diff --git a/2015/CVE-2015-4335.json b/2015/CVE-2015-4335.json new file mode 100644 index 0000000000..f874954293 --- /dev/null +++ b/2015/CVE-2015-4335.json @@ -0,0 +1,25 @@ +[ + { + "id": 302425563, + "name": "CVE-2015-4335", + "full_name": "EMCELLY\/CVE-2015-4335", + "owner": { + "login": "EMCELLY", + "id": 984191, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/984191?v=4", + "html_url": "https:\/\/github.com\/EMCELLY" + }, + "html_url": "https:\/\/github.com\/EMCELLY\/CVE-2015-4335", + "description": "CVE-2015-4335 Redis Lua Sandbox Escape", + "fork": false, + "created_at": "2020-10-08T18:15:14Z", + "updated_at": "2020-10-08T18:24:36Z", + "pushed_at": "2020-10-08T18:24:33Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2017/CVE-2017-5638.json b/2017/CVE-2017-5638.json index 772aadd759..0065902f13 100644 --- a/2017/CVE-2017-5638.json +++ b/2017/CVE-2017-5638.json @@ -206,6 +206,29 @@ "watchers": 2, "score": 0 }, + { + "id": 84640546, + "name": "test_struts2_vulnerability_CVE-2017-5638", + "full_name": "sjitech\/test_struts2_vulnerability_CVE-2017-5638", + "owner": { + "login": "sjitech", + "id": 5180638, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/5180638?v=4", + "html_url": "https:\/\/github.com\/sjitech" + }, + "html_url": "https:\/\/github.com\/sjitech\/test_struts2_vulnerability_CVE-2017-5638", + "description": "test struts2 vulnerability CVE-2017-5638 in Mac OS X", + "fork": false, + "created_at": "2017-03-11T10:03:54Z", + "updated_at": "2017-03-13T11:14:00Z", + "pushed_at": "2017-03-13T07:38:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 84642680, "name": "CVE-2017-5638", diff --git a/2018/CVE-2018-2392.json b/2018/CVE-2018-2392.json index 4af1f9becf..7bbdcfdb49 100644 --- a/2018/CVE-2018-2392.json +++ b/2018/CVE-2018-2392.json @@ -13,8 +13,8 @@ "description": "SAP IGS XXE attack CVE-2018-2392 and CVE-2018-2393", "fork": false, "created_at": "2020-10-02T17:57:22Z", - "updated_at": "2020-10-02T19:04:26Z", - "pushed_at": "2020-10-02T19:04:23Z", + "updated_at": "2020-10-08T18:58:12Z", + "pushed_at": "2020-10-08T18:58:10Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, diff --git a/2018/CVE-2018-2894.json b/2018/CVE-2018-2894.json index c0e62d149b..3704cea5c6 100644 --- a/2018/CVE-2018-2894.json +++ b/2018/CVE-2018-2894.json @@ -36,13 +36,13 @@ "description": "CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script", "fork": false, "created_at": "2018-07-20T03:59:18Z", - "updated_at": "2020-06-19T04:46:51Z", + "updated_at": "2020-10-08T21:02:47Z", "pushed_at": "2018-07-20T12:46:50Z", - "stargazers_count": 126, - "watchers_count": 126, + "stargazers_count": 127, + "watchers_count": 127, "forks_count": 48, "forks": 48, - "watchers": 126, + "watchers": 127, "score": 0 }, { diff --git a/2018/CVE-2018-6242.json b/2018/CVE-2018-6242.json index 32b498fbeb..030cf57e72 100644 --- a/2018/CVE-2018-6242.json +++ b/2018/CVE-2018-6242.json @@ -105,8 +105,8 @@ "description": "Rust implementation of the Fusée Gelée exploit (CVE-2018-6242) for Tegra processors.", "fork": false, "created_at": "2020-09-07T03:28:15Z", - "updated_at": "2020-10-07T18:04:23Z", - "pushed_at": "2020-10-07T18:04:21Z", + "updated_at": "2020-10-08T17:07:42Z", + "pushed_at": "2020-10-08T17:07:40Z", "stargazers_count": 