mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/07/08 00:29:05

Browse source
This commit is contained in:
motikan2010-bot 2024-07-08 09:29:05 +09:00
parent 726525347a
commit 8464e5eb55
37 changed files with 329 additions and 234 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2014/CVE-2014-4210.json
View file

@ -43,10 +43,10 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2024-07-05T09:20:53Z",
"updated_at": "2024-07-07T18:33:36Z",
"pushed_at": "2023-11-24T09:21:56Z",
"stargazers_count": 1952,
"watchers_count": 1952,
"stargazers_count": 1953,
"watchers_count": 1953,
"has_discussions": true,
"forks_count": 335,
"allow_forking": true,
@ -76,7 +76,7 @@
],
"visibility": "public",
"forks": 335,
"watchers": 1952,
"watchers": 1953,
"score": 0,
"subscribers_count": 35
},

8
2016/CVE-2016-0638.json
View file

@ -13,10 +13,10 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2024-07-05T09:20:53Z",
"updated_at": "2024-07-07T18:33:36Z",
"pushed_at": "2023-11-24T09:21:56Z",
"stargazers_count": 1952,
"watchers_count": 1952,
"stargazers_count": 1953,
"watchers_count": 1953,
"has_discussions": true,
"forks_count": 335,
"allow_forking": true,
@ -46,7 +46,7 @@
],
"visibility": "public",
"forks": 335,
"watchers": 1952,
"watchers": 1953,
"score": 0,
"subscribers_count": 35
},

8
2017/CVE-2017-3248.json
View file

@ -43,10 +43,10 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2024-07-05T09:20:53Z",
"updated_at": "2024-07-07T18:33:36Z",
"pushed_at": "2023-11-24T09:21:56Z",
"stargazers_count": 1952,
"watchers_count": 1952,
"stargazers_count": 1953,
"watchers_count": 1953,
"has_discussions": true,
"forks_count": 335,
"allow_forking": true,
@ -76,7 +76,7 @@
],
"visibility": "public",
"forks": 335,
"watchers": 1952,
"watchers": 1953,
"score": 0,
"subscribers_count": 35
},

8
2018/CVE-2018-2628.json
View file

@ -557,10 +557,10 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2024-07-05T09:20:53Z",
"updated_at": "2024-07-07T18:33:36Z",
"pushed_at": "2023-11-24T09:21:56Z",
"stargazers_count": 1952,
"watchers_count": 1952,
"stargazers_count": 1953,
"watchers_count": 1953,
"has_discussions": true,
"forks_count": 335,
"allow_forking": true,
@ -590,7 +590,7 @@
],
"visibility": "public",
"forks": 335,
"watchers": 1952,
"watchers": 1953,
"score": 0,
"subscribers_count": 35
},

8
2019/CVE-2019-2618.json
View file

@ -193,10 +193,10 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2024-07-05T09:20:53Z",
"updated_at": "2024-07-07T18:33:36Z",
"pushed_at": "2023-11-24T09:21:56Z",
"stargazers_count": 1952,
"watchers_count": 1952,
"stargazers_count": 1953,
"watchers_count": 1953,
"has_discussions": true,
"forks_count": 335,
"allow_forking": true,
@ -226,7 +226,7 @@
],
"visibility": "public",
"forks": 335,
"watchers": 1952,
"watchers": 1953,
"score": 0,
"subscribers_count": 35
}

8
2020/CVE-2020-15368.json
View file

@ -13,10 +13,10 @@
"description": "CVE-2020-15368, aka \"How to exploit a vulnerable driver\"",
"fork": false,
"created_at": "2021-06-29T04:38:24Z",
"updated_at": "2024-06-28T14:05:00Z",
"updated_at": "2024-07-07T19:46:47Z",
"pushed_at": "2022-04-14T03:17:44Z",
"stargazers_count": 414,
"watchers_count": 414,
"stargazers_count": 415,
"watchers_count": 415,
"has_discussions": false,
"forks_count": 45,
"allow_forking": true,
@ -30,7 +30,7 @@
],
"visibility": "public",
"forks": 45,
"watchers": 414,
"watchers": 415,
"score": 0,
"subscribers_count": 6
}

8
2020/CVE-2020-2551.json
View file

@ -13,10 +13,10 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2024-07-05T09:20:53Z",
"updated_at": "2024-07-07T18:33:36Z",
"pushed_at": "2023-11-24T09:21:56Z",
"stargazers_count": 1952,
"watchers_count": 1952,
"stargazers_count": 1953,
"watchers_count": 1953,
"has_discussions": true,
"forks_count": 335,
"allow_forking": true,
@ -46,7 +46,7 @@
],
"visibility": "public",
"forks": 335,
"watchers": 1952,
"watchers": 1953,
"score": 0,
"subscribers_count": 35
},

