mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/10/19 18:30:30

Browse source
This commit is contained in:
motikan2010-bot 2024-10-20 03:30:30 +09:00
parent ffbe936e12
commit 75652db508
24 changed files with 193 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
2018/CVE-2018-14847.json
View file

@ -19,13 +19,13 @@
"stargazers_count": 505,
"watchers_count": 505,
"has_discussions": false,
"forks_count": 454,
"forks_count": 453,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 454,
"forks": 453,
"watchers": 505,
"score": 0,
"subscribers_count": 58

2
2018/CVE-2018-7600.json
View file

@ -66,7 +66,7 @@
"forks": 109,
"watchers": 348,
"score": 0,
"subscribers_count": 78
"subscribers_count": 77
},
{
"id": 129319611,

2
2019/CVE-2019-11157.json
View file

@ -14,7 +14,7 @@
"description": "Tool Suite for V0LTpwn (CVE-2019-11157). Code will be published soon.",
"fork": false,
"created_at": "2019-12-15T15:11:07Z",
"updated_at": "2024-08-12T19:55:45Z",
"updated_at": "2024-10-19T15:32:17Z",
"pushed_at": "2019-12-16T22:32:06Z",
"stargazers_count": 7,
"watchers_count": 7,

4
2021/CVE-2021-30657.json
View file

@ -19,13 +19,13 @@
"stargazers_count": 31,
"watchers_count": 31,
"has_discussions": false,
"forks_count": 7,
"forks_count": 8,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 7,
"forks": 8,
"watchers": 31,
"score": 0,
"subscribers_count": 5

33
2021/CVE-2021-32708.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 875233508,
"name": "CVE-2021-32708",
"full_name": "fazilbaig1\/CVE-2021-32708",
"owner": {
"login": "fazilbaig1",
"id": 25384256,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/25384256?v=4",
"html_url": "https:\/\/github.com\/fazilbaig1",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/fazilbaig1\/CVE-2021-32708",
"description": "Affected versions of this package are vulnerable to Race Condition. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely.",
"fork": false,
"created_at": "2024-10-19T12:49:56Z",
"updated_at": "2024-10-19T12:51:26Z",
"pushed_at": "2024-10-19T12:51:23Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

12
2021/CVE-2021-4034.json
View file

@ -49,10 +49,10 @@
"description": "CVE-2021-4034 1day",
"fork": false,
"created_at": "2022-01-25T23:51:37Z",
"updated_at": "2024-10-18T06:08:59Z",
"updated_at": "2024-10-19T13:46:18Z",
"pushed_at": "2022-06-08T04:00:28Z",
"stargazers_count": 1960,
"watchers_count": 1960,
"stargazers_count": 1961,
"watchers_count": 1961,
"has_discussions": false,
"forks_count": 511,
"allow_forking": true,
@ -61,7 +61,7 @@
"topics": [],
"visibility": "public",
"forks": 511,
"watchers": 1960,
"watchers": 1961,
"score": 0,
"subscribers_count": 20
},
@ -2018,13 +2018,13 @@
"stargazers_count": 338,
"watchers_count": 338,
"has_discussions": false,
"forks_count": 41,
"forks_count": 43,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 41,
"forks": 43,
"watchers": 338,
"score": 0,
"subscribers_count": 6

31
2021/CVE-2021-45232.json
View file

@ -281,37 +281,6 @@
"score": 0,
"subscribers_count": 0
},
{
"id": 445756387,
"name": "Demo",
"full_name": "yggcwhat\/Demo",
"owner": {
"login": "yggcwhat",
"id": 91769835,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/91769835?v=4",
"html_url": "https:\/\/github.com\/yggcwhat",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/yggcwhat\/Demo",
"description": "CVE-2021-45232批量一键检测",
"fork": false,
"created_at": "2022-01-08T07:42:43Z",
"updated_at": "2022-01-08T07:42:43Z",
"pushed_at": "2022-01-08T07:42:44Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 445762780,
"name": "CVE-2021-45232",

