mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-16 04:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2023/08/21 18:46:47

Browse source
This commit is contained in:
motikan2010-bot 2023-08-22 03:46:47 +09:00
parent 71bf485324
commit 5b81158db7
33 changed files with 151 additions and 696 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2017/CVE-2017-10271.json
View file

@ -43,10 +43,10 @@
"description": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.",
"fork": false,
"created_at": "2017-12-25T06:11:54Z",
"updated_at": "2022-08-01T02:16:19Z",
"updated_at": "2023-08-21T18:05:41Z",
"pushed_at": "2017-12-25T06:21:23Z",
"stargazers_count": 23,
"watchers_count": 23,
"stargazers_count": 24,
"watchers_count": 24,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 23,
"watchers": 24,
"score": 0,
"subscribers_count": 1
},

2
2018/CVE-2018-10933.json
View file

@ -816,7 +816,7 @@
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 2
"subscribers_count": 1
},
{
"id": 246461801,

6
2018/CVE-2018-9995.json
View file

@ -614,11 +614,11 @@
"fork": false,
"created_at": "2023-08-18T19:42:17Z",
"updated_at": "2023-08-18T20:00:32Z",
"pushed_at": "2023-08-20T17:09:02Z",
"pushed_at": "2023-08-21T17:19:31Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -633,7 +633,7 @@
"security-research"
],
"visibility": "public",
"forks": 0,
"forks": 2,
"watchers": 0,
"score": 0,
"subscribers_count": 1

63
2019/CVE-2019-0230.json
View file

@ -92,68 +92,5 @@
"watchers": 1,
"score": 0,
"subscribers_count": 1
},
{
"id": 320458800,
"name": "CVE-2019-0230",
"full_name": "Al1ex\/CVE-2019-0230",
"owner": {
"login": "Al1ex",
"id": 38161463,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/38161463?v=4",
"html_url": "https:\/\/github.com\/Al1ex"
},
"html_url": "https:\/\/github.com\/Al1ex\/CVE-2019-0230",
"description": "S2-059(CVE-2019-0230)",
"fork": false,
"created_at": "2020-12-11T03:40:04Z",
"updated_at": "2023-01-09T09:00:15Z",
"pushed_at": "2020-12-11T04:28:10Z",
"stargazers_count": 10,
"watchers_count": 10,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"cve-2019-0230",
"s2-059"
],
"visibility": "public",
"forks": 2,
"watchers": 10,
"score": 0,
"subscribers_count": 2
},
{
"id": 320658849,
"name": "CVE-2019-0230_Struts2S2-059",
"full_name": "tw-eason-tseng\/CVE-2019-0230_Struts2S2-059",
"owner": {
"login": "tw-eason-tseng",
"id": 7005895,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7005895?v=4",
"html_url": "https:\/\/github.com\/tw-eason-tseng"
},
"html_url": "https:\/\/github.com\/tw-eason-tseng\/CVE-2019-0230_Struts2S2-059",
"description": null,
"fork": false,
"created_at": "2020-12-11T18:57:14Z",
"updated_at": "2021-08-27T17:41:18Z",
"pushed_at": "2020-12-11T19:32:12Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

28
2019/CVE-2019-0708.json
View file

@ -1201,19 +1201,19 @@
"description": "dump",
"fork": false,
"created_at": "2019-05-21T06:57:19Z",
"updated_at": "2023-08-08T07:13:54Z",
"updated_at": "2023-08-21T15:25:43Z",
"pushed_at": "2019-06-01T05:15:11Z",
"stargazers_count": 488,
"watchers_count": 488,
"stargazers_count": 489,
"watchers_count": 489,
"has_discussions": false,
"forks_count": 187,
"forks_count": 188,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 187,
"watchers": 488,
"forks": 188,
"watchers": 489,
"score": 0,
"subscribers_count": 35
},
@ -1643,10 +1643,10 @@
"description": "A quick scanner for the CVE-2019-0708 \"BlueKeep\" vulnerability.",
"fork": false,
"created_at": "2019-05-23T22:50:12Z",
"updated_at": "2023-08-12T14:37:39Z",
"updated_at": "2023-08-21T15:24:32Z",
"pushed_at": "2019-06-22T21:48:45Z",
"stargazers_count": 883,
"watchers_count": 883,
"stargazers_count": 884,
"watchers_count": 884,
"has_discussions": false,
"forks_count": 292,
"allow_forking": true,
@ -1655,7 +1655,7 @@
"topics": [],
"visibility": "public",
"forks": 292,
"watchers": 883,
"watchers": 884,
"score": 0,
"subscribers_count": 55
},
@ -1888,10 +1888,10 @@
"description": "Proof of concept for CVE-2019-0708",
"fork": false,
"created_at": "2019-05-29T16:53:54Z",
"updated_at": "2023-08-20T18:48:50Z",
"updated_at": "2023-08-21T15:23:44Z",
"pushed_at": "2021-12-02T12:00:46Z",
"stargazers_count": 1143,
"watchers_count": 1143,
"stargazers_count": 1144,
"watchers_count": 1144,
"has_discussions": false,
"forks_count": 354,
"allow_forking": true,
@ -1900,7 +1900,7 @@
"topics": [],
"visibility": "public",
"forks": 354,
"watchers": 1143,
"watchers": 1144,
"score": 0,
"subscribers_count": 69
},