0, "watchers_count": 0, "forks_count": 0, diff --git a/2019/CVE-2019-15107.json b/2019/CVE-2019-15107.json index fd28eb1a5e..df11006760 100644 --- a/2019/CVE-2019-15107.json +++ b/2019/CVE-2019-15107.json @@ -289,13 +289,13 @@ "description": "CVE-2019-15107 exploit", "fork": false, "created_at": "2020-09-13T03:11:29Z", - "updated_at": "2020-09-14T21:06:39Z", + "updated_at": "2020-10-08T20:11:48Z", "pushed_at": "2020-09-14T20:46:02Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "forks_count": 0, "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index 41c0fad446..33083c9ac8 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -36,13 +36,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-10-08T09:32:25Z", + "updated_at": "2020-10-08T16:30:51Z", "pushed_at": "2020-10-03T04:00:20Z", - "stargazers_count": 1910, - "watchers_count": 1910, + "stargazers_count": 1911, + "watchers_count": 1911, "forks_count": 497, "forks": 497, - "watchers": 1910, + "watchers": 1911, "score": 0 }, { diff --git a/2019/CVE-2019-19781.json b/2019/CVE-2019-19781.json index 43edd1f3dc..35a9f181c6 100644 --- a/2019/CVE-2019-19781.json +++ b/2019/CVE-2019-19781.json @@ -83,7 +83,7 @@ "fork": false, "created_at": "2020-01-11T00:26:16Z", "updated_at": "2020-09-08T14:13:36Z", - "pushed_at": "2020-10-07T21:25:31Z", + "pushed_at": "2020-10-08T16:53:51Z", "stargazers_count": 98, "watchers_count": 98, "forks_count": 29, diff --git a/2019/CVE-2019-2729.json b/2019/CVE-2019-2729.json index 620568ac4f..2c527c78e3 100644 --- a/2019/CVE-2019-2729.json +++ b/2019/CVE-2019-2729.json @@ -36,13 +36,13 @@ "description": "CVE-2019-2729 Exploit Script", "fork": false, "created_at": "2020-02-19T03:49:51Z", - "updated_at": "2020-10-05T12:56:52Z", + "updated_at": "2020-10-08T18:22:22Z", "pushed_at": "2020-02-19T08:48:02Z", - "stargazers_count": 12, - "watchers_count": 12, + "stargazers_count": 13, + "watchers_count": 13, "forks_count": 5, "forks": 5, - "watchers": 12, + "watchers": 13, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-0787.json b/2020/CVE-2020-0787.json index e003f4cdbe..d94f37d757 100644 --- a/2020/CVE-2020-0787.json +++ b/2020/CVE-2020-0787.json @@ -13,13 +13,13 @@ "description": "Support ALL Windows Version", "fork": false, "created_at": "2020-06-16T08:57:51Z", - "updated_at": "2020-10-08T01:43:37Z", + "updated_at": "2020-10-08T19:38:03Z", "pushed_at": "2020-09-11T07:38:22Z", - "stargazers_count": 425, - "watchers_count": 425, + "stargazers_count": 426, + "watchers_count": 426, "forks_count": 100, "forks": 100, - "watchers": 425, + "watchers": 426, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-11492.json b/2020/CVE-2020-11492.json index f5d6061c11..342c0d605a 100644 --- a/2020/CVE-2020-11492.json +++ b/2020/CVE-2020-11492.json @@ -1,4 +1,27 @@ [ + { + "id": 267392741, + "name": "CVE-2020-11492", + "full_name": "joshfinley\/CVE-2020-11492", + "owner": { + "login": "joshfinley", + "id": 13423441, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/13423441?v=4", + "html_url": "https:\/\/github.com\/joshfinley" + }, + "html_url": "https:\/\/github.com\/joshfinley\/CVE-2020-11492", + "description": null, + "fork": false, + "created_at": "2020-05-27T18:11:18Z", + "updated_at": "2020-10-08T18:53:13Z", + "pushed_at": "2020-06-14T16:42:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 