From 588d0a702a3e7c729a84980344785432eb5bac2b Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Tue, 23 Jan 2024 09:29:58 +0900 Subject: [PATCH] Auto Update 2024/01/23 00:29:58 --- 2001/CVE-2001-0758.json | 32 ++++++++++++++++++++++++++++++++ 2016/CVE-2016-3088.json | 8 ++++---- 2020/CVE-2020-1350.json | 8 ++++---- 2021/CVE-2021-3156.json | 8 ++++---- 2021/CVE-2021-44103.json | 8 ++++---- 2022/CVE-2022-20452.json | 2 +- 2022/CVE-2022-25765.json | 2 +- 2022/CVE-2022-38694.json | 4 ++-- 2023/CVE-2023-22518.json | 8 ++++---- 2023/CVE-2023-22960.json | 8 ++++---- 2023/CVE-2023-32571.json | 8 ++++---- 2023/CVE-2023-45777.json | 8 ++++---- 2023/CVE-2023-4863.json | 8 ++++---- 2023/CVE-2023-49070.json | 6 +++--- 2023/CVE-2023-4911.json | 8 ++++---- README.md | 7 +++++++ 16 files changed, 86 insertions(+), 47 deletions(-) create mode 100644 2001/CVE-2001-0758.json diff --git a/2001/CVE-2001-0758.json b/2001/CVE-2001-0758.json new file mode 100644 index 0000000000..e5161669ea --- /dev/null +++ b/2001/CVE-2001-0758.json @@ -0,0 +1,32 @@ +[ + { + "id": 132980512, + "name": "CVE-2001-0758", + "full_name": "alt3kx\/CVE-2001-0758", + "owner": { + "login": "alt3kx", + "id": 3140111, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3140111?v=4", + "html_url": "https:\/\/github.com\/alt3kx" + }, + "html_url": "https:\/\/github.com\/alt3kx\/CVE-2001-0758", + "description": "Directory traversal vulnerability in Shambala 4.5 ", + "fork": false, + "created_at": "2018-05-11T02:47:18Z", + "updated_at": "2018-05-11T09:16:42Z", + "pushed_at": "2018-05-11T09:16:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 3 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-3088.json b/2016/CVE-2016-3088.json index e29486a990..93a40d9f23 100644 --- a/2016/CVE-2016-3088.json +++ b/2016/CVE-2016-3088.json @@ -73,10 +73,10 @@ "description": "Apache ActiveMQ Remote Code Execution Exploit", "fork": false, "created_at": "2021-03-11T05:54:34Z", - "updated_at": "2022-05-02T06:11:19Z", + "updated_at": "2024-01-22T21:43:15Z", "pushed_at": "2021-03-11T13:53:18Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -85,7 +85,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 1 }, diff --git a/2020/CVE-2020-1350.json b/2020/CVE-2020-1350.json index f613377cd5..06d816da02 100644 --- a/2020/CVE-2020-1350.json +++ b/2020/CVE-2020-1350.json @@ -60,10 +60,10 @@ "description": "HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.", "fork": false, "created_at": "2020-07-14T19:02:25Z", - "updated_at": "2023-10-05T17:05:37Z", + "updated_at": "2024-01-22T22:56:05Z", "pushed_at": "2021-06-10T02:46:52Z", - "stargazers_count": 279, - "watchers_count": 279, + "stargazers_count": 280, + "watchers_count": 280, "has_discussions": false, "forks_count": 75, "allow_forking": true, @@ -75,7 +75,7 @@ ], "visibility": "public", "forks": 75, - "watchers": 279, + "watchers": 280, "score": 0, "subscribers_count": 11 }, diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index 05e0a94608..5af82a5d9e 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -1074,10 +1074,10 @@ "description": "Sudo Baron Samedit Exploit", "fork": false, "created_at": "2021-03-15T17:37:02Z", - "updated_at": "2024-01-12T15:38:40Z", + "updated_at": "2024-01-22T22:52:59Z", "pushed_at": "2022-01-13T05:48:01Z", - "stargazers_count": 692, - "watchers_count": 692, + "stargazers_count": 693, + "watchers_count": 693, "has_discussions": false, "forks_count": 172, "allow_forking": true, @@ -1086,7 +1086,7 @@ "topics": [], "visibility": "public", "forks": 172, - "watchers": 692, + "watchers": 693, "score": 0, "subscribers_count": 11 }, diff --git a/2021/CVE-2021-44103.json b/2021/CVE-2021-44103.json index e4eb616351..7f7c809d84 100644 --- a/2021/CVE-2021-44103.json +++ b/2021/CVE-2021-44103.