From 33b37994b6d0d72558731e379dd925a5df16e419 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sun, 5 Jan 2025 21:32:02 +0900 Subject: [PATCH] Auto Update 2025/01/05 12:32:02 --- 2010/CVE-2010-1240.json | 8 ++++---- 2020/CVE-2020-13945.json | 42 ---------------------------------------- 2021/CVE-2021-34527.json | 8 ++++---- 2021/CVE-2021-41773.json | 8 ++++---- 2021/CVE-2021-44228.json | 8 ++++---- 2022/CVE-2022-22965.json | 8 ++++---- 2022/CVE-2022-46689.json | 8 ++++---- 2023/CVE-2023-40028.json | 8 ++++---- 2023/CVE-2023-44976.json | 8 ++++---- 2023/CVE-2023-45866.json | 8 ++++---- 2023/CVE-2023-46604.json | 8 ++++---- 2023/CVE-2023-4911.json | 8 ++++---- 2024/CVE-2024-1071.json | 8 ++++---- 2024/CVE-2024-23897.json | 8 ++++---- 2024/CVE-2024-28085.json | 4 ++-- 2024/CVE-2024-3094.json | 2 +- 2024/CVE-2024-42327.json | 12 ++++++------ 2024/CVE-2024-44625.json | 8 ++++---- 2024/CVE-2024-49113.json | 8 ++++---- 2024/CVE-2024-53677.json | 8 ++++---- 2024/CVE-2024-55457.json | 33 +++++++++++++++++++++++++++++++ README.md | 4 +++- 22 files changed, 109 insertions(+), 116 deletions(-) create mode 100644 2024/CVE-2024-55457.json diff --git a/2010/CVE-2010-1240.json b/2010/CVE-2010-1240.json index 69eee8ac16..1948045e4b 100644 --- a/2010/CVE-2010-1240.json +++ b/2010/CVE-2010-1240.json @@ -14,10 +14,10 @@ "description": "This demonstration video shows how we can control the victim's device by sending the innocent-looking PDF file to the target which actually consists of embedded payload. The exploit was made public as CVE-2010-1240. ", "fork": false, "created_at": "2021-06-05T18:59:28Z", - "updated_at": "2025-01-03T20:51:37Z", + "updated_at": "2025-01-05T09:37:53Z", "pushed_at": "2021-06-06T09:41:51Z", - "stargazers_count": 57, - "watchers_count": 57, + "stargazers_count": 58, + "watchers_count": 58, "has_discussions": false, "forks_count": 6, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 57, + "watchers": 58, "score": 0, "subscribers_count": 4 }, diff --git a/2020/CVE-2020-13945.json b/2020/CVE-2020-13945.json index 19cc73bba8..644b20461b 100644 --- a/2020/CVE-2020-13945.json +++ b/2020/CVE-2020-13945.json @@ -71,47 +71,5 @@ "watchers": 8, "score": 0, "subscribers_count": 1 - }, - { - "id": 839830576, - "name": "CVE-2020-13945-EXPLOIT", - "full_name": "x0root\/CVE-2020-13945-EXPLOIT", - "owner": { - "login": "x0root", - "id": 99962731, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/99962731?v=4", - "html_url": "https:\/\/github.com\/x0root", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/x0root\/CVE-2020-13945-EXPLOIT", - "description": "PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE)", - "fork": false, - "created_at": "2024-08-08T12:10:51Z", - "updated_at": "2024-08-09T13:03:54Z", - "pushed_at": "2024-08-08T14:22:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "apache", - "apache-apisix", - "exploit", - "exploitation", - "hacking", - "rce", - "rce-exploit", - "rce-scanner", - "remote-code-execution", - "vulnerability" - ], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0, - "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2021/CVE-2021-34527.json b/2021/CVE-2021-34527.json index 991468577d..fb1f1945cc 100644 --- a/2021/CVE-2021-34527.json +++ b/2021/CVE-2021-34527.json @@ -82,10 +82,10 @@ "description": null, "fork": false, "created_at": "2021-07-02T12:10:49Z", - "updated_at": "2024-12-29T23:35:53Z", + "updated_at": "2025-01-05T10:14:44Z", "pushed_at": "2021-07-02T12:17:50Z", - "stargazers_count": 266, - "watchers_count": 266, + "stargazers_count": 267, + "watchers_count": 267, "has_discussions": false, "forks_count": 68, "allow_forking": true, @@ -94,7 +94,7 @@ "topics": [], "visibility": "public", "forks": 68, - "watchers": 266, + "watchers": 267, "score": 0, "subscribers_count": 11 }, diff --git a/2021/CVE-2021-41773.json b/2021/CVE-2021-41773.json index 5d40bf10d8..18a90e575d 100644 --- a/2021/CVE-2021-41773.json +++ b/2021/CVE-2021-41773.json @@ -337,10 +337,10 @@ "description": "CVE-2021-41773 POC with