32
2019/CVE-2019-0752.json
View file

@ -1,32 +0,0 @@
[
{
"id": 322721997,
"name": "CVE-2019-0752",
"full_name": "ZwCreatePhoton\/CVE-2019-0752",
"owner": {
"login": "ZwCreatePhoton",
"id": 73783540,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73783540?v=4",
"html_url": "https:\/\/github.com\/ZwCreatePhoton"
},
"html_url": "https:\/\/github.com\/ZwCreatePhoton\/CVE-2019-0752",
"description": null,
"fork": false,
"created_at": "2020-12-18T22:53:16Z",
"updated_at": "2021-08-30T01:11:16Z",
"pushed_at": "2020-12-18T23:04:59Z",
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 3,
"score": 0,
"subscribers_count": 2
}
]

30
2019/CVE-2019-1040.json
View file

@ -118,35 +118,5 @@
"watchers": 275,
"score": 0,
"subscribers_count": 9
},
{
"id": 325925728,
"name": "dcpwn",
"full_name": "QAX-A-Team\/dcpwn",
"owner": {
"login": "QAX-A-Team",
"id": 35417332,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/35417332?v=4",
"html_url": "https:\/\/github.com\/QAX-A-Team"
},
"html_url": "https:\/\/github.com\/QAX-A-Team\/dcpwn",
"description": "an impacket-dependent script exploiting CVE-2019-1040",
"fork": false,
"created_at": "2021-01-01T05:59:06Z",
"updated_at": "2023-02-01T03:56:31Z",
"pushed_at": "2021-01-01T06:10:58Z",
"stargazers_count": 71,
"watchers_count": 71,
"has_discussions": false,
"forks_count": 15,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 15,
"watchers": 71,
"score": 0,
"subscribers_count": 2
}
]

32
2019/CVE-2019-10915.json
View file

@ -1,32 +0,0 @@
[
{
"id": 198133475,
"name": "CVE-2019-10915",
"full_name": "jiansiting\/CVE-2019-10915",
"owner": {
"login": "jiansiting",
"id": 28823754,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/28823754?v=4",
"html_url": "https:\/\/github.com\/jiansiting"
},
"html_url": "https:\/\/github.com\/jiansiting\/CVE-2019-10915",
"description": "Siemens TIA administrator Tool RCE",
"fork": false,
"created_at": "2019-07-22T02:38:54Z",
"updated_at": "2022-03-17T11:43:58Z",
"pushed_at": "2019-07-22T11:48:39Z",
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 4,
"score": 0,
"subscribers_count": 1
}
]

30
2019/CVE-2019-11581.json
View file

@ -1,34 +1,4 @@
[
{
"id": 197105656,
"name": "CVE-2019-11581",
"full_name": "jas502n\/CVE-2019-11581",
"owner": {
"login": "jas502n",
"id": 16593068,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16593068?v=4",
"html_url": "https:\/\/github.com\/jas502n"
},
"html_url": "https:\/\/github.com\/jas502n\/CVE-2019-11581",
"description": "Atlassian JIRA Template injection vulnerability RCE",
"fork": false,
"created_at": "2019-07-16T02:27:00Z",
"updated_at": "2023-08-11T13:37:41Z",
"pushed_at": "2019-07-22T06:47:52Z",
"stargazers_count": 93,
"watchers_count": 93,
"has_discussions": false,
"forks_count": 30,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 30,
"watchers": 93,
"score": 0,
"subscribers_count": 3
},
{
"id": 198763431,
"name": "CVE-2019-11581",