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2022-10-16T16:02:47Z", - "updated_at": "2022-10-18T09:07:41Z", + "updated_at": "2024-01-22T19:06:04Z", "pushed_at": "2022-10-16T18:12:47Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 1 } diff --git a/2022/CVE-2022-20452.json b/2022/CVE-2022-20452.json index d22ae02e2e..4ec5c11836 100644 --- a/2022/CVE-2022-20452.json +++ b/2022/CVE-2022-20452.json @@ -13,7 +13,7 @@ "description": "Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()", "fork": false, "created_at": "2023-01-10T16:24:51Z", - "updated_at": "2024-01-20T03:03:11Z", + "updated_at": "2024-01-22T22:51:58Z", "pushed_at": "2023-04-12T17:28:49Z", "stargazers_count": 246, "watchers_count": 246, diff --git a/2022/CVE-2022-25765.json b/2022/CVE-2022-25765.json index f028bc0335..ea2e1969d4 100644 --- a/2022/CVE-2022-25765.json +++ b/2022/CVE-2022-25765.json @@ -258,7 +258,7 @@ "fork": false, "created_at": "2024-01-22T14:45:34Z", "updated_at": "2024-01-22T14:49:17Z", - "pushed_at": "2024-01-22T15:04:36Z", + "pushed_at": "2024-01-22T22:43:07Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2022/CVE-2022-38694.json b/2022/CVE-2022-38694.json index 52ccffe6a6..1848799e7e 100644 --- a/2022/CVE-2022-38694.json +++ b/2022/CVE-2022-38694.json @@ -18,7 +18,7 @@ "stargazers_count": 148, "watchers_count": 148, "has_discussions": true, - "forks_count": 20, + "forks_count": 21, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -27,7 +27,7 @@ "unisoc" ], "visibility": "public", - "forks": 20, + "forks": 21, "watchers": 148, "score": 0, "subscribers_count": 5 diff --git a/2023/CVE-2023-22518.json b/2023/CVE-2023-22518.json index e8d553e3ff..dd2c3bb863 100644 --- a/2023/CVE-2023-22518.json +++ b/2023/CVE-2023-22518.json @@ -90,10 +90,10 @@ "description": "An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22518 Improper Authorization", "fork": false, "created_at": "2023-11-05T06:45:33Z", - "updated_at": "2023-12-21T17:16:58Z", + "updated_at": "2024-01-22T22:57:53Z", "pushed_at": "2023-11-05T07:08:41Z", - "stargazers_count": 29, - "watchers_count": 29, + "stargazers_count": 30, + "watchers_count": 30, "has_discussions": false, "forks_count": 13, "allow_forking": true, @@ -102,7 +102,7 @@ "topics": [], "visibility": "public", "forks": 13, - "watchers": 29, + "watchers": 30, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-22960.json b/2023/CVE-2023-22960.json index 8b00a96507..f82d38b547 100644 --- a/2023/CVE-2023-22960.json +++ b/2023/CVE-2023-22960.json @@ -13,10 +13,10 @@ "description": "This vulnerability allows an attacker to bypass the credentials brute-force prevention mechanism of the Embedded Web Server (interface) of more than 60 Lexmark printer models. This issue affects both username-password and PIN authentication.", "fork": false, "created_at": "2023-01-24T08:33:19Z", - "updated_at": "2024-01-19T16:20:50Z", + "updated_at": "2024-01-22T19:19:20Z", "pushed_at": "2023-06-15T14:38:07Z", - "stargazers_count": 79, - "watchers_count": 79, + "stargazers_count": 80, + "watchers_count": 80, "has_discussions": false, "forks_count": 16, "allow_forking": true, @@ -32,7 +32,7 @@ ], "visibility": "public", "forks": 16, - "watchers": 79, + "watchers": 80, "score": 0, "subscribers_count": 2 }, diff --git a/2023/CVE-2023-32571.json b/2023/CVE-2023-32571.json index 9338e1fc0d..75ee051adf 100644 --- a/2023/CVE-2023-32571.json +++ b/2023/CVE-2023-32571.