mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2022/05/14 00:15:08

Browse source
This commit is contained in:
motikan2010-bot 2022-05-14 09:15:08 +09:00
parent 478629c43f
commit 82b45c41fe
12 changed files with 110 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2016/CVE-2016-5640.json
View file

@ -13,17 +13,17 @@
"description": "Exploits CVE-2016-5640 \/ CLVA-2016-05-002 against Crestron AM-100",
"fork": false,
"created_at": "2017-02-07T19:42:06Z",
"updated_at": "2022-04-22T07:23:28Z",
"updated_at": "2022-05-13T21:11:10Z",
"pushed_at": "2017-02-07T19:44:21Z",
"stargazers_count": 7,
"watchers_count": 7,
"stargazers_count": 8,
"watchers_count": 8,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 7,
"watchers": 8,
"score": 0
},
{

8
2019/CVE-2019-17558.json
View file

@ -40,10 +40,10 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2022-05-13T17:43:01Z",
"updated_at": "2022-05-13T22:04:19Z",
"pushed_at": "2021-04-04T09:13:57Z",
"stargazers_count": 3310,
"watchers_count": 3310,
"stargazers_count": 3311,
"watchers_count": 3311,
"forks_count": 992,
"allow_forking": true,
"is_template": false,
@ -70,7 +70,7 @@
],
"visibility": "public",
"forks": 992,
"watchers": 3310,
"watchers": 3311,
"score": 0
},
{

20
2020/CVE-2020-14882.json
View file

@ -13,10 +13,10 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2022-05-13T17:43:01Z",
"updated_at": "2022-05-13T22:04:19Z",
"pushed_at": "2021-04-04T09:13:57Z",
"stargazers_count": 3310,
"watchers_count": 3310,
"stargazers_count": 3311,
"watchers_count": 3311,
"forks_count": 992,
"allow_forking": true,
"is_template": false,
@ -43,7 +43,7 @@
],
"visibility": "public",
"forks": 992,
"watchers": 3310,
"watchers": 3311,
"score": 0
},
{
@ -465,17 +465,17 @@
"description": "基于qt的图形化CVE-2020-14882漏洞回显测试工具.",
"fork": false,
"created_at": "2020-11-11T06:52:32Z",
"updated_at": "2021-09-09T06:49:40Z",
"updated_at": "2022-05-13T22:02:55Z",
"pushed_at": "2020-11-11T07:19:30Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"forks": 1,
"watchers": 2,
"score": 0
},
{

29
2021/CVE-2021-32724.json
View file

@ -1,29 +0,0 @@
[
{
"id": 434583285,
"name": "CVE-2021-32724-Target",
"full_name": "MaximeSchlegel\/CVE-2021-32724-Target",
"owner": {
"login": "MaximeSchlegel",
"id": 45755920,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/45755920?v=4",
"html_url": "https:\/\/github.com\/MaximeSchlegel"
},
"html_url": "https:\/\/github.com\/MaximeSchlegel\/CVE-2021-32724-Target",
"description": null,
"fork": false,
"created_at": "2021-12-03T12:09:46Z",
"updated_at": "2021-12-08T16:08:05Z",
"pushed_at": "2021-12-08T16:08:02Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"score": 0
}
]