16
2021/CVE-2021-1675.json
View file

@ -48,13 +48,13 @@
"stargazers_count": 1815,
"watchers_count": 1815,
"has_discussions": false,
"forks_count": 583,
"forks_count": 584,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 583,
"forks": 584,
"watchers": 1815,
"score": 0,
"subscribers_count": 44
@ -301,10 +301,10 @@
"description": "Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)",
"fork": false,
"created_at": "2021-07-01T23:45:58Z",
"updated_at": "2024-07-05T12:57:47Z",
"updated_at": "2024-07-07T19:02:23Z",
"pushed_at": "2021-07-05T08:54:06Z",
"stargazers_count": 980,
"watchers_count": 980,
"stargazers_count": 981,
"watchers_count": 981,
"has_discussions": false,
"forks_count": 232,
"allow_forking": true,
@ -313,7 +313,7 @@
"topics": [],
"visibility": "public",
"forks": 232,
"watchers": 980,
"watchers": 981,
"score": 0,
"subscribers_count": 27
},
@ -977,7 +977,7 @@
"stargazers_count": 178,
"watchers_count": 178,
"has_discussions": false,
"forks_count": 30,
"forks_count": 31,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -986,7 +986,7 @@
"cve-2021-34527"
],
"visibility": "public",
"forks": 30,
"forks": 31,
"watchers": 178,
"score": 0,
"subscribers_count": 6

38
2021/CVE-2021-20323.json
View file

@ -48,7 +48,7 @@
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -61,9 +61,43 @@
"xss-vulnerability"
],
"visibility": "public",
"forks": 0,
"forks": 1,
"watchers": 1,
"score": 0,
"subscribers_count": 0
},
{
"id": 825485916,
"name": "CVE-2021-20323",
"full_name": "cscpwn0sec\/CVE-2021-20323",
"owner": {
"login": "cscpwn0sec",
"id": 173960819,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/173960819?v=4",
"html_url": "https:\/\/github.com\/cscpwn0sec"
},
"html_url": "https:\/\/github.com\/cscpwn0sec\/CVE-2021-20323",
"description": "Exploitation Scanner Cross Site Scripting vulnerability in Keycloak.",
"fork": false,
"created_at": "2024-07-07T23:02:00Z",
"updated_at": "2024-07-08T00:11:41Z",
"pushed_at": "2024-07-08T00:08:45Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"cross-site-scripting-xss",
"cve-2021-20323",
"keycloak-vulnerability"
],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

30
2021/CVE-2021-3156.json
View file

@ -2024,36 +2024,6 @@
"score": 0,
"subscribers_count": 1
},
{
"id": 690307610,
"name": "Y3A-CVE-2021-3156",
"full_name": "EthicalSecurity-Agency\/Y3A-CVE-2021-3156",
"owner": {
"login": "EthicalSecurity-Agency",
"id": 128076110,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/128076110?v=4",
"html_url": "https:\/\/github.com\/EthicalSecurity-Agency"
},
"html_url": "https:\/\/github.com\/EthicalSecurity-Agency\/Y3A-CVE-2021-3156",
"description": "Y3A \/ CVE-2021-3156",
"fork": false,
"created_at": "2023-09-12T00:23:42Z",
"updated_at": "2023-09-12T00:23:42Z",
"pushed_at": "2021-09-07T03:36:31Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 736124550,
"name": "CVE-2021-3156",

12
2021/CVE-2021-34527.json
View file

@ -79,19 +79,19 @@
"description": null,
"fork": false,
"created_at": "2021-07-02T12:10:49Z",
"updated_at": "2024-07-01T14:15:47Z",
"updated_at": "2024-07-07T19:02:26Z",
"pushed_at": "2021-07-02T12:17:50Z",
"stargazers_count": 244,
"watchers_count": 244,
"stargazers_count": 245,
"watchers_count": 245,
"has_discussions": false,
"forks_count": 63,
"forks_count": 64,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 63,
"watchers": 244,
"forks": 64,
"watchers": 245,
"score": 0,
"subscribers_count": 9
},

