVires\/Redis-Unauthorized-RCE\/TDOA-V11.7-GetOnlineCookie\/VMware-vCenter-GetAnyFile\/yongyou-GRP-U8-XXE\/Oracle-WebLogic-CVE-2020-14883\/Oracle-WebLogic-CVE-2020-14882\/Apache-Solr-GetAnyFile\/F5-BIG-IP-CVE-2021-22986\/Sonicwall-SSL-VPN-RCE\/GitLab-Graphql-CNVD-2021-14193\/D-Link-DCS-CVE-2020-25078\/WLAN-AP-WEA453e-RCE", "fork": false, "created_at": "2021-03-11T22:49:17Z", - "updated_at": "2021-04-02T16:17:00Z", + "updated_at": "2021-04-03T03:55:09Z", "pushed_at": "2021-04-01T13:40:34Z", - "stargazers_count": 297, - "watchers_count": 297, + "stargazers_count": 298, + "watchers_count": 298, "forks_count": 68, "forks": 68, - "watchers": 297, + "watchers": 298, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-26943.json b/2021/CVE-2021-26943.json index 1ad065a1db..35013d44ed 100644 --- a/2021/CVE-2021-26943.json +++ b/2021/CVE-2021-26943.json @@ -13,13 +13,13 @@ "description": "The report and the exploit of CVE-2021-26943, the kernel-to-SMM local privilege escalation vulnerability in ASUS UX360CA BIOS version 303.", "fork": false, "created_at": "2020-12-31T16:30:02Z", - "updated_at": "2021-04-03T02:01:19Z", + "updated_at": "2021-04-03T09:06:24Z", "pushed_at": "2021-03-29T12:33:38Z", - "stargazers_count": 48, - "watchers_count": 48, + "stargazers_count": 49, + "watchers_count": 49, "forks_count": 11, "forks": 11, - "watchers": 48, + "watchers": 49, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index 148f59c6e1..9426918436 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -381,7 +381,7 @@ "description": null, "fork": false, "created_at": "2021-01-30T20:39:58Z", - "updated_at": "2021-04-02T09:15:45Z", + "updated_at": "2021-04-03T08:29:44Z", "pushed_at": "2021-02-02T17:07:09Z", "stargazers_count": 665, "watchers_count": 665, diff --git a/2021/CVE-2021-3449.json b/2021/CVE-2021-3449.json index 396a024b06..aab302ca83 100644 --- a/2021/CVE-2021-3449.json +++ b/2021/CVE-2021-3449.json @@ -13,13 +13,13 @@ "description": "CVE-2021-3449 OpenSSL denial-of-service exploit 👨🏻‍💻", "fork": false, "created_at": "2021-03-26T01:09:25Z", - "updated_at": "2021-04-02T22:16:34Z", + "updated_at": "2021-04-03T03:29:15Z", "pushed_at": "2021-03-31T12:00:09Z", - "stargazers_count": 159, - "watchers_count": 159, + "stargazers_count": 160, + "watchers_count": 160, "forks_count": 27, "forks": 27, - "watchers": 159, + "watchers": 160, "score": 0 } ] \ No newline at end of file diff --git a/README.md b/README.md index aef2f10bcf..731fbb5761 100644 --- a/README.md +++ b/README.md @@ -4955,6 +4955,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - [nochemax/bLuEkEeP-GUI](https://github.com/nochemax/bLuEkEeP-GUI) - [AaronWilsonGrylls/CVE-2019-0708-POC](https://github.com/AaronWilsonGrylls/CVE-2019-0708-POC) - [ORCA666/CVE-2019-0708](https://github.com/ORCA666/CVE-2019-0708) +- [DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit](https://github.com/DeathStroke-source/Mass-scanner-for-CVE-2019-0708-RDP-RCE-Exploit) - [sinlee1/CVE-2019-0708](https://github.com/sinlee1/CVE-2019-0708) - [go-bi/CVE-2019-0708-EXP-Windows](https://github.com/go-bi/CVE-2019-0708-EXP-Windows) - [Kinesys/Kinesys-CVE-2019-0708-Exploit](https://github.com/Kinesys/Kinesys-CVE-2019-0708-Exploit) @@ -5476,6 +5477,7 @@ The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 - [s1xg0d/CVE-2019-3396](https://github.com/s1xg0d/CVE-2019-3396) - [quanpt103/CVE-2019-3396](https://github.com/quanpt103/CVE-2019-3396) - [vntest11/confluence_CVE-2019-3396](https://github.com/vntest11/confluence_CVE-2019-3396) +- [tanw923/test1](https://github.com/tanw923/test1) - [skommando/CVE-2019-3396-confluence-poc](https://github.com/skommando/CVE-2019-3396-confluence-poc) - [JonathanZhou348/CVE-2019-3396TEST](https://github.com/JonathanZhou348/CVE-2019-3396TEST) - [am6539/CVE-2019-3396](https://github.com/am6539/CVE-2019-3396) @@ -5786,6 +5788,7 @@ A memory corruption issue was addressed with improved validation. This issue is - [fatgrass/OsirisJailbreak12](https://github.com/fatgrass/OsirisJailbreak12) - [TrungNguyen1909/CVE-2019-6225-macOS](https://github.com/TrungNguyen1909/CVE-2019-6225-macOS) +- [raystyle/jailbreak-iOS12](https://github.com/raystyle/jailbreak-iOS12) ### CVE-2019-6249 (2019-01-13) @@ -7102,6 +7105,14 @@ Pi-Hole 4.3 allows Command Injection. - [pr0tean/CVE-2019-13051](https://github.com/pr0tean/CVE-2019-13051) +### CVE-2019-13063 (2019-09-23) + + +Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be used to steal and obtain sensitive config and other files. This can result in complete compromise of the application. The script parameter is vulnerable to directory traversal and both local and remote file inclusion. + + +- [0x6b7966/CVE-2019-13063-POC](https://github.com/0x6b7966/CVE-2019-13063-POC) + ### CVE-2019-13086 (2019-06-30) @@ -8482,6 +8493,7 @@ A vulnerability in the web interface of the Cisco Adaptive Security Appliance (A - [milo2012/CVE-2018-0296](https://github.com/milo2012/CVE-2018-0296) - [yassineaboukir/CVE-2018-0296](https://github.com/yassineaboukir/CVE-2018-0296) - [bhenner1/CVE-2018-0296](https://github.com/bhenner1/CVE-2018-0296) +- [qiantu88/CVE-2018-0296](https://github.com/qiantu88/CVE-2018-0296) ### CVE-2018-0708 (2018-07-16) @@ -8520,6 +8532,17 @@ The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows - [preempt/credssp](https://github.com/preempt/credssp) +### CVE-2018-0952 (2018-08-15) + + +An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. + + +- [atredispartners/CVE-2018-0952-SystemCollector](https://github.com/atredispartners/CVE-2018-0952-SystemCollector) + +### CVE-2018-14 +- [lckJack/legacySymfony](https://github.com/lckJack/legacySymfony) + ### CVE-2018-1010 (2018-04-11) @@ -8587,6 +8610,14 @@ Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions - [AbsoZed/CVE-2018-1235](https://github.com/AbsoZed/CVE-2018-1235) +### CVE-2018-1259 (2018-05-11) + + +Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system. + + +- [tafamace/CVE-2018-1259](https://github.com/tafamace/CVE-2018-1259) + ### CVE-2018-1270 (2018-04-06) @@ -8595,6 +8626,8 @@ Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 a - [CaledoniaProject/CVE-2018-1270](https://github.com/CaledoniaProject/CVE-2018-1270) - [genxor/CVE-2018-1270_EXP](https://github.com/genxor/CVE-2018-1270_EXP) +- [tafamace/CVE-2018-1270](https://github.com/tafamace/CVE-2018-1270) +- [Venscor/CVE-2018-1270](https://github.com/Venscor/CVE-2018-1270) - [mprunet/owasp-formation-cve-2018-1270](https://github.com/mprunet/owasp-formation-cve-2018-1270) ### CVE-2018-1273 (2018-04-11) @@ -8605,6 +8638,8 @@ Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older - [knqyf263/CVE-2018-1273](https://github.com/knqyf263/CVE-2018-1273) - [wearearima/poc-cve-2018-1273](https://github.com/wearearima/poc-cve-2018-1273) +- [webr0ck/poc-cve-2018-1273](https://github.com/webr0ck/poc-cve-2018-1273) +- [cved-sources/cve-2018-1273](https://github.com/cved-sources/cve-2018-1273) - [jas502n/cve-2018-1273](https://github.com/jas502n/cve-2018-1273) ### CVE-2018-1288 (2018-07-26) @@ -8649,6 +8684,22 @@ The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pl - [JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306](https://github.com/JJSO12/Apache-Pluto-3.0.0--CVE-2018-1306) +### CVE-2018-1313 (2018-05-07) + + +In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. + + +- [tafamace/CVE-2018-1313](https://github.com/tafamace/CVE-2018-1313) + +### CVE-2018-1324 (2018-03-16) + + +A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package. + + +- [tafamace/CVE-2018-1324](https://github.com/tafamace/CVE-2018-1324) + ### CVE-2018-1335 (2018-04-25) @@ -8705,6 +8756,10 