From 9610d38179324113bde4a9624bb2e5953eb25fec Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Fri, 3 Jan 2025 09:31:50 +0900 Subject: [PATCH] Auto Update 2025/01/03 00:31:50 --- 2019/CVE-2019-11358.json | 4 ++-- 2020/CVE-2020-14882.json | 4 ++-- 2020/CVE-2020-17136.json | 2 +- 2021/CVE-2021-0928.json | 8 ++++---- 2021/CVE-2021-1675.json | 16 ++++++++-------- 2021/CVE-2021-30860.json | 8 ++++---- 2021/CVE-2021-42287.json | 8 ++++---- 2021/CVE-2021-43326.json | 8 ++++---- 2021/CVE-2021-44228.json | 8 ++++---- 2023/CVE-2023-25194.json | 2 +- 2023/CVE-2023-28252.json | 10 +++++----- 2023/CVE-2023-36845.json | 2 +- 2023/CVE-2023-38709.json | 8 ++++---- 2023/CVE-2023-45866.json | 12 ++++++------ 2024/CVE-2024-21413.json | 8 ++++---- 2024/CVE-2024-23897.json | 4 ++-- 2024/CVE-2024-2887.json | 8 ++++---- 2024/CVE-2024-30051.json | 8 ++++---- 2024/CVE-2024-37085.json | 8 ++++---- 2024/CVE-2024-37742.json | 8 ++++---- 2024/CVE-2024-38472.json | 8 ++++---- 2024/CVE-2024-38819.json | 8 ++++---- 2024/CVE-2024-38856.json | 8 ++++---- 2024/CVE-2024-42327.json | 31 +++++++++++++++++++++++++++++++ 2024/CVE-2024-49113.json | 12 ++++++------ 2024/CVE-2024-50944.json | 4 ++-- 2024/CVE-2024-50945.json | 4 ++-- 2024/CVE-2024-53476.json | 4 ++-- 2024/CVE-2024-54152.json | 8 ++++---- README.md | 13 +++++++++---- 30 files changed, 140 insertions(+), 104 deletions(-) diff --git a/2019/CVE-2019-11358.json b/2019/CVE-2019-11358.json index 6056ca8993..281a3777dc 100644 --- a/2019/CVE-2019-11358.json +++ b/2019/CVE-2019-11358.json @@ -132,13 +132,13 @@ "stargazers_count": 177, "watchers_count": 177, "has_discussions": false, - "forks_count": 60, + "forks_count": 61, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 60, + "forks": 61, "watchers": 177, "score": 0, "subscribers_count": 13 diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index 4317720b44..c2555bd38d 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -1001,8 +1001,8 @@ "description": null, "fork": false, "created_at": "2024-12-26T04:45:46Z", - "updated_at": "2024-12-27T03:03:05Z", - "pushed_at": "2024-12-27T03:02:44Z", + "updated_at": "2025-01-02T22:06:16Z", + "pushed_at": "2025-01-02T22:06:13Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2020/CVE-2020-17136.json b/2020/CVE-2020-17136.json index 0348270746..f68b690a70 100644 --- a/2020/CVE-2020-17136.json +++ b/2020/CVE-2020-17136.json @@ -28,7 +28,7 @@ "forks": 0, "watchers": 3, "score": 0, - "subscribers_count": 2 + "subscribers_count": 3 }, { "id": 349138961, diff --git a/2021/CVE-2021-0928.json b/2021/CVE-2021-0928.json index dd3f98b938..97445f92dd 100644 --- a/2021/CVE-2021-0928.json +++ b/2021/CVE-2021-0928.json @@ -14,10 +14,10 @@ "description": "Writeup and exploit for installed app to system privilege escalation on Android 12 Beta through CVE-2021-0928, a `writeToParcel`\/`createFromParcel` serialization mismatch in `OutputConfiguration`", "fork": false, "created_at": "2022-01-29T10:14:32Z", - "updated_at": "2024-11-07T07:36:42Z", + "updated_at": "2025-01-02T20:17:06Z", "pushed_at": "2022-03-03T17:50:03Z", - "stargazers_count": 109, - "watchers_count": 109, + "stargazers_count": 110, + "watchers_count": 110, "has_discussions": false, "forks_count": 20, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 20, - "watchers": 109, + "watchers": 110, "score": 0, "subscribers_count": 5 } diff --git a/2021/CVE-2021-1675.json b/2021/CVE-2021-1675.json index 45929fb5a2..f958519e33 100644 --- a/2021/CVE-2021-1675.json +++ b/2021/CVE-2021-1675.json @@ -45,10 +45,10 @@ "description": "C# and Impacket implementation of PrintNightmare CVE-2021-1675\/CVE-2021-34527", "fork": false, "created_at": "2021-06-29T17:24:14Z", - "updated_at": "2024-12-27T07:35:51Z", + "updated_at": "2025-01-02T21:33:17Z", "pushed_at": "2021-07-20T15:28:13Z", - "stargazers_count": 1850, - "watchers_count": 1850, + "stargazers_count": 1851, + "watchers_count": 1851, "has_discussions": false, "forks_count": 584, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 584, - "watchers": 1850, + "watchers": 1851, "score": 0, "subscribers_count": 43 }, @@ -311,10 +311,10 @@ "description": "Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)", "fork": false, "created_at": "2021-07-01T23:45:58Z", - "updated_at": "2024-12-29T23:55:32Z", + "updated_at": "2025-01-02T21:26:46Z", "pushed_at": "2021-07-05T08:54:06Z", - "stargazers_count": 1022, - "watchers_count": 1022, + "stargazers_count": 1023, + "watchers_count": 1023, "has_discussions": false, "forks_count": 231, "allow_forking": true, @@ -323,7 +323,7 @@ "topics": [], "visibility": "public", "forks": 231, - "watchers": 1022, + "watchers": 1023, "score": 0, "subscribers_count": 26 }, diff --git a/2021/CVE-2021-30860.json b/2021/CVE-2021-30860.json index e9786d0696..6d68c7e3d4 100644 --- a/2021/CVE-2021-30860.json +++ b/2021/CVE-2021-30860.json @@ -45,10 +45,10 @@ "description": "Collection of materials relating to FORCEDENTRY", "fork": false, "created_at": "2021-12-25T03:00:01Z", - "updated_at": "2024-12-07T07:35:34Z", + "updated_at": "2025-01-02T21:48:11Z", "pushed_at": "2024-03-30T22:17:05Z", - "stargazers_count": 94, - "watchers_count": 94, + "stargazers_count": 95, + "watchers_count": 95, "has_discussions": false, "forks_count": 24, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 24, - "watchers": 94, + "watchers": 95, "score": 0, "subscribers_count": 5 } diff --git a/2021/CVE-2021-42287.json b/2021/CVE-2021-42287.json index 8c757f4304..5b4768cfe8 100644 --- a/2021/CVE-2021-42287.json +++ b/2021/CVE-2021-42287.json @@ -14,10 +14,10 @@ "description": "CVE-2021-42287\/CVE-2021-42278 Scanner & Exploiter.", "fork": false, "created_at": "2021-12-11T19:27:30Z", - "updated_at": "2025-01-02T04:02:56Z", + "updated_at": "2025-01-02T20:21:41Z", "pushed_at": "2021-12-16T09:50:15Z", - "stargazers_count": 1349, - "watchers_count": 1349, + "stargazers_count": 1348, + "watchers_count": 1348, "has_discussions": false, "forks_count": 323, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 323, - "watchers": 1349, + "watchers": 1348, "score": 0, "subscribers_count": 27 }, diff --git a/2021/CVE-2021-43326.json b/2021/CVE-2021-43326.json index efa12245b1..85b2ea7829 100644 --- a/2021/CVE-2021-43326.json +++ b/2021/CVE-2021-43326.json @@ -14,10 +14,10 @@ "description": ":boom: Automox Windows Agent Privilege Escalation Exploit", "fork": false, "created_at": "2021-12-13T17:26:28Z", - "updated_at": "2024-12-30T20:16:34Z", + "updated_at": "2025-01-02T22:05:11Z", "pushed_at": "2022-01-06T20:49:25Z", - "stargazers_count": 3, - "watchers_count": 3, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 3, + "watchers": 2, "score": 0, "subscribers_count": 1 } diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index 11fe5f3807..fed21dfbab 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -2027,10 +2027,10 @@ "description": "A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC", "fork": false, "created_at": "2021-12-12T00:29:03Z", - "updated_at": "2024-12-26T05:13:44Z", + "updated_at": "2025-01-02T19:19:01Z", "pushed_at": "2022-03-10T18:44:50Z", - "stargazers_count": 637, - "watchers_count": 637, + "stargazers_count": 638, + "watchers_count": 638, "has_discussions": false, "forks_count": 98, "allow_forking": true, @@ -2051,7 +2051,7 @@ ], "visibility": "public", "forks": 98, - "watchers": 637, + "watchers": 638, "score": 0, "subscribers_count": 28 }, diff --git a/2023/CVE-2023-25194.json b/2023/CVE-2023-25194.json index f0585ac32f..1bb7fe24db 100644 --- a/2023/CVE-2023-25194.json +++ b/2023/CVE-2023-25194.json @@ -77,7 +77,7 @@ "fork": false, "created_at": "2024-04-17T13:36:34Z", "updated_at": "2024-10-30T14:55:15Z", - "pushed_at": "2024-12-27T22:50:19Z", + "pushed_at": "2025-01-02T22:30:21Z", "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, diff --git a/2023/CVE-2023-28252.json b/2023/CVE-2023-28252.json index c973565b0d..5f656b88e6 100644 --- a/2023/CVE-2023-28252.json +++ b/2023/CVE-2023-28252.json @@ -14,7 +14,7 @@ "description": null, "fork": false, "created_at": "2023-06-27T12:22:05Z", - "updated_at": "2024-11-19T08:49:17Z", + "updated_at": "2025-01-02T23:06:20Z", "pushed_at": "2023-07-10T16:57:44Z", "stargazers_count": 173, "watchers_count": 173, @@ -138,10 +138,10 @@ "description": "A modification to fortra's CVE-2023-28252 exploit, compiled to exe", "fork": false, "created_at": "2024-01-22T10:38:02Z", - "updated_at": "2024-12-28T12:58:56Z", + "updated_at": "2025-01-02T22:31:57Z", "pushed_at": "2024-01-24T13:45:56Z", - "stargazers_count": 52, - "watchers_count": 52, + "stargazers_count": 53, + "watchers_count": 53, "has_discussions": false, "forks_count": 11, "allow_forking": true, @@ -150,7 +150,7 @@ "topics": [], "visibility": "public", "forks": 11, - "watchers": 52, + "watchers": 53, "score": 0, "subscribers_count": 2 }, diff --git a/2023/CVE-2023-36845.json b/2023/CVE-2023-36845.json index 3ce4754919..6a97d1fc31 100644 --- a/2023/CVE-2023-36845.json +++ b/2023/CVE-2023-36845.json @@ -15,7 +15,7 @@ "fork": false, "created_at": "2023-09-16T09:11:21Z", "updated_at": "2024-11-16T19:51:18Z", - "pushed_at": "2024-12-27T18:26:19Z", + "pushed_at": "2025-01-02T18:32:11Z", "stargazers_count": 60, "watchers_count": 60, "has_discussions": false, diff --git a/2023/CVE-2023-38709.json b/2023/CVE-2023-38709.json index 389283ec91..ed783f8b4e 100644 --- a/2023/CVE-2023-38709.json +++ b/2023/CVE-2023-38709.json @@ -14,10 +14,10 @@ "description": "Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "fork": false, "created_at": "2024-10-05T20:32:45Z", - "updated_at": "2025-01-02T10:10:22Z", + "updated_at": "2025-01-02T21:39:30Z", "pushed_at": "2024-10-05T20:37:02Z", - "stargazers_count": 61, - "watchers_count": 61, + "stargazers_count": 62, + "watchers_count": 62, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -37,7 +37,7 @@ ], "visibility": "public", "forks": 10, - "watchers": 61, + "watchers": 62, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-45866.json b/2023/CVE-2023-45866.json index 2d0ec940f7..8519e208f4 100644 --- a/2023/CVE-2023-45866.json +++ b/2023/CVE-2023-45866.json @@ -14,19 +14,19 @@ "description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)", "fork": false, "created_at": "2024-01-16T06:52:02Z", - "updated_at": "2025-01-02T15:54:30Z", + "updated_at": "2025-01-02T22:17:38Z", "pushed_at": "2024-08-18T08:26:46Z", - "stargazers_count": 1321, - "watchers_count": 1321, + "stargazers_count": 1322, + "watchers_count": 1322, "has_discussions": false, - "forks_count": 225, + "forks_count": 226, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 225, - "watchers": 1321, + "forks": 226, + "watchers": 1322, "score": 0, "subscribers_count": 21 }, diff --git a/2024/CVE-2024-21413.json b/2024/CVE-2024-21413.json index d6123023cf..19cc9b1683 100644 --- a/2024/CVE-2024-21413.json +++ b/2024/CVE-2024-21413.json @@ -107,10 +107,10 @@ "description": "CVE-2024-21413 PoC for THM Lab", "fork": false, "created_at": "2024-02-17T14:52:52Z", - "updated_at": "2025-01-02T17:07:36Z", + "updated_at": "2025-01-02T23:21:52Z", "pushed_at": "2024-03-13T02:44:28Z", - "stargazers_count": 58, - "watchers_count": 58, + "stargazers_count": 59, + "watchers_count": 59, "has_discussions": false, "forks_count": 14, "allow_forking": true, @@ -119,7 +119,7 @@ "topics": [], "visibility": "public", "forks": 14, - "watchers": 58, + "watchers": 59, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-23897.json b/2024/CVE-2024-23897.json index a0535549a0..3a68a219ac 100644 --- a/2024/CVE-2024-23897.json +++ b/2024/CVE-2024-23897.json @@ -1091,8 +1091,8 @@ "description": "Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE", "fork": false, "created_at": "2025-01-02T03:28:56Z", - "updated_at": "2025-01-02T11:51:41Z", - "pushed_at": "2025-01-02T11:51:38Z", + "updated_at": "2025-01-02T20:20:14Z", + "pushed_at": "2025-01-02T20:20:10Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-2887.json b/2024/CVE-2024-2887.json index c5cc043aac..a02ac2cde9 100644 --- a/2024/CVE-2024-2887.json +++ b/2024/CVE-2024-2887.json @@ -14,10 +14,10 @@ "description": "Chrome(CVE-2024-2887)RCE-POC", "fork": false, "created_at": "2024-08-25T07:30:25Z", - "updated_at": "2024-09-21T17:20:40Z", + "updated_at": "2025-01-02T19:12:31Z", "pushed_at": "2024-08-25T07:33:36Z", - "stargazers_count": 3, - "watchers_count": 3, + "stargazers_count": 4, + "watchers_count": 4, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 3, + "watchers": 4, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-30051.json b/2024/CVE-2024-30051.json index acaad3cc46..84b5e6f466 100644 --- a/2024/CVE-2024-30051.json +++ b/2024/CVE-2024-30051.json @@ -14,10 +14,10 @@ "description": null, "fork": false, "created_at": "2024-08-14T16:20:38Z", - "updated_at": "2024-12-28T12:37:03Z", + "updated_at": "2025-01-02T19:52:35Z", "pushed_at": "2024-09-05T23:21:00Z", - "stargazers_count": 112, - "watchers_count": 112, + "stargazers_count": 113, + "watchers_count": 113, "has_discussions": false, "forks_count": 33, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 33, - "watchers": 112, + "watchers": 113, "score": 0, "subscribers_count": 3 } diff --git a/2024/CVE-2024-37085.json b/2024/CVE-2024-37085.json index 11c57c92fa..aff7287b08 100644 --- a/2024/CVE-2024-37085.json +++ b/2024/CVE-2024-37085.json @@ -45,10 +45,10 @@ "description": "CVE-2024-37085 VMware ESXi RCE Vulnerability", "fork": false, "created_at": "2024-08-06T18:23:43Z", - "updated_at": "2024-12-20T01:43:12Z", + "updated_at": "2025-01-02T22:34:34Z", "pushed_at": "2024-08-06T18:25:19Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 11, + "watchers_count": 11, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 10, + "watchers": 11, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-37742.json b/2024/CVE-2024-37742.json index 04998ef055..47d4118bf3 100644 --- a/2024/CVE-2024-37742.json +++ b/2024/CVE-2024-37742.json @@ -2,15 +2,15 @@ { "id": 817975765, "name": "CVE-2024-37742", - "full_name": "Cha0sK3rn3l\/CVE-2024-37742", + "full_name": "cha0sk3rn3l\/CVE-2024-37742", "owner": { - "login": "Cha0sK3rn3l", + "login": "cha0sk3rn3l", "id": 151763816, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/151763816?v=4", - "html_url": "https:\/\/github.com\/Cha0sK3rn3l", + "html_url": "https:\/\/github.com\/cha0sk3rn3l", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/Cha0sK3rn3l\/CVE-2024-37742", + "html_url": "https:\/\/github.com\/cha0sk3rn3l\/CVE-2024-37742", "description": "This repository contains a PoC for exploiting CVE-2024-37742, a vulnerability in Safe Exam Browser (SEB) ≤ 3.5.0 on Windows. The vulnerability enables unauthorized clipboard data sharing between SEB's kiosk mode and the underlying system, compromising the integrity of exams.", "fork": false, "created_at": "2024-06-20T21:01:28Z", diff --git a/2024/CVE-2024-38472.json b/2024/CVE-2024-38472.json index aa7bb2b8b5..44e8c50b17 100644 --- a/2024/CVE-2024-38472.json +++ b/2024/CVE-2024-38472.json @@ -45,10 +45,10 @@ "description": "Apache HTTP Server Vulnerability Testing Tool | PoC for CVE-