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2023-11-18T04:35:37Z", - "updated_at": "2024-01-22T05:36:53Z", + "updated_at": "2024-01-22T21:48:05Z", "pushed_at": "2023-11-22T16:50:34Z", - "stargazers_count": 3, - "watchers_count": 3, + "stargazers_count": 4, + "watchers_count": 4, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 0, - "watchers": 3, + "watchers": 4, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-45777.json b/2023/CVE-2023-45777.json index 6d359f2773..19a0d46b68 100644 --- a/2023/CVE-2023-45777.json +++ b/2023/CVE-2023-45777.json @@ -13,10 +13,10 @@ "description": "Writeup and exploit for CVE-2023-45777, bypass for Intent validation inside AccountManagerService on Android 13 despite \"Lazy Bundle\" mitigation", "fork": false, "created_at": "2024-01-20T07:14:06Z", - "updated_at": "2024-01-22T14:46:22Z", + "updated_at": "2024-01-22T22:52:13Z", "pushed_at": "2024-01-21T05:04:01Z", - "stargazers_count": 34, - "watchers_count": 34, + "stargazers_count": 35, + "watchers_count": 35, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 5, - "watchers": 34, + "watchers": 35, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-4863.json b/2023/CVE-2023-4863.json index 79a92621e9..d13d4b2404 100644 --- a/2023/CVE-2023-4863.json +++ b/2023/CVE-2023-4863.json @@ -193,10 +193,10 @@ "description": null, "fork": false, "created_at": "2023-12-18T23:12:25Z", - "updated_at": "2024-01-22T17:47:25Z", + "updated_at": "2024-01-23T00:00:29Z", "pushed_at": "2024-01-22T14:29:21Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 15, + "watchers_count": 15, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -205,7 +205,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 10, + "watchers": 15, "score": 0, "subscribers_count": 0 }, diff --git a/2023/CVE-2023-49070.json b/2023/CVE-2023-49070.json index 6a01cec818..76e8536034 100644 --- a/2023/CVE-2023-49070.json +++ b/2023/CVE-2023-49070.json @@ -119,13 +119,13 @@ "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 1, "score": 0, "subscribers_count": 1 @@ -175,7 +175,7 @@ "fork": false, "created_at": "2024-01-17T07:31:26Z", "updated_at": "2024-01-17T07:45:27Z", - "pushed_at": "2024-01-17T10:22:17Z", + "pushed_at": "2024-01-22T19:17:28Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2023/CVE-2023-4911.json b/2023/CVE-2023-4911.json index 7f1a3fae2c..281b9efa13 100644 --- a/2023/CVE-2023-4911.json +++ b/2023/CVE-2023-4911.json @@ -437,10 +437,10 @@ "description": null, "fork": false, "created_at": "2024-01-19T18:20:05Z", - "updated_at": "2024-01-20T05:25:47Z", + "updated_at": "2024-01-22T19:50:29Z", "pushed_at": "2024-01-19T18:44:15Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -449,7 +449,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 1 } diff --git a/README.md b/README.md index 8bb1496166..74dffa84e5 100644 --- a/README.md +++ b/README.md @@ -39145,6 +39145,13 @@ - [alt3kx/CVE-2001-0680](https://github.com/alt3kx/CVE-2001-0680) +### CVE-2001-0758 (2001-10-12) + +Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. + + +- [alt3kx/CVE-2001-0758](https://github.com/alt3kx/CVE-2001-0758) + ### CVE-2001-0931 (2002-02-02) Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET.