mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-29 02:54:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2020/07/22 12:09:16

Browse source
This commit is contained in:
motikan2010-bot 2020-07-22 12:09:16 +09:00
parent d5e13f7652
commit 424f06c4b6
22 changed files with 124 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
2006/CVE-2006-3392.json
View file

@ -1,25 +0,0 @@
[
{
"id": 276101400,
"name": "CVE-2006-3392",
"full_name": "Ziani52\/CVE-2006-3392",
"owner": {
"login": "Ziani52",
"id": 53442065,
"avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/53442065?v=4",
"html_url": "https:\/\/github.com\/Ziani52"
},
"html_url": "https:\/\/github.com\/Ziani52\/CVE-2006-3392",
"description": "Webmin < 1.290 \/ Usermin < 1.220 - Arbitrary File Disclosure (Python3)",
"fork": false,
"created_at": "2020-06-30T13:07:31Z",
"updated_at": "2020-06-30T22:21:48Z",
"pushed_at": "2020-06-30T22:21:46Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

23
2006/CVE-2006-6184.json
View file

@ -1,27 +1,4 @@
[
{
"id": 63907042,
"name": "cve-2006-6184",
"full_name": "shauntdergrigorian\/cve-2006-6184",
"owner": {
"login": "shauntdergrigorian",
"id": 7718028,
"avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/7718028?v=4",
"html_url": "https:\/\/github.com\/shauntdergrigorian"
},
"html_url": "https:\/\/github.com\/shauntdergrigorian\/cve-2006-6184",
"description": "This is a python-based standalone exploit for CVE-2006-6184. This exploit triggers a stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service or execute arbitrary code.",
"fork": false,
"created_at": "2016-07-21T22:43:43Z",
"updated_at": "2020-04-07T14:22:36Z",
"pushed_at": "2016-07-22T15:12:43Z",
"stargazers_count": 9,
"watchers_count": 9,
"forks_count": 8,
"forks": 8,
"watchers": 9,
"score": 0
},
{
"id": 205628184,
"name": "CVE-2006-6184",

8
2014/CVE-2014-0160.json
View file

@ -128,13 +128,13 @@
"description": "Multi-threaded tool for scanning many hosts for CVE-2014-0160.",
"fork": false,
"created_at": "2014-04-08T10:10:43Z",
"updated_at": "2020-06-11T05:25:19Z",
"updated_at": "2020-07-22T01:36:32Z",
"pushed_at": "2015-07-02T14:47:31Z",
"stargazers_count": 570,
"watchers_count": 570,
"stargazers_count": 571,
"watchers_count": 571,
"forks_count": 233,
"forks": 233,
"watchers": 570,
"watchers": 571,
"score": 0
},
{

8
2016/CVE-2016-5195.json
View file

@ -174,13 +174,13 @@
"description": "PoC for Dirty COW (CVE-2016-5195)",
"fork": false,
"created_at": "2016-10-22T15:25:34Z",
"updated_at": "2020-07-16T07:13:55Z",
"updated_at": "2020-07-22T02:44:10Z",
"pushed_at": "2017-02-27T18:56:12Z",
"stargazers_count": 327,
"watchers_count": 327,
"stargazers_count": 329,
"watchers_count": 329,
"forks_count": 115,
"forks": 115,
"watchers": 327,
"watchers": 329,
"score": 0
},
{

8
2017/CVE-2017-1000253.json
View file

@ -13,13 +13,13 @@
"description": "Demo-ing CVE-2017-1000253 in a container",
"fork": false,
"created_at": "2017-11-01T07:37:35Z",
"updated_at": "2020-07-21T18:36:43Z",
"updated_at": "2020-07-22T00:15:44Z",
"pushed_at": "2017-11-01T07:59:24Z",
"stargazers_count": 20,
"watchers_count": 20,
"stargazers_count": 21,
"watchers_count": 21,
"forks_count": 5,
"forks": 5,
"watchers": 20,
"watchers": 21,
"score": 0
}
]

8
2018/CVE-2018-10933.json
View file

@ -36,13 +36,13 @@
"description": "Spawn to shell without any credentials by using CVE-2018-10933 (LibSSH)",
"fork": false,
"created_at": "2018-10-17T14:14:12Z",
"updated_at": "2020-07-15T10:26:41Z",
"updated_at": "2020-07-21T22:45:37Z",
"pushed_at": "2020-01-29T10:28:44Z",
"stargazers_count": 469,
"watchers_count": 469,
"stargazers_count": 470,
"watchers_count": 470,
"forks_count": 116,
"forks": 116,
"watchers": 469,
"watchers": 470,
"score": 0
},
{