30
2019/CVE-2019-11932.json
View file

@ -435,36 +435,6 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 323076010,
"name": "hello",
"full_name": "BadAssAiras\/hello",
"owner": {
"login": "BadAssAiras",
"id": 76394667,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76394667?v=4",
"html_url": "https:\/\/github.com\/BadAssAiras"
},
"html_url": "https:\/\/github.com\/BadAssAiras\/hello",
"description": "https:\/\/github.com\/awakened1712\/CVE-2019-11932:\/\/github.com\/awakened1712\/CVE-2019-11932",
"fork": false,
"created_at": "2020-12-20T13:17:19Z",
"updated_at": "2020-12-20T13:17:19Z",
"pushed_at": "2020-12-20T13:17:21Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 349491080,
"name": "WhatsAppHACK-RCE",

32
2019/CVE-2019-1221.json
View file

@ -1,32 +0,0 @@
[
{
"id": 322718240,
"name": "CVE-2019-1221",
"full_name": "ZwCreatePhoton\/CVE-2019-1221",
"owner": {
"login": "ZwCreatePhoton",
"id": 73783540,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73783540?v=4",
"html_url": "https:\/\/github.com\/ZwCreatePhoton"
},
"html_url": "https:\/\/github.com\/ZwCreatePhoton\/CVE-2019-1221",
"description": null,
"fork": false,
"created_at": "2020-12-18T22:28:11Z",
"updated_at": "2021-08-30T01:11:21Z",
"pushed_at": "2020-12-18T22:43:26Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 1,
"score": 0,
"subscribers_count": 1
}
]

30
2019/CVE-2019-12840.json
View file

@ -61,36 +61,6 @@
"score": 0,
"subscribers_count": 2
},
{
"id": 323973616,
"name": "webminscan",
"full_name": "anasbousselham\/webminscan",
"owner": {
"login": "anasbousselham",
"id": 9357948,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9357948?v=4",
"html_url": "https:\/\/github.com\/anasbousselham"
},
"html_url": "https:\/\/github.com\/anasbousselham\/webminscan",
"description": "Webmin Exploit Scanner CVE-2020-35606 CVE-2019-12840",
"fork": false,
"created_at": "2020-12-23T18:22:36Z",
"updated_at": "2020-12-23T18:23:02Z",
"pushed_at": "2020-12-23T18:22:59Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 353086761,
"name": "CVE-2019-12840",

30
2019/CVE-2019-13272.json
View file

@ -329,36 +329,6 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 305243026,
"name": "CVE-2019-13272",
"full_name": "datntsec\/CVE-2019-13272",
"owner": {
"login": "datntsec",
"id": 70559607,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/70559607?v=4",
"html_url": "https:\/\/github.com\/datntsec"
},
"html_url": "https:\/\/github.com\/datntsec\/CVE-2019-13272",
"description": null,
"fork": false,
"created_at": "2020-10-19T02:33:29Z",
"updated_at": "2023-04-17T08:54:07Z",
"pushed_at": "2020-12-25T09:10:51Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 369313411,
"name": "CVE-2019-13272-Local-Privilege-Escalation",

32
2019/CVE-2019-14900.json
View file

@ -1,32 +0,0 @@
[
{
"id": 327314262,
"name": "hibernate-orm",
"full_name": "shanika04\/hibernate-orm",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/hibernate-orm",
"description": "CVE-2019-14900",
"fork": false,
"created_at": "2021-01-06T13:06:45Z",
"updated_at": "2021-01-06T13:21:13Z",
"pushed_at": "2021-01-06T13:20:46Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

32
2019/CVE-2019-17041.json
View file

@ -1,32 +0,0 @@
[
{
"id": 318732411,
"name": "CVE-2019-17041",
"full_name": "Resery\/CVE-2019-17041",
"owner": {
"login": "Resery",
"id": 50428593,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50428593?v=4",
"html_url": "https:\/\/github.com\/Resery"
},
"html_url": "https:\/\/github.com\/Resery\/CVE-2019-17041",
"description": null,
"fork": false,
"created_at": "2020-12-05T07:49:11Z",
"updated_at": "2023-01-10T03:22:16Z",
"pushed_at": "2020-12-05T07:50:36Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 2
}
]

30
2019/CVE-2019-17558.json
View file

@ -109,36 +109,6 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 321554194,
"name": "Exploit_CVE-2019-17558-RCE",
"full_name": "xkyrage\/Exploit_CVE-2019-17558-RCE",
"owner": {
"login": "xkyrage",
"id": 57317804,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/57317804?v=4",
"html_url": "https:\/\/github.com\/xkyrage"
},
"html_url": "https:\/\/github.com\/xkyrage\/Exploit_CVE-2019-17558-RCE",
"description": "Apache Solr 1.4 Injection to get a shell",
"fork": false,
"created_at": "2020-12-15T04:38:06Z",
"updated_at": "2020-12-15T04:40:53Z",
"pushed_at": "2020-12-15T04:40:51Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 649585140,
"name": "CVE-2019-17558",

