From 7432d15e687ab57bd098d2f4c5159e8e13361877 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sun, 23 Oct 2022 09:16:39 +0900 Subject: [PATCH] Auto Update 2022/10/23 00:16:39 --- 2011/CVE-2011-3389.json | 8 +++--- 2018/CVE-2018-16763.json | 8 +++--- 2018/CVE-2018-6574.json | 8 +++--- 2019/CVE-2019-6447.json | 8 +++--- 2019/CVE-2019-7304.json | 8 +++--- 2019/CVE-2019-9053.json | 2 +- 2020/CVE-2020-11519.json | 8 +++--- 2020/CVE-2020-15778.json | 4 +-- 2021/CVE-2021-21972.json | 8 +++--- 2021/CVE-2021-24086.json | 12 ++++---- 2021/CVE-2021-34527.json | 8 +++--- 2021/CVE-2021-3493.json | 8 +++--- 2021/CVE-2021-4034.json | 20 +++++++------- 2021/CVE-2021-42278.json | 8 +++--- 2022/CVE-2022-0236.json | 60 ++++++++++++++++++++++++++++++++++++++++ 2022/CVE-2022-21660.json | 28 +++++++++++++++++++ 2022/CVE-2022-21661.json | 28 +++++++++++++++++++ 2022/CVE-2022-21907.json | 56 +++++++++++++++++++++++++++++++++++++ 2022/CVE-2022-21971.json | 2 +- 2022/CVE-2022-22954.json | 8 +++--- 2022/CVE-2022-23131.json | 12 ++++---- 2022/CVE-2022-3368.json | 8 +++--- 2022/CVE-2022-36663.json | 30 ++++++++++++++++++++ 2022/CVE-2022-42889.json | 37 +++++++++++++------------ README.md | 21 ++++++++++++++ 25 files changed, 316 insertions(+), 92 deletions(-) create mode 100644 2022/CVE-2022-0236.json create mode 100644 2022/CVE-2022-36663.json diff --git a/2011/CVE-2011-3389.json b/2011/CVE-2011-3389.json index 7bca11dbe0..cc13e88ad3 100644 --- a/2011/CVE-2011-3389.json +++ b/2011/CVE-2011-3389.json @@ -13,10 +13,10 @@ "description": ":muscle: Proof Of Concept of the BEAST attack against SSL\/TLS CVE-2011-3389 :muscle:", "fork": false, "created_at": "2015-03-28T10:28:16Z", - "updated_at": "2022-10-18T20:26:44Z", + "updated_at": "2022-10-22T21:29:28Z", "pushed_at": "2019-01-30T21:36:22Z", - "stargazers_count": 54, - "watchers_count": 54, + "stargazers_count": 53, + "watchers_count": 53, "forks_count": 32, "allow_forking": true, "is_template": false, @@ -30,7 +30,7 @@ ], "visibility": "public", "forks": 32, - "watchers": 54, + "watchers": 53, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-16763.json b/2018/CVE-2018-16763.json index 2d59eee9d5..0564df114b 100644 --- a/2018/CVE-2018-16763.json +++ b/2018/CVE-2018-16763.json @@ -329,10 +329,10 @@ "description": "Exploit to trigger RCE for CVE-2018-16763 on FuelCMS <= 1.4.1 and interactive shell. ", "fork": false, "created_at": "2022-05-31T15:31:37Z", - "updated_at": "2022-10-10T23:41:34Z", + "updated_at": "2022-10-22T21:16:36Z", "pushed_at": "2022-06-01T20:45:02Z", - "stargazers_count": 5, - "watchers_count": 5, + "stargazers_count": 6, + "watchers_count": 6, "forks_count": 1, "allow_forking": true, "is_template": false, @@ -345,7 +345,7 @@ ], "visibility": "public", "forks": 1, - "watchers": 5, + "watchers": 6, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-6574.json b/2018/CVE-2018-6574.json index 9ca9dcbc8e..d299d2b8c8 100644 --- a/2018/CVE-2018-6574.json +++ b/2018/CVE-2018-6574.json @@ -1357,10 +1357,10 @@ "description": null, "fork": false, "created_at": "2021-03-07T02:45:41Z", - "updated_at": "2021-10-24T05:33:24Z", + "updated_at": "2022-10-22T20:34:34Z", "pushed_at": "2021-03-07T03:32:45Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "forks_count": 1, "allow_forking": true, "is_template": false, @@ -1368,7 +1368,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 1, + "watchers": 2, "score": 0 }, { diff --git a/2019/CVE-2019-6447.json b/2019/CVE-2019-6447.json index c4f86b66ea..6a9f663b4d 100644 --- a/2019/CVE-2019-6447.json +++ b/2019/CVE-2019-6447.json @@ -13,10 +13,10 @@ "description": "ES File Explorer Open Port Vulnerability - CVE-2019-6447", "fork": false, "created_at": "2019-01-09T22:30:42Z", - "updated_at": "2022-10-15T05:23:41Z", + "updated_at": "2022-10-22T18:40:53Z", "pushed_at": "2021-09-01T08:56:40Z", - "stargazers_count": 657, - "watchers_count": 657, + "stargazers_count": 658, + "watchers_count": 658, "forks_count": 135, "allow_forking": true, "is_template": false, @@ -29,7 +29,7 @@ ], "visibility": "public", "forks": 135, - "watchers": 657, + "watchers": 658, "score": 0 }, { diff --git a/2019/CVE-2019-7304.json b/2019/CVE-2019-7304.json index 5a5296faa9..cd2cda9ad8 100644 --- a/2019/CVE-2019-7304.json +++ b/2019/CVE-2019-7304.json @@ -13,10 +13,10 @@ "description": "Linux privilege escalation exploit via snapd (CVE-2019-7304)", "fork": false, "created_at": "2019-02-12T06:02:06Z", - "updated_at": "2022-09-28T12:26:41Z", + "updated_at": "2022-10-22T22:04:28Z", "pushed_at": "2019-05-09T21:34:26Z", - "stargazers_count": 622, - "watchers_count": 622, + "stargazers_count": 623, + "watchers_count": 623, "forks_count": 158, "allow_forking": true, "is_template": false, @@ -28,7 +28,7 @@ ], "visibility": "public", "forks": 158, - "watchers": 622, + "watchers": 623, "score": 0 }, { diff --git a/2019/CVE-2019-9053.json b/2019/CVE-2019-9053.json index ceb9c6b9f1..8b49f8546a 100644 --- a/2019/CVE-2019-9053.json +++ b/2019/CVE-2019-9053.json @@ -154,7 +154,7 @@ "fork": false, "created_at": "2022-10-08T14:20:48Z", "updated_at": "2022-10-08T14:22:54Z", - "pushed_at": "2022-10-13T17:42:07Z", + "pushed_at": "2022-10-22T21:23:42Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, diff --git a/2020/CVE-2020-11519.json b/2020/CVE-2020-11519.json index 2015540866..df0673669a 100644 --- a/2020/CVE-2020-11519.json +++ b/2020/CVE-2020-11519.json @@ -13,10 +13,10 @@ "description": "Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520", "fork": false, "created_at": "2020-06-30T23:01:33Z", - "updated_at": "2022-04-29T18:08:15Z", + "updated_at": "2022-10-22T20:48:07Z", "pushed_at": "2020-07-16T07:20:30Z", - "stargazers_count": 11, - "watchers_count": 11, + "stargazers_count": 12, + "watchers_count": 12, "forks_count": 3, "allow_forking": true, "is_template": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 3, - "watchers": 11, + "watchers": 12, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-15778.json b/2020/CVE-2020-15778.json index c6bfb70ac8..5fb8319515 100644 --- a/2020/CVE-2020-15778.json +++ b/2020/CVE-2020-15778.json @@ -45,13 +45,13 @@ "pushed_at": "2022-02-18T08:04:46Z", "stargazers_count": 16, "watchers_count": 16, - "forks_count": 5, + "forks_count": 6, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 5, + "forks": 6, "watchers": 16, "score": 0 } diff --git a/2021/CVE-2021-21972.json b/2021/CVE-2021-21972.json index dc6f7f98ec..253f8e2b2b 100644 --- a/2021/CVE-2021-21972.json +++ b/2021/CVE-2021-21972.json @@ -769,10 +769,10 @@ "description": "一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972\/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接", "fork": false, "created_at": "2022-10-04T03:39:27Z", - "updated_at": "2022-10-22T07:05:20Z", + "updated_at": "2022-10-22T18:52:45Z", "pushed_at": "2022-10-20T02:06:54Z", - "stargazers_count": 530, - "watchers_count": 530, + "stargazers_count": 531, + "watchers_count": 531, "forks_count": 53, "allow_forking": true, "is_template": false, @@ -787,7 +787,7 @@ ], "visibility": "public", "forks": 53, - "watchers": 530, + "watchers": 531, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-24086.json b/2021/CVE-2021-24086.json index 3269a18f3c..66c3b5d129 100644 --- a/2021/CVE-2021-24086.json +++ b/2021/CVE-2021-24086.json @@ -13,11 +13,11 @@ "description": "Proof of concept for CVE-2021-24086, a NULL dereference in tcpip.sys triggered remotely.", "fork": false, "created_at": "2021-04-07T11:10:40Z", - "updated_at": "2022-10-22T15:00:13Z", + "updated_at": "2022-10-22T19:09:06Z", "pushed_at": "2021-04-15T12:46:54Z", - "stargazers_count": 214, - "watchers_count": 214, - "forks_count": 48, + "stargazers_count": 216, + "watchers_count": 216, + "forks_count": 49, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -29,8 +29,8 @@ "tcpip" ], "visibility": "public", - "forks": 48, - "watchers": 214, + "forks": 49, + "watchers": 216, "score": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-34527.json b/2021/CVE-2021-34527.json index f60c7d8ccb..864ba0c951 100644 --- a/2021/CVE-2021-34527.json +++ b/2021/CVE-2021-34527.json @@ -41,10 +41,10 @@ "description": "PrintNightmare (CVE-2021-34527) PoC Exploit", "fork": false, "created_at": "2022-08-23T20:20:45Z", - "updated_at": "2022-10-16T23:51:31Z", + "updated_at": "2022-10-22T18:59:26Z", "pushed_at": "2022-08-26T12:13:22Z", - "stargazers_count": 51, - "watchers_count": 51, + "stargazers_count": 52, + "watchers_count": 52, "forks_count": 13, "allow_forking": true, "is_template": false, @@ -52,7 +52,7 @@ "topics": [], "visibility": "public", "forks": 13, - "watchers": 51, + "watchers": 52, "score": 0 }, { diff --git a/2021/CVE-2021-3493.json b/2021/CVE-2021-3493.json index 0672c2dae4..6296c966c9 100644 --- a/2021/CVE-2021-3493.json +++ b/2021/CVE-2021-3493.json @@ -13,10 +13,10 @@ "description": "Ubuntu OverlayFS Local Privesc", "fork": false, "created_at": "2021-04-19T20:07:01Z", - "updated_at": "2022-10-21T14:57:24Z", + "updated_at": "2022-10-22T22:20:05Z", "pushed_at": "2021-09-28T04:08:43Z", - "stargazers_count": 320, - "watchers_count": 320, + "stargazers_count": 321, + "watchers_count": 321, "forks_count": 120, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 120, - "watchers": 320, + "watchers": 321, "score": 0 }, { diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index 3058f642bf..dfdfe76e07 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -75,18 +75,18 @@ "description": "CVE-2021-4034 1day", "fork": false, "created_at": "2022-01-25T23:51:37Z", - "updated_at": "2022-10-22T02:06:18Z", + "updated_at": "2022-10-22T20:00:26Z", "pushed_at": "2022-06-08T04:00:28Z", - "stargazers_count": 1674, - "watchers_count": 1674, - "forks_count": 481, + "stargazers_count": 1675, + "watchers_count": 1675, + "forks_count": 482, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 481, - "watchers": 1674, + "forks": 482, + "watchers": 1675, "score": 0 }, { @@ -878,10 +878,10 @@ "description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation", "fork": false, "created_at": "2022-01-26T14:26:10Z", - "updated_at": "2022-10-20T14:25:16Z", + "updated_at": "2022-10-22T22:56:03Z", "pushed_at": "2022-06-21T14:52:05Z", - "stargazers_count": 643, - "watchers_count": 643, + "stargazers_count": 644, + "watchers_count": 644, "forks_count": 141, "allow_forking": true, "is_template": false, @@ -891,7 +891,7 @@ ], "visibility": "public", "forks": 141, - "watchers": 643, + "watchers": 644, "score": 0 }, { diff --git a/2021/CVE-2021-42278.json b/2021/CVE-2021-42278.json index b207018958..13ec0a1137 100644 --- a/2021/CVE-2021-42278.json +++ b/2021/CVE-2021-42278.json @@ -13,10 +13,10 @@ "description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ", "fork": false, "created_at": "2021-12-11T15:10:30Z", - "updated_at": "2022-10-18T07:28:48Z", + "updated_at": "2022-10-22T21:07:31Z", "pushed_at": "2022-07-10T22:23:13Z", - "stargazers_count": 858, - "watchers_count": 858, + "stargazers_count": 859, + "watchers_count": 859, "forks_count": 178, "allow_forking": true, "is_template": false, @@ -29,7 +29,7 @@ ], "visibility": "public", "forks": 178, - "watchers": 858, + "watchers": 859, "score": 0 }, { diff --git a/2022/CVE-2022-0236.json b/2022/CVE-2022-0236.json new file mode 100644 index 0000000000..4b43a93ec1 --- /dev/null +++ b/2022/CVE-2022-0236.json @@ -0,0 +1,60 @@ +[ + { + "id": 448514056, + "name": "CVE-2022-0236", + "full_name": "qurbat\/CVE-2022-0236", + "owner": { + "login": "qurbat", + "id": 37518297, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/37518297?v=4", + "html_url": "https:\/\/github.com\/qurbat" + }, + "html_url": "https:\/\/github.com\/qurbat\/CVE-2022-0236", + "description": "Proof of concept for unauthenticated sensitive data disclosure affecting the wp-import-export WordPress plugin (CVE-2022-0236)", + "fork": false, + "created_at": "2022-01-16T09:52:28Z", + "updated_at": "2022-07-07T07:47:57Z", + "pushed_at": "2022-01-18T17:14:53Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 2, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "wordpress-security" + ], + "visibility": "public", + "forks": 2, + "watchers": 3, + "score": 0 + }, + { + "id": 448893968, + "name": "CVE-2022-0236", + "full_name": "xiska62314\/CVE-2022-0236", + "owner": { + "login": "xiska62314", + "id": 97891523, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/97891523?v=4", + "html_url": "https:\/\/github.com\/xiska62314" + }, + "html_url": "https:\/\/github.com\/xiska62314\/CVE-2022-0236", + "description": "CVE-2022-0236", + "fork": false, + "created_at": "2022-01-17T12:56:19Z", + "updated_at": "2022-01-17T12:56:19Z", + "pushed_at": "2022-01-17T12:56:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-21660.json b/2022/CVE-2022-21660.json index cf79f82d84..c36acc089c 100644 --- a/2022/CVE-2022-21660.json +++ b/2022/CVE-2022-21660.json @@ -1,4 +1,32 @@ [ + { + "id": 446296593, + "name": "Gin-Vue-admin-poc-CVE-2022-21660", + "full_name": "UzJu\/Gin-Vue-admin-poc-CVE-2022-21660", + "owner": { + "login": "UzJu", + "id": 50813806, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/50813806?v=4", + "html_url": "https:\/\/github.com\/UzJu" + }, + "html_url": "https:\/\/github.com\/UzJu\/Gin-Vue-admin-poc-CVE-2022-21660", + "description": "CVE-2022-21660", + "fork": false, + "created_at": "2022-01-10T05:50:35Z", + "updated_at": "2022-07-24T05:20:50Z", + "pushed_at": "2022-01-10T05:52:03Z", + "stargazers_count": 26, + "watchers_count": 26, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 1, + "watchers": 26, + "score": 0 + }, { "id": 462232980, "name": "CVE-2022-21660", diff --git a/2022/CVE-2022-21661.json b/2022/CVE-2022-21661.json index 6ebadffd77..b8cc19fd71 100644 --- a/2022/CVE-2022-21661.json +++ b/2022/CVE-2022-21661.json @@ -1,4 +1,32 @@ [ + { + "id": 449096712, + "name": "CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection", + "full_name": "TAPESH-TEAM\/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection", + "owner": { + "login": "TAPESH-TEAM", + "id": 83407483, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/83407483?v=4", + "html_url": "https:\/\/github.com\/TAPESH-TEAM" + }, + "html_url": "https:\/\/github.com\/TAPESH-TEAM\/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection", + "description": "WordPress