From 4ec203285fb3fff741711a4489817043a1ba2df0 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sat, 14 Dec 2024 15:31:39 +0900 Subject: [PATCH] Auto Update 2024/12/14 06:31:39 --- 2020/CVE-2020-15778.json | 4 ++-- 2021/CVE-2021-0326.json | 8 ++++---- 2022/CVE-2022-22963.json | 2 +- 2022/CVE-2022-36804.json | 8 ++++---- 2022/CVE-2022-42889.json | 8 ++++---- 2023/CVE-2023-36845.json | 8 ++++---- 2023/CVE-2023-40028.json | 2 +- 2023/CVE-2023-45866.json | 8 ++++---- 2024/CVE-2024-0012.json | 8 ++++---- 2024/CVE-2024-27348.json | 8 ++++---- 2024/CVE-2024-30088.json | 8 ++++---- 2024/CVE-2024-3690.json | 33 +++++++++++++++++++++++++++++++++ 2024/CVE-2024-4577.json | 8 ++++---- 2024/CVE-2024-50623.json | 12 ++++++------ 2024/CVE-2024-6387.json | 16 ++++++++-------- README.md | 7 +++++++ 16 files changed, 94 insertions(+), 54 deletions(-) create mode 100644 2024/CVE-2024-3690.json diff --git a/2020/CVE-2020-15778.json b/2020/CVE-2020-15778.json index 2ec4fed155..43bd680d39 100644 --- a/2020/CVE-2020-15778.json +++ b/2020/CVE-2020-15778.json @@ -50,13 +50,13 @@ "stargazers_count": 34, "watchers_count": 34, "has_discussions": false, - "forks_count": 17, + "forks_count": 18, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 17, + "forks": 18, "watchers": 34, "score": 0, "subscribers_count": 1 diff --git a/2021/CVE-2021-0326.json b/2021/CVE-2021-0326.json index 475b98dce6..7ab7592d91 100644 --- a/2021/CVE-2021-0326.json +++ b/2021/CVE-2021-0326.json @@ -14,10 +14,10 @@ "description": "Skeleton (but pronounced like Peloton): A Zero-Click RCE exploit for CVE-2021-0326", "fork": false, "created_at": "2022-01-17T21:35:19Z", - "updated_at": "2024-08-12T20:19:50Z", + "updated_at": "2024-12-14T01:27:34Z", "pushed_at": "2022-03-16T02:58:42Z", - "stargazers_count": 16, - "watchers_count": 16, + "stargazers_count": 17, + "watchers_count": 17, "has_discussions": false, "forks_count": 6, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 16, + "watchers": 17, "score": 0, "subscribers_count": 1 }, diff --git a/2022/CVE-2022-22963.json b/2022/CVE-2022-22963.json index fed2558777..4861975b97 100644 --- a/2022/CVE-2022-22963.json +++ b/2022/CVE-2022-22963.json @@ -892,6 +892,6 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2022/CVE-2022-36804.json b/2022/CVE-2022-36804.json index 9c967c485f..48a515e72d 100644 --- a/2022/CVE-2022-36804.json +++ b/2022/CVE-2022-36804.json @@ -169,10 +169,10 @@ "description": "Bitbucket CVE-2022-36804 unauthenticated remote command execution", "fork": false, "created_at": "2022-09-21T10:36:50Z", - "updated_at": "2024-08-12T20:27:12Z", + "updated_at": "2024-12-14T03:54:12Z", "pushed_at": "2023-01-21T02:14:15Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 7, + "watchers_count": 7, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -196,7 +196,7 @@ ], "visibility": "public", "forks": 3, - "watchers": 6, + "watchers": 7, "score": 0, "subscribers_count": 2 }, diff --git a/2022/CVE-2022-42889.json b/2022/CVE-2022-42889.json index 210d01756e..6b69f3ba59 100644 --- a/2022/CVE-2022-42889.json +++ b/2022/CVE-2022-42889.json @@ -282,10 +282,10 @@ "description": "Apache commons text - CVE-2022-42889 Text4Shell proof of concept exploit.", "fork": false, "created_at": "2022-10-19T11:49:08Z", - "updated_at": "2024-11-16T11:46:08Z", + "updated_at": "2024-12-14T03:52:45Z", "pushed_at": "2023-12-29T14:57:34Z", - "stargazers_count": 54, - "watchers_count": 54, + "stargazers_count": 55, + "watchers_count": 55, "has_discussions": false, "forks_count": 9, "allow_forking": true, @@ -306,7 +306,7 @@ ], "visibility": "public", "forks": 9, - "watchers": 54, + "watchers": 55, "score": 0, "subscribers_count": 2 }, diff --git a/2023/CVE-2023-36845.json b/2023/CVE-2023-36845.json index 873bbb3757..67477e3e1c 100644 --- a/2023/CVE-2023-36845.json +++ b/2023/CVE-2023-36845.json @@ -48,10 +48,10 @@ "description": "Juniper Firewalls CVE-2023-36845 - RCE", "fork": false, "created_at": "2023-09-26T17:56:55Z", - "updated_at": "2024-12-02T02:41:52Z", + "updated_at": "2024-12-14T03:56:10Z", "pushed_at": "2023-12-29T14:56:44Z", - "stargazers_count": 49, - "watchers_count": 49, + "stargazers_count": 50, + "watchers_count": 50, "has_discussions": false, "forks_count": 13, "allow_forking": true, @@ -79,7 +79,7 @@ ], "visibility": "public", "forks": 13, - "watchers": 49, + "watchers": 50, "score": 0, "subscribers_count": 2 }, diff --git a/2023/CVE-2023-40028.json b/2023/CVE-2023-40028.json index ee07b2ddb6..dae9210997 100644 --- a/2023/CVE-2023-40028.json +++ b/2023/CVE-2023-40028.json @@ -121,6 +121,6 @@ "forks": 1, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2023/CVE-2023-45866.json b/2023/CVE-2023-45866.json index 871ff96691..8f533d0240 100644 --- a/2023/CVE-2023-45866.json +++ b/2023/CVE-2023-45866.json @@ -14,10 +14,10 @@ "description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)", "fork": false, "created_at": "2024-01-16T06:52:02Z", - "updated_at": "2024-12-11T09:51:18Z", + "updated_at": "2024-12-14T02:23:26Z", "pushed_at": "2024-08-18T08:26:46Z", - "stargazers_count": 1290, - "watchers_count": 1290, + "stargazers_count": 1289, + "watchers_count": 1289, "has_discussions": false, "forks_count": 220, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 220, - "watchers": 1290, + "watchers": 1289, "score": 0, "subscribers_count": 21 }, diff --git a/2024/CVE-2024-0012.json b/2024/CVE-2024-0012.json index b12e764530..f68aff22e4 100644 --- a/2024/CVE-2024-0012.json +++ b/2024/CVE-2024-0012.json @@ -267,10 +267,10 @@ "description": "This PoC is targeting vulnerabilities in Palo Alto PAN-OS, specifically CVE-2024-0012 and CVE-2024-9474. This script automates the exploitation process, including payload creation, chunked delivery, and seamless command execution.", "fork": false, "created_at": "2024-12-11T18:13:32Z", - "updated_at": "2024-12-13T03:48:26Z", + "updated_at": "2024-12-14T02:34:33Z", "pushed_at": "2024-12-12T15:48:10Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -279,7 +279,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-27348.json b/2024/CVE-2024-27348.json index 4a7dfe886a..b9aa68f36c 100644 --- a/2024/CVE-2024-27348.json +++ b/2024/CVE-2024-27348.json @@ -52,10 +52,10 @@ "description": "Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit ", "fork": false, "created_at": "2024-06-03T19:08:24Z", - "updated_at": "2024-10-03T04:22:14Z", + "updated_at": "2024-12-14T03:58:01Z", "pushed_at": "2024-06-03T19:20:10Z", - "stargazers_count": 16, - "watchers_count": 16, + "stargazers_count": 17, + "watchers_count": 17, "has_discussions": false, "forks_count": 8, "allow_forking": true, @@ -85,7 +85,7 @@ ], "visibility": "public", "forks": 8, - "watchers": 16, + "watchers": 17, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-30088.json b/2024/CVE-2024-30088.json index 4b50e8e397..b97c6b88fe 100644 --- a/2024/CVE-2024-30088.json +++ b/2024/CVE-2024-30088.json @@ -107,10 +107,10 @@ "description": "Kernel exploit for Xbox SystemOS using CVE-2024-30088", "fork": false, "created_at": "2024-07-15T08:07:05Z", - "updated_at": "2024-12-07T17:15:32Z", + "updated_at": "2024-12-14T04:28:35Z", "pushed_at": "2024-09-08T21:23:34Z", - "stargazers_count": 427, - "watchers_count": 427, + "stargazers_count": 428, + "watchers_count": 428, "has_discussions": false, "forks_count": 31, "allow_forking": true, @@ -119,7 +119,7 @@ "topics": [], "visibility": "public", "forks": 31, - "watchers": 427, + "watchers": 428, "score": 0, "subscribers_count": 20 }, diff --git a/2024/CVE-2024-3690.json b/2024/CVE-2024-3690.json new file mode 100644 index 0000000000..734657c8ff --- /dev/null +++ b/2024/CVE-2024-3690.json @@ -0,0 +1,33 @@ +[ + { + "id": 