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - [wrysunny/cve-2018-2628](https://github.com/wrysunny/cve-2018-2628) - [jas502n/CVE-2018-2628](https://github.com/jas502n/CVE-2018-2628) - [stevenlinfeng/CVE-2018-2628](https://github.com/stevenlinfeng/CVE-2018-2628) +- [likescam/CVE-2018-2628](https://github.com/likescam/CVE-2018-2628) +- [Nervous/WebLogic-RCE-exploit](https://github.com/Nervous/WebLogic-RCE-exploit) +- [Lighird/CVE-2018-2628](https://github.com/Lighird/CVE-2018-2628) +- [0xMJ/CVE-2018-2628](https://github.com/0xMJ/CVE-2018-2628) - [0xn0ne/weblogicScanner](https://github.com/0xn0ne/weblogicScanner) - [seethen/cve-2018-2628](https://github.com/seethen/cve-2018-2628) @@ -8717,12 +8772,21 @@ Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality - [erpscanteam/CVE-2018-2636](https://github.com/erpscanteam/CVE-2018-2636) - [Cymmetria/micros_honeypot](https://github.com/Cymmetria/micros_honeypot) +### CVE-2018-2844 (2018-04-18) + + +Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). + + +- [renorobert/virtualbox-cve-2018-2844](https://github.com/renorobert/virtualbox-cve-2018-2844) + ### CVE-2018-2879 (2018-04-18) Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. While the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. Note: Please refer to Doc ID <a href="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2386496.1">My Oracle Support Note 2386496.1 for instructions on how to address this issue. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). +- [MostafaSoliman/Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit](https://github.com/MostafaSoliman/Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit) - [AymanElSherif/oracle-oam-authentication-bypas-exploit](https://github.com/AymanElSherif/oracle-oam-authentication-bypas-exploit) - [redtimmy/OAMBuster](https://github.com/redtimmy/OAMBuster) @@ -8732,6 +8796,12 @@ Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). +- [sry309/CVE-2018-2893](https://github.com/sry309/CVE-2018-2893) +- [ryanInf/CVE-2018-2893](https://github.com/ryanInf/CVE-2018-2893) +- [bigsizeme/CVE-2018-2893](https://github.com/bigsizeme/CVE-2018-2893) +- [pyn3rd/CVE-2018-2893](https://github.com/pyn3rd/CVE-2018-2893) +- [qianl0ng/CVE-2018-2893](https://github.com/qianl0ng/CVE-2018-2893) +- [jas502n/CVE-2018-2893](https://github.com/jas502n/CVE-2018-2893) - [ianxtianxt/CVE-2018-2893](https://github.com/ianxtianxt/CVE-2018-2893) ### CVE-2018-2894 (2018-07-18) @@ -8740,18 +8810,44 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). +- [111ddea/cve-2018-2894](https://github.com/111ddea/cve-2018-2894) +- [LandGrey/CVE-2018-2894](https://github.com/LandGrey/CVE-2018-2894) - [jas502n/CVE-2018-2894](https://github.com/jas502n/CVE-2018-2894) - [k8gege/PyLadon](https://github.com/k8gege/PyLadon) - [changpin666com/CVE-2018-2894-Weblogic-](https://github.com/changpin666com/CVE-2018-2894-Weblogic-) +### CVE-2018-3191 (2018-10-16) + + +Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). + + +- [arongmh/CVE-2018-3191](https://github.com/arongmh/CVE-2018-3191) +- [pyn3rd/CVE-2018-3191](https://github.com/pyn3rd/CVE-2018-3191) +- [Libraggbond/CVE-2018-3191](https://github.com/Libraggbond/CVE-2018-3191) +- [jas502n/CVE-2018-3191](https://github.com/jas502n/CVE-2018-3191) +- [mackleadmire/CVE-2018-3191-Rce-Exploit](https://github.com/mackleadmire/CVE-2018-3191-Rce-Exploit) + ### CVE-2018-3245 (2018-10-16) Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). +- [pyn3rd/CVE-2018-3245](https://github.com/pyn3rd/CVE-2018-3245) +- [jas502n/CVE-2018-3245](https://github.com/jas502n/CVE-2018-3245) - [ianxtianxt/CVE-2018-3245](https://github.com/ianxtianxt/CVE-2018-3245) +### CVE-2018-3252 (2018-10-16) + + +Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). + + +- [jas502n/CVE-2018-3252](https://github.com/jas502n/CVE-2018-3252) +- [b1ueb0y/CVE-2018-3252](https://github.com/b1ueb0y/CVE-2018-3252) +- [pyn3rd/CVE-2018-3252](https://github.com/pyn3rd/CVE-2018-3252) + ### CVE-2018-3260 - [ionescu007/SpecuCheck](https://github.com/ionescu007/SpecuCheck) @@ -8825,6 +8921,15 @@ SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin befo - [cved-sources/cve-2018-3811](https://github.com/cved-sources/cve-2018-3811) +### CVE-2018-4013 (2018-10-19) + + +An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. + + +- [DoubleMice/cve-2018-4013](https://github.com/DoubleMice/cve-2018-4013) +- [r3dxpl0it/RTSPServer-Code-Execution-Vulnerability](https://github.com/r3dxpl0it/RTSPServer-Code-Execution-Vulnerability) + ### CVE-2018-4087 (2018-04-03) @@ -8850,6 +8955,8 @@ An issue was discovered in certain Apple products. iOS before 11.3 is affected. - [FSecureLABS/CVE-2018-4121](https://github.com/FSecureLABS/CVE-2018-4121) +- [likescam/CVE-2018-4121](https://github.com/likescam/CVE-2018-4121) +- [jezzus/CVE-2018-4121](https://github.com/jezzus/CVE-2018-4121) ### CVE-2018-4124 (2018-04-03) @@ -8885,6 +8992,14 @@ An issue was discovered in certain Apple products. macOS before 10.13.5 is affec - [Synacktiv-contrib/CVE-2018-4193](https://github.com/Synacktiv-contrib/CVE-2018-4193) +### CVE-2018-4233 (2018-06-08) + + +An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. + + +- [saelo/cve-2018-4233](https://github.com/saelo/cve-2018-4233) + ### CVE-2018-4241 (2018-06-08) @@ -8893,6 +9008,14 @@ An issue was discovered in certain Apple products. iOS before 11.4 is affected. - [0neday/multi_path](https://github.com/0neday/multi_path) +### CVE-2018-4242 (2018-06-08) + + +An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. + + +- [yeonnic/Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation-](https://github.com/yeonnic/Look-at-The-XNU-Through-A-Tube-CVE-2018-4242-Write-up-Translation-) + ### CVE-2018-4243 (2018-06-08) @@ -8918,6 +9041,23 @@ A memory corruption issue was addressed with improved memory handling. This issu - [bazad/launchd-portrep](https://github.com/bazad/launchd-portrep) - [bazad/blanket](https://github.com/bazad/blanket) +### CVE-2018-4327 (2019-04-03) + + +A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1. + + +- [omerporze/brokentooth](https://github.com/omerporze/brokentooth) +- [harryanon/POC-CVE-2018-4327-and-CVE-2018-4330](https://github.com/harryanon/POC-CVE-2018-4327-and-CVE-2018-4330) + +### CVE-2018-4330 (2019-01-11) + + +In iOS before 11.4, a memory corruption issue exists and was addressed with improved memory handling. + + +- [omerporze/toothfairy](https://github.com/omerporze/toothfairy) + ### CVE-2018-4331 (2019-04-03) @@ -8940,7 +9080,18 @@ A memory corruption issue was addressed with improved memory handling. This issu A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. +- [Pa55w0rd/check_icmp_dos](https://github.com/Pa55w0rd/check_icmp_dos) +- [unixpickle/cve-2018-4407](https://github.com/unixpickle/cve-2018-4407) +- [s2339956/check_icmp_dos-CVE-2018-4407-](https://github.com/s2339956/check_icmp_dos-CVE-2018-4407-) +- [farisv/AppleDOS](https://github.com/farisv/AppleDOS) - [WyAtu/CVE-2018-4407](https://github.com/WyAtu/CVE-2018-4407) +- [zteeed/CVE-2018-4407-IOS](https://github.com/zteeed/CVE-2018-4407-IOS) +- [SamDecrock/node-cve-2018-4407](https://github.com/SamDecrock/node-cve-2018-4407) +- [r3dxpl0it/CVE-2018-4407](https://github.com/r3dxpl0it/CVE-2018-4407) +- [lucagiovagnoli/CVE-2018-4407](https://github.com/lucagiovagnoli/CVE-2018-4407) +- [anonymouz4/Apple-Remote-Crash-Tool-CVE-2018-4407](https://github.com/anonymouz4/Apple-Remote-Crash-Tool-CVE-2018-4407) +- [soccercab/wifi](https://github.com/soccercab/wifi) +- [zeng9t/CVE-2018-4407-iOS-exploit](https://github.com/zeng9t/CVE-2018-4407-iOS-exploit) - [5431/CVE-2018-4407](https://github.com/5431/CVE-2018-4407) - [pwnhacker0x18/iOS-Kernel-Crash](https://github.com/pwnhacker0x18/iOS-Kernel-Crash) - [Fans0n-Fan/CVE-2018-4407](https://github.com/Fans0n-Fan/CVE-2018-4407) @@ -8953,6 +9104,22 @@ A memory corruption issue was addressed with improved input validation. This iss - [lilang-wu/POC-CVE-2018-4411](https://github.com/lilang-wu/POC-CVE-2018-4411) +### CVE-2018-4415 (2019-04-03) + + +A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to macOS Mojave 10.14.1. + + +- [T1V0h/CVE-2018-4415](https://github.com/T1V0h/CVE-2018-4415) + +### CVE-2018-4431 (2019-04-03) + + +A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. + + +- [ktiOSz/PoC_iOS12](https://github.com/ktiOSz/PoC_iOS12) + ### CVE-2018-4441 (2019-04-03) @@ -8974,6 +9141,8 @@ A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0. - [KathodeN/CVE-2018-4878](https://github.com/KathodeN/CVE-2018-4878) - [SyFi/CVE-2018-4878](https://github.com/SyFi/CVE-2018-4878) - [ydl555/CVE-2018-4878](https://github.com/ydl555/CVE-2018-4878) +- [B0fH/CVE-2018-4878](https://github.com/B0fH/CVE-2018-4878) +- [Yable/CVE-2018-4878](https://github.com/Yable/CVE-2018-4878) - [HuanWoWeiLan/SoftwareSystemSecurity-2019](https://github.com/HuanWoWeiLan/SoftwareSystemSecurity-2019) ### CVE-2018-4879 (2018-02-27) @@ -9041,6 +9210,14 @@ Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potenti - [ezelf/seatel_terminals](https://github.com/ezelf/seatel_terminals) +### CVE-2018-5740 (2019-01-16) + + +"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. + + +- [sischkg/cve-2018-5740](https://github.com/sischkg/cve-2018-5740) + ### CVE-2018-5951 (2020-03-02) @@ -9055,6 +9232,7 @@ An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI. +- [cisp/GitStackRCE](https://github.com/cisp/GitStackRCE) - [YagamiiLight/Cerberus](https://github.com/YagamiiLight/Cerberus) ### CVE-2018-6242 (2018-05-01) @@ -9098,6 +9276,9 @@ In WordPress through 4.9.2, unauthenticated attackers can cause a denial of serv - [s0md3v/Shiva](https://github.com/s0md3v/Shiva) - [mudhappy/Wordpress-Hack-CVE-2018-6389](https://github.com/mudhappy/Wordpress-Hack-CVE-2018-6389) - [armaanpathan12345/WP-DOS-Exploit-CVE-2018-6389](https://github.com/armaanpathan12345/WP-DOS-Exploit-CVE-2018-6389) +- [ItinerisLtd/trellis-cve-2018-6389](https://github.com/ItinerisLtd/trellis-cve-2018-6389) +- [Zazzzles/Wordpress-DOS](https://github.com/Zazzzles/Wordpress-DOS) +- [fakedob/tvsz](https://github.com/fakedob/tvsz) - [flash-marvel/Wordpress-DOS-Attack-CVE-2018-6389](https://github.com/flash-marvel/Wordpress-DOS-Attack-CVE-2018-6389) - [ianxtianxt/CVE-2018-6389](https://github.com/ianxtianxt/CVE-2018-6389) @@ -9140,6 +9321,7 @@ plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD - [securifera/CVE-2018-6546-Exploit](https://github.com/securifera/CVE-2018-6546-Exploit) +- [YanZiShuang/CVE-2018-6546](https://github.com/YanZiShuang/CVE-2018-6546) ### CVE-2018-6574 (2018-02-07) @@ -9152,7 +9334,13 @@ Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10r - [willbo4r/go-get-rce](https://github.com/willbo4r/go-get-rce) - [ahmetmanga/go-get-rce](https://github.com/ahmetmanga/go-get-rce) - [ahmetmanga/cve-2018-6574](https://github.com/ahmetmanga/cve-2018-6574) +- [kenprice/cve-2018-6574](https://github.com/kenprice/cve-2018-6574) +- [redirected/cve-2018-6574](https://github.com/redirected/cve-2018-6574) +- [20matan/CVE-2018-6574-POC](https://github.com/20matan/CVE-2018-6574-POC) +- [zur250/Zur-Go-GET-RCE-Solution](https://github.com/zur250/Zur-Go-GET-RCE-Solution) - [mekhalleh/cve-2018-6574](https://github.com/mekhalleh/cve-2018-6574) +- [veter069/go-get-rce](https://github.com/veter069/go-get-rce) +- [duckzsc2/CVE-2018-6574-POC](https://github.com/duckzsc2/CVE-2018-6574-POC) - [ivnnn1/CVE-2018-6574](https://github.com/ivnnn1/CVE-2018-6574) - [dollyptm/cve-2018-6574](https://github.com/dollyptm/cve-2018-6574) - [qweraqq/CVE-2018-6574](https://github.com/qweraqq/CVE-2018-6574) @@ -9203,6 +9391,14 @@ An issue was discovered that affects all producers of BIOS firmware who make a c - [kkamagui/napper-for-tpm](https://github.com/kkamagui/napper-for-tpm) +### CVE-2018-6643 (2018-08-28) + + +Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. + + +- [undefinedmode/CVE-2018-6643](https://github.com/undefinedmode/CVE-2018-6643) + ### CVE-2018-6789 (2018-02-08) @@ -9254,6 +9450,7 @@ The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_C VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution. +- [bokanrb/CVE-2018-6961](https://github.com/bokanrb/CVE-2018-6961) - [r3dxpl0it/CVE-2018-6961](https://github.com/r3dxpl0it/CVE-2018-6961) ### CVE-2018-6981 (2018-12-04) @@ -9312,6 +9509,22 @@ A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through - [Rodrigo-D/astDoS](https://github.com/Rodrigo-D/astDoS) +### CVE-2018-7422 (2018-03-19) + + +A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal. + + +- [0x00-0x00/CVE-2018-7422](https://github.com/0x00-0x00/CVE-2018-7422) + +### CVE-2018-7489 (2018-02-26) + + +FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. + + +- [tafamace/CVE-2018-7489](https://github.com/tafamace/CVE-2018-7489) + ### CVE-2018-7600 (2018-03-29) @@ -9335,8 +9548,10 @@ Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 - [fyraiga/CVE-2018-7600-drupalgeddon2-scanner](https://github.com/fyraiga/CVE-2018-7600-drupalgeddon2-scanner) - [Damian972/drupalgeddon-2](https://github.com/Damian972/drupalgeddon-2) - [Jyozi/CVE-2018-7600](https://github.com/Jyozi/CVE-2018-7600) +- [happynote3966/CVE-2018-7600](https://github.com/happynote3966/CVE-2018-7600) - [shellord/CVE-2018-7600-Drupal-RCE](https://github.com/shellord/CVE-2018-7600-Drupal-RCE) - [r3dxpl0it/CVE-2018-7600](https://github.com/r3dxpl0it/CVE-2018-7600) +- [cved-sources/cve-2018-7600](https://github.com/cved-sources/cve-2018-7600) - [madneal/codeql-scanner](https://github.com/madneal/codeql-scanner) - [drugeddon/drupal-exploit](https://github.com/drugeddon/drupal-exploit) - [shellord/Drupalgeddon-Mass-Exploiter](https://github.com/shellord/Drupalgeddon-Mass-Exploiter) @@ -9353,6 +9568,8 @@ A remote code execution vulnerability exists within multiple subsystems of Drupa - [1337g/Drupalgedon3](https://github.com/1337g/Drupalgedon3) +- [happynote3966/CVE-2018-7602](https://github.com/happynote3966/CVE-2018-7602) +- [kastellanos/CVE-2018-7602](https://github.com/kastellanos/CVE-2018-7602) - [cyberharsh/DrupalCVE-2018-7602](https://github.com/cyberharsh/DrupalCVE-2018-7602) ### CVE-2018-7669 (2018-04-27) @@ -9363,6 +9580,22 @@ An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 - [palaziv/CVE-2018-7669](https://github.com/palaziv/CVE-2018-7669) +### CVE-2018-7690 (2018-12-13) + + +A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access + + +- [alt3kx/CVE-2018-7690](https://github.com/alt3kx/CVE-2018-7690) + +### CVE-2018-7691 (2018-12-13) + + +A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access + + +- [alt3kx/CVE-2018-7691](https://github.com/alt3kx/CVE-2018-7691) + ### CVE-2018-7747 (2018-04-20) @@ -9371,6 +9604,14 @@ Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin - [mindpr00f/CVE-2018-7747](https://github.com/mindpr00f/CVE-2018-7747) +### CVE-2018-7750 (2018-03-13) + + +transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. + + +- [jm33-m0/CVE-2018-7750](https://github.com/jm33-m0/CVE-2018-7750) + ### CVE-2018-7935 - [lawrenceamer/CVE-2018-7935](https://github.com/lawrenceamer/CVE-2018-7935) @@ -9382,6 +9623,14 @@ There are multiple HTTP smuggling and cache poisoning issues when clients making - [mosesrenegade/CVE-2018-8004](https://github.com/mosesrenegade/CVE-2018-8004) +### CVE-2018-8021 (2018-11-07) + + +Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation. + + +- [r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021](https://github.