30
2021/CVE-2021-36393.json
View file

@ -33,35 +33,5 @@
"watchers": 1,
"score": 0,
"subscribers_count": 2
},
{
"id": 714260511,
"name": "CVE-2021-36393-Exploit",
"full_name": "T0X1Cx\/CVE-2021-36393-Exploit",
"owner": {
"login": "T0X1Cx",
"id": 71453093,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/71453093?v=4",
"html_url": "https:\/\/github.com\/T0X1Cx"
},
"html_url": "https:\/\/github.com\/T0X1Cx\/CVE-2021-36393-Exploit",
"description": "This script demonstrates a time-based blind SQL injection on Moodle platforms, exploiting response delays to extract data.",
"fork": false,
"created_at": "2023-11-04T11:45:55Z",
"updated_at": "2024-06-30T06:33:31Z",
"pushed_at": "2023-11-04T19:17:16Z",
"stargazers_count": 17,
"watchers_count": 17,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 17,
"score": 0,
"subscribers_count": 2
}
]

32
2021/CVE-2021-36396.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 714260511,
"name": "CVE-2021-36396-Exploit",
"full_name": "T0X1Cx\/CVE-2021-36396-Exploit",
"owner": {
"login": "T0X1Cx",
"id": 71453093,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/71453093?v=4",
"html_url": "https:\/\/github.com\/T0X1Cx"
},
"html_url": "https:\/\/github.com\/T0X1Cx\/CVE-2021-36396-Exploit",
"description": "This script demonstrates a time-based blind SQL injection on Moodle platforms, exploiting response delays to extract data.",
"fork": false,
"created_at": "2023-11-04T11:45:55Z",
"updated_at": "2024-07-07T21:43:34Z",
"pushed_at": "2024-07-07T18:39:45Z",
"stargazers_count": 17,
"watchers_count": 17,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 17,
"score": 0,
"subscribers_count": 2
}
]

8
2021/CVE-2021-4034.json
View file

@ -938,10 +938,10 @@
"description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation",
"fork": false,
"created_at": "2022-01-26T14:26:10Z",
"updated_at": "2024-07-04T02:01:47Z",
"updated_at": "2024-07-07T20:55:01Z",
"pushed_at": "2022-06-21T14:52:05Z",
"stargazers_count": 1011,
"watchers_count": 1011,
"stargazers_count": 1012,
"watchers_count": 1012,
"has_discussions": false,
"forks_count": 180,
"allow_forking": true,
@ -952,7 +952,7 @@
],
"visibility": "public",
"forks": 180,
"watchers": 1011,
"watchers": 1012,
"score": 0,
"subscribers_count": 14
},

6
2021/CVE-2021-44228.json
View file

@ -1527,7 +1527,7 @@
"fork": false,
"created_at": "2021-12-11T12:16:45Z",
"updated_at": "2024-04-29T17:48:37Z",
"pushed_at": "2024-06-24T03:01:43Z",
"pushed_at": "2024-07-07T23:54:35Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
@ -9731,13 +9731,13 @@
"stargazers_count": 136,
"watchers_count": 136,
"has_discussions": false,
"forks_count": 28,
"forks_count": 29,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 28,
"forks": 29,
"watchers": 136,
"score": 0,
"subscribers_count": 6

8
2022/CVE-2022-20452.json
View file

@ -13,10 +13,10 @@
"description": "Exploit for CVE-2022-20452, privilege escalation on Android from installed app to system app (or another app) via LazyValue using Parcel after recycle()",
"fork": false,
"created_at": "2023-01-10T16:24:51Z",
"updated_at": "2024-07-01T08:26:06Z",
"updated_at": "2024-07-07T23:51:05Z",
"pushed_at": "2023-04-12T17:28:49Z",
"stargazers_count": 267,
"watchers_count": 267,
"stargazers_count": 268,
"watchers_count": 268,
"has_discussions": false,
"forks_count": 50,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 50,
"watchers": 267,
"watchers": 268,
"score": 0,
"subscribers_count": 9
}

8
2022/CVE-2022-21661.json
View file

@ -73,10 +73,10 @@
"description": "Wordpress 5.8.2 CVE-2022-21661 Vuln enviroment POC exploit",
"fork": false,
"created_at": "2022-05-28T10:46:48Z",
"updated_at": "2023-12-14T06:20:39Z",
"updated_at": "2024-07-07T20:48:49Z",
"pushed_at": "2022-05-28T10:50:30Z",
"stargazers_count": 14,
"watchers_count": 14,
"stargazers_count": 13,
"watchers_count": 13,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 14,
"watchers": 13,
"score": 0,
"subscribers_count": 1
},