8
2019/CVE-2019-2725.json
View file

@ -223,10 +223,10 @@
"description": "CVE-2019-2725 命令回显",
"fork": false,
"created_at": "2019-05-29T01:57:05Z",
"updated_at": "2023-08-17T03:07:46Z",
"updated_at": "2023-08-21T14:38:56Z",
"pushed_at": "2023-05-08T16:23:06Z",
"stargazers_count": 438,
"watchers_count": 438,
"stargazers_count": 439,
"watchers_count": 439,
"has_discussions": false,
"forks_count": 164,
"allow_forking": true,
@ -235,7 +235,7 @@
"topics": [],
"visibility": "public",
"forks": 164,
"watchers": 438,
"watchers": 439,
"score": 0,
"subscribers_count": 10
},

30
2019/CVE-2019-3980.json
View file

@ -1,34 +1,4 @@
[
{
"id": 284718304,
"name": "CVE-2019-3980",
"full_name": "warferik\/CVE-2019-3980",
"owner": {
"login": "warferik",
"id": 16766938,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/16766938?v=4",
"html_url": "https:\/\/github.com\/warferik"
},
"html_url": "https:\/\/github.com\/warferik\/CVE-2019-3980",
"description": null,
"fork": false,
"created_at": "2020-08-03T14:12:56Z",
"updated_at": "2023-02-01T14:48:32Z",
"pushed_at": "2020-12-12T03:41:43Z",
"stargazers_count": 17,
"watchers_count": 17,
"has_discussions": false,
"forks_count": 13,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 13,
"watchers": 17,
"score": 0,
"subscribers_count": 3
},
{
"id": 419046445,
"name": "CVE-2019-3980",

32
2019/CVE-2019-5427.json
View file

@ -1,32 +0,0 @@
[
{
"id": 321055902,
"name": "cp30_XXE_partial_fix",
"full_name": "shanika04\/cp30_XXE_partial_fix",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/cp30_XXE_partial_fix",
"description": "version between CVE-2018-20433 and CVE-2019-5427",
"fork": false,
"created_at": "2020-12-13T12:08:30Z",
"updated_at": "2020-12-13T12:10:34Z",
"pushed_at": "2020-12-13T12:10:30Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

32
2019/CVE-2019-5454.json
View file

@ -1,32 +0,0 @@
[
{
"id": 319352277,
"name": "nextcloud_android",
"full_name": "shanika04\/nextcloud_android",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/nextcloud_android",
"description": "SQLi CVE-2019-5454",
"fork": false,
"created_at": "2020-12-07T14:53:25Z",
"updated_at": "2020-12-07T15:01:34Z",
"pushed_at": "2020-12-07T15:01:28Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

30
2019/CVE-2019-7214.json
View file

@ -1,34 +1,4 @@
[
{
"id": 322967860,
"name": "CVE-2019-7214",
"full_name": "devzspy\/CVE-2019-7214",
"owner": {
"login": "devzspy",
"id": 7217419,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7217419?v=4",
"html_url": "https:\/\/github.com\/devzspy"
},
"html_url": "https:\/\/github.com\/devzspy\/CVE-2019-7214",
"description": "Collection of PoCs created for SmarterMail < Build 6985 RCE",
"fork": false,
"created_at": "2020-12-20T01:00:02Z",
"updated_at": "2022-02-23T04:22:23Z",
"pushed_at": "2020-12-20T01:07:55Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 0,
"score": 0,
"subscribers_count": 2
},
{
"id": 343438462,
"name": "-CVE-2019-7214",

32
2019/CVE-2019-9511.json
View file

@ -1,32 +0,0 @@
[
{
"id": 323590787,
"name": "ingress-nginx-0.21-1.19.5",
"full_name": "flyniu666\/ingress-nginx-0.21-1.19.5",
"owner": {
"login": "flyniu666",
"id": 52430647,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/52430647?v=4",
"html_url": "https:\/\/github.com\/flyniu666"
},
"html_url": "https:\/\/github.com\/flyniu666\/ingress-nginx-0.21-1.19.5",
"description": "based on nginx 1.19.5 to fix for CVE-2018-16843, CVE-2018-16844, CVE-2019-9511, CVE-2019-9513, and CVE-2019-9516",
"fork": false,
"created_at": "2020-12-22T10:16:11Z",
"updated_at": "2020-12-23T11:45:29Z",
"pushed_at": "2020-12-23T11:45:24Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 1
}
]