8
2018/CVE-2018-14847.json
View file

@ -13,13 +13,13 @@
"description": "Proof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)",
"fork": false,
"created_at": "2018-06-24T05:34:05Z",
"updated_at": "2020-07-21T07:47:05Z",
"updated_at": "2020-07-21T21:24:10Z",
"pushed_at": "2020-03-08T00:08:20Z",
"stargazers_count": 363,
"watchers_count": 363,
"stargazers_count": 364,
"watchers_count": 364,
"forks_count": 329,
"forks": 329,
"watchers": 363,
"watchers": 364,
"score": 0
},
{

28
2018/CVE-2018-15133.json
View file

@ -23,26 +23,26 @@
"score": 0
},
{
"id": 186012053,
"id": 243072477,
"name": "Laravel-CVE-2018-15133",
"full_name": "sKirua\/Laravel-CVE-2018-15133",
"full_name": "Bilelxdz\/Laravel-CVE-2018-15133",
"owner": {
"login": "sKirua",
"id": 43117514,
"avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/43117514?v=4",
"html_url": "https:\/\/github.com\/sKirua"
"login": "Bilelxdz",
"id": 35871833,
"avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/35871833?v=4",
"html_url": "https:\/\/github.com\/Bilelxdz"
},
"html_url": "https:\/\/github.com\/sKirua\/Laravel-CVE-2018-15133",
"html_url": "https:\/\/github.com\/Bilelxdz\/Laravel-CVE-2018-15133",
"description": "Cette exploit en python va vous permettre de créer des listes de sites et les exploiter rapidement.",
"fork": false,
"created_at": "2019-05-10T15:29:19Z",
"updated_at": "2020-02-25T18:36:12Z",
"created_at": "2020-02-25T18:36:13Z",
"updated_at": "2020-07-22T01:39:38Z",
"pushed_at": "2019-05-17T23:41:11Z",
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 1,
"forks": 1,
"watchers": 2,
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
},
{

8
2018/CVE-2018-5955.json
View file

@ -36,13 +36,13 @@
"description": "一款功能强大的漏洞扫描器子域名爆破使用aioDNSasyncio异步快速扫描覆盖目标全方位资产进行批量漏洞扫描中间件信息收集自动收集ip代理探测Waf信息时自动使用来保护本机真实Ip在本机Ip被Waf杀死后自动切换代理Ip进行扫描Waf信息收集(国内外100+款waf信息)包括安全狗云锁阿里云云盾腾讯云等提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能",
"fork": false,
"created_at": "2019-12-21T22:45:55Z",
"updated_at": "2020-07-21T11:14:06Z",
"updated_at": "2020-07-22T00:54:25Z",
"pushed_at": "2020-01-05T21:46:25Z",
"stargazers_count": 280,
"watchers_count": 280,
"stargazers_count": 281,
"watchers_count": 281,
"forks_count": 63,
"forks": 63,
"watchers": 280,
"watchers": 281,
"score": 0
}
]

8
2019/CVE-2019-18935.json
View file

@ -36,8 +36,8 @@
"description": "RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.",
"fork": false,
"created_at": "2019-12-12T07:58:11Z",
"updated_at": "2020-07-21T17:52:56Z",
"pushed_at": "2020-07-21T17:52:53Z",
"updated_at": "2020-07-21T21:29:42Z",
"pushed_at": "2020-07-21T21:29:39Z",
"stargazers_count": 146,
"watchers_count": 146,
"forks_count": 34,
@ -59,8 +59,8 @@
"description": "TelerikUI Vulnerability Scanner (CVE-2019-18935)",
"fork": false,
"created_at": "2020-05-17T04:22:45Z",
"updated_at": "2020-07-20T19:42:00Z",
"pushed_at": "2020-07-20T19:41:58Z",
"updated_at": "2020-07-22T00:18:53Z",
"pushed_at": "2020-07-22T00:18:51Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,