45
2021/CVE-2021-4034.json
View file

@ -73,17 +73,17 @@
"description": "CVE-2021-4034 1day",
"fork": false,
"created_at": "2022-01-25T23:51:37Z",
"updated_at": "2022-05-13T08:14:35Z",
"updated_at": "2022-05-13T18:58:53Z",
"pushed_at": "2022-01-30T14:22:23Z",
"stargazers_count": 1523,
"watchers_count": 1523,
"forks_count": 446,
"stargazers_count": 1524,
"watchers_count": 1524,
"forks_count": 447,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 446,
"watchers": 1523,
"forks": 447,
"watchers": 1524,
"score": 0
},
{
@ -3409,6 +3409,39 @@
"watchers": 2,
"score": 0
},
{
"id": 467661197,
"name": "CVE-2021-4034",
"full_name": "GatoGamer1155\/CVE-2021-4034",
"owner": {
"login": "GatoGamer1155",
"id": 95899548,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/95899548?v=4",
"html_url": "https:\/\/github.com\/GatoGamer1155"
},
"html_url": "https:\/\/github.com\/GatoGamer1155\/CVE-2021-4034",
"description": "Script en python sobre la vulnerabilidad CVE-2021-4034",
"fork": false,
"created_at": "2022-03-08T20:12:38Z",
"updated_at": "2022-04-14T22:22:36Z",
"pushed_at": "2022-05-13T22:50:12Z",
"stargazers_count": 4,
"watchers_count": 4,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"topics": [
"cve",
"cve-2021-4034",
"exploit",
"pkexec",
"pwnkit"
],
"visibility": "public",
"forks": 1,
"watchers": 4,
"score": 0
},
{
"id": 467743719,
"name": "CVE-2021-4034-bug-root",

8
2021/CVE-2021-42278.json
View file

@ -13,10 +13,10 @@
"description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ",
"fork": false,
"created_at": "2021-12-11T15:10:30Z",
"updated_at": "2022-05-12T09:36:42Z",
"updated_at": "2022-05-13T21:12:16Z",
"pushed_at": "2022-03-18T16:32:13Z",
"stargazers_count": 796,
"watchers_count": 796,
"stargazers_count": 797,
"watchers_count": 797,
"forks_count": 171,
"allow_forking": true,
"is_template": false,
@ -28,7 +28,7 @@
],
"visibility": "public",
"forks": 171,
"watchers": 796,
"watchers": 797,
"score": 0
},
{

8
2021/CVE-2021-44228.json
View file

@ -4726,10 +4726,10 @@
"description": "Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046",
"fork": false,
"created_at": "2021-12-13T21:47:41Z",
"updated_at": "2022-04-06T15:07:19Z",
"updated_at": "2022-05-13T20:07:43Z",
"pushed_at": "2022-01-02T16:34:49Z",
"stargazers_count": 55,
"watchers_count": 55,
"stargazers_count": 56,
"watchers_count": 56,
"forks_count": 13,
"allow_forking": true,
"is_template": false,
@ -4744,7 +4744,7 @@
],
"visibility": "public",
"forks": 13,
"watchers": 55,
"watchers": 56,
"score": 0
},
{

12
2022/CVE-2022-0847.json
View file

@ -1095,17 +1095,17 @@
"description": "A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.",
"fork": false,
"created_at": "2022-03-12T20:57:24Z",
"updated_at": "2022-05-12T18:36:24Z",
"updated_at": "2022-05-13T19:44:10Z",
"pushed_at": "2022-03-15T00:26:45Z",
"stargazers_count": 257,
"watchers_count": 257,
"forks_count": 59,
"stargazers_count": 258,
"watchers_count": 258,
"forks_count": 60,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 59,
"watchers": 257,
"forks": 60,
"watchers": 258,
"score": 0
},
{

44
2022/CVE-2022-1388.json
View file

@ -148,17 +148,17 @@
"description": "PoC for CVE-2022-1388_F5_BIG-IP",
"fork": false,
"created_at": "2022-05-09T07:39:55Z",
"updated_at": "2022-05-12T07:42:17Z",
"updated_at": "2022-05-13T20:15:07Z",
"pushed_at": "2022-05-09T10:23:11Z",
"stargazers_count": 47,
"watchers_count": 47,
"stargazers_count": 48,
"watchers_count": 48,
"forks_count": 9,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 47,
"watchers": 48,
"score": 0
},
{
@ -202,17 +202,17 @@
"description": "CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE",
"fork": false,
"created_at": "2022-05-09T10:22:31Z",
"updated_at": "2022-05-13T15:03:30Z",
"updated_at": "2022-05-13T22:12:21Z",
"pushed_at": "2022-05-12T05:56:13Z",
"stargazers_count": 60,
"watchers_count": 60,
"forks_count": 22,
"stargazers_count": 61,
"watchers_count": 61,
"forks_count": 24,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 22,
"watchers": 60,
"forks": 24,
"watchers": 61,
"score": 0
},
{
@ -229,17 +229,17 @@
"description": "F5 BIG-IP RCE exploitation (CVE-2022-1388)",
"fork": false,
"created_at": "2022-05-09T10:34:38Z",
"updated_at": "2022-05-13T13:31:02Z",
"updated_at": "2022-05-13T20:13:55Z",
"pushed_at": "2022-05-10T16:08:38Z",
"stargazers_count": 46,
"watchers_count": 46,
"stargazers_count": 48,
"watchers_count": 48,
"forks_count": 8,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 46,
"watchers": 48,
"score": 0
},
{
@ -310,7 +310,7 @@
"description": "POC for CVE-2022-1388",
"fork": false,
"created_at": "2022-05-09T11:46:45Z",
"updated_at": "2022-05-13T15:03:35Z",
"updated_at": "2022-05-14T00:12:51Z",
"pushed_at": "2022-05-09T20:52:07Z",
"stargazers_count": 179,
"watchers_count": 179,
@ -422,7 +422,7 @@
"fork": false,
"created_at": "2022-05-09T14:37:04Z",
"updated_at": "2022-05-09T14:39:16Z",
"pushed_at": "2022-05-09T14:37:57Z",
"pushed_at": "2022-05-13T18:18:48Z",
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 0,
@ -1153,8 +1153,8 @@
"description": "F5 BIG-IP iControl REST vulnerability RCE exploit with Java including a testing LAB",
"fork": false,
"created_at": "2022-05-12T16:54:52Z",
"updated_at": "2022-05-13T08:43:43Z",
"pushed_at": "2022-05-12T21:10:11Z",
"updated_at": "2022-05-13T20:46:48Z",
"pushed_at": "2022-05-13T23:23:45Z",
"stargazers_count": 5,
"watchers_count": 5,
"forks_count": 3,
@ -1188,17 +1188,17 @@
"description": "Tool for CVE-2022-1388 ",
"fork": false,
"created_at": "2022-05-13T10:18:29Z",
"updated_at": "2022-05-13T17:15:41Z",
"updated_at": "2022-05-13T22:06:53Z",
"pushed_at": "2022-05-13T10:22:08Z",
"stargazers_count": 2,
"watchers_count": 2,
"stargazers_count": 3,
"watchers_count": 3,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 2,
"watchers": 3,
"score": 0
}
]

2
2022/CVE-2022-26809.json
View file

@ -258,7 +258,7 @@
"description": "CVE-2022-26809 is a vulnerability in Remote Procedure Call Runtime",
"fork": false,
"created_at": "2022-04-25T18:40:24Z",
"updated_at": "2022-05-13T14:46:03Z",
"updated_at": "2022-05-13T19:31:15Z",
"pushed_at": "2022-05-13T08:14:37Z",
"stargazers_count": 29,
"watchers_count": 29,