Docker", "fork": false, "created_at": "2021-10-06T02:30:40Z", - "updated_at": "2024-08-12T20:17:00Z", + "updated_at": "2025-01-05T09:07:45Z", "pushed_at": "2022-10-07T23:37:10Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 11, + "watchers_count": 11, "has_discussions": false, "forks_count": 6, "allow_forking": true, @@ -349,7 +349,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 10, + "watchers": 11, "score": 0, "subscribers_count": 2 }, diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 60ee6ab128..55bcf82d6a 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -3158,10 +3158,10 @@ "description": "Spring Boot Log4j - CVE-2021-44228 Docker Lab ", "fork": false, "created_at": "2021-12-12T16:54:33Z", - "updated_at": "2024-08-14T04:42:20Z", + "updated_at": "2025-01-05T11:01:16Z", "pushed_at": "2021-12-17T13:59:44Z", - "stargazers_count": 25, - "watchers_count": 25, + "stargazers_count": 26, + "watchers_count": 26, "has_discussions": false, "forks_count": 20, "allow_forking": true, @@ -3174,7 +3174,7 @@ ], "visibility": "public", "forks": 20, - "watchers": 25, + "watchers": 26, "score": 0, "subscribers_count": 2 }, diff --git a/2022/CVE-2022-22965.json b/2022/CVE-2022-22965.json index 0b72d5b6b2..5de133caaf 100644 --- a/2022/CVE-2022-22965.json +++ b/2022/CVE-2022-22965.json @@ -1018,10 +1018,10 @@ "description": "Docker PoC for CVE-2022-22965 with Spring Boot version 2.6.5", "fork": false, "created_at": "2022-04-03T06:43:07Z", - "updated_at": "2024-10-23T04:53:18Z", + "updated_at": "2025-01-05T11:01:55Z", "pushed_at": "2022-04-03T08:38:30Z", - "stargazers_count": 14, - "watchers_count": 14, + "stargazers_count": 15, + "watchers_count": 15, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -1030,7 +1030,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 14, + "watchers": 15, "score": 0, "subscribers_count": 2 }, diff --git a/2022/CVE-2022-46689.json b/2022/CVE-2022-46689.json index 67d90745d6..ab2486b3a0 100644 --- a/2022/CVE-2022-46689.json +++ b/2022/CVE-2022-46689.json @@ -200,10 +200,10 @@ "description": "CVE-2022-46689", "fork": false, "created_at": "2023-01-04T05:08:20Z", - "updated_at": "2024-09-30T13:25:37Z", + "updated_at": "2025-01-05T11:31:01Z", "pushed_at": "2023-01-19T08:12:40Z", - "stargazers_count": 52, - "watchers_count": 52, + "stargazers_count": 53, + "watchers_count": 53, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -212,7 +212,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 52, + "watchers": 53, "score": 0, "subscribers_count": 4 }, diff --git a/2023/CVE-2023-40028.json b/2023/CVE-2023-40028.json index 22f90593de..25ebf53c10 100644 --- a/2023/CVE-2023-40028.json +++ b/2023/CVE-2023-40028.json @@ -138,10 +138,10 @@ "description": "Arbitrary file read in Ghost-CMS allows an attacker to upload a malicious ZIP file with a symlink.", "fork": false, "created_at": "2024-12-21T01:53:47Z", - "updated_at": "2024-12-21T02:51:46Z", + "updated_at": "2025-01-05T09:56:15Z", "pushed_at": "2024-12-21T02:51:43Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -159,7 +159,7 @@ ], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-44976.json b/2023/CVE-2023-44976.json index 56ec8a9319..8b4a7b4f7d 100644 --- a/2023/CVE-2023-44976.json +++ b/2023/CVE-2023-44976.json @@ -14,10 +14,10 @@ "description": "A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering them ineffective, working for both x32 and x64(CVE-2023-44976).", "fork": false, "created_at": "2023-10-01T18:24:38Z", - "updated_at": "2024-12-26T14:38:40Z", + "updated_at": "2025-01-05T12:06:15Z", "pushed_at": "2024-12-26T13:43:18Z", - "stargazers_count": 90, - "watchers_count": 90, + "stargazers_count": 91, + "watchers_count": 91, "has_discussions": false, "forks_count": 20, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 20, - "watchers": 90, + "watchers": 91, "score": 0, "subscribers_count": 2 } diff --git a/2023/CVE-2023-45866.json b/2023/CVE-2023-45866.json index e00344dc09..e819006ef9 100644 --- a/2023/CVE-2023-45866.json +++ b/2023/CVE-2023-45866.json @@ -14,10 +14,10 @@ "description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)", "fork": false, "created_at": "2024-01-16T06:52:02Z", - "updated_at": "2025-01-05T05:45:13Z", + "updated_at": "2025-01-05T11:09:21Z", "pushed_at": "2024-08-18T08:26:46Z", - "stargazers_count": 1351, - "watchers_count": 1351, + "stargazers_count": 1357, + "watchers_count": 1357, "has_discussions": false, "forks_count": 228, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 228, - "watchers": 1351, + "watchers": 1357, "score": 0, "subscribers_count": 21 }, diff --git a/2023/CVE-2023-46604.json b/2023/CVE-2023-46604.json index 6a683868c8..29df50151e 100644 --- a/2023/CVE-2023-46604.json +++ b/2023/CVE-2023-46604.json @@ -107,10 +107,10 @@ "description": " Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604) ", "fork": false, "created_at": "2023-11-03T22:06:09Z", - "updated_at": "2024-12-24T01:15:17Z", + "updated_at": "2025-01-05T08:55:50Z", "pushed_at": "2024-01-20T16:59:23Z", - "stargazers_count": 110, - "watchers_count": 110, + "stargazers_count": 111, + "watchers_count": 111, "has_discussions": false, "forks_count": 36, "allow_forking": true, @@ -119,7 +119,7 @@ "topics": [], "visibility": "public", "forks": 36, - "watchers": 110, + "watchers": 111, "score": 0, "subscribers_count": 2 }, diff --git a/2023/CVE-2023-4911.json b/2023/CVE-2023-4911.json index 7782e26dde..dfa0c031a3 100644 --- a/2023/CVE-2023-4911.json +++ b/2023/CVE-2023-4911.json @@ -45,10 +45,10 @@ "description": "PoC for CVE-2023-4911", "fork": false, "created_at": "2023-10-04T14:12:16Z", - "updated_at": "2024-12-22T00:22:49Z", + "updated_at": "2025-01-05T09:41:34Z", "pushed_at": "2023-10-04T14:16:36Z", - "stargazers_count": 381, - "watchers_count": 381, + "stargazers_count": 382, + "watchers_count": 382, "has_discussions": false, "forks_count": 58, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 58, - "watchers": 381, + "watchers": 382, "score": 0, "subscribers_count": 5 }, diff --git a/2024/CVE-2024-1071.json b/2024/CVE-2024-1071.json index 3a2bbca97e..6d9314753e 100644 --- a/2024/CVE-2024-1071.json +++ b/2024/CVE-2024-1071.json @@ -45,10 +45,10 @@ "description": "CVE-2024-1071 with Docker", "fork": false, "created_at": "2024-03-04T18:29:17Z", - "updated_at": "2024-08-25T01:26:45Z", + "updated_at": "2025-01-05T11:01:25Z", "pushed_at": "2024-03-05T18:35:42Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-23897.json b/2024/CVE-2024-23897.json index cface46cbf..7afa3f2084 100644 --- a/2024/CVE-2024-23897.json +++ b/2024/CVE-2024-23897.json @@ -610,10 +610,10 @@ "description": "POC for CVE-2024-23897 Jenkins File-Read ", "fork": false, "created_at": "2024-02-16T07:16:04Z", - "updated_at": "2024-12-30T02:06:36Z", + "updated_at": "2025-01-05T07:57:38Z", "pushed_at": "2024-02-17T16:39:19Z", - "stargazers_count": 20, - "watchers_count": 20, + "stargazers_count": 21, + "watchers_count": 21, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -622,7 +622,7 @@ "topics": [], "visibility": "public", "forks": 4, - "watchers": 20, + "watchers": 21, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-28085.json b/2024/CVE-2024-28085.json index b52e367437..7d7eff95cf 100644 --- a/2024/CVE-2024-28085.json +++ b/2024/CVE-2024-28085.json @@ -19,7 +19,7 @@ "stargazers_count": 49, "watchers_count": 49, "has_discussions": false, - "forks_count": 8, + "forks_count": 7, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -32,7 +32,7 @@ "vulnerability" ], "visibility": "public", - "forks": 8, + "forks": 7, "watchers": 49, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-3094.json b/2024/CVE-2024-3094.json index 60ffed17fc..eee54315bc 100644 --- a/2024/CVE-2024-3094.json +++ b/2024/CVE-2024-3094.json @@ -952,7 +952,7 @@ "description": "notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)", "fork": false, "created_at": "2024-04-01T14:28:09Z", - "updated_at": "2025-01-03T11:50:05Z", + "updated_at": "2025-01-05T09:23:01Z", "pushed_at": "2024-04-03T04:58:50Z", "stargazers_count": 3503, "watchers_count": 3503, diff --git a/2024/CVE-2024-42327.json b/2024/CVE-2024-42327.json index e93bad1584..cb0ed8c6e3 100644 --- a/2024/CVE-2024-42327.json +++ b/2024/CVE-2024-42327.json @@ -200,19 +200,19 @@ "description": "Zabbix CVE-2024-42327 PoC", "fork": false, "created_at": "2025-01-01T18:25:44Z", - "updated_at": "2025-01-05T00:46:15Z", + "updated_at": "2025-01-05T07:51:36Z", "pushed_at": "2025-01-03T13:49:03Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, - "watchers": 4, + "forks": 2, + "watchers": 5, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-44625.json b/2024/CVE-2024-44625.json index 3f41b55f3a..1a870b998d 100644 --- a/2024/CVE-2024-44625.json +++ b/2024/CVE-2024-44625.json @@ -14,10 +14,10 @@ "description": "Symbolic link path traversal vulnerability in Gogs", "fork": false, "created_at": "2024-11-13T16:16:31Z", - "updated_at": "2025-01-04T13:33:20Z", + "updated_at": "2025-01-05T10:04:20Z", "pushed_at": "2024-11-14T02:54:13Z", - "stargazers_count": 3, - "watchers_count": 3, + "stargazers_count": 4, + "watchers_count": 4, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 3, + "watchers": 4, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-49113.json b/2024/CVE-2024-49113.json index 505125aa70..3024c0980b 100644 --- a/2024/CVE-2024-49113.json +++ b/2024/CVE-2024-49113.json @@ -14,10 +14,10 @@ "description": "LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113", "fork": false, "created_at": "2025-01-01T15:48:38Z", - "updated_at": "2025-01-05T05:14:03Z", + "updated_at": "2025-01-05T09:22:19Z", "pushed_at": "2025-01-02T16:07:23Z", - "stargazers_count": 337, - "watchers_count": 337, + "stargazers_count": 340, + "watchers_count": 340, "has_discussions": false, "forks_count": 78, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 78, - "watchers": 337, + "watchers": 340, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-53677.json b/2024/CVE-2024-53677.json index 429537b701..eeb1e16c8b 100644 --- a/2024/CVE-2024-53677.json +++ b/2024/CVE-2024-53677.json @@ -45,10 +45,10 @@ "description": "A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises from flaws in the file upload logic, which can be exploited to perform path traversal and malicious file uploads.", "fork": false, "created_at": "2024-12-13T17:42:55Z", - "updated_at": "2025-01-03T14:51:03Z", + "updated_at": "2025-01-05T11:09:33Z", "pushed_at": "2024-12-20T10:05:15Z", - "stargazers_count": 80, - "watchers_count": 80, + "stargazers_count": 81, + "watchers_count": 81, "has_discussions": false, "forks_count": 30, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 30, - "watchers": 80, + "watchers": 81, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-55457.json b/2024/CVE-2024-55457.json new file mode 100644 index 0000000000..ab4614b3cd --- /dev/null +++ b/2024/CVE-2024-55457.json @@ -0,0 +1,33 @@ +[ + { + "id": 912328942, + "name": "CVE-2024-55457-PoC", + "full_name": "h13nh04ng\/CVE-2024-55457-PoC", + "owner": { + "login": "h13nh04ng", + "id": 86940873, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/86940873?v=4", + "html_url": "https:\/\/github.com\/h13nh04ng", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/h13nh04ng\/CVE-2024-55457-PoC", + "description": null, + "fork": false, + "created_at": "2025-01-05T09:07:46Z", + "updated_at": "2025-01-05T09:19:35Z", + "pushed_at": "2025-01-05T09:19:32Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/README.md b/README.md index 2af5fbf876..972ce7883f 100644 --- a/README.md +++ b/README.md @@ -7791,6 +7791,9 @@ - [ugurkarakoc1/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability-](https://github.com/ugurkarakoc1/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability-) +### CVE-2024-55457 +- [h13nh04ng/CVE-2024-55457-PoC](https://github.com/h13nh04ng/CVE-2024-55457-PoC) + ### CVE-2024-55557 (2024-12-16) ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. @@ -33094,7 +33097,6 @@ - [YutuSec/Apisix_Crack](https://github.com/YutuSec/Apisix_Crack) - [K3ysTr0K3R/CVE-2020-13945-EXPLOIT](https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT) -- [x0root/CVE-2020-13945-EXPLOIT](https://github.com/x0root/CVE-2020-13945-EXPLOIT) ### CVE-2020-13957 (2020-10-13)