16
2019/CVE-2019-2618.json
View file

@ -36,13 +36,13 @@
"description": "Weblogic Upload Vuln(Need username password)-CVE-2019-2618",
"fork": false,
"created_at": "2019-04-17T12:23:24Z",
"updated_at": "2020-07-15T14:16:49Z",
"updated_at": "2020-07-21T22:01:28Z",
"pushed_at": "2019-04-17T15:05:09Z",
"stargazers_count": 146,
"watchers_count": 146,
"stargazers_count": 147,
"watchers_count": 147,
"forks_count": 52,
"forks": 52,
"watchers": 146,
"watchers": 147,
"score": 0
},
{
@ -82,13 +82,13 @@
"description": "增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618CVE-2019-2729检测Python3支持",
"fork": false,
"created_at": "2019-06-21T09:22:43Z",
"updated_at": "2020-07-21T06:14:32Z",
"updated_at": "2020-07-22T02:24:52Z",
"pushed_at": "2020-04-26T10:49:25Z",
"stargazers_count": 615,
"watchers_count": 615,
"stargazers_count": 614,
"watchers_count": 614,
"forks_count": 132,
"forks": 132,
"watchers": 615,
"watchers": 614,
"score": 0
},
{

8
2020/CVE-2020-0041.json
View file

@ -13,13 +13,13 @@
"description": "Exploits for Android Binder bug CVE-2020-0041",
"fork": false,
"created_at": "2020-03-31T17:53:57Z",
"updated_at": "2020-07-18T09:34:58Z",
"updated_at": "2020-07-22T01:02:09Z",
"pushed_at": "2020-04-08T08:55:30Z",
"stargazers_count": 121,
"watchers_count": 121,
"stargazers_count": 122,
"watchers_count": 122,
"forks_count": 35,
"forks": 35,
"watchers": 121,
"watchers": 122,
"score": 0
}
]

16
2020/CVE-2020-0796.json
View file

@ -82,13 +82,13 @@
"description": "Scanner for CVE-2020-0796 - SMBv3 RCE",
"fork": false,
"created_at": "2020-03-11T15:21:27Z",
"updated_at": "2020-07-21T08:28:14Z",
"updated_at": "2020-07-21T22:09:18Z",
"pushed_at": "2020-03-13T09:54:16Z",
"stargazers_count": 514,
"watchers_count": 514,
"stargazers_count": 515,
"watchers_count": 515,
"forks_count": 172,
"forks": 172,
"watchers": 514,
"watchers": 515,
"score": 0
},
{
@ -381,13 +381,13 @@
"description": "PoC for triggering buffer overflow via CVE-2020-0796",
"fork": false,
"created_at": "2020-03-12T18:34:40Z",
"updated_at": "2020-07-10T07:00:30Z",
"updated_at": "2020-07-21T22:09:05Z",
"pushed_at": "2020-03-14T10:04:59Z",
"stargazers_count": 243,
"watchers_count": 243,
"stargazers_count": 244,
"watchers_count": 244,
"forks_count": 98,
"forks": 98,
"watchers": 243,
"watchers": 244,
"score": 0
},
{

10
2020/CVE-2020-11896.json
View file

@ -13,13 +13,13 @@
"description": "PoC for CVE-2020-11896 Treck TCP\/IP stack and device asset investigation",
"fork": false,
"created_at": "2020-07-21T03:38:31Z",
"updated_at": "2020-07-21T03:39:09Z",
"pushed_at": "2020-07-21T03:39:08Z",
"stargazers_count": 0,
"watchers_count": 0,
"updated_at": "2020-07-22T02:41:21Z",
"pushed_at": "2020-07-22T02:41:19Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0
}
]

28
2020/CVE-2020-1350.json
View file

@ -36,13 +36,13 @@
"description": "Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.",
"fork": false,
"created_at": "2020-07-14T19:02:25Z",
"updated_at": "2020-07-21T17:37:53Z",
"updated_at": "2020-07-22T02:52:13Z",
"pushed_at": "2020-07-20T17:54:16Z",
"stargazers_count": 193,
"watchers_count": 193,
"forks_count": 62,
"forks": 62,
"watchers": 193,
"stargazers_count": 192,
"watchers_count": 192,
"forks_count": 63,
"forks": 63,
"watchers": 192,
"score": 0
},
{
@ -105,13 +105,13 @@
"description": "Bash Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2003 up to Windows Server 2019.",
"fork": false,
"created_at": "2020-07-14T22:45:48Z",
"updated_at": "2020-07-18T21:05:26Z",
"updated_at": "2020-07-22T02:41:59Z",
"pushed_at": "2020-07-15T13:53:24Z",
"stargazers_count": 54,
"watchers_count": 54,
"stargazers_count": 55,
"watchers_count": 55,
"forks_count": 19,
"forks": 19,
"watchers": 54,
"watchers": 55,
"score": 0
},
{
@ -151,13 +151,13 @@
"description": "Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed)",
"fork": false,
"created_at": "2020-07-15T05:55:20Z",
"updated_at": "2020-07-21T00:08:14Z",
"updated_at": "2020-07-22T02:00:19Z",
"pushed_at": "2020-07-20T02:20:43Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"forks_count": 1,
"forks": 1,
"watchers": 4,
"watchers": 5,
"score": 0
},
{

8
2020/CVE-2020-1362.json
View file

@ -13,13 +13,13 @@
"description": "writeup of CVE-2020-1362",
"fork": false,
"created_at": "2020-07-17T07:35:05Z",
"updated_at": "2020-07-21T18:59:51Z",
"updated_at": "2020-07-22T03:04:46Z",
"pushed_at": "2020-07-17T07:54:26Z",
"stargazers_count": 157,
"watchers_count": 157,
"stargazers_count": 158,
"watchers_count": 158,
"forks_count": 30,
"forks": 30,
"watchers": 157,
"watchers": 158,
"score": 0
}
]

12
2020/CVE-2020-14645.json
View file

@ -13,13 +13,13 @@
"description": "Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()",
"fork": false,
"created_at": "2020-07-20T03:27:24Z",
"updated_at": "2020-07-21T15:07:23Z",
"updated_at": "2020-07-22T02:26:12Z",
"pushed_at": "2020-07-20T03:51:06Z",
"stargazers_count": 46,
"watchers_count": 46,
"stargazers_count": 49,
"watchers_count": 49,
"forks_count": 5,
"forks": 5,
"watchers": 46,
"watchers": 49,
"score": 0
},
{
@ -59,8 +59,8 @@
"description": "Weblogic CVE-2020-14645 coherence 反序列化漏洞验证程序",
"fork": false,
"created_at": "2020-07-21T10:53:16Z",
"updated_at": "2020-07-21T11:24:46Z",
"pushed_at": "2020-07-21T11:30:39Z",
"updated_at": "2020-07-22T02:59:10Z",
"pushed_at": "2020-07-22T02:59:08Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,

8
2020/CVE-2020-2551.json
View file

@ -105,13 +105,13 @@
"description": "Weblogic IIOP CVE-2020-2551",
"fork": false,
"created_at": "2020-02-28T08:46:21Z",
"updated_at": "2020-07-21T14:28:45Z",
"updated_at": "2020-07-21T21:48:52Z",
"pushed_at": "2020-04-07T03:32:24Z",
"stargazers_count": 213,
"watchers_count": 213,
"stargazers_count": 214,
"watchers_count": 214,
"forks_count": 53,
"forks": 53,
"watchers": 213,
"watchers": 214,
"score": 0
},
{

28
2020/CVE-2020-5902.json
View file

@ -82,13 +82,13 @@
"description": "CVE-2020-5902 BIG-IP",
"fork": false,
"created_at": "2020-07-05T16:38:32Z",
"updated_at": "2020-07-21T18:49:47Z",
"updated_at": "2020-07-22T03:00:56Z",
"pushed_at": "2020-07-15T02:52:33Z",
"stargazers_count": 295,
"watchers_count": 295,
"stargazers_count": 296,
"watchers_count": 296,
"forks_count": 87,
"forks": 87,
"watchers": 295,
"watchers": 296,
"score": 0
},
{
@ -979,13 +979,13 @@
"description": "F5 BIG-IP RCE CVE-2020-5902 automatic check tool",
"fork": false,
"created_at": "2020-07-10T15:33:00Z",
"updated_at": "2020-07-21T12:45:24Z",
"updated_at": "2020-07-22T01:43:59Z",
"pushed_at": "2020-07-12T10:36:20Z",
"stargazers_count": 26,
"watchers_count": 26,
"stargazers_count": 29,
"watchers_count": 29,
"forks_count": 8,
"forks": 8,
"watchers": 26,
"watchers": 29,
"score": 0
},
{
@ -1094,13 +1094,13 @@
"description": null,
"fork": false,
"created_at": "2020-07-20T19:10:09Z",
"updated_at": "2020-07-21T14:35:12Z",
"updated_at": "2020-07-22T00:41:09Z",
"pushed_at": "2020-07-21T02:15:36Z",
"stargazers_count": 4,
"watchers_count": 4,
"forks_count": 3,
"forks": 3,
"watchers": 4,
"stargazers_count": 5,
"watchers_count": 5,
"forks_count": 4,
"forks": 4,
"watchers": 5,
"score": 0
}
]