267493495, "name": "CVE-2020-11492", diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index 2a8c885d11..3d0d1f4294 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -82,13 +82,13 @@ "description": "PoC for Zerologon - all research credits go to Tom Tervoort of Secura", "fork": false, "created_at": "2020-09-14T16:56:51Z", - "updated_at": "2020-10-08T08:29:09Z", + "updated_at": "2020-10-08T18:58:43Z", "pushed_at": "2020-09-25T15:32:01Z", - "stargazers_count": 646, - "watchers_count": 646, + "stargazers_count": 648, + "watchers_count": 648, "forks_count": 185, "forks": 185, - "watchers": 646, + "watchers": 648, "score": 0 }, { @@ -105,13 +105,13 @@ "description": "Exploit Code for CVE-2020-1472 aka Zerologon", "fork": false, "created_at": "2020-09-14T16:57:49Z", - "updated_at": "2020-10-07T20:37:42Z", + "updated_at": "2020-10-08T20:27:47Z", "pushed_at": "2020-10-06T06:58:55Z", - "stargazers_count": 111, - "watchers_count": 111, + "stargazers_count": 112, + "watchers_count": 112, "forks_count": 28, "forks": 28, - "watchers": 111, + "watchers": 112, "score": 0 }, { @@ -128,13 +128,13 @@ "description": "Exploit for zerologon cve-2020-1472", "fork": false, "created_at": "2020-09-14T19:19:07Z", - "updated_at": "2020-10-08T11:34:32Z", + "updated_at": "2020-10-08T16:53:27Z", "pushed_at": "2020-09-17T18:06:57Z", - "stargazers_count": 172, - "watchers_count": 172, + "stargazers_count": 174, + "watchers_count": 174, "forks_count": 64, "forks": 64, - "watchers": 172, + "watchers": 174, "score": 0 }, { diff --git a/2020/CVE-2020-15169.json b/2020/CVE-2020-15169.json new file mode 100644 index 0000000000..c24fa961b9 --- /dev/null +++ b/2020/CVE-2020-15169.json @@ -0,0 +1,25 @@ +[ + { + "id": 302388307, + "name": "CVE-2020-15169", + "full_name": "glasses618\/CVE-2020-15169", + "owner": { + "login": "glasses618", + "id": 10650655, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/10650655?v=4", + "html_url": "https:\/\/github.com\/glasses618" + }, + "html_url": "https:\/\/github.com\/glasses618\/CVE-2020-15169", + "description": null, + "fork": false, + "created_at": "2020-10-08T15:42:37Z", + "updated_at": "2020-10-08T15:43:15Z", + "pushed_at": "2020-10-08T15:43:11Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-2034.json b/2020/CVE-2020-2034.json index 2b514fb770..e8d1cf93ef 100644 --- a/2020/CVE-2020-2034.json +++ b/2020/CVE-2020-2034.json @@ -13,13 +13,13 @@ "description": "Determine the Version Running on the Palo Alto Network Firewall for the Global Protect Portal", "fork": false, "created_at": "2020-08-08T14:19:44Z", - "updated_at": "2020-10-05T18:21:11Z", + "updated_at": "2020-10-08T16:13:55Z", "pushed_at": "2020-08-14T09:24:34Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "forks_count": 2, "forks": 2, - "watchers": 2, + "watchers": 3, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-3452.json b/2020/CVE-2020-3452.json index 0a36019fed..d6330e4f96 100644 --- a/2020/CVE-2020-3452.json +++ b/2020/CVE-2020-3452.json @@ -59,13 +59,13 @@ "description": "CVE-2020-3452 Cisco ASA Scanner -unauth