8
2022/CVE-2022-38691.json
View file

@ -14,10 +14,10 @@
"description": "Let's control Secure Boot Chain ourselves.",
"fork": false,
"created_at": "2023-12-01T07:32:18Z",
"updated_at": "2024-10-03T05:26:59Z",
"updated_at": "2024-10-19T14:32:39Z",
"pushed_at": "2024-02-20T09:05:59Z",
"stargazers_count": 34,
"watchers_count": 34,
"stargazers_count": 35,
"watchers_count": 35,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
@ -29,7 +29,7 @@
],
"visibility": "public",
"forks": 8,
"watchers": 34,
"watchers": 35,
"score": 0,
"subscribers_count": 3
}

16
2022/CVE-2022-38694.json
View file

@ -14,10 +14,10 @@
"description": "This is a one-time signature verification bypass. For persistent signature verification bypass, check https:\/\/github.com\/TomKing062\/CVE-2022-38691_38692",
"fork": false,
"created_at": "2023-06-10T08:31:26Z",
"updated_at": "2024-10-19T06:48:29Z",
"updated_at": "2024-10-19T14:32:35Z",
"pushed_at": "2024-08-01T15:09:15Z",
"stargazers_count": 268,
"watchers_count": 268,
"stargazers_count": 269,
"watchers_count": 269,
"has_discussions": true,
"forks_count": 39,
"allow_forking": true,
@ -29,7 +29,7 @@
],
"visibility": "public",
"forks": 39,
"watchers": 268,
"watchers": 269,
"score": 0,
"subscribers_count": 5
},
@ -48,10 +48,10 @@
"description": "Bootloader unlock using CVE-2022-38694 for Anbernic Unisoc T820 devices",
"fork": false,
"created_at": "2024-06-27T14:28:13Z",
"updated_at": "2024-10-18T20:53:56Z",
"updated_at": "2024-10-19T17:17:15Z",
"pushed_at": "2024-10-15T10:16:57Z",
"stargazers_count": 24,
"watchers_count": 24,
"stargazers_count": 25,
"watchers_count": 25,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -60,7 +60,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 24,
"watchers": 25,
"score": 0,
"subscribers_count": 1
}

8
2022/CVE-2022-46689.json
View file

@ -107,10 +107,10 @@
"description": "Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.",
"fork": false,
"created_at": "2022-12-26T06:56:35Z",
"updated_at": "2024-10-17T05:52:13Z",
"updated_at": "2024-10-19T13:11:43Z",
"pushed_at": "2023-08-02T09:35:14Z",
"stargazers_count": 880,
"watchers_count": 880,
"stargazers_count": 882,
"watchers_count": 882,
"has_discussions": false,
"forks_count": 72,
"allow_forking": true,
@ -119,7 +119,7 @@
"topics": [],
"visibility": "public",
"forks": 72,
"watchers": 880,
"watchers": 882,
"score": 0,
"subscribers_count": 25
},

8
2023/CVE-2023-24955.json
View file

@ -14,10 +14,10 @@
"description": "Exploit for Microsoft SharePoint 2019",
"fork": false,
"created_at": "2023-12-28T09:08:47Z",
"updated_at": "2024-10-18T08:42:22Z",
"updated_at": "2024-10-19T13:03:34Z",
"pushed_at": "2023-12-28T10:02:02Z",
"stargazers_count": 12,
"watchers_count": 12,
"stargazers_count": 13,
"watchers_count": 13,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 12,
"watchers": 13,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-21111.json
View file

@ -14,10 +14,10 @@
"description": "Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability",
"fork": false,
"created_at": "2024-04-22T07:05:04Z",
"updated_at": "2024-10-08T19:13:04Z",
"updated_at": "2024-10-19T13:06:32Z",
"pushed_at": "2024-05-09T16:39:55Z",
"stargazers_count": 211,
"watchers_count": 211,
"stargazers_count": 212,
"watchers_count": 212,
"has_discussions": false,
"forks_count": 35,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 35,
"watchers": 211,
"watchers": 212,
"score": 0,
"subscribers_count": 5
},

8
2024/CVE-2024-21338.json
View file

@ -76,10 +76,10 @@
"description": "PoC for the Untrusted Pointer Dereference in the appid.sys driver",
"fork": false,
"created_at": "2024-04-23T19:09:22Z",
"updated_at": "2024-10-19T12:08:11Z",
"updated_at": "2024-10-19T14:59:56Z",
"pushed_at": "2024-04-23T19:13:53Z",
"stargazers_count": 10,
"watchers_count": 10,
"stargazers_count": 11,
"watchers_count": 11,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -88,7 +88,7 @@
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 10,
"watchers": 11,
"score": 0,
"subscribers_count": 1
},

4
2024/CVE-2024-24401.json
View file

@ -19,13 +19,13 @@
"stargazers_count": 29,
"watchers_count": 29,
"has_discussions": false,
"forks_count": 5,
"forks_count": 6,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 5,
"forks": 6,
"watchers": 29,
"score": 0,
"subscribers_count": 1

8
2024/CVE-2024-24576.json
View file

@ -14,10 +14,10 @@
"description": "Example of CVE-2024-24576 use case.",
"fork": false,
"created_at": "2024-04-09T21:17:15Z",
"updated_at": "2024-08-05T08:20:10Z",
"updated_at": "2024-10-19T17:00:27Z",
"pushed_at": "2024-04-10T14:46:42Z",
"stargazers_count": 56,
"watchers_count": 56,
"stargazers_count": 57,
"watchers_count": 57,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 56,
"watchers": 57,
"score": 0,
"subscribers_count": 2
},

10
2024/CVE-2024-30088.json
View file

@ -186,7 +186,7 @@
"subscribers_count": 1
},
{
"id": 875191702,
"id": 875255026,
"name": "CVE-2024-30088",
"full_name": "l0n3m4n\/CVE-2024-30088",
"owner": {
@ -197,11 +197,11 @@
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/l0n3m4n\/CVE-2024-30088",
"description": "Windows privilege escalation: Time-of-check Time-of-use (TOCTOU) Race Condition",
"description": "Windows Kernel Elevation of Privilege (PoC) ",
"fork": false,
"created_at": "2024-10-19T10:35:04Z",
"updated_at": "2024-10-19T10:36:40Z",
"pushed_at": "2024-10-19T10:36:36Z",
"created_at": "2024-10-19T13:54:33Z",
"updated_at": "2024-10-19T14:41:12Z",
"pushed_at": "2024-10-19T14:41:08Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2024/CVE-2024-35250.json
View file

@ -14,10 +14,10 @@
"description": "PoC for the Untrusted Pointer Dereference in the ks.sys driver",
"fork": false,
"created_at": "2024-10-13T19:30:20Z",
"updated_at": "2024-10-19T10:20:45Z",
"updated_at": "2024-10-19T16:22:16Z",
"pushed_at": "2024-10-17T18:36:54Z",
"stargazers_count": 161,
"watchers_count": 161,
"stargazers_count": 163,
"watchers_count": 163,
"has_discussions": false,
"forks_count": 40,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 40,
"watchers": 161,
"watchers": 163,
"score": 0,
"subscribers_count": 2
}

8
2024/CVE-2024-44193.json
View file

@ -14,10 +14,10 @@
"description": "Hacking Windows through iTunes - Local Privilege Escalation 0-day",
"fork": false,
"created_at": "2024-10-04T14:20:15Z",
"updated_at": "2024-10-18T12:16:17Z",
"updated_at": "2024-10-19T13:32:03Z",
"pushed_at": "2024-10-04T14:59:50Z",
"stargazers_count": 72,
"watchers_count": 72,
"stargazers_count": 73,
"watchers_count": 73,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 72,
"watchers": 73,
"score": 0,
"subscribers_count": 1
}

4
2024/CVE-2024-4577.json
View file

@ -143,13 +143,13 @@
"stargazers_count": 42,
"watchers_count": 42,
"has_discussions": false,
"forks_count": 7,
"forks_count": 8,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 7,
"forks": 8,
"watchers": 42,
"score": 0,
"subscribers_count": 1

33
2024/CVE-2024-47854.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 875249581,
"name": "CVE-2024-47854",
"full_name": "MarioTesoro\/CVE-2024-47854",
"owner": {
"login": "MarioTesoro",
"id": 62204045,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/62204045?v=4",
"html_url": "https:\/\/github.com\/MarioTesoro",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/MarioTesoro\/CVE-2024-47854",
"description": "Proof of concept of multiple Reflected Cross-Site Scripting (XSS) vulnerabilities discovered in Veritas Data Insight before 7.1.",
"fork": false,
"created_at": "2024-10-19T13:38:23Z",
"updated_at": "2024-10-19T14:45:04Z",
"pushed_at": "2024-10-19T14:45:01Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2024/CVE-2024-6387.json
View file