16
2021/CVE-2021-26855.json
View file

@ -599,10 +599,10 @@
"description": "Scanner and PoC for CVE-2021-26855 ",
"fork": false,
"created_at": "2021-03-12T12:47:41Z",
"updated_at": "2021-12-29T15:00:52Z",
"updated_at": "2023-08-21T15:37:11Z",
"pushed_at": "2021-03-12T12:55:57Z",
"stargazers_count": 3,
"watchers_count": 3,
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -611,7 +611,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 3,
"watchers": 4,
"score": 0,
"subscribers_count": 1
},
@ -905,10 +905,10 @@
"description": "CVE-2021-26855 proxyLogon metasploit exploit script",
"fork": false,
"created_at": "2021-03-17T03:32:19Z",
"updated_at": "2022-11-09T18:11:35Z",
"updated_at": "2023-08-21T15:37:01Z",
"pushed_at": "2021-03-17T05:51:30Z",
"stargazers_count": 3,
"watchers_count": 3,
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -921,7 +921,7 @@
],
"visibility": "public",
"forks": 4,
"watchers": 3,
"watchers": 4,
"score": 0,
"subscribers_count": 2
},

8
2021/CVE-2021-30860.json
View file

@ -43,10 +43,10 @@
"description": "Collection of materials relating to FORCEDENTRY, will eventually delete this repo and migrate the materials to my main exploit repo once finished",
"fork": false,
"created_at": "2021-12-25T03:00:01Z",
"updated_at": "2023-08-19T01:37:41Z",
"updated_at": "2023-08-21T16:33:18Z",
"pushed_at": "2023-08-13T21:00:46Z",
"stargazers_count": 61,
"watchers_count": 61,
"stargazers_count": 63,
"watchers_count": 63,
"has_discussions": false,
"forks_count": 17,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 17,
"watchers": 61,
"watchers": 63,
"score": 0,
"subscribers_count": 4
}

8
2021/CVE-2021-36260.json
View file

@ -196,10 +196,10 @@
"description": "Brute Hikvision CAMS with CVE-2021-36260 Exploit",
"fork": false,
"created_at": "2023-07-18T00:31:47Z",
"updated_at": "2023-08-16T06:53:44Z",
"updated_at": "2023-08-21T16:41:28Z",
"pushed_at": "2023-07-29T17:41:39Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -208,7 +208,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
}

4
2021/CVE-2021-44228.json
View file

@ -912,7 +912,7 @@
"stargazers_count": 1632,
"watchers_count": 1632,
"has_discussions": false,
"forks_count": 475,
"forks_count": 476,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -923,7 +923,7 @@
"security"
],
"visibility": "public",
"forks": 475,
"forks": 476,
"watchers": 1632,
"score": 0,
"subscribers_count": 25

8
2022/CVE-2022-20409.json
View file

@ -13,10 +13,10 @@
"description": "Android kernel exploitation for CVE-2022-20409",
"fork": false,
"created_at": "2022-11-21T22:42:50Z",
"updated_at": "2023-08-19T23:24:52Z",
"updated_at": "2023-08-21T15:44:37Z",
"pushed_at": "2023-08-05T20:56:12Z",
"stargazers_count": 101,
"watchers_count": 101,
"stargazers_count": 103,
"watchers_count": 103,
"has_discussions": false,
"forks_count": 13,
"allow_forking": true,
@ -28,7 +28,7 @@
],
"visibility": "public",
"forks": 13,
"watchers": 101,
"watchers": 103,
"score": 0,
"subscribers_count": 4
}

16
2023/CVE-2023-20562.json
View file

@ -13,10 +13,10 @@
"description": null,
"fork": false,
"created_at": "2023-08-21T00:31:50Z",
"updated_at": "2023-08-21T14:14:13Z",
"updated_at": "2023-08-21T15:25:16Z",
"pushed_at": "2023-08-21T00:33:08Z",
"stargazers_count": 18,
"watchers_count": 18,
"stargazers_count": 19,
"watchers_count": 19,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 18,
"watchers": 19,
"score": 0,
"subscribers_count": 0
},
@ -43,10 +43,10 @@
"description": null,
"fork": false,
"created_at": "2023-08-21T06:25:09Z",
"updated_at": "2023-08-21T06:25:30Z",
"updated_at": "2023-08-21T15:20:24Z",
"pushed_at": "2023-08-21T06:25:26Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}