20
2020/CVE-2020-6287.json
View file

@ -13,13 +13,13 @@
"description": "PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)",
"fork": false,
"created_at": "2020-07-15T15:20:09Z",
"updated_at": "2020-07-21T18:34:28Z",
"updated_at": "2020-07-22T01:02:10Z",
"pushed_at": "2020-07-21T15:26:31Z",
"stargazers_count": 97,
"watchers_count": 97,
"stargazers_count": 98,
"watchers_count": 98,
"forks_count": 30,
"forks": 30,
"watchers": 97,
"watchers": 98,
"score": 0
},
{
@ -36,13 +36,13 @@
"description": "PoC for CVE-2020-6287 The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https:\/\/github.com\/rapid7\/metasploit-framework\/pull\/13852\/commits\/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more administrator permission set. This project is created only for educational purposes and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials of this project. Original finding: CVE-2020-6287: Pablo Artuso CVE-2020-6286: Yvan 'iggy' G. Usage: python sap-CVE-2020-6287-add-user.py <HTTP(s):\/\/IP:Port",
"fork": false,
"created_at": "2020-07-20T18:45:53Z",
"updated_at": "2020-07-21T20:20:34Z",
"updated_at": "2020-07-22T00:38:14Z",
"pushed_at": "2020-07-21T18:50:07Z",
"stargazers_count": 26,
"watchers_count": 26,
"forks_count": 7,
"forks": 7,
"watchers": 26,
"stargazers_count": 27,
"watchers_count": 27,
"forks_count": 8,
"forks": 8,
"watchers": 27,
"score": 0
}
]

8
2020/CVE-2020-7283.json
View file

@ -13,13 +13,13 @@
"description": null,
"fork": false,
"created_at": "2020-04-07T11:17:27Z",
"updated_at": "2020-07-21T16:00:36Z",
"updated_at": "2020-07-22T00:32:25Z",
"pushed_at": "2020-07-14T06:39:31Z",
"stargazers_count": 8,
"watchers_count": 8,
"stargazers_count": 9,
"watchers_count": 9,
"forks_count": 4,
"forks": 4,
"watchers": 8,
"watchers": 9,
"score": 0
}
]

11
README.md
View file

@ -7180,7 +7180,7 @@ In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execut
</code>
- [kozmic/laravel-poc-CVE-2018-15133](https://github.com/kozmic/laravel-poc-CVE-2018-15133)
- [sKirua/Laravel-CVE-2018-15133](https://github.com/sKirua/Laravel-CVE-2018-15133)
- [Bilelxdz/Laravel-CVE-2018-15133](https://github.com/Bilelxdz/Laravel-CVE-2018-15133)
- [Prabesh01/Laravel-PHP-Unit-RCE-Auto-shell-uploader](https://github.com/Prabesh01/Laravel-PHP-Unit-RCE-Auto-shell-uploader)
- [iansangaji/laravel-rce-cve-2018-15133](https://github.com/iansangaji/laravel-rce-cve-2018-15133)
@ -14274,14 +14274,6 @@ Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 all
- [Axua/CVE-2006-1236](https://github.com/Axua/CVE-2006-1236)
### CVE-2006-3392
<code>
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using &quot;..%01&quot; sequences, which bypass the removal of &quot;../&quot; sequences before bytes such as &quot;%01&quot; are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
</code>
- [Ziani52/CVE-2006-3392](https://github.com/Ziani52/CVE-2006-3392)
### CVE-2006-3592
<code>
@ -14320,7 +14312,6 @@ The mincore function in the Linux kernel before 2.4.33.6 does not properly lock
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
</code>
- [shauntdergrigorian/cve-2006-6184](https://github.com/shauntdergrigorian/cve-2006-6184)
- [b03902043/CVE-2006-6184](https://github.com/b03902043/CVE-2006-6184)