Path Traversal Check", "fork": false, "created_at": "2020-07-24T15:04:45Z", - "updated_at": "2020-10-08T05:07:16Z", + "updated_at": "2020-10-08T15:24:21Z", "pushed_at": "2020-08-30T21:34:41Z", - "stargazers_count": 11, - "watchers_count": 11, + "stargazers_count": 10, + "watchers_count": 10, "forks_count": 3, "forks": 3, - "watchers": 11, + "watchers": 10, "score": 0 }, { diff --git a/2020/CVE-2020-5902.json b/2020/CVE-2020-5902.json index 29c13bbadd..c82d18ab15 100644 --- a/2020/CVE-2020-5902.json +++ b/2020/CVE-2020-5902.json @@ -13,13 +13,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-10-08T09:32:25Z", + "updated_at": "2020-10-08T16:30:51Z", "pushed_at": "2020-10-03T04:00:20Z", - "stargazers_count": 1910, - "watchers_count": 1910, + "stargazers_count": 1911, + "watchers_count": 1911, "forks_count": 497, "forks": 497, - "watchers": 1910, + "watchers": 1911, "score": 0 }, { diff --git a/2020/CVE-2020-9484.json b/2020/CVE-2020-9484.json index 69f310ada7..689f36a921 100644 --- a/2020/CVE-2020-9484.json +++ b/2020/CVE-2020-9484.json @@ -109,8 +109,8 @@ "pushed_at": "2020-06-05T21:04:43Z", "stargazers_count": 12, "watchers_count": 12, - "forks_count": 6, - "forks": 6, + "forks_count": 7, + "forks": 7, "watchers": 12, "score": 0 }, diff --git a/README.md b/README.md index 51273c06d3..1b69e05e8d 100644 --- a/README.md +++ b/README.md @@ -1635,6 +1635,7 @@ Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect A An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. </code> +- [joshfinley/CVE-2020-11492](https://github.com/joshfinley/CVE-2020-11492) - [CrackerCat/CVE-2020-11492](https://github.com/CrackerCat/CVE-2020-11492) ### CVE-2020-11493 @@ -2161,6 +2162,14 @@ Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code executio - [Maskhe/CVE-2020-15148-bypasses](https://github.com/Maskhe/CVE-2020-15148-bypasses) +### CVE-2020-15169 + +<code> +In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory. +</code> + +- [glasses618/CVE-2020-15169](https://github.com/glasses618/CVE-2020-15169) + ### CVE-2020-15367 <code> @@ -9658,6 +9667,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be - [immunio/apache-struts2-CVE-2017-5638](https://github.com/immunio/apache-struts2-CVE-2017-5638) - [Masahiro-Yamada/OgnlContentTypeRejectorValve](https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve) - [aljazceru/CVE-2017-5638-Apache-Struts2](https://github.com/aljazceru/CVE-2017-5638-Apache-Struts2) +- [sjitech/test_struts2_vulnerability_CVE-2017-5638](https://github.com/sjitech/test_struts2_vulnerability_CVE-2017-5638) - [jrrombaldo/CVE-2017-5638](https://github.com/jrrombaldo/CVE-2017-5638) - [random-robbie/CVE-2017-5638](https://github.com/random-robbie/CVE-2017-5638) - [initconf/CVE-2017-5638_struts](https://github.com/initconf/CVE-2017-5638_struts) @@ -12876,6 +12886,14 @@ Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.c - [eudemonics/scaredycat](https://github.com/eudemonics/scaredycat) - [HenryVHuang/CVE-2015-3864](https://github.com/HenryVHuang/CVE-2015-3864) +### CVE-2015-4335 + +<code> +Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. +</code> + +- [EMCELLY/CVE-2015-4335](https://github.com/EMCELLY/CVE-2015-4335) + ### CVE-2015-4495 <code>