32
2023/CVE-2023-29409.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 681256401,
"name": "CVE-2023-29409",
"full_name": "mateusz834\/CVE-2023-29409",
"owner": {
"login": "mateusz834",
"id": 19653795,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/19653795?v=4",
"html_url": "https:\/\/github.com\/mateusz834"
},
"html_url": "https:\/\/github.com\/mateusz834\/CVE-2023-29409",
"description": " CVE-2023-29409 reproducer",
"fork": false,
"created_at": "2023-08-21T15:59:26Z",
"updated_at": "2023-08-21T16:03:27Z",
"pushed_at": "2023-08-21T16:03:02Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

16
2023/CVE-2023-3519.json
View file

@ -262,10 +262,10 @@
"description": null,
"fork": false,
"created_at": "2023-08-05T01:43:16Z",
"updated_at": "2023-08-05T01:43:28Z",
"updated_at": "2023-08-21T15:40:43Z",
"pushed_at": "2023-08-05T01:43:24Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -274,7 +274,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
},
@ -322,10 +322,10 @@
"description": null,
"fork": false,
"created_at": "2023-08-10T18:22:57Z",
"updated_at": "2023-08-21T13:21:23Z",
"updated_at": "2023-08-21T17:20:43Z",
"pushed_at": "2023-08-17T20:25:55Z",
"stargazers_count": 37,
"watchers_count": 37,
"stargazers_count": 38,
"watchers_count": 38,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -334,7 +334,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 37,
"watchers": 38,
"score": 0,
"subscribers_count": 4
}

12
2023/CVE-2023-36874.json
View file

@ -13,19 +13,19 @@
"description": "CVE-2023-36874 PoC",
"fork": false,
"created_at": "2023-08-20T13:50:42Z",
"updated_at": "2023-08-21T14:07:26Z",
"updated_at": "2023-08-21T17:10:35Z",
"pushed_at": "2023-08-20T13:54:15Z",
"stargazers_count": 20,
"watchers_count": 20,
"stargazers_count": 23,
"watchers_count": 23,
"has_discussions": false,
"forks_count": 9,
"forks_count": 10,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 20,
"forks": 10,
"watchers": 23,
"score": 0,
"subscribers_count": 1
}

34
2023/CVE-2023-4460.json Normal file
View file

@ -0,0 +1,34 @@
[
{
"id": 677181767,
"name": "poc-cve-xss-uploading-svg",
"full_name": "daniloalbuqrque\/poc-cve-xss-uploading-svg",
"owner": {
"login": "daniloalbuqrque",
"id": 85083396,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/85083396?v=4",
"html_url": "https:\/\/github.com\/daniloalbuqrque"
},
"html_url": "https:\/\/github.com\/daniloalbuqrque\/poc-cve-xss-uploading-svg",
"description": "CVE-2023-4460",
"fork": false,
"created_at": "2023-08-11T00:11:45Z",
"updated_at": "2023-08-21T18:17:13Z",
"pushed_at": "2023-08-11T00:41:06Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"cve-2023-4460"
],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