8
2022/CVE-2022-22963.json
View file

@ -605,10 +605,10 @@
"description": "CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script will verify if the vulnerability exists, and if it does, will give you a reverse shell.",
"fork": false,
"created_at": "2023-03-18T11:43:00Z",
"updated_at": "2024-04-27T08:51:47Z",
"updated_at": "2024-07-07T19:09:28Z",
"pushed_at": "2023-03-18T11:47:55Z",
"stargazers_count": 22,
"watchers_count": 22,
"stargazers_count": 23,
"watchers_count": 23,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -617,7 +617,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 22,
"watchers": 23,
"score": 0,
"subscribers_count": 1
},

8
2023/CVE-2023-32784.json
View file

@ -13,10 +13,10 @@
"description": "Original PoC for CVE-2023-32784",
"fork": false,
"created_at": "2023-05-01T17:08:55Z",
"updated_at": "2024-06-20T13:22:27Z",
"updated_at": "2024-07-07T20:20:25Z",
"pushed_at": "2023-08-17T19:26:55Z",
"stargazers_count": 622,
"watchers_count": 622,
"stargazers_count": 623,
"watchers_count": 623,
"has_discussions": false,
"forks_count": 57,
"allow_forking": true,
@ -28,7 +28,7 @@
],
"visibility": "public",
"forks": 57,
"watchers": 622,
"watchers": 623,
"score": 0,
"subscribers_count": 11
},

24
2023/CVE-2023-4220.json
View file

@ -13,19 +13,27 @@
"description": "This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220",
"fork": false,
"created_at": "2024-07-07T15:08:30Z",
"updated_at": "2024-07-07T18:15:02Z",
"pushed_at": "2024-07-07T18:14:56Z",
"stargazers_count": 0,
"watchers_count": 0,
"updated_at": "2024-07-07T23:17:47Z",
"pushed_at": "2024-07-07T19:53:19Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"topics": [
"chamilo",
"chamilo-lms",
"cve",
"cve-2023-4220",
"exploit",
"rce",
"rce-exploit"
],
"visibility": "public",
"forks": 0,
"watchers": 0,
"forks": 1,
"watchers": 1,
"score": 0,
"subscribers_count": 0
},

8
2023/CVE-2023-45866.json
View file

@ -13,10 +13,10 @@
"description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)",
"fork": false,
"created_at": "2024-01-16T06:52:02Z",
"updated_at": "2024-07-07T08:07:56Z",
"updated_at": "2024-07-07T19:41:44Z",
"pushed_at": "2024-07-05T12:35:27Z",
"stargazers_count": 955,
"watchers_count": 955,
"stargazers_count": 956,
"watchers_count": 956,
"has_discussions": false,
"forks_count": 162,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 162,
"watchers": 955,
"watchers": 956,
"score": 0,
"subscribers_count": 16
},

4
2024/CVE-2024-22274.json
View file

@ -18,7 +18,7 @@
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 2,
"forks_count": 3,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -31,7 +31,7 @@
"remote-code-execution"
],
"visibility": "public",
"forks": 2,
"forks": 3,
"watchers": 6,
"score": 0,
"subscribers_count": 1

8
2024/CVE-2024-24590.json
View file

@ -2,14 +2,14 @@
{
"id": 813761890,
"name": "ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"full_name": "LordVileOnX\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"full_name": "HexDoesRandomShit\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"owner": {
"login": "LordVileOnX",
"login": "HexDoesRandomShit",
"id": 172425960,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/172425960?v=4",
"html_url": "https:\/\/github.com\/LordVileOnX"
"html_url": "https:\/\/github.com\/HexDoesRandomShit"
},
"html_url": "https:\/\/github.com\/LordVileOnX\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"html_url": "https:\/\/github.com\/HexDoesRandomShit\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"description": "Here is an exploit in python to exploit the CVE-2024-24590, which is an upload pickle in a ClearML, which leads to arbitrary code execution... Enjoy :D",
"fork": false,
"created_at": "2024-06-11T17:33:36Z",

8
2024/CVE-2024-27292.json
View file

@ -13,10 +13,10 @@
"description": "CVE-2024-27292 : Docassemble V1.4.96 Unauthenticated Path Traversal",
"fork": false,
"created_at": "2024-07-02T04:41:35Z",
"updated_at": "2024-07-02T22:22:20Z",
"updated_at": "2024-07-07T19:50:10Z",
"pushed_at": "2024-07-02T11:39:54Z",
"stargazers_count": 5,
"watchers_count": 5,
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 5,
"watchers": 6,
"score": 0,
"subscribers_count": 1
}

2
2024/CVE-2024-2961.json
View file

@ -73,7 +73,7 @@
"description": "Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()",
"fork": false,
"created_at": "2024-05-27T08:30:06Z",
"updated_at": "2024-07-07T11:03:23Z",
"updated_at": "2024-07-08T00:23:03Z",
"pushed_at": "2024-06-17T08:10:13Z",
"stargazers_count": 305,
"watchers_count": 305,

4
2024/CVE-2024-30088.json
View file

@ -18,13 +18,13 @@
"stargazers_count": 155,
"watchers_count": 155,
"has_discussions": false,
"forks_count": 37,
"forks_count": 36,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 37,
"forks": 36,
"watchers": 155,
"score": 0,
"subscribers_count": 1

13
2024/CVE-2024-3094.json
View file

@ -1840,11 +1840,11 @@
"html_url": "https:\/\/github.com\/robertdfrench"
},
"html_url": "https:\/\/github.com\/robertdfrench\/ifuncd-up",
"description": "GNU IFUNC is the real culprit behind CVE-2024-3094",
"description": "Why GNU IFUNC is the real culprit behind CVE-2024-3094",
"fork": false,
"created_at": "2024-07-05T18:36:16Z",
"updated_at": "2024-07-06T21:37:53Z",
"pushed_at": "2024-07-06T21:37:50Z",
"updated_at": "2024-07-07T23:55:29Z",
"pushed_at": "2024-07-07T23:53:59Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -1852,7 +1852,12 @@
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"topics": [
"cve-2024-3094",
"dynamic-loading",
"ifunc",
"xz-utils-backdoor"
],
"visibility": "public",
"forks": 0,
"watchers": 0,

8
2024/CVE-2024-33559.json
View file

@ -13,10 +13,10 @@
"description": "(CVE-2024-33559) The XStore theme for WordPress is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query",
"fork": false,
"created_at": "2024-05-17T04:15:34Z",
"updated_at": "2024-06-21T12:57:03Z",
"updated_at": "2024-07-07T20:52:14Z",
"pushed_at": "2024-05-17T04:20:29Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 1
}

46
2024/CVE-2024-34102.json
View file

@ -73,10 +73,10 @@
"description": "POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento \/ Adobe Commerce. ",
"fork": false,
"created_at": "2024-06-27T21:57:24Z",
"updated_at": "2024-07-07T08:41:46Z",
"updated_at": "2024-07-08T00:29:49Z",
"pushed_at": "2024-06-29T08:13:05Z",
"stargazers_count": 19,
"watchers_count": 19,
"stargazers_count": 20,
"watchers_count": 20,
"has_discussions": false,
"forks_count": 6,
"allow_forking": true,
@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 6,
"watchers": 19,
"watchers": 20,
"score": 0,
"subscribers_count": 2
},
@ -163,10 +163,10 @@
"description": "CosmicSting (CVE-2024-34102)",
"fork": false,
"created_at": "2024-06-28T23:33:21Z",
"updated_at": "2024-07-07T12:44:40Z",
"updated_at": "2024-07-08T00:29:13Z",
"pushed_at": "2024-06-28T23:34:43Z",
"stargazers_count": 18,
"watchers_count": 18,
"stargazers_count": 19,
"watchers_count": 19,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
@ -175,7 +175,7 @@
"topics": [],
"visibility": "public",
"forks": 7,
"watchers": 18,
"watchers": 19,
"score": 0,
"subscribers_count": 1
},
@ -328,5 +328,35 @@
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 825491938,
"name": "cosmicsting-validator",
"full_name": "SamJUK\/cosmicsting-validator",
"owner": {
"login": "SamJUK",
"id": 7872420,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/7872420?v=4",
"html_url": "https:\/\/github.com\/SamJUK"
},
"html_url": "https:\/\/github.com\/SamJUK\/cosmicsting-validator",
"description": "CosmicSting (CVE-2024-34102) POC \/ Patch Validator",
"fork": false,
"created_at": "2024-07-07T23:35:18Z",
"updated_at": "2024-07-08T00:00:57Z",
"pushed_at": "2024-07-08T00:00:54Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

32
2024/CVE-2024-34361.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 825467646,
"name": "CVE-2024-34361-PiHole-SSRF-to-RCE",
"full_name": "T0X1Cx\/CVE-2024-34361-PiHole-SSRF-to-RCE",
"owner": {
"login": "T0X1Cx",
"id": 71453093,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/71453093?v=4",
"html_url": "https:\/\/github.com\/T0X1Cx"
},
"html_url": "https:\/\/github.com\/T0X1Cx\/CVE-2024-34361-PiHole-SSRF-to-RCE",
"description": "This repository contains an exploit for CVE-2024-34361, a critical Pi-hole vulnerability (CVSS 8.6). It uses SSRF to achieve RCE by exploiting improper URL validation, allowing attackers to send arbitrary requests and execute commands on the system. Disclaimer: For educational and ethical security testing only. Unauthorized use is illegal.",
"fork": false,
"created_at": "2024-07-07T21:22:36Z",
"updated_at": "2024-07-07T21:44:08Z",
"pushed_at": "2024-07-07T21:41:38Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

16
2024/CVE-2024-36401.json
View file

@ -13,10 +13,10 @@
"description": "POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.",
"fork": false,
"created_at": "2024-07-04T13:19:47Z",
"updated_at": "2024-07-07T00:55:57Z",
"updated_at": "2024-07-07T19:16:32Z",
"pushed_at": "2024-07-04T19:18:04Z",
"stargazers_count": 24,
"watchers_count": 24,
"stargazers_count": 25,
"watchers_count": 25,
"has_discussions": false,
"forks_count": 8,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 8,
"watchers": 24,
"watchers": 25,
"score": 0,
"subscribers_count": 1
},
@ -103,10 +103,10 @@
"description": "Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit",
"fork": false,
"created_at": "2024-07-06T01:10:28Z",
"updated_at": "2024-07-07T09:27:33Z",
"updated_at": "2024-07-08T00:25:01Z",
"pushed_at": "2024-07-06T01:57:58Z",
"stargazers_count": 12,
"watchers_count": 12,
"stargazers_count": 13,
"watchers_count": 13,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -122,7 +122,7 @@
],
"visibility": "public",
"forks": 0,
"watchers": 12,
"watchers": 13,
"score": 0,
"subscribers_count": 1
},

16
2024/CVE-2024-36991.json
View file

@ -13,10 +13,10 @@
"description": "POC for CVE-2024-36991: This exploit will attempt to read Splunk \/etc\/passwd file.",
"fork": false,
"created_at": "2024-07-06T00:49:40Z",
"updated_at": "2024-07-07T17:32:25Z",
"updated_at": "2024-07-08T00:27:06Z",
"pushed_at": "2024-07-06T01:25:20Z",
"stargazers_count": 47,
"watchers_count": 47,
"stargazers_count": 49,
"watchers_count": 49,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 47,
"watchers": 49,
"score": 0,
"subscribers_count": 1
},
@ -79,10 +79,10 @@
"description": "CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10.",
"fork": false,
"created_at": "2024-07-06T15:24:24Z",
"updated_at": "2024-07-07T06:09:14Z",
"updated_at": "2024-07-07T19:49:51Z",
"pushed_at": "2024-07-06T15:53:55Z",
"stargazers_count": 2,
"watchers_count": 2,
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -91,7 +91,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 2,
"watchers": 3,
"score": 0,
"subscribers_count": 1
},

12
2024/CVE-2024-39943.json
View file

@ -13,19 +13,19 @@
"description": "CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).",
"fork": false,
"created_at": "2024-07-05T06:46:34Z",
"updated_at": "2024-07-07T12:58:46Z",
"updated_at": "2024-07-07T21:54:24Z",
"pushed_at": "2024-07-07T03:41:03Z",
"stargazers_count": 10,
"watchers_count": 10,
"stargazers_count": 12,
"watchers_count": 12,
"has_discussions": false,
"forks_count": 4,
"forks_count": 5,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 10,
"forks": 5,
"watchers": 12,
"score": 0,
"subscribers_count": 1
},

4
2024/CVE-2024-4040.json
View file

@ -133,8 +133,8 @@
"description": "CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass | Full Server Takeover | Wordlist Support",
"fork": false,
"created_at": "2024-04-25T19:51:38Z",
"updated_at": "2024-07-07T05:36:47Z",
"pushed_at": "2024-05-13T17:29:03Z",
"updated_at": "2024-07-07T23:48:00Z",
"pushed_at": "2024-07-07T23:47:58Z",
"stargazers_count": 47,
"watchers_count": 47,
"has_discussions": false,

24
2024/CVE-2024-4577.json
View file

@ -163,10 +163,10 @@
"description": "PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC",
"fork": false,
"created_at": "2024-06-07T09:52:54Z",
"updated_at": "2024-07-07T08:00:50Z",
"updated_at": "2024-07-07T23:49:18Z",
"pushed_at": "2024-06-22T15:13:52Z",
"stargazers_count": 161,
"watchers_count": 161,
"stargazers_count": 162,
"watchers_count": 162,
"has_discussions": false,
"forks_count": 38,
"allow_forking": true,
@ -175,7 +175,7 @@
"topics": [],
"visibility": "public",
"forks": 38,
"watchers": 161,
"watchers": 162,
"score": 0,
"subscribers_count": 4
},
@ -590,10 +590,10 @@
"description": "PHP CGI Argument Injection vulnerability",
"fork": false,
"created_at": "2024-06-09T14:18:21Z",
"updated_at": "2024-07-04T10:50:51Z",
"updated_at": "2024-07-07T19:09:20Z",
"pushed_at": "2024-06-09T14:20:36Z",
"stargazers_count": 17,
"watchers_count": 17,
"stargazers_count": 18,
"watchers_count": 18,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -602,7 +602,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 17,
"watchers": 18,
"score": 0,
"subscribers_count": 1
},
@ -934,10 +934,10 @@
"description": "Argument injection vulnerability in PHP",
"fork": false,
"created_at": "2024-06-15T02:49:37Z",
"updated_at": "2024-06-29T09:15:45Z",
"updated_at": "2024-07-07T21:10:26Z",
"pushed_at": "2024-06-15T02:57:48Z",
"stargazers_count": 6,
"watchers_count": 6,
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -946,7 +946,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 6,
"watchers": 7,
"score": 0,
"subscribers_count": 1
},

54
2024/CVE-2024-6387.json
View file

@ -56,19 +56,19 @@
"description": "a signal handler race condition in OpenSSH's server (sshd)",
"fork": false,
"created_at": "2024-07-01T10:55:29Z",
"updated_at": "2024-07-07T03:26:01Z",
"updated_at": "2024-07-07T20:36:29Z",
"pushed_at": "2024-07-01T10:54:02Z",
"stargazers_count": 404,
"watchers_count": 404,
"stargazers_count": 405,
"watchers_count": 405,
"has_discussions": false,
"forks_count": 178,
"forks_count": 179,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 178,
"watchers": 404,
"forks": 179,
"watchers": 405,
"score": 0,
"subscribers_count": 5
},
@ -86,10 +86,10 @@
"description": "32-bit PoC for CVE-2024-6387 — mirror of the original 7etsuo\/cve-2024-6387-poc",
"fork": false,
"created_at": "2024-07-01T12:16:21Z",
"updated_at": "2024-07-07T07:03:15Z",
"updated_at": "2024-07-07T19:21:53Z",
"pushed_at": "2024-07-01T12:25:01Z",
"stargazers_count": 364,
"watchers_count": 364,
"stargazers_count": 365,
"watchers_count": 365,
"has_discussions": false,
"forks_count": 82,
"allow_forking": true,
@ -98,7 +98,7 @@
"topics": [],
"visibility": "public",
"forks": 82,
"watchers": 364,
"watchers": 365,
"score": 0,
"subscribers_count": 7
},
@ -303,10 +303,10 @@
"description": "CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH",
"fork": false,
"created_at": "2024-07-01T20:33:20Z",
"updated_at": "2024-07-07T17:57:47Z",
"pushed_at": "2024-07-06T07:57:02Z",
"stargazers_count": 350,
"watchers_count": 350,
"updated_at": "2024-07-07T23:19:08Z",
"pushed_at": "2024-07-07T21:04:30Z",
"stargazers_count": 353,
"watchers_count": 353,
"has_discussions": false,
"forks_count": 73,
"allow_forking": true,
@ -321,7 +321,7 @@
],
"visibility": "public",
"forks": 73,
"watchers": 350,
"watchers": 353,
"score": 0,
"subscribers_count": 4
},
@ -1238,10 +1238,10 @@
"description": "CVE-2024-6387 with auto ip scanner and auto expliot ",
"fork": false,
"created_at": "2024-07-02T12:57:35Z",
"updated_at": "2024-07-04T01:55:29Z",
"updated_at": "2024-07-07T20:21:34Z",
"pushed_at": "2024-07-04T01:55:26Z",
"stargazers_count": 3,
"watchers_count": 3,
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -1268,7 +1268,7 @@
],
"visibility": "public",
"forks": 1,
"watchers": 3,
"watchers": 4,
"score": 0,
"subscribers_count": 1
},
@ -1446,10 +1446,10 @@
"description": "CVE-2024-6387 : Vulnerability Detection tool for regreSSHion Remote Unauthenticated Code Execution in OpenSSH Server",
"fork": false,
"created_at": "2024-07-02T17:04:52Z",
"updated_at": "2024-07-03T03:52:52Z",
"updated_at": "2024-07-07T19:50:05Z",
"pushed_at": "2024-07-02T17:47:29Z",
"stargazers_count": 2,
"watchers_count": 2,
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -1458,7 +1458,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 2,
"watchers": 3,
"score": 0,
"subscribers_count": 1
},
@ -1958,10 +1958,10 @@
"description": "Welcome to the CVE-2024-6387 OpenSSH Vulnerability Checker repository! This project offers multiple scripts to check the installed version of OpenSSH on your system and determine if it is vulnerable to CVE-2024-6387. It supports various environments, including Ubuntu, Mac, and Windows.",
"fork": false,
"created_at": "2024-07-04T03:56:08Z",
"updated_at": "2024-07-04T05:22:25Z",
"updated_at": "2024-07-07T21:11:55Z",
"pushed_at": "2024-07-04T05:13:49Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -1972,7 +1972,7 @@
],
"visibility": "public",
"forks": 1,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
},

20
README.md
View file

@ -1796,7 +1796,7 @@
<code>Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AIs ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end users system when interacted with.\n
</code>
- [LordVileOnX/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-](https://github.com/LordVileOnX/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-)
- [HexDoesRandomShit/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-](https://github.com/HexDoesRandomShit/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-)
- [OxyDeV2/ClearML-CVE-2024-24590](https://github.com/OxyDeV2/ClearML-CVE-2024-24590)
- [DemonPandaz2763/CVE-2024-24590](https://github.com/DemonPandaz2763/CVE-2024-24590)
- [xffsec/CVE-2024-24590-ClearML-RCE-Exploit](https://github.com/xffsec/CVE-2024-24590-ClearML-RCE-Exploit)
@ -2941,6 +2941,7 @@
- [cmsec423/Magento-XXE-CVE-2024-34102](https://github.com/cmsec423/Magento-XXE-CVE-2024-34102)
- [jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento](https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento)
- [0xhunster/CVE-2024-34102](https://github.com/0xhunster/CVE-2024-34102)
- [SamJUK/cosmicsting-validator](https://github.com/SamJUK/cosmicsting-validator)
### CVE-2024-34220 (-)
@ -3026,6 +3027,13 @@
- [Voorivex/CVE-2024-34351](https://github.com/Voorivex/CVE-2024-34351)
### CVE-2024-34361 (2024-07-05)
<code>Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
</code>
- [T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE](https://github.com/T0X1Cx/CVE-2024-34361-PiHole-SSRF-to-RCE)
### CVE-2024-34452 (2024-06-21)
<code>CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document.
@ -18786,7 +18794,6 @@
- [mutur4/CVE-2021-3156](https://github.com/mutur4/CVE-2021-3156)
- [PurpleOzone/PE_CVE-CVE-2021-3156](https://github.com/PurpleOzone/PE_CVE-CVE-2021-3156)
- [asepsaepdin/CVE-2021-3156](https://github.com/asepsaepdin/CVE-2021-3156)
- [EthicalSecurity-Agency/Y3A-CVE-2021-3156](https://github.com/EthicalSecurity-Agency/Y3A-CVE-2021-3156)
- [DDayLuong/CVE-2021-3156](https://github.com/DDayLuong/CVE-2021-3156)
- [DASICS-ICT/DASICS-CVE-2021-3156](https://github.com/DASICS-ICT/DASICS-CVE-2021-3156)
- [wurwur/CVE-2021-3156](https://github.com/wurwur/CVE-2021-3156)
@ -19337,6 +19344,7 @@
- [ndmalc/CVE-2021-20323](https://github.com/ndmalc/CVE-2021-20323)
- [Cappricio-Securities/CVE-2021-20323](https://github.com/Cappricio-Securities/CVE-2021-20323)
- [cscpwn0sec/CVE-2021-20323](https://github.com/cscpwn0sec/CVE-2021-20323)
### CVE-2021-20717 (2021-05-10)
@ -21809,7 +21817,6 @@
</code>
- [StackOverflowExcept1on/CVE-2021-36393](https://github.com/StackOverflowExcept1on/CVE-2021-36393)
- [T0X1Cx/CVE-2021-36393-Exploit](https://github.com/T0X1Cx/CVE-2021-36393-Exploit)
### CVE-2021-36394 (2023-03-06)
@ -21819,6 +21826,13 @@
- [dinhbaouit/CVE-2021-36394](https://github.com/dinhbaouit/CVE-2021-36394)
- [lavclash75/CVE-2021-36394-Pre-Auth-RCE-in-Moodle](https://github.com/lavclash75/CVE-2021-36394-Pre-Auth-RCE-in-Moodle)
### CVE-2021-36396 (2023-03-06)
<code>In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
</code>
- [T0X1Cx/CVE-2021-36396-Exploit](https://github.com/T0X1Cx/CVE-2021-36396-Exploit)
### CVE-2021-36460 (2022-04-25)
<code>VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless.