mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2025/01/03 00:31:50

Browse source
This commit is contained in:
motikan2010-bot 2025-01-03 09:31:50 +09:00
parent 4f3c539834
commit 9610d38179
30 changed files with 140 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
2019/CVE-2019-11358.json
View file

@ -132,13 +132,13 @@
"stargazers_count": 177,
"watchers_count": 177,
"has_discussions": false,
"forks_count": 60,
"forks_count": 61,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 60,
"forks": 61,
"watchers": 177,
"score": 0,
"subscribers_count": 13

4
2020/CVE-2020-14882.json
View file

@ -1001,8 +1001,8 @@
"description": null,
"fork": false,
"created_at": "2024-12-26T04:45:46Z",
"updated_at": "2024-12-27T03:03:05Z",
"pushed_at": "2024-12-27T03:02:44Z",
"updated_at": "2025-01-02T22:06:16Z",
"pushed_at": "2025-01-02T22:06:13Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

2
2020/CVE-2020-17136.json
View file

@ -28,7 +28,7 @@
"forks": 0,
"watchers": 3,
"score": 0,
"subscribers_count": 2
"subscribers_count": 3
},
{
"id": 349138961,

8
2021/CVE-2021-0928.json
View file

@ -14,10 +14,10 @@
"description": "Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`\/`createFromParcel` serialization mismatch in `OutputConfiguration`",
"fork": false,
"created_at": "2022-01-29T10:14:32Z",
"updated_at": "2024-11-07T07:36:42Z",
"updated_at": "2025-01-02T20:17:06Z",
"pushed_at": "2022-03-03T17:50:03Z",
"stargazers_count": 109,
"watchers_count": 109,
"stargazers_count": 110,
"watchers_count": 110,
"has_discussions": false,
"forks_count": 20,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 20,
"watchers": 109,
"watchers": 110,
"score": 0,
"subscribers_count": 5
}

16
2021/CVE-2021-1675.json
View file

@ -45,10 +45,10 @@
"description": "C# and Impacket implementation of PrintNightmare CVE-2021-1675\/CVE-2021-34527",
"fork": false,
"created_at": "2021-06-29T17:24:14Z",
"updated_at": "2024-12-27T07:35:51Z",
"updated_at": "2025-01-02T21:33:17Z",
"pushed_at": "2021-07-20T15:28:13Z",
"stargazers_count": 1850,
"watchers_count": 1850,
"stargazers_count": 1851,
"watchers_count": 1851,
"has_discussions": false,
"forks_count": 584,
"allow_forking": true,
@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 584,
"watchers": 1850,
"watchers": 1851,
"score": 0,
"subscribers_count": 43
},
@ -311,10 +311,10 @@
"description": "Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)",
"fork": false,
"created_at": "2021-07-01T23:45:58Z",
"updated_at": "2024-12-29T23:55:32Z",
"updated_at": "2025-01-02T21:26:46Z",
"pushed_at": "2021-07-05T08:54:06Z",
"stargazers_count": 1022,
"watchers_count": 1022,
"stargazers_count": 1023,
"watchers_count": 1023,
"has_discussions": false,
"forks_count": 231,
"allow_forking": true,
@ -323,7 +323,7 @@
"topics": [],
"visibility": "public",
"forks": 231,
"watchers": 1022,
"watchers": 1023,
"score": 0,
"subscribers_count": 26
},

8
2021/CVE-2021-30860.json
View file

@ -45,10 +45,10 @@
"description": "Collection of materials relating to FORCEDENTRY",
"fork": false,
"created_at": "2021-12-25T03:00:01Z",
"updated_at": "2024-12-07T07:35:34Z",
"updated_at": "2025-01-02T21:48:11Z",
"pushed_at": "2024-03-30T22:17:05Z",
"stargazers_count": 94,
"watchers_count": 94,
"stargazers_count": 95,
"watchers_count": 95,
"has_discussions": false,
"forks_count": 24,
"allow_forking": true,
@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 24,
"watchers": 94,
"watchers": 95,
"score": 0,
"subscribers_count": 5
}

8
2021/CVE-2021-42287.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2021-42287\/CVE-2021-42278 Scanner & Exploiter.",
"fork": false,
"created_at": "2021-12-11T19:27:30Z",
"updated_at": "2025-01-02T04:02:56Z",
"updated_at": "2025-01-02T20:21:41Z",
"pushed_at": "2021-12-16T09:50:15Z",
"stargazers_count": 1349,
"watchers_count": 1349,
"stargazers_count": 1348,
"watchers_count": 1348,
"has_discussions": false,
"forks_count": 323,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 323,
"watchers": 1349,
"watchers": 1348,
"score": 0,
"subscribers_count": 27
},

8
2021/CVE-2021-43326.json
View file

@ -14,10 +14,10 @@
"description": ":boom: Automox Windows Agent Privilege Escalation Exploit",
"fork": false,
"created_at": "2021-12-13T17:26:28Z",
"updated_at": "2024-12-30T20:16:34Z",
"updated_at": "2025-01-02T22:05:11Z",
"pushed_at": "2022-01-06T20:49:25Z",
"stargazers_count": 3,
"watchers_count": 3,
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 3,
"watchers": 2,
"score": 0,
"subscribers_count": 1
}

8
2021/CVE-2021-44228.json
View file

@ -2027,10 +2027,10 @@
"description": "A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC",
"fork": false,
"created_at": "2021-12-12T00:29:03Z",
"updated_at": "2024-12-26T05:13:44Z",
"updated_at": "2025-01-02T19:19:01Z",
"pushed_at": "2022-03-10T18:44:50Z",
"stargazers_count": 637,
"watchers_count": 637,
"stargazers_count": 638,
"watchers_count": 638,
"has_discussions": false,
"forks_count": 98,
"allow_forking": true,
@ -2051,7 +2051,7 @@
],
"visibility": "public",
"forks": 98,
"watchers": 637,
"watchers": 638,
"score": 0,
"subscribers_count": 28
},

2
2023/CVE-2023-25194.json
View file

@ -77,7 +77,7 @@
"fork": false,
"created_at": "2024-04-17T13:36:34Z",
"updated_at": "2024-10-30T14:55:15Z",
"pushed_at": "2024-12-27T22:50:19Z",
"pushed_at": "2025-01-02T22:30:21Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

10
2023/CVE-2023-28252.json
View file

@ -14,7 +14,7 @@
"description": null,
"fork": false,
"created_at": "2023-06-27T12:22:05Z",
"updated_at": "2024-11-19T08:49:17Z",
"updated_at": "2025-01-02T23:06:20Z",
"pushed_at": "2023-07-10T16:57:44Z",
"stargazers_count": 173,
"watchers_count": 173,
@ -138,10 +138,10 @@
"description": "A modification to fortra's CVE-2023-28252 exploit, compiled to exe",
"fork": false,
"created_at": "2024-01-22T10:38:02Z",
"updated_at": "2024-12-28T12:58:56Z",
"updated_at": "2025-01-02T22:31:57Z",
"pushed_at": "2024-01-24T13:45:56Z",
"stargazers_count": 52,
"watchers_count": 52,
"stargazers_count": 53,
"watchers_count": 53,
"has_discussions": false,
"forks_count": 11,
"allow_forking": true,
@ -150,7 +150,7 @@
"topics": [],
"visibility": "public",
"forks": 11,
"watchers": 52,
"watchers": 53,
"score": 0,
"subscribers_count": 2
},

2
2023/CVE-2023-36845.json
View file

@ -15,7 +15,7 @@
"fork": false,
"created_at": "2023-09-16T09:11:21Z",
"updated_at": "2024-11-16T19:51:18Z",
"pushed_at": "2024-12-27T18:26:19Z",
"pushed_at": "2025-01-02T18:32:11Z",
"stargazers_count": 60,
"watchers_count": 60,
"has_discussions": false,

8
2023/CVE-2023-38709.json
View file

@ -14,10 +14,10 @@
"description": "Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709",
"fork": false,
"created_at": "2024-10-05T20:32:45Z",
"updated_at": "2025-01-02T10:10:22Z",
"updated_at": "2025-01-02T21:39:30Z",
"pushed_at": "2024-10-05T20:37:02Z",
"stargazers_count": 61,
"watchers_count": 61,
"stargazers_count": 62,
"watchers_count": 62,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -37,7 +37,7 @@
],
"visibility": "public",
"forks": 10,
"watchers": 61,
"watchers": 62,
"score": 0,
"subscribers_count": 1
}

12
2023/CVE-2023-45866.json
View file

@ -14,19 +14,19 @@
"description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)",
"fork": false,
"created_at": "2024-01-16T06:52:02Z",
"updated_at": "2025-01-02T15:54:30Z",
"updated_at": "2025-01-02T22:17:38Z",
"pushed_at": "2024-08-18T08:26:46Z",
"stargazers_count": 1321,
"watchers_count": 1321,
"stargazers_count": 1322,
"watchers_count": 1322,
"has_discussions": false,
"forks_count": 225,
"forks_count": 226,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 225,
"watchers": 1321,
"forks": 226,
"watchers": 1322,
"score": 0,
"subscribers_count": 21
},

8
2024/CVE-2024-21413.json
View file

@ -107,10 +107,10 @@
"description": "CVE-2024-21413 PoC for THM Lab",
"fork": false,
"created_at": "2024-02-17T14:52:52Z",
"updated_at": "2025-01-02T17:07:36Z",
"updated_at": "2025-01-02T23:21:52Z",
"pushed_at": "2024-03-13T02:44:28Z",
"stargazers_count": 58,
"watchers_count": 58,
"stargazers_count": 59,
"watchers_count": 59,
"has_discussions": false,
"forks_count": 14,
"allow_forking": true,
@ -119,7 +119,7 @@
"topics": [],
"visibility": "public",
"forks": 14,
"watchers": 58,
"watchers": 59,
"score": 0,
"subscribers_count": 1
},

4
2024/CVE-2024-23897.json
View file

@ -1091,8 +1091,8 @@
"description": "Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE",
"fork": false,
"created_at": "2025-01-02T03:28:56Z",
"updated_at": "2025-01-02T11:51:41Z",
"pushed_at": "2025-01-02T11:51:38Z",
"updated_at": "2025-01-02T20:20:14Z",
"pushed_at": "2025-01-02T20:20:10Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2024/CVE-2024-2887.json
View file

@ -14,10 +14,10 @@
"description": "Chrome(CVE-2024-2887)RCE-POC",
"fork": false,
"created_at": "2024-08-25T07:30:25Z",
"updated_at": "2024-09-21T17:20:40Z",
"updated_at": "2025-01-02T19:12:31Z",
"pushed_at": "2024-08-25T07:33:36Z",
"stargazers_count": 3,
"watchers_count": 3,
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 3,
"watchers": 4,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-30051.json
View file

@ -14,10 +14,10 @@
"description": null,
"fork": false,
"created_at": "2024-08-14T16:20:38Z",
"updated_at": "2024-12-28T12:37:03Z",
"updated_at": "2025-01-02T19:52:35Z",
"pushed_at": "2024-09-05T23:21:00Z",
"stargazers_count": 112,
"watchers_count": 112,
"stargazers_count": 113,
"watchers_count": 113,
"has_discussions": false,
"forks_count": 33,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 33,
"watchers": 112,
"watchers": 113,
"score": 0,
"subscribers_count": 3
}

8
2024/CVE-2024-37085.json
View file

@ -45,10 +45,10 @@
"description": "CVE-2024-37085 VMware ESXi RCE Vulnerability",
"fork": false,
"created_at": "2024-08-06T18:23:43Z",
"updated_at": "2024-12-20T01:43:12Z",
"updated_at": "2025-01-02T22:34:34Z",
"pushed_at": "2024-08-06T18:25:19Z",
"stargazers_count": 10,
"watchers_count": 10,
"stargazers_count": 11,
"watchers_count": 11,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 10,
"watchers": 11,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-37742.json
View file

@ -2,15 +2,15 @@
{
"id": 817975765,
"name": "CVE-2024-37742",
"full_name": "Cha0sK3rn3l\/CVE-2024-37742",
"full_name": "cha0sk3rn3l\/CVE-2024-37742",
"owner": {
"login": "Cha0sK3rn3l",
"login": "cha0sk3rn3l",
"id": 151763816,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/151763816?v=4",
"html_url": "https:\/\/github.com\/Cha0sK3rn3l",
"html_url": "https:\/\/github.com\/cha0sk3rn3l",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Cha0sK3rn3l\/CVE-2024-37742",
"html_url": "https:\/\/github.com\/cha0sk3rn3l\/CVE-2024-37742",
"description": "This repository contains a PoC for exploiting CVE-2024-37742, a vulnerability in Safe Exam Browser (SEB) ≤ 3.5.0 on Windows. The vulnerability enables unauthorized clipboard data sharing between SEB's kiosk mode and the underlying system, compromising the integrity of exams.",
"fork": false,
"created_at": "2024-06-20T21:01:28Z",

8
2024/CVE-2024-38472.json
View file

@ -45,10 +45,10 @@
"description": "Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709",
"fork": false,
"created_at": "2024-10-05T20:32:45Z",
"updated_at": "2025-01-02T10:10:22Z",
"updated_at": "2025-01-02T21:39:30Z",
"pushed_at": "2024-10-05T20:37:02Z",
"stargazers_count": 61,
"watchers_count": 61,
"stargazers_count": 62,
"watchers_count": 62,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -68,7 +68,7 @@
],
"visibility": "public",
"forks": 10,
"watchers": 61,
"watchers": 62,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-38819.json
View file

@ -14,10 +14,10 @@
"description": null,
"fork": false,
"created_at": "2024-12-14T09:22:33Z",
"updated_at": "2024-12-30T01:25:25Z",
"updated_at": "2025-01-02T23:24:33Z",
"pushed_at": "2024-12-14T10:13:45Z",
"stargazers_count": 32,
"watchers_count": 32,
"stargazers_count": 33,
"watchers_count": 33,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 32,
"watchers": 33,
"score": 0,
"subscribers_count": 3
},

8
2024/CVE-2024-38856.json
View file

@ -239,10 +239,10 @@
"description": "Tentang Pemindai & Eksploitasi Apache OFBiz RCE (CVE-2024-38856)",
"fork": false,
"created_at": "2025-01-02T15:25:31Z",
"updated_at": "2025-01-02T15:27:38Z",
"updated_at": "2025-01-02T20:41:30Z",
"pushed_at": "2025-01-02T15:27:34Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -251,7 +251,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}

31
2024/CVE-2024-42327.json
View file

@ -184,5 +184,36 @@
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 910901711,
"name": "Zabbix-CVE-2024-42327-SQL-Injection-RCE",
"full_name": "BridgerAlderson\/Zabbix-CVE-2024-42327-SQL-Injection-RCE",
"owner": {
"login": "BridgerAlderson",
"id": 139403792,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/139403792?v=4",
"html_url": "https:\/\/github.com\/BridgerAlderson",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/BridgerAlderson\/Zabbix-CVE-2024-42327-SQL-Injection-RCE",
"description": "Zabbix CVE-2024-42327 PoC",
"fork": false,
"created_at": "2025-01-01T18:25:44Z",
"updated_at": "2025-01-02T20:40:49Z",
"pushed_at": "2025-01-02T20:40:45Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}
]

12
2024/CVE-2024-49113.json
View file

@ -14,19 +14,19 @@
"description": "LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113",
"fork": false,
"created_at": "2025-01-01T15:48:38Z",
"updated_at": "2025-01-02T17:50:29Z",
"updated_at": "2025-01-03T00:25:54Z",
"pushed_at": "2025-01-02T16:07:23Z",
"stargazers_count": 212,
"watchers_count": 212,
"stargazers_count": 246,
"watchers_count": 246,
"has_discussions": false,
"forks_count": 52,
"forks_count": 58,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 52,
"watchers": 212,
"forks": 58,
"watchers": 246,
"score": 0,
"subscribers_count": 2
}

4
2024/CVE-2024-50944.json
View file

@ -14,8 +14,8 @@
"description": "Integer Overflow in Cart Logic in SimplCommerce allows remote attackers to manipulate product quantities and total prices via crafted inputs that exploit insufficient validation of the quantity parameter.",
"fork": false,
"created_at": "2024-12-19T23:33:21Z",
"updated_at": "2024-12-24T12:02:39Z",
"pushed_at": "2024-12-24T12:02:35Z",
"updated_at": "2025-01-02T20:58:37Z",
"pushed_at": "2025-01-02T20:58:34Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2024/CVE-2024-50945.json
View file

@ -14,8 +14,8 @@
"description": "SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.",
"fork": false,
"created_at": "2024-12-20T00:43:18Z",
"updated_at": "2024-12-24T12:02:58Z",
"pushed_at": "2024-12-24T12:02:54Z",
"updated_at": "2025-01-02T20:59:58Z",
"pushed_at": "2025-01-02T20:59:54Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

4
2024/CVE-2024-53476.json
View file

@ -14,8 +14,8 @@
"description": "SimplCommerce is affected by a race condition vulnerability in the checkout logic, allowing multiple users to purchase more products than are in stock via simultaneous checkout requests.",
"fork": false,
"created_at": "2024-12-20T00:27:22Z",
"updated_at": "2024-12-24T12:02:20Z",
"pushed_at": "2024-12-24T12:02:17Z",
"updated_at": "2025-01-02T20:59:27Z",
"pushed_at": "2025-01-02T20:59:23Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2024/CVE-2024-54152.json
View file

@ -14,10 +14,10 @@
"description": null,
"fork": false,
"created_at": "2024-12-30T01:07:48Z",
"updated_at": "2025-01-02T14:43:45Z",
"updated_at": "2025-01-02T20:06:07Z",
"pushed_at": "2024-12-30T01:08:00Z",
"stargazers_count": 9,
"watchers_count": 9,
"stargazers_count": 11,
"watchers_count": 11,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 9,
"watchers": 11,
"score": 0,
"subscribers_count": 1
}

13
README.md
View file

@ -5582,7 +5582,7 @@
<code>Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams.
</code>
- [Cha0sK3rn3l/CVE-2024-37742](https://github.com/Cha0sK3rn3l/CVE-2024-37742)
- [cha0sk3rn3l/CVE-2024-37742](https://github.com/cha0sk3rn3l/CVE-2024-37742)
### CVE-2024-37759 (2024-06-24)
@ -6329,6 +6329,7 @@
- [watchdog1337/CVE-2024-42327_Zabbix_SQLI](https://github.com/watchdog1337/CVE-2024-42327_Zabbix_SQLI)
- [itform-fr/Zabbix---CVE-2024-42327](https://github.com/itform-fr/Zabbix---CVE-2024-42327)
- [igorbf495/CVE-2024-42327](https://github.com/igorbf495/CVE-2024-42327)
- [BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE](https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE)
### CVE-2024-42346 (2024-09-20)
@ -6974,7 +6975,11 @@
- [MarioTesoro/CVE-2024-47854](https://github.com/MarioTesoro/CVE-2024-47854)
### CVE-2024-48197
### CVE-2024-48197 (2025-01-02)
<code>Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface.
</code>
- [GCatt-AS/CVE-2024-48197](https://github.com/GCatt-AS/CVE-2024-48197)
### CVE-2024-48208 (2024-10-24)
@ -20123,7 +20128,7 @@
### CVE-2022-30190 (2022-06-01)
<code>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the users rights.\nPlease see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.\n
<code>A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the users rights.\nPlease see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
</code>
- [JMousqueton/PoC-CVE-2022-30190](https://github.com/JMousqueton/PoC-CVE-2022-30190)
@ -48464,7 +48469,7 @@
### CVE-2013-3900 (2013-12-11)
<code>Why is Microsoft republishing a CVE from 2013?\nWe are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, the information herein remains unchanged from the original text published on December 10, 2013.\nMicrosoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software.\nVulnerability Description\nA remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIf a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an existing signed file to include malicious code without invalidating the signature. This code would... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900
<code>Why is Microsoft republishing a CVE from 2013?\nWe are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, except for clarifications about how to configure the EnableCertPaddingCheck registry value, the information herein remains unchanged from the original text published on December 10, 2013,\nMicrosoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software.\nVulnerability Description\nA remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIf a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900
</code>
- [snoopopsec/vulnerability-CVE-2013-3900](https://github.com/snoopopsec/vulnerability-CVE-2013-3900)