Core 5.8.2 - 'WP_Query' SQL Injection", + "fork": false, + "created_at": "2022-01-18T01:05:04Z", + "updated_at": "2022-08-11T12:33:20Z", + "pushed_at": "2022-01-18T01:19:45Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 5, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 5, + "watchers": 10, + "score": 0 + }, { "id": 458502807, "name": "wordpress-CVE-2022-21661", diff --git a/2022/CVE-2022-21907.json b/2022/CVE-2022-21907.json index 1bdf3f2ae2..f25b6b341d 100644 --- a/2022/CVE-2022-21907.json +++ b/2022/CVE-2022-21907.json @@ -75,6 +75,62 @@ "watchers": 25, "score": 0 }, + { + "id": 448729790, + "name": "CVE-2022-21907", + "full_name": "ZZ-SOCMAP\/CVE-2022-21907", + "owner": { + "login": "ZZ-SOCMAP", + "id": 98105412, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/98105412?v=4", + "html_url": "https:\/\/github.com\/ZZ-SOCMAP" + }, + "html_url": "https:\/\/github.com\/ZZ-SOCMAP\/CVE-2022-21907", + "description": "HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907", + "fork": false, + "created_at": "2022-01-17T02:28:50Z", + "updated_at": "2022-10-05T05:06:11Z", + "pushed_at": "2022-01-20T02:07:59Z", + "stargazers_count": 365, + "watchers_count": 365, + "forks_count": 98, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 98, + "watchers": 365, + "score": 0 + }, + { + "id": 448909871, + "name": "CVE-2022-21907", + "full_name": "xiska62314\/CVE-2022-21907", + "owner": { + "login": "xiska62314", + "id": 97891523, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/97891523?v=4", + "html_url": "https:\/\/github.com\/xiska62314" + }, + "html_url": "https:\/\/github.com\/xiska62314\/CVE-2022-21907", + "description": "CVE-2022-21907", + "fork": false, + "created_at": "2022-01-17T13:42:44Z", + "updated_at": "2022-01-17T13:42:44Z", + "pushed_at": "2022-01-17T13:42:45Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 448952968, "name": "CVE-2022-21907-http.sys", diff --git a/2022/CVE-2022-21971.json b/2022/CVE-2022-21971.json index dcef40f499..b6ef4c0ed6 100644 --- a/2022/CVE-2022-21971.json +++ b/2022/CVE-2022-21971.json @@ -76,7 +76,7 @@ "description": "POC Of CVE-2022-21971 ", "fork": false, "created_at": "2022-10-07T17:25:03Z", - "updated_at": "2022-10-21T11:16:37Z", + "updated_at": "2022-10-22T19:06:32Z", "pushed_at": "2022-10-07T17:27:56Z", "stargazers_count": 10, "watchers_count": 10, diff --git a/2022/CVE-2022-22954.json b/2022/CVE-2022-22954.json index b590c55861..3db2b2acba 100644 --- a/2022/CVE-2022-22954.json +++ b/2022/CVE-2022-22954.json @@ -688,10 +688,10 @@ "description": "一款针对Vcenter的综合利用工具,包含目前最主流的CVE-2021-21972、CVE-2021-21985以及CVE-2021-22005、One Access的CVE-2022-22954、CVE-2022-22972\/31656以及log4j,提供一键上传webshell,命令执行或者上传公钥使用SSH免密连接", "fork": false, "created_at": "2022-10-04T03:39:27Z", - "updated_at": "2022-10-22T07:05:20Z", + "updated_at": "2022-10-22T18:52:45Z", "pushed_at": "2022-10-20T02:06:54Z", - "stargazers_count": 530, - "watchers_count": 530, + "stargazers_count": 531, + "watchers_count": 531, "forks_count": 53, "allow_forking": true, "is_template": false, @@ -706,7 +706,7 @@ ], "visibility": "public", "forks": 53, - "watchers": 530, + "watchers": 531, "score": 0 }, { diff --git a/2022/CVE-2022-23131.json b/2022/CVE-2022-23131.json index 3168ce3c40..c8e76fdfbb 100644 --- a/2022/CVE-2022-23131.json +++ b/2022/CVE-2022-23131.json @@ -69,18 +69,18 @@ "description": "cve-2022-23131 zabbix-saml-bypass-exp", "fork": false, "created_at": "2022-02-18T11:51:47Z", - "updated_at": "2022-10-21T22:11:21Z", + "updated_at": "2022-10-22T22:18:15Z", "pushed_at": "2022-02-24T15:02:12Z", - "stargazers_count": 