82
README.md
View file

@ -488,6 +488,9 @@
- [d0rb/CVE-2023-4174](https://github.com/d0rb/CVE-2023-4174)
- [codeb0ss/CVE-2023-4174](https://github.com/codeb0ss/CVE-2023-4174)
### CVE-2023-4460
- [daniloalbuqrque/poc-cve-xss-uploading-svg](https://github.com/daniloalbuqrque/poc-cve-xss-uploading-svg)
### CVE-2023-5546
- [obelia01/CVE-2023-5546](https://github.com/obelia01/CVE-2023-5546)
@ -1529,6 +1532,13 @@
- [Wh04m1001/CVE-2023-29343](https://github.com/Wh04m1001/CVE-2023-29343)
### CVE-2023-29409 (2023-08-02)
<code>Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to &lt;= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.
</code>
- [mateusz834/CVE-2023-29409](https://github.com/mateusz834/CVE-2023-29409)
### CVE-2023-29439 (2023-05-16)
<code>Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin &lt;= 2.2.35 versions.
@ -2742,7 +2752,11 @@
### CVE-2023-38822
- [TraiLeR2/Corsair---DLL-Planting-CVE-2023-38822](https://github.com/TraiLeR2/Corsair---DLL-Planting-CVE-2023-38822)
### CVE-2023-38836
### CVE-2023-38836 (2023-08-21)
<code>File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component.
</code>
- [1337kid/CVE-2023-38836](https://github.com/1337kid/CVE-2023-38836)
### CVE-2023-38890 (2023-08-18)
@ -20361,8 +20375,6 @@
- [PrinceFPF/CVE-2019-0230](https://github.com/PrinceFPF/CVE-2019-0230)
- [ramoncjs3/CVE-2019-0230](https://github.com/ramoncjs3/CVE-2019-0230)
- [f8al/CVE-2019-0230-PoC](https://github.com/f8al/CVE-2019-0230-PoC)
- [Al1ex/CVE-2019-0230](https://github.com/Al1ex/CVE-2019-0230)
- [tw-eason-tseng/CVE-2019-0230_Struts2S2-059](https://github.com/tw-eason-tseng/CVE-2019-0230_Struts2S2-059)
### CVE-2019-0232 (2019-04-15)
@ -20543,13 +20555,6 @@
- [YHZX2013/CVE-2019-0709](https://github.com/YHZX2013/CVE-2019-0709)
- [qq431169079/CVE-2019-0709](https://github.com/qq431169079/CVE-2019-0709)
### CVE-2019-0752 (2019-04-09)
<code>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
</code>
- [ZwCreatePhoton/CVE-2019-0752](https://github.com/ZwCreatePhoton/CVE-2019-0752)
### CVE-2019-0768 (2019-04-08)
<code>A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
@ -20639,7 +20644,6 @@
- [Ridter/CVE-2019-1040-dcpwn](https://github.com/Ridter/CVE-2019-1040-dcpwn)
- [lazaars/UltraRealy_with_CVE-2019-1040](https://github.com/lazaars/UltraRealy_with_CVE-2019-1040)
- [fox-it/cve-2019-1040-scanner](https://github.com/fox-it/cve-2019-1040-scanner)
- [QAX-A-Team/dcpwn](https://github.com/QAX-A-Team/dcpwn)
### CVE-2019-1041 (2019-06-12)
@ -20735,13 +20739,6 @@
- [d0gukank/CVE-2019-1218](https://github.com/d0gukank/CVE-2019-1218)
### CVE-2019-1221 (2019-09-11)
<code>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.
</code>
- [ZwCreatePhoton/CVE-2019-1221](https://github.com/ZwCreatePhoton/CVE-2019-1221)
### CVE-2019-1253 (2019-09-11)
<code>An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
@ -21129,7 +21126,6 @@
<code>The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account.
</code>
- [warferik/CVE-2019-3980](https://github.com/warferik/CVE-2019-3980)
- [Barbarisch/CVE-2019-3980](https://github.com/Barbarisch/CVE-2019-3980)
### CVE-2019-5010 (2019-10-31)
@ -21193,20 +21189,6 @@
- [PenTestical/CVE-2019-5420](https://github.com/PenTestical/CVE-2019-5420)
- [laffray/ruby-RCE-CVE-2019-5420-](https://github.com/laffray/ruby-RCE-CVE-2019-5420-)
### CVE-2019-5427 (2019-04-22)
<code>c3p0 version &lt; 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
</code>
- [shanika04/cp30_XXE_partial_fix](https://github.com/shanika04/cp30_XXE_partial_fix)
### CVE-2019-5454 (2019-07-30)
<code>SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
</code>
- [shanika04/nextcloud_android](https://github.com/shanika04/nextcloud_android)
### CVE-2019-5475 (2019-09-03)
<code>The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
@ -21521,7 +21503,6 @@
<code>SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
</code>
- [devzspy/CVE-2019-7214](https://github.com/devzspy/CVE-2019-7214)
- [andyfeili/-CVE-2019-7214](https://github.com/andyfeili/-CVE-2019-7214)
### CVE-2019-7216 (2019-01-31)
@ -21899,13 +21880,6 @@
- [francozappa/knob](https://github.com/francozappa/knob)
### CVE-2019-9511 (2019-08-13)
<code>Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
</code>