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021) + ### CVE-2018-8032 (2018-08-02) @@ -9390,6 +9639,22 @@ Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting - [cairuojin/CVE-2018-8032](https://github.com/cairuojin/CVE-2018-8032) +### CVE-2018-8038 (2018-07-05) + + +Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. + + +- [tafamace/CVE-2018-8038](https://github.com/tafamace/CVE-2018-8038) + +### CVE-2018-8039 (2018-07-02) + + +It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. + + +- [tafamace/CVE-2018-8039](https://github.com/tafamace/CVE-2018-8039) + ### CVE-2018-8045 (2018-03-14) @@ -9422,6 +9687,14 @@ YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.ht - [AlwaysHereFight/YZMCMSxss](https://github.com/AlwaysHereFight/YZMCMSxss) +### CVE-2018-8090 (2018-07-25) + + +Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading. + + +- [kernelm0de/CVE-2018-8090](https://github.com/kernelm0de/CVE-2018-8090) + ### CVE-2018-8108 (2018-03-14) @@ -9449,11 +9722,22 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon - [ne1llee/cve-2018-8120](https://github.com/ne1llee/cve-2018-8120) - [alpha1ab/CVE-2018-8120](https://github.com/alpha1ab/CVE-2018-8120) - [areuu/CVE-2018-8120](https://github.com/areuu/CVE-2018-8120) +- [EVOL4/CVE-2018-8120](https://github.com/EVOL4/CVE-2018-8120) +- [ozkanbilge/CVE-2018-8120](https://github.com/ozkanbilge/CVE-2018-8120) +- [qiantu88/CVE-2018-8120](https://github.com/qiantu88/CVE-2018-8120) - [Y0n0Y/cve-2018-8120-exp](https://github.com/Y0n0Y/cve-2018-8120-exp) - [DreamoneOnly/CVE-2018-8120](https://github.com/DreamoneOnly/CVE-2018-8120) - [StartZYP/CVE-2018-8120](https://github.com/StartZYP/CVE-2018-8120) - [wikiZ/cve-2018-8120](https://github.com/wikiZ/cve-2018-8120) +### CVE-2018-8172 (2018-07-10) + + +A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. + + +- [SyFi/CVE-2018-8172](https://github.com/SyFi/CVE-2018-8172) + ### CVE-2018-8174 (2018-05-09) @@ -9464,11 +9748,21 @@ A remote code execution vulnerability exists in the way that the VBScript engine - [Yt1g3r/CVE-2018-8174_EXP](https://github.com/Yt1g3r/CVE-2018-8174_EXP) - [SyFi/CVE-2018-8174](https://github.com/SyFi/CVE-2018-8174) - [orf53975/Rig-Exploit-for-CVE-2018-8174](https://github.com/orf53975/Rig-Exploit-for-CVE-2018-8174) +- [piotrflorczyk/cve-2018-8174_analysis](https://github.com/piotrflorczyk/cve-2018-8174_analysis) +- [likescam/CVE-2018-8174-msf](https://github.com/likescam/CVE-2018-8174-msf) - [ruthlezs/ie11_vbscript_exploit](https://github.com/ruthlezs/ie11_vbscript_exploit) - [ericisnotrealname/CVE-2018-8174_EXP](https://github.com/ericisnotrealname/CVE-2018-8174_EXP) - [www201001/https-github.com-iBearcat-CVE-2018-8174_EXP](https://github.com/www201001/https-github.com-iBearcat-CVE-2018-8174_EXP) - [www201001/https-github.com-iBearcat-CVE-2018-8174_EXP.git-](https://github.com/www201001/https-github.com-iBearcat-CVE-2018-8174_EXP.git-) +### CVE-2018-8208 (2018-06-14) + + +An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214. + + +- [kaisaryousuf/CVE-2018-8208](https://github.com/kaisaryousuf/CVE-2018-8208) + ### CVE-2018-8214 (2018-06-14) @@ -9485,6 +9779,14 @@ A remote code execution vulnerability exists when the Microsoft .NET Framework f - [quantiti/CVE-2018-8284-Sharepoint-RCE](https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE) +### CVE-2018-8353 (2018-08-15) + + +A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. + + +- [whereisr0da/CVE-2018-8353-POC](https://github.com/whereisr0da/CVE-2018-8353-POC) + ### CVE-2018-8389 (2018-08-15) @@ -9501,21 +9803,48 @@ A remote code execution vulnerability exists when the Windows Shell does not pro - [whereisr0da/CVE-2018-8414-POC](https://github.com/whereisr0da/CVE-2018-8414-POC) +### CVE-2018-8420 (2018-09-12) + + +A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. + + +- [idkwim/CVE-2018-8420](https://github.com/idkwim/CVE-2018-8420) + +### CVE-2018-8440 (2018-09-12) + + +An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. + + +- [sourceincite/CVE-2018-8440](https://github.com/sourceincite/CVE-2018-8440) + ### CVE-2018-8453 (2018-10-10) An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. +- [Mkv4/cve-2018-8453-exp](https://github.com/Mkv4/cve-2018-8453-exp) - [ze0r/cve-2018-8453-exp](https://github.com/ze0r/cve-2018-8453-exp) - [thepwnrip/leHACK-Analysis-of-CVE-2018-8453](https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453) +### CVE-2018-8495 (2018-10-10) + + +A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. + + +- [whereisr0da/CVE-2018-8495-POC](https://github.com/whereisr0da/CVE-2018-8495-POC) + ### CVE-2018-8581 (2018-11-13) An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. +- [WyAtu/CVE-2018-8581](https://github.com/WyAtu/CVE-2018-8581) +- [qiantu88/CVE-2018-8581](https://github.com/qiantu88/CVE-2018-8581) - [Ridter/Exchange2domain](https://github.com/Ridter/Exchange2domain) ### CVE-2018-8639 (2018-12-11) @@ -9560,6 +9889,7 @@ A statement in the System Programming Guide of the Intel 64 and IA-32 Architectu - [nmulasmajic/CVE-2018-8897](https://github.com/nmulasmajic/CVE-2018-8897) - [jiazhang0/pop-mov-ss-exploit](https://github.com/jiazhang0/pop-mov-ss-exploit) - [can1357/CVE-2018-8897](https://github.com/can1357/CVE-2018-8897) +- [nmulasmajic/syscall_exploit_CVE-2018-8897](https://github.com/nmulasmajic/syscall_exploit_CVE-2018-8897) ### CVE-2018-8941 (2018-04-03) @@ -9593,6 +9923,14 @@ Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows rem - [manojcode/easy-file-share-7.2-exploit-CVE-2018-9059](https://github.com/manojcode/easy-file-share-7.2-exploit-CVE-2018-9059) +### CVE-2018-9075 (2018-09-28) + + +For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter. + + +- [beverlymiller818/cve-2018-9075](https://github.com/beverlymiller818/cve-2018-9075) + ### CVE-2018-9160 (2018-03-31) @@ -9601,6 +9939,32 @@ SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses. - [mechanico/sickrageWTF](https://github.com/mechanico/sickrageWTF) +### CVE-2018-9206 (2018-10-11) + + +Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0 + + +- [Den1al/CVE-2018-9206](https://github.com/Den1al/CVE-2018-9206) +- [Stahlz/JQShell](https://github.com/Stahlz/JQShell) +- [cved-sources/cve-2018-9206](https://github.com/cved-sources/cve-2018-9206) + +### CVE-2018-9207 (2018-11-19) + + +Arbitrary file upload in jQuery Upload File <= 4.0.2 + + +- [cved-sources/cve-2018-9207](https://github.com/cved-sources/cve-2018-9207) + +### CVE-2018-9208 (2018-11-05) + + +Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta + + +- [cved-sources/cve-2018-9208](https://github.com/cved-sources/cve-2018-9208) + ### CVE-2018-9276 (2018-07-02) @@ -9613,6 +9977,9 @@ An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who ### CVE-2018-9375 - [IOActive/AOSP-ExploitUserDictionary](https://github.com/IOActive/AOSP-ExploitUserDictionary) +### CVE-2018-9411 +- [tamirzb/CVE-2018-9411](https://github.com/tamirzb/CVE-2018-9411) + ### CVE-2018-9468 - [IOActive/AOSP-DownloadProviderHijacker](https://github.com/IOActive/AOSP-DownloadProviderHijacker) @@ -9624,9 +9991,26 @@ In the content provider of the download manager, there is a possible SQL injecti - [IOActive/AOSP-DownloadProviderDbDumper](https://github.com/IOActive/AOSP-DownloadProviderDbDumper) +### CVE-2018-9539 (2018-11-14) + + +In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383 + + +- [tamirzb/CVE-2018-9539](https://github.com/tamirzb/CVE-2018-9539) + ### CVE-2018-9546 - [IOActive/AOSP-DownloadProviderHeadersDumper](https://github.com/IOActive/AOSP-DownloadProviderHeadersDumper) +### CVE-2018-9948 (2018-05-17) + + +This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380. + + +- [manojcode/Foxit-Reader-RCE-with-virualalloc-and-shellcode-for-CVE-2018-9948-and-CVE-2018-9958](https://github.com/manojcode/Foxit-Reader-RCE-with-virualalloc-and-shellcode-for-CVE-2018-9948-and-CVE-2018-9958) +- [orangepirate/cve-2018-9948-9958-exp](https://github.com/orangepirate/cve-2018-9948-9958-exp) + ### CVE-2018-9950 (2018-05-17) @@ -9662,6 +10046,8 @@ TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in - [Huangkey/CVE-2018-9995_check](https://github.com/Huangkey/CVE-2018-9995_check) - [gwolfs/CVE-2018-9995-ModifiedByGwolfs](https://github.com/gwolfs/CVE-2018-9995-ModifiedByGwolfs) - [shacojx/cve-2018-9995](https://github.com/shacojx/cve-2018-9995) +- [Cyb0r9/DVR-Exploiter](https://github.com/Cyb0r9/DVR-Exploiter) +- [codeholic2k18/CVE-2018-9995](https://github.com/codeholic2k18/CVE-2018-9995) - [TateYdq/CVE-2018-9995-ModifiedByGwolfs](https://github.com/TateYdq/CVE-2018-9995-ModifiedByGwolfs) - [ABIZCHI/CVE-2018-9995_dvr_credentials](https://github.com/ABIZCHI/CVE-2018-9995_dvr_credentials) - [IHA114/CVE-2018-9995_dvr_credentials](https://github.com/IHA114/CVE-2018-9995_dvr_credentials) @@ -9698,6 +10084,14 @@ Format string vulnerability in the logMess function in TFTP Server SP 1.66 and e ### CVE-2018-10467 - [alt3kx/CVE-2018-10467](https://github.com/alt3kx/CVE-2018-10467) +### CVE-2018-10517 (2018-04-27) + + +In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element. + + +- [0x00-0x00/CVE-2018-10517](https://github.com/0x00-0x00/CVE-2018-10517) + ### CVE-2018-10546 (2018-04-29) @@ -9753,14 +10147,45 @@ Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCat - [BalvinderSingh23/Cross-Site-Scripting-Reflected-XSS-Vulnerability-in-blackcatcms_v1.3](https://github.com/BalvinderSingh23/Cross-Site-Scripting-Reflected-XSS-Vulnerability-in-blackcatcms_v1.3) +### CVE-2018-10920 (2018-08-02) + + +Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. + + +- [shutingrz/CVE-2018-10920_PoC](https://github.com/shutingrz/CVE-2018-10920_PoC) + ### CVE-2018-10933 (2018-10-17) A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. +- [SoledaD208/CVE-2018-10933](https://github.com/SoledaD208/CVE-2018-10933) - [blacknbunny/CVE-2018-10933](https://github.com/blacknbunny/CVE-2018-10933) +- [hook-s3c/CVE-2018-10933](https://github.com/hook-s3c/CVE-2018-10933) +- [kn6869610/CVE-2018-10933](https://github.com/kn6869610/CVE-2018-10933) +- [leapsecurity/libssh-scanner](https://github.com/leapsecurity/libssh-scanner) +- [likescam/CVE-2018-10933_ssh](https://github.com/likescam/CVE-2018-10933_ssh) +- [trbpnd/bpnd-libssh](https://github.com/trbpnd/bpnd-libssh) +- [likescam/CVE-2018-10933-libSSH-Authentication-Bypass](https://github.com/likescam/CVE-2018-10933-libSSH-Authentication-Bypass) +- [marco-lancini/hunt-for-cve-2018-10933](https://github.com/marco-lancini/hunt-for-cve-2018-10933) +- [hackerhouse-opensource/cve-2018-10933](https://github.com/hackerhouse-opensource/cve-2018-10933) +- [cve-2018/cve-2018-10933](https://github.com/cve-2018/cve-2018-10933) +- [jas502n/CVE-2018-10933](https://github.com/jas502n/CVE-2018-10933) +- [ninp0/cve-2018-10933_poc](https://github.com/ninp0/cve-2018-10933_poc) +- [pghook/CVE-2018-10933_Scanner](https://github.com/pghook/CVE-2018-10933_Scanner) +- [Virgula0/POC-CVE-2018-10933](https://github.com/Virgula0/POC-CVE-2018-10933) +- [shifa123/pythonprojects-CVE-2018-10933](https://github.com/shifa123/pythonprojects-CVE-2018-10933) - [xFreed0m/CVE-2018-10933](https://github.com/xFreed0m/CVE-2018-10933) +- [Bifrozt/CVE-2018-10933](https://github.com/Bifrozt/CVE-2018-10933) +- [r3dxpl0it/CVE-2018-10933](https://github.com/r3dxpl0it/CVE-2018-10933) +- [ivanacostarubio/libssh-scanner](https://github.com/ivanacostarubio/libssh-scanner) +- [throwawayaccount12312312/precompiled-CVE-2018-10933](https://github.com/throwawayaccount12312312/precompiled-CVE-2018-10933) +- [ensimag-security/CVE-2018-10933](https://github.com/ensimag-security/CVE-2018-10933) +- [Ad1bDaw/libSSH-bypass](https://github.com/Ad1bDaw/libSSH-bypass) +- [sambiyal/CVE-2018-10933-POC](https://github.com/sambiyal/CVE-2018-10933-POC) +- [nikhil1232/LibSSH-Authentication-Bypass](https://github.com/nikhil1232/LibSSH-Authentication-Bypass) - [Kurlee/LibSSH-exploit](https://github.com/Kurlee/LibSSH-exploit) - [crispy-peppers/Libssh-server-CVE-2018-10933](https://github.com/crispy-peppers/Libssh-server-CVE-2018-10933) - [youkergav/CVE-2018-10933](https://github.com/youkergav/CVE-2018-10933) @@ -9769,6 +10194,22 @@ A vulnerability was found in libssh's server-side state machine before versions - [JoSecMx/CVE-2018-10933_Scanner](https://github.com/JoSecMx/CVE-2018-10933_Scanner) - [cyberharsh/Libssh-server-CVE-2018-10933](https://github.com/cyberharsh/Libssh-server-CVE-2018-10933) +### CVE-2018-10936 (2018-08-30) + + +A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA. + + +- [tafamace/CVE-2018-10936](https://github.com/tafamace/CVE-2018-10936) + +### CVE-2018-10949 (2018-05-09) + + +mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors. + + +- [0x00-0x00/CVE-2018-10949](https://github.com/0x00-0x00/CVE-2018-10949) + ### CVE-2018-11235 (2018-05-30) @@ -9781,6 +10222,7 @@ In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before - [CHYbeta/CVE-2018-11235-DEMO](https://github.com/CHYbeta/CVE-2018-11235-DEMO) - [Kiss-sh0t/CVE-2018-11235-poc](https://github.com/Kiss-sh0t/CVE-2018-11235-poc) - [H0K5/clone_and_pwn](https://github.com/H0K5/clone_and_pwn) +- [knqyf263/CVE-2018-11235](https://github.com/knqyf263/CVE-2018-11235) - [ygouzerh/CVE-2018-11235](https://github.com/ygouzerh/CVE-2018-11235) - [qweraqq/CVE-2018-11235-Git-Submodule-CE](https://github.com/qweraqq/CVE-2018-11235-Git-Submodule-CE) - [jhswartz/CVE-2018-11235](https://github.com/jhswartz/CVE-2018-11235) @@ -9858,6 +10300,23 @@ The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote c - [mpgn/CVE-2018-11686](https://github.com/mpgn/CVE-2018-11686) +### CVE-2018-11759 (2018-10-31) + + +The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. + + +- [immunIT/CVE-2018-11759](https://github.com/immunIT/CVE-2018-11759) +- [Jul10l1r4/Identificador-CVE-2018-11759](https://github.com/Jul10l1r4/Identificador-CVE-2018-11759) + +### CVE-2018-11761 (2018-09-19) + + +In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. + + +- [brianwrf/CVE-2018-11761](https://github.com/brianwrf/CVE-2018-11761) + ### CVE-2018-11770 (2018-08-13) @@ -9872,12 +10331,32 @@ From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API f Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. +- [trbpnd/CVE-2018-11776](https://github.com/trbpnd/CVE-2018-11776) - [xfox64x/CVE-2018-11776](https://github.com/xfox64x/CVE-2018-11776) +- [jiguangin/CVE-2018-11776](https://github.com/jiguangin/CVE-2018-11776) +- [hook-s3c/CVE-2018-11776-Python-PoC](https://github.com/hook-s3c/CVE-2018-11776-Python-PoC) +- [mazen160/struts-pwn_CVE-2018-11776](https://github.com/mazen160/struts-pwn_CVE-2018-11776) +- [bhdresh/CVE-2018-11776](https://github.com/bhdresh/CVE-2018-11776) +- [knqyf263/CVE-2018-11776](https://github.com/knqyf263/CVE-2018-11776) +- [Ekultek/Strutter](https://github.com/Ekultek/Strutter) +- [tuxotron/cve-2018-11776-docker](https://github.com/tuxotron/cve-2018-11776-docker) +- [brianwrf/S2-057-CVE-2018-11776](https://github.com/brianwrf/S2-057-CVE-2018-11776) +- [649/Apache-Struts-Shodan-Exploit](https://github.com/649/Apache-Struts-Shodan-Exploit) +- [jezzus/CVE-2018-11776-Python-PoC](https://github.com/jezzus/CVE-2018-11776-Python-PoC) +- [cved-sources/cve-2018-11776](https://github.com/cved-sources/cve-2018-11776) - [OzNetNerd/apche-struts-vuln-demo-cve-2018-11776](https://github.com/OzNetNerd/apche-struts-vuln-demo-cve-2018-11776) - [cucadili/CVE-2018-11776](https://github.com/cucadili/CVE-2018-11776) - [LightC0der/Apache-Struts-0Day-Exploit](https://github.com/LightC0der/Apache-Struts-0Day-Exploit) - [freshdemo/ApacheStruts-CVE-2018-11776](https://github.com/freshdemo/ApacheStruts-CVE-2018-11776) +### CVE-2018-11788 (2019-01-07) + + +Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. + + +- [brianwrf/CVE-2018-11788](https://github.com/brianwrf/CVE-2018-11788) + ### CVE-2018-11882 (2018-10-29) @@ -9886,6 +10365,14 @@ Incorrect bound check can lead to potential buffer overwrite in WLAN controller - [jguard01/cve-2018-11882](https://github.com/jguard01/cve-2018-11882) +### CVE-2018-12018 (2018-07-04) + + +The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue. + + +- [k3v142/CVE-2018-12018](https://github.com/k3v142/CVE-2018-12018) + ### CVE-2018-12031 (2018-06-07) @@ -9894,6 +10381,14 @@ Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker - [EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion](https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion) +### CVE-2018-12038 (2018-11-20) + + +An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. + + +- [gdraperi/remote-bitlocker-encryption-report](https://github.com/gdraperi/remote-bitlocker-encryption-report) + ### CVE-2018-12086 (2018-09-14) @@ -9911,6 +10406,14 @@ A vulnerability in register allocation in JavaScript can lead to type confusion, - [Hydra3evil/cve-2018-12386](https://github.com/Hydra3evil/cve-2018-12386) - [0xLyte/cve-2018-12386](https://github.com/0xLyte/cve-2018-12386) +### CVE-2018-12418 (2018-06-14) + + +Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files. + + +- [tafamace/CVE-2018-12418](https://github.com/tafamace/CVE-2018-12418) + ### CVE-2018-12421 (2018-06-14) @@ -9919,6 +10422,14 @@ LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a us - [ReverseBrain/CVE-2018-12421](https://github.com/ReverseBrain/CVE-2018-12421) +### CVE-2018-12463 (2018-07-12) + + +An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. + + +- [alt3kx/CVE-2018-12463](https://github.com/alt3kx/CVE-2018-12463) + ### CVE-2018-12533 (2018-06-18) @@ -9927,6 +10438,22 @@ JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to i - [TheKalin/CVE-2018-12533](https://github.com/TheKalin/CVE-2018-12533) +### CVE-2018-12537 (2018-08-14) + + +In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. + + +- [tafamace/CVE-2018-12537](https://github.com/tafamace/CVE-2018-12537) + +### CVE-2018-12540 (2018-07-12) + + +In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet. + + +- [tafamace/CVE-2018-12540](https://github.com/tafamace/CVE-2018-12540) + ### CVE-2018-12596 (2018-10-10) @@ -9947,6 +10474,7 @@ Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9. An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). +- [0x00-0x00/CVE-2018-12613](https://github.com/0x00-0x00/CVE-2018-12613) - [ivanitlearning/CVE-2018-12613](https://github.com/ivanitlearning/CVE-2018-12613) - [eastmountyxz/CVE-2018-12613-phpMyAdmin](https://github.com/eastmountyxz/CVE-2018-12613-phpMyAdmin) @@ -9958,6 +10486,14 @@ Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, - [sharmasandeepkr/cve-2018-12798](https://github.com/sharmasandeepkr/cve-2018-12798) +### CVE-2018-12895 (2018-06-26) + + +WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges. + + +- [bloom-ux/cve-2018-12895-hotfix](https://github.com/bloom-ux/cve-2018-12895-hotfix) + ### CVE-2018-13257 (2019-11-18) @@ -10006,6 +10542,14 @@ An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6. - [shinecome/zip](https://github.com/shinecome/zip) +### CVE-2018-13784 (2018-07-09) + + +PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php. + + +- [ambionics/prestashop-exploits](https://github.com/ambionics/prestashop-exploits) + ### CVE-2018-13797 (2018-07-10) @@ -10014,20 +10558,46 @@ The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command - [dsp-testing/CVE-2018-13797](https://github.com/dsp-testing/CVE-2018-13797) +### CVE-2018-13864 (2018-07-17) + + +A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download arbitrary files from the target server via specially crafted HTTP requests. + + +- [tafamace/CVE-2018-13864](https://github.com/tafamace/CVE-2018-13864) + +### CVE-2018-14083 (2018-07-25) + + +LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash. + + +- [pudding2/CVE-2018-14083](https://github.com/pudding2/CVE-2018-14083) + ### CVE-2018-14442 (2018-07-20) Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. +- [payatu/CVE-2018-14442](https://github.com/payatu/CVE-2018-14442) - [sharmasandeepkr/PS-2018-002---CVE-2018-14442](https://github.com/sharmasandeepkr/PS-2018-002---CVE-2018-14442) +### CVE-2018-14634 (2018-09-25) + + +An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. + + +- [luan0ap/cve-2018-14634](https://github.com/luan0ap/cve-2018-14634) + ### CVE-2018-14665 (2018-10-25) A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. +- [jas502n/CVE-2018-14665](https://github.com/jas502n/CVE-2018-14665) - [bolonobolo/CVE-2018-14665](https://github.com/bolonobolo/CVE-2018-14665) - [samueldustin/cve-2018-14665](https://github.com/samueldustin/cve-2018-14665) @@ -10037,6 +10607,10 @@ A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. +- [nareshmail/cve-2018-14667](https://github.com/nareshmail/cve-2018-14667) +- [zeroto01/CVE-2018-14667](https://github.com/zeroto01/CVE-2018-14667) +- [r00t4dm/CVE-2018-14667](https://github.com/r00t4dm/CVE-2018-14667) +- [syriusbughunt/CVE-2018-14667](https://github.com/syriusbughunt/CVE-2018-14667) - [quandqn/cve-2018-14667](https://github.com/quandqn/cve-2018-14667) - [Venscor/CVE-2018-14667-poc](https://github.com/Venscor/CVE-2018-14667-poc) @@ -10048,6 +10622,22 @@ System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.500 - [tin-z/CVE-2018-14714-POC](https://github.com/tin-z/CVE-2018-14714-POC) +### CVE-2018-14729 (2019-05-22) + + +The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. + + +- [FoolMitAh/CVE-2018-14729](https://github.com/FoolMitAh/CVE-2018-14729) + +### CVE-2018-14772 (2018-10-16) + + +Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution vulnerability in which an attacker with administrator access to the web application can execute arbitrary code on the underlying system via Command Injection. + + +- [spencerdodd/CVE-2018-14772](https://github.com/spencerdodd/CVE-2018-14772) + ### CVE-2018-14847 (2018-08-02) @@ -10055,17 +10645,29 @@ MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read a - [BasuCert/WinboxPoC](https://github.com/BasuCert/WinboxPoC) +- [msterusky/WinboxExploit](https://github.com/msterusky/WinboxExploit) +- [syrex1013/MikroRoot](https://github.com/syrex1013/MikroRoot) +- [jas502n/CVE-2018-14847](https://github.com/jas502n/CVE-2018-14847) - [th3f3n1x87/winboxPOC](https://github.com/th3f3n1x87/winboxPOC) - [mahmoodsabir/mikrotik-beast](https://github.com/mahmoodsabir/mikrotik-beast) - [sinichi449/Python-MikrotikLoginExploit](https://github.com/sinichi449/Python-MikrotikLoginExploit) - [yukar1z0e/CVE-2018-14847](https://github.com/yukar1z0e/CVE-2018-14847) +### CVE-2018-15131 (2019-05-30) + + +An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests. + + +- [0x00-0x00/CVE-2018-15131](https://github.com/0x00-0x00/CVE-2018-15131) + ### CVE-2018-15133 (2018-08-09) In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack. +- [kozmic/laravel-poc-CVE-2018-15133](https://github.com/kozmic/laravel-poc-CVE-2018-15133) - [Bilelxdz/Laravel-CVE-2018-15133](https://github.com/Bilelxdz/Laravel-CVE-2018-15133) - [Prabesh01/Laravel-PHP-Unit-RCE-Auto-shell-uploader](https://github.com/Prabesh01/Laravel-PHP-Unit-RCE-Auto-shell-uploader) - [iansangaji/laravel-rce-cve-2018-15133](https://github.com/iansangaji/laravel-rce-cve-2018-15133) @@ -10074,6 +10676,14 @@ In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execut - [PwnedShell/Larascript](https://github.com/PwnedShell/Larascript) - [AzhariKun/CVE-2018-15133](https://github.com/AzhariKun/CVE-2018-15133) +### CVE-2018-15365 (2018-09-28) + + +A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable installations. An attacker must be an authenticated user in order to exploit the vulnerability. + + +- [nixwizard/CVE-2018-15365](https://github.com/nixwizard/CVE-2018-15365) + ### CVE-2018-15473 (2018-08-17) @@ -10081,10 +10691,14 @@ OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not dela - [trimstray/massh-enum](https://github.com/trimstray/massh-enum) +- [gbonacini/opensshenum](https://github.com/gbonacini/opensshenum) - [Rhynorater/CVE-2018-15473-Exploit](https://github.com/Rhynorater/CVE-2018-15473-Exploit) - [epi052/cve-2018-15473](https://github.com/epi052/cve-2018-15473) - [pyperanger/CVE-2018-15473_exploit](https://github.com/pyperanger/CVE-2018-15473_exploit) - [r3dxpl0it/CVE-2018-15473](https://github.com/r3dxpl0it/CVE-2018-15473) +- [JoeBlackSecurity/SSHUsernameBruter-SSHUB](https://github.com/JoeBlackSecurity/SSHUsernameBruter-SSHUB) +- [cved-sources/cve-2018-15473](https://github.com/cved-sources/cve-2018-15473) +- [LINYIKAI/CVE-2018-15473-exp](https://github.com/LINYIKAI/CVE-2018-15473-exp) - [secmode/enumpossible](https://github.com/secmode/enumpossible) - [trickster1103/-](https://github.com/trickster1103/-) - [NHPT/SSH-account-enumeration-verification-script](https://github.com/NHPT/SSH-account-enumeration-verification-script) @@ -10097,6 +10711,14 @@ OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not dela - [Sait-Nuri/CVE-2018-15473](https://github.com/Sait-Nuri/CVE-2018-15473) - [WildfootW/CVE-2018-15473_OpenSSH_7.7](https://github.com/WildfootW/CVE-2018-15473_OpenSSH_7.7) +### CVE-2018-15499 (2018-08-24) + + +GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available right before writing to it. A check is only performed at the beginning of a long subroutine. + + +- [DownWithUp/CVE-2018-15499](https://github.com/DownWithUp/CVE-2018-15499) + ### CVE-2018-15686 (2018-10-26) @@ -10105,6 +10727,22 @@ A vulnerability in unit_deserialize of systemd allows an attacker to supply arbi - [hpcprofessional/remediate_cesa_2019_2091](https://github.com/hpcprofessional/remediate_cesa_2019_2091) +### CVE-2018-15727 (2018-08-29) + + +Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. + + +- [u238/grafana-CVE-2018-15727](https://github.com/u238/grafana-CVE-2018-15727) + +### CVE-2018-15832 (2018-09-20) + + +upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. + + +- [JacksonKuo/Ubisoft-Uplay-Desktop-Client-63.0.5699.0](https://github.com/JacksonKuo/Ubisoft-Uplay-Desktop-Client-63.0.5699.0) + ### CVE-2018-15835 (2018-11-30) @@ -10121,12 +10759,22 @@ The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerabl - [cved-sources/cve-2018-15877](https://github.com/cved-sources/cve-2018-15877) +### CVE-2018-15912 (2018-08-29) + + +An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially containing hooks with arbitrary code, which will automatically be run as root, or remove packages vital to the system. + + +- [coderobe/CVE-2018-15912-PoC](https://github.com/coderobe/CVE-2018-15912-PoC) + ### CVE-2018-15961 (2018-09-25) Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. +- [vah13/CVE-2018-15961](https://github.com/vah13/CVE-2018-15961) +- [cved-sources/cve-2018-15961](https://github.com/cved-sources/cve-2018-15961) - [0xAJ2K/CVE-2018-15961](https://github.com/0xAJ2K/CVE-2018-15961) ### CVE-2018-15968 (2018-10-12) @@ -10143,9 +10791,13 @@ Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. +- [FlatL1neAPT/CVE-2018-15982](https://github.com/FlatL1neAPT/CVE-2018-15982) - [AirEvan/CVE-2018-15982_PoC](https://github.com/AirEvan/CVE-2018-15982_PoC) +- [Ridter/CVE-2018-15982_EXP](https://github.com/Ridter/CVE-2018-15982_EXP) - [kphongagsorn/adobe-flash-cve2018-15982](https://github.com/kphongagsorn/adobe-flash-cve2018-15982) +- [jas502n/CVE-2018-15982_EXP_IE](https://github.com/jas502n/CVE-2018-15982_EXP_IE) - [scanfsec/CVE-2018-15982](https://github.com/scanfsec/CVE-2018-15982) +- [SyFi/CVE-2018-15982](https://github.com/SyFi/CVE-2018-15982) - [create12138/CVE-2018-15982](https://github.com/create12138/CVE-2018-15982) ### CVE-2018-16119 (2019-06-20) @@ -10159,6 +10811,14 @@ Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Ve ### CVE-2018-16135 - [c0d3G33k/CVE-2018-16135](https://github.com/c0d3G33k/CVE-2018-16135) +### CVE-2018-16156 (2019-05-17) + + +In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege. + + +- [securifera/CVE-2018-16156-Exploit](https://github.com/securifera/CVE-2018-16156-Exploit) + ### CVE-2018-16283 (2018-09-24) @@ -10167,9 +10827,33 @@ The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Tra - [cved-sources/cve-2018-16283](https://github.com/cved-sources/cve-2018-16283) +### CVE-2018-16323 (2018-09-01) + + +ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. + + +- [ttffdd/XBadManners](https://github.com/ttffdd/XBadManners) + ### CVE-2018-16341 - [mpgn/CVE-2018-16341](https://github.com/mpgn/CVE-2018-16341) +### CVE-2018-16370 (2018-09-02) + + +In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive. + + +- [snappyJack/CVE-2018-16370](https://github.com/snappyJack/CVE-2018-16370) + +### CVE-2018-16373 (2018-09-02) + + +Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. + + +- [snappyJack/CVE-2018-16373](https://github.com/snappyJack/CVE-2018-16373) + ### CVE-2018-16492 (2019-02-01) @@ -10185,6 +10869,8 @@ An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "rest - [farisv/PIL-RCE-Ghostscript-CVE-2018-16509](https://github.com/farisv/PIL-RCE-Ghostscript-CVE-2018-16509) +- [knqyf263/CVE-2018-16509](https://github.com/knqyf263/CVE-2018-16509) +- [cved-sources/cve-2018-16509](https://github.com/cved-sources/cve-2018-16509) - [rhpco/CVE-2018-16509](https://github.com/rhpco/CVE-2018-16509) ### CVE-2018-16706 (2018-09-14) @@ -10195,6 +10881,30 @@ LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a - [Nurdilin/CVE-2018-16706](https://github.com/Nurdilin/CVE-2018-16706) +### CVE-2018-16711 (2018-09-26) + + +IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for input. + + +- [DownWithUp/CVE-2018-16711](https://github.com/DownWithUp/CVE-2018-16711) + +### CVE-2018-16712 (2018-09-26) + + +IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory. + + +- [DownWithUp/CVE-2018-16712](https://github.com/DownWithUp/CVE-2018-16712) + +### CVE-2018-16713 (2018-09-26) + + +IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction. + + +- [DownWithUp/CVE-2018-16713](https://github.com/DownWithUp/CVE-2018-16713) + ### CVE-2018-16763 (2018-09-09) @@ -10233,6 +10943,14 @@ It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to - [4nimanegra/libreofficeExploit1](https://github.com/4nimanegra/libreofficeExploit1) - [phongld97/detect-cve-2018-16858](https://github.com/phongld97/detect-cve-2018-16858) +### CVE-2018-16875 (2018-12-14) + + +The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected. + + +- [alexzorin/poc-cve-2018-16875](https://github.com/alexzorin/poc-cve-2018-16875) + ### CVE-2018-16890 (2019-02-06) @@ -10241,6 +10959,14 @@ libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out - [zjw88282740/CVE-2018-16890](https://github.com/zjw88282740/CVE-2018-16890) +### CVE-2018-16987 (2018-09-13) + + +Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code. + + +- [gquere/CVE-2018-16987](https://github.com/gquere/CVE-2018-16987) + ### CVE-2018-17081 (2018-09-26) @@ -10249,6 +10975,33 @@ e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&a - [himanshurahi/e107_2.1.9_CSRF_POC](https://github.com/himanshurahi/e107_2.1.9_CSRF_POC) +### CVE-2018-17144 (2018-09-19) + + +Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash. + + +- [iioch/ban-exploitable-bitcoin-nodes](https://github.com/iioch/ban-exploitable-bitcoin-nodes) +- [hikame/CVE-2018-17144_POC](https://github.com/hikame/CVE-2018-17144_POC) + +### CVE-2018-17182 (2018-09-19) + + +An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. + + +- [jas502n/CVE-2018-17182](https://github.com/jas502n/CVE-2018-17182) +- [likescam/CVE-2018-17182](https://github.com/likescam/CVE-2018-17182) +- [likescam/vmacache_CVE-2018-17182](https://github.com/likescam/vmacache_CVE-2018-17182) + +### CVE-2018-17207 (2018-09-19) + + +An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. + + +- [cved-sources/cve-2018-17207](https://github.com/cved-sources/cve-2018-17207) + ### CVE-2018-17246 (2018-12-20) @@ -10257,6 +11010,14 @@ Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw - [mpgn/CVE-2018-17246](https://github.com/mpgn/CVE-2018-17246) +### CVE-2018-17418 (2019-03-07) + + +Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. + + +- [AlwaysHereFight/monstra_cms-3.0.4--getshell](https://github.com/AlwaysHereFight/monstra_cms-3.0.4--getshell) + ### CVE-2018-17431 (2019-01-29) @@ -10271,6 +11032,8 @@ Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execu Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character. +- [shpik-kr/CVE-2018-17456](https://github.com/shpik-kr/CVE-2018-17456) +- [matlink/CVE-2018-17456](https://github.com/matlink/CVE-2018-17456) - [799600966/CVE-2018-17456](https://github.com/799600966/CVE-2018-17456) - [AnonymKing/CVE-2018-17456](https://github.com/AnonymKing/CVE-2018-17456) @@ -10282,6 +11045,22 @@ An incorrect access control vulnerability in the FTP configuration of WiFiRanger - [Luct0r/CVE-2018-17873](https://github.com/Luct0r/CVE-2018-17873) +### CVE-2018-17961 (2018-10-15) + + +Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. + + +- [matlink/CVE-2018-17961](https://github.com/matlink/CVE-2018-17961) + +### CVE-2018-18026 (2018-10-19) + + +IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack. + + +- [DownWithUp/CVE-2018-18026](https://github.com/DownWithUp/CVE-2018-18026) + ### CVE-2018-18368 (2019-11-15) @@ -10290,6 +11069,14 @@ Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be susceptib - [DimopoulosElias/SEPM-EoP](https://github.com/DimopoulosElias/SEPM-EoP) +### CVE-2018-18387 (2018-10-29) + + +playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. + + +- [TheeBlind/CVE-2018-18387](https://github.com/TheeBlind/CVE-2018-18387) + ### CVE-2018-18500 (2019-02-05) @@ -10306,6 +11093,14 @@ An issue was discovered in the wiki API in GitLab Community and Enterprise Editi - [Snowming04/CVE-2018-18649](https://github.com/Snowming04/CVE-2018-18649) +### CVE-2018-18714 (2018-11-01) + + +RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges. + + +- [DownWithUp/CVE-2018-18714](https://github.com/DownWithUp/CVE-2018-18714) + ### CVE-2018-18778 (2018-10-28) @@ -10320,14 +11115,40 @@ ACME mini_httpd before 1.30 lets remote users read arbitrary files. Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018. +- [hook-s3c/CVE-2018-18852](https://github.com/hook-s3c/CVE-2018-18852) - [andripwn/CVE-2018-18852](https://github.com/andripwn/CVE-2018-18852) +### CVE-2018-19126 (2018-11-09) + + +PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. + + +- [farisv/PrestaShop-CVE-2018-19126](https://github.com/farisv/PrestaShop-CVE-2018-19126) + +### CVE-2018-19127 (2018-11-09) + + +A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring. + + +- [ab1gale/phpcms-2008-CVE-2018-19127](https://github.com/ab1gale/phpcms-2008-CVE-2018-19127) + +### CVE-2018-19131 (2018-11-09) + + +Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. + + +- [JonathanWilbur/CVE-2018-19131](https://github.com/JonathanWilbur/CVE-2018-19131) + ### CVE-2018-19207 (2018-11-12) The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018. +- [aeroot/WP-GDPR-Compliance-Plugin-Exploit](https://github.com/aeroot/WP-GDPR-Compliance-Plugin-Exploit) - [cved-sources/cve-2018-19207](https://github.com/cved-sources/cve-2018-19207) ### CVE-2018-19276 (2019-03-17) @@ -10362,6 +11183,22 @@ The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX req - [Antho59/wp-jobhunt-exploit](https://github.com/Antho59/wp-jobhunt-exploit) +### CVE-2018-19518 (2018-11-25) + + +University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. + + +- [ensimag-security/CVE-2018-19518](https://github.com/ensimag-security/CVE-2018-19518) + +### CVE-2018-19537 (2018-11-25) + + +TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases. + + +- [JackDoan/TP-Link-ArcherC5-RCE](https://github.com/JackDoan/TP-Link-ArcherC5-RCE) + ### CVE-2018-19571 (2019-07-10) @@ -10378,6 +11215,17 @@ The "CLink4Service" service is installed with Corsair Link 4.9.7.35 wi - [BradyDonovan/CVE-2018-19592](https://github.com/BradyDonovan/CVE-2018-19592) +### CVE-2018-19788 (2018-12-03) + + +A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. + + +- [AbsoZed/CVE-2018-19788](https://github.com/AbsoZed/CVE-2018-19788) +- [d4gh0s7/CVE-2018-19788](https://github.com/d4gh0s7/CVE-2018-19788) +- [Ekultek/PoC](https://github.com/Ekultek/PoC) +- [jhlongjr/CVE-2018-19788](https://github.com/jhlongjr/CVE-2018-19788) + ### CVE-2018-19859 (2018-12-05) @@ -10394,6 +11242,14 @@ NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attack - [pwnhacker0x18/CVE-2018-19864](https://github.com/pwnhacker0x18/CVE-2018-19864) +### CVE-2018-19911 (2018-12-06) + + +FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. + + +- [iSafeBlue/freeswitch_rce](https://github.com/iSafeBlue/freeswitch_rce) + ### CVE-2018-19987 (2019-05-13) @@ -10418,6 +11274,14 @@ Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Va - [stigtsp/CVE-2018-20162-digi-lr54-restricted-shell-escape](https://github.com/stigtsp/CVE-2018-20162-digi-lr54-restricted-shell-escape) +### CVE-2018-20165 (2019-03-22) + + +Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. + + +- [hect0rS/Reflected-XSS-on-Opentext-Portal-v7.4.4](https://github.com/hect0rS/Reflected-XSS-on-Opentext-Portal-v7.4.4) + ### CVE-2018-20250 (2019-02-05) @@ -10545,6 +11409,14 @@ Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows conta - [u0pattern/CVE-2018-1000117-Exploit](https://github.com/u0pattern/CVE-2018-1000117-Exploit) +### CVE-2018-1000134 (2018-03-16) + + +UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6. + + +- [dragotime/cve-2018-1000134](https://github.com/dragotime/cve-2018-1000134) + ### CVE-2018-1000140 (2018-03-23) @@ -10586,6 +11458,14 @@ netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vul - [forse01/CVE-2018-1000542-NetBeans](https://github.com/forse01/CVE-2018-1000542-NetBeans) +### CVE-2018-1000802 (2018-09-18) + + +Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace. + + +- [tna0y/CVE-2018-1000802-PoC](https://github.com/tna0y/CVE-2018-1000802-PoC) + ### CVE-2018-1000861 (2018-12-10) @@ -10601,6 +11481,8 @@ A code execution vulnerability exists in the Stapler web framework used by Jenki In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection. +- [gravitational/cve-2018-1002105](https://github.com/gravitational/cve-2018-1002105) +- [evict/poc_CVE-2018-1002105](https://github.com/evict/poc_CVE-2018-1002105) - [imlzw/Kubernetes-1.12.3-all-auto-install](https://github.com/imlzw/Kubernetes-1.12.3-all-auto-install) - [bgeesaman/cve-2018-1002105](https://github.com/bgeesaman/cve-2018-1002105) - [mdnix/cve-2018-1002105](https://github.com/mdnix/cve-2018-1002105)