132, - "watchers_count": 132, - "forks_count": 46, + "stargazers_count": 133, + "watchers_count": 133, + "forks_count": 47, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 46, - "watchers": 132, + "forks": 47, + "watchers": 133, "score": 0 }, { diff --git a/2022/CVE-2022-3368.json b/2022/CVE-2022-3368.json index 2e60b7f323..d70c53c17d 100644 --- a/2022/CVE-2022-3368.json +++ b/2022/CVE-2022-3368.json @@ -13,10 +13,10 @@ "description": null, "fork": false, "created_at": "2022-10-18T09:16:04Z", - "updated_at": "2022-10-20T02:16:19Z", + "updated_at": "2022-10-22T19:43:11Z", "pushed_at": "2022-10-18T09:30:55Z", - "stargazers_count": 20, - "watchers_count": 20, + "stargazers_count": 21, + "watchers_count": 21, "forks_count": 6, "allow_forking": true, "is_template": false, @@ -24,7 +24,7 @@ "topics": [], "visibility": "public", "forks": 6, - "watchers": 20, + "watchers": 21, "score": 0 } ] \ No newline at end of file diff --git a/2022/CVE-2022-36663.json b/2022/CVE-2022-36663.json new file mode 100644 index 0000000000..9964508735 --- /dev/null +++ b/2022/CVE-2022-36663.json @@ -0,0 +1,30 @@ +[ + { + "id": 556017965, + "name": "CVE-2022-36663-PoC", + "full_name": "Qeisi\/CVE-2022-36663-PoC", + "owner": { + "login": "Qeisi", + "id": 84850150, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/84850150?v=4", + "html_url": "https:\/\/github.com\/Qeisi" + }, + "html_url": "https:\/\/github.com\/Qeisi\/CVE-2022-36663-PoC", + "description": "Internal network scanner through Gluu IAM blind ssrf", + "fork": false, + "created_at": "2022-10-22T21:55:33Z", + "updated_at": "2022-10-22T22:14:24Z", + "pushed_at": "2022-10-23T00:01:45Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2022/CVE-2022-42889.json b/2022/CVE-2022-42889.json index 4d7d2f73dc..8efed42498 100644 --- a/2022/CVE-2022-42889.json +++ b/2022/CVE-2022-42889.json @@ -13,7 +13,7 @@ "description": "CVE-2022-42889 dockerized sample application (Apache Commons Text RCE)", "fork": false, "created_at": "2022-10-17T16:07:50Z", - "updated_at": "2022-10-18T12:35:44Z", + "updated_at": "2022-10-23T00:00:42Z", "pushed_at": "2022-10-17T16:09:23Z", "stargazers_count": 1, "watchers_count": 1, @@ -26,7 +26,8 @@ "cve", "cve-2022-42889", "poc", - "rce" + "rce", + "text4shell" ], "visibility": "public", "forks": 2, @@ -51,7 +52,7 @@ "pushed_at": "2022-10-20T11:56:13Z", "stargazers_count": 25, "watchers_count": 25, - "forks_count": 8, + "forks_count": 9, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -62,7 +63,7 @@ "poc" ], "visibility": "public", - "forks": 8, + "forks": 9, "watchers": 25, "score": 0 }, @@ -136,11 +137,11 @@ "description": "Dockerized POC for CVE-2022-42889 Text4Shell", "fork": false, "created_at": "2022-10-18T09:58:00Z", - "updated_at": "2022-10-22T17:33:01Z", + "updated_at": "2022-10-22T22:48:20Z", "pushed_at": "2022-10-18T10:00:27Z", - "stargazers_count": 45, - "watchers_count": 45, - "forks_count": 13, + "stargazers_count": 46, + "watchers_count": 46, + "forks_count": 14, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -154,8 +155,8 @@ "text4shell" ], "visibility": "public", - "forks": 13, - "watchers": 45, + "forks": 14, + "watchers": 46, "score": 0 }, { @@ -204,7 +205,7 @@ "pushed_at": "2022-10-22T13:42:12Z", "stargazers_count": 1, "watchers_count": 1, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -217,7 +218,7 @@ "text4shell" ], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 1, "score": 0 }, @@ -307,13 +308,13 @@ "pushed_at": "2022-10-20T12:51:08Z", "stargazers_count": 24, "watchers_count": 24, - "forks_count": 6, + "forks_count": 7, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 6, + "forks": 7, "watchers": 24, "score": 0 }, @@ -393,10 +394,10 @@ "description": "Proof of Concept Appliction for testing CVE-2022-42889", "fork": false, "created_at": "2022-10-20T18:07:25Z", - "updated_at": "2022-10-21T19:34:11Z", + "updated_at": "2022-10-22T23:45:22Z", "pushed_at": "2022-10-20T20:03:36Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "forks_count": 2, "allow_forking": true, "is_template": false, @@ -404,7 +405,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 2, + "watchers": 3, "score": 0 }, { diff --git a/README.md b/README.md index dfef61840e..6ddf02c3d6 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,15 @@ Improper Restriction of XML External Entity Reference in GitHub repository skylo - [Haxatron/CVE-2022-0219](https://github.com/Haxatron/CVE-2022-0219) +### CVE-2022-0236 (2022-01-18) + + +The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. This made it possible for unauthenticated attackers to download any imported or exported information from a vulnerable site which can contain sensitive information like user data. This affects versions up to, and including, 3.9.15. + + +- [qurbat/CVE-2022-0236](https://github.com/qurbat/CVE-2022-0236) +- [xiska62314/CVE-2022-0236](https://github.com/xiska62314/CVE-2022-0236) + ### CVE-2022-0265 (2022-03-03) @@ -838,6 +847,7 @@ Rust is a multi-paradigm, general-purpose programming language designed for perf Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. +- [UzJu/Gin-Vue-admin-poc-CVE-2022-21660](https://github.com/UzJu/Gin-Vue-admin-poc-CVE-2022-21660) - [UzJu/CVE-2022-21660](https://github.com/UzJu/CVE-2022-21660) ### CVE-2022-21661 (2022-01-06) @@ -846,6 +856,7 @@ Gin-vue-admin is a backstage management system based on vue and gin. In versions WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. +- [TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection](https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection) - [purple-WL/wordpress-CVE-2022-21661](https://github.com/purple-WL/wordpress-CVE-2022-21661) - [0x4E0x650x6F/Wordpress-cve-CVE-2022-21661](https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661) - [PyterSmithDarkGhost/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection-main](https://github.com/PyterSmithDarkGhost/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection-main) @@ -921,6 +932,8 @@ HTTP Protocol Stack Remote Code Execution Vulnerability. - [corelight/cve-2022-21907](https://github.com/corelight/cve-2022-21907) - [mauricelambert/CVE-2022-21907](https://github.com/mauricelambert/CVE-2022-21907) +- [ZZ-SOCMAP/CVE-2022-21907](https://github.com/ZZ-SOCMAP/CVE-2022-21907) +- [xiska62314/CVE-2022-21907](https://github.com/xiska62314/CVE-2022-21907) - [p0dalirius/CVE-2022-21907-http.sys](https://github.com/p0dalirius/CVE-2022-21907-http.sys) - [michelep/CVE-2022-21907-Vulnerability-PoC](https://github.com/michelep/CVE-2022-21907-Vulnerability-PoC) - [polakow/CVE-2022-21907](https://github.com/polakow/CVE-2022-21907) @@ -3686,6 +3699,14 @@ Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an aut - [lutrasecurity/CVE-2022-36532](https://github.com/lutrasecurity/CVE-2022-36532) +### CVE-2022-36663 (2022-09-06) + + +Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter. + + +- [Qeisi/CVE-2022-36663-PoC](https://github.com/Qeisi/CVE-2022-36663-PoC) + ### CVE-2022-36804 (2022-08-25)