903200657, + "name": "CVE-2024-3690", + "full_name": "taeseongk\/CVE-2024-3690", + "owner": { + "login": "taeseongk", + "id": 102262849, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/102262849?v=4", + "html_url": "https:\/\/github.com\/taeseongk", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/taeseongk\/CVE-2024-3690", + "description": null, + "fork": false, + "created_at": "2024-12-14T01:26:56Z", + "updated_at": "2024-12-14T01:44:49Z", + "pushed_at": "2024-12-14T01:44:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 1, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-4577.json b/2024/CVE-2024-4577.json index 246af96965..f26c46c938 100644 --- a/2024/CVE-2024-4577.json +++ b/2024/CVE-2024-4577.json @@ -169,10 +169,10 @@ "description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC", "fork": false, "created_at": "2024-06-07T09:52:54Z", - "updated_at": "2024-12-12T06:28:25Z", + "updated_at": "2024-12-14T02:25:02Z", "pushed_at": "2024-06-22T15:13:52Z", - "stargazers_count": 241, - "watchers_count": 241, + "stargazers_count": 240, + "watchers_count": 240, "has_discussions": false, "forks_count": 52, "allow_forking": true, @@ -181,7 +181,7 @@ "topics": [], "visibility": "public", "forks": 52, - "watchers": 241, + "watchers": 240, "score": 0, "subscribers_count": 4 }, diff --git a/2024/CVE-2024-50623.json b/2024/CVE-2024-50623.json index a63c9cd75a..e696deeab9 100644 --- a/2024/CVE-2024-50623.json +++ b/2024/CVE-2024-50623.json @@ -14,19 +14,19 @@ "description": "Cleo Unrestricted file upload and download PoC (CVE-2024-50623)", "fork": false, "created_at": "2024-12-11T14:19:55Z", - "updated_at": "2024-12-13T08:33:10Z", + "updated_at": "2024-12-14T05:23:26Z", "pushed_at": "2024-12-11T14:23:19Z", - "stargazers_count": 15, - "watchers_count": 15, + "stargazers_count": 16, + "watchers_count": 16, "has_discussions": false, - "forks_count": 3, + "forks_count": 4, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 3, - "watchers": 15, + "forks": 4, + "watchers": 16, "score": 0, "subscribers_count": 0 } diff --git a/2024/CVE-2024-6387.json b/2024/CVE-2024-6387.json index 5d0de87dab..8d88cfc3ca 100644 --- a/2024/CVE-2024-6387.json +++ b/2024/CVE-2024-6387.json @@ -14,10 +14,10 @@ "description": "a signal handler race condition in OpenSSH's server (sshd)", "fork": false, "created_at": "2024-07-01T10:55:29Z", - "updated_at": "2024-12-11T20:03:37Z", + "updated_at": "2024-12-14T04:05:34Z", "pushed_at": "2024-07-01T10:54:02Z", - "stargazers_count": 468, - "watchers_count": 468, + "stargazers_count": 469, + "watchers_count": 469, "has_discussions": false, "forks_count": 181, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 181, - "watchers": 468, + "watchers": 469, "score": 0, "subscribers_count": 5 }, @@ -1159,10 +1159,10 @@ "description": "CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems.", "fork": false, "created_at": "2024-07-02T14:41:43Z", - "updated_at": "2024-12-07T06:02:59Z", + "updated_at": "2024-12-14T03:39:21Z", "pushed_at": "2024-07-02T15:16:04Z", - "stargazers_count": 31, - "watchers_count": 31, + "stargazers_count": 32, + "watchers_count": 32, "has_discussions": false, "forks_count": 8, "allow_forking": true, @@ -1181,7 +1181,7 @@ ], "visibility": "public", "forks": 8, - "watchers": 31, + "watchers": 32, "score": 0, "subscribers_count": 2 }, diff --git a/README.md b/README.md index 522be896ad..db7364d95f 100644 --- a/README.md +++ b/README.md @@ -823,6 +823,13 @@ - [h4x0r-dz/CVE-2024-3656](https://github.com/h4x0r-dz/CVE-2024-3656) +### CVE-2024-3690 (2024-04-12) + +In PHPGurukul Small CRM 3.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Change Password Handler. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. + + +- [taeseongk/CVE-2024-3690](https://github.com/taeseongk/CVE-2024-3690) + ### CVE-2024-3806 (2024-05-09) The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.