30
2022/CVE-2022-30525.json
View file

@ -13,11 +13,11 @@
"description": "Proof of concept exploit for CVE-2022-30525 (Zxyel firewall command injection)",
"fork": false,
"created_at": "2022-05-10T10:31:19Z",
"updated_at": "2022-05-13T14:45:58Z",
"updated_at": "2022-05-13T21:55:14Z",
"pushed_at": "2022-05-12T10:37:44Z",
"stargazers_count": 17,
"watchers_count": 17,
"forks_count": 4,
"stargazers_count": 19,
"watchers_count": 19,
"forks_count": 5,
"allow_forking": true,
"is_template": false,
"topics": [
@ -27,8 +27,8 @@
"zyxel"
],
"visibility": "public",
"forks": 4,
"watchers": 17,
"forks": 5,
"watchers": 19,
"score": 0
},
{
@ -72,17 +72,17 @@
"description": "Zyxel 防火墙远程命令注入漏洞CVE-2022-30525批量检测脚本",
"fork": false,
"created_at": "2022-05-13T12:58:43Z",
"updated_at": "2022-05-13T16:43:13Z",
"updated_at": "2022-05-13T20:51:51Z",
"pushed_at": "2022-05-13T14:46:04Z",
"stargazers_count": 3,
"watchers_count": 3,
"stargazers_count": 4,
"watchers_count": 4,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 3,
"watchers": 4,
"score": 0
},
{
@ -99,17 +99,17 @@
"description": "Zyxel 防火墙未经身份验证的远程命令注入",
"fork": false,
"created_at": "2022-05-13T18:16:31Z",
"updated_at": "2022-05-13T18:16:31Z",
"pushed_at": "2022-05-13T18:16:32Z",
"stargazers_count": 0,
"watchers_count": 0,
"updated_at": "2022-05-13T18:23:37Z",
"pushed_at": "2022-05-13T18:22:01Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0
}
]

9
README.md
View file

@ -2707,6 +2707,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
- [defhacks/cve-2021-4034](https://github.com/defhacks/cve-2021-4034)
- [PentesterSoham/CVE-2021-4034-exploit](https://github.com/PentesterSoham/CVE-2021-4034-exploit)
- [T369-Real/pwnkit-pwn](https://github.com/T369-Real/pwnkit-pwn)
- [GatoGamer1155/CVE-2021-4034](https://github.com/GatoGamer1155/CVE-2021-4034)
- [bakhtiyarsierad/CVE-2021-4034-bug-root](https://github.com/bakhtiyarsierad/CVE-2021-4034-bug-root)
- [ITMarcin2211/Polkit-s-Pkexec-CVE-2021-4034](https://github.com/ITMarcin2211/Polkit-s-Pkexec-CVE-2021-4034)
- [edsonjt81/CVE-2021-4034-Linux](https://github.com/edsonjt81/CVE-2021-4034-Linux)
@ -4231,14 +4232,6 @@ octobercms in a CMS platform based on the Laravel PHP Framework. In affected ver
- [Immersive-Labs-Sec/CVE-2021-32648](https://github.com/Immersive-Labs-Sec/CVE-2021-32648)
- [daftspunk/CVE-2021-32648](https://github.com/daftspunk/CVE-2021-32648)
### CVE-2021-32724 (2021-09-09)
<code>
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or `schedule`), an attacker can send a crafted Pull Request that causes a `GITHUB_TOKEN` to be exposed. With the `GITHUB_TOKEN`, it's possible to push commits to the repository bypassing standard approval processes. Commits to the repository could then steal any/all secrets available to the repository. As a workaround users may can either: [Disable the workflow](https://docs.github.com/en/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) until you've fixed all branches or Set repository to [Allow specific actions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#allowing-specific-actions-to-run). check-spelling isn't a verified creator and it certainly won't be anytime soon. You could then explicitly add other actions that your repository uses. Set repository [Workflow permissions](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) to `Read repository contents permission`. Workflows using `check-spelling/check-spelling@main` will get the fix automatically. Workflows using a pinned sha or tagged version will need to change the affected workflows for all repository branches to the latest version. Users can verify who and which Pull Requests have been running the action by looking up the spelling.yml action in the Actions tab of their repositories, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml - you can filter PRs by adding ?query=event%3Apull_request_target, e.g., https://github.com/check-spelling/check-spelling/actions/workflows/spelling.yml?query=event%3Apull_request_target.
</code>
- [MaximeSchlegel/CVE-2021-32724-Target](https://github.com/MaximeSchlegel/CVE-2021-32724-Target)
### CVE-2021-32819 (2021-05-14)
<code>