@ -2404,10 +2404,10 @@
"description": "This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.",
"fork": false,
"created_at": "2024-07-09T17:40:19Z",
"updated_at": "2024-10-03T05:17:55Z",
"updated_at": "2024-10-19T14:48:00Z",
"pushed_at": "2024-07-10T15:24:08Z",
"stargazers_count": 91,
"watchers_count": 91,
"stargazers_count": 92,
"watchers_count": 92,
"has_discussions": false,
"forks_count": 17,
"allow_forking": true,
@ -2416,7 +2416,7 @@
"topics": [],
"visibility": "public",
"forks": 17,
"watchers": 91,
"watchers": 92,
"score": 0,
"subscribers_count": 2
},

8
2024/CVE-2024-6778.json
View file

@ -14,10 +14,10 @@
"description": "A POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension. ",
"fork": false,
"created_at": "2024-09-10T06:27:59Z",
"updated_at": "2024-10-19T07:41:30Z",
"updated_at": "2024-10-19T15:19:37Z",
"pushed_at": "2024-10-17T05:12:29Z",
"stargazers_count": 23,
"watchers_count": 23,
"stargazers_count": 24,
"watchers_count": 24,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 23,
"watchers": 24,
"score": 0,
"subscribers_count": 1
}

45
2024/CVE-2024-9264.json Normal file
View file

@ -0,0 +1,45 @@
[
{
"id": 875253753,
"name": "CVE-2024-9264",
"full_name": "nollium\/CVE-2024-9264",
"owner": {
"login": "nollium",
"id": 54525684,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/54525684?v=4",
"html_url": "https:\/\/github.com\/nollium",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/nollium\/CVE-2024-9264",
"description": "Exploit for Grafana arbitrary file-read (CVE-2024-9264)",
"fork": false,
"created_at": "2024-10-19T13:50:52Z",
"updated_at": "2024-10-19T17:39:00Z",
"pushed_at": "2024-10-19T16:01:12Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"authenticated",
"cve",
"cve-2024-9264",
"exploit",
"file-read-vulnerability",
"grafana",
"poc",
"rce",
"rce-exploit",
"security",
"vulnerability"
],
"visibility": "public",
"forks": 1,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}
]

14
README.md
View file

@ -1612,6 +1612,9 @@
### CVE-2024-9234
- [RandomRobbieBF/CVE-2024-9234](https://github.com/RandomRobbieBF/CVE-2024-9234)
### CVE-2024-9264
- [nollium/CVE-2024-9264](https://github.com/nollium/CVE-2024-9264)
### CVE-2024-9441
- [adhikara13/CVE-2024-9441](https://github.com/adhikara13/CVE-2024-9441)
- [p33d/CVE-2024-9441](https://github.com/p33d/CVE-2024-9441)
@ -5505,6 +5508,9 @@
### CVE-2024-47177
- [referefref/cupspot-2024-47177](https://github.com/referefref/cupspot-2024-47177)
### CVE-2024-47854
- [MarioTesoro/CVE-2024-47854](https://github.com/MarioTesoro/CVE-2024-47854)
### CVE-2024-48415
- [khaliquesX/CVE-2024-48415](https://github.com/khaliquesX/CVE-2024-48415)
@ -23904,6 +23910,13 @@
- [nickswink/CVE-2021-32682](https://github.com/nickswink/CVE-2021-32682)
### CVE-2021-32708 (2021-06-24)
<code>Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.
</code>
- [fazilbaig1/CVE-2021-32708](https://github.com/fazilbaig1/CVE-2021-32708)
### CVE-2021-32724 (2021-09-09)
<code>check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it's possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you've fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn't a verified creator and it certainly won't be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml - you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target.
@ -26886,7 +26899,6 @@
- [dskho/CVE-2021-45232](https://github.com/dskho/CVE-2021-45232)
- [GYLQ/CVE-2021-45232-RCE](https://github.com/GYLQ/CVE-2021-45232-RCE)
- [fany0r/CVE-2021-45232-RCE](https://github.com/fany0r/CVE-2021-45232-RCE)
- [yggcwhat/Demo](https://github.com/yggcwhat/Demo)
- [yggcwhat/CVE-2021-45232](https://github.com/yggcwhat/CVE-2021-45232)
- [YutuSec/Apisix_Crack](https://github.com/YutuSec/Apisix_Crack)