- [flyniu666/ingress-nginx-0.21-1.19.5](https://github.com/flyniu666/ingress-nginx-0.21-1.19.5)
### CVE-2019-9580 (2019-03-08)
<code>In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a &quot;null&quot; origin value, potentially leading to XSS.
@ -22164,13 +22138,6 @@
- [KTN1990/CVE-2019-10869](https://github.com/KTN1990/CVE-2019-10869)
### CVE-2019-10915 (2019-07-11)
<code>A vulnerability has been identified in TIA Administrator (All versions &lt; V1.0 SP1 Upd1). The integrated configuration web application (TIA Administrator) allows to execute certain application commands without proper authentication. The vulnerability could be exploited by an attacker with local access to the affected system. Successful exploitation requires no privileges and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
</code>
- [jiansiting/CVE-2019-10915](https://github.com/jiansiting/CVE-2019-10915)
### CVE-2019-10945 (2019-04-10)
<code>An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
@ -22326,7 +22293,6 @@
<code>There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
</code>
- [jas502n/CVE-2019-11581](https://github.com/jas502n/CVE-2019-11581)
- [kobs0N/CVE-2019-11581](https://github.com/kobs0N/CVE-2019-11581)
- [PetrusViet/CVE-2019-11581](https://github.com/PetrusViet/CVE-2019-11581)
@ -22393,7 +22359,6 @@
- [Err0r-ICA/WhatsPayloadRCE](https://github.com/Err0r-ICA/WhatsPayloadRCE)
- [starling021/CVE-2019-11932-SupportApp](https://github.com/starling021/CVE-2019-11932-SupportApp)
- [primebeast/CVE-2019-11932](https://github.com/primebeast/CVE-2019-11932)
- [BadAssAiras/hello](https://github.com/BadAssAiras/hello)
- [kal1gh0st/WhatsAppHACK-RCE](https://github.com/kal1gh0st/WhatsAppHACK-RCE)
- [zxn1/CVE-2019-11932](https://github.com/zxn1/CVE-2019-11932)
- [k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932](https://github.com/k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932)
@ -22646,7 +22611,6 @@
- [bkaraceylan/CVE-2019-12840_POC](https://github.com/bkaraceylan/CVE-2019-12840_POC)
- [KrE80r/webmin_cve-2019-12840_poc](https://github.com/KrE80r/webmin_cve-2019-12840_poc)
- [anasbousselham/webminscan](https://github.com/anasbousselham/webminscan)
- [zAbuQasem/CVE-2019-12840](https://github.com/zAbuQasem/CVE-2019-12840)
- [WizzzStark/CVE-2019-12840.py](https://github.com/WizzzStark/CVE-2019-12840.py)
@ -22773,7 +22737,6 @@
- [RashmikaEkanayake/Privilege-Escalation-CVE-2019-13272-](https://github.com/RashmikaEkanayake/Privilege-Escalation-CVE-2019-13272-)
- [Tharana/vulnerability-exploitation](https://github.com/Tharana/vulnerability-exploitation)
- [teddy47/CVE-2019-13272---Documentation](https://github.com/teddy47/CVE-2019-13272---Documentation)
- [datntsec/CVE-2019-13272](https://github.com/datntsec/CVE-2019-13272)
- [jana30116/CVE-2019-13272-Local-Privilege-Escalation](https://github.com/jana30116/CVE-2019-13272-Local-Privilege-Escalation)
- [babyshen/CVE-2019-13272](https://github.com/babyshen/CVE-2019-13272)
- [GgKendall/secureCodingDemo](https://github.com/GgKendall/secureCodingDemo)
@ -23057,13 +23020,6 @@
- [Fr3d-/moodle-token-stealer](https://github.com/Fr3d-/moodle-token-stealer)
### CVE-2019-14900 (2020-07-06)
<code>A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
</code>
- [shanika04/hibernate-orm](https://github.com/shanika04/hibernate-orm)
### CVE-2019-14912 (2019-09-20)
<code>An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
@ -23410,13 +23366,6 @@
- [maxpl0it/CVE-2019-17026-Exploit](https://github.com/maxpl0it/CVE-2019-17026-Exploit)
- [lsw29475/CVE-2019-17026](https://github.com/lsw29475/CVE-2019-17026)
### CVE-2019-17041 (2019-10-07)
<code>An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
</code>
- [Resery/CVE-2019-17041](https://github.com/Resery/CVE-2019-17041)
### CVE-2019-17080 (2019-10-02)
<code>mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports.
@ -23530,7 +23479,6 @@
- [SDNDTeam/CVE-2019-17558_Solr_Vul_Tool](https://github.com/SDNDTeam/CVE-2019-17558_Solr_Vul_Tool)
- [zhzyker/exphub](https://github.com/zhzyker/exphub)
- [Ma1Dong/Solr_CVE-2019-17558](https://github.com/Ma1Dong/Solr_CVE-2019-17558)
- [xkyrage/Exploit_CVE-2019-17558-RCE](https://github.com/xkyrage/Exploit_CVE-2019-17558-RCE)
- [narrowinxt/CVE-2019-17558](https://github.com/narrowinxt/CVE-2019-17558)
### CVE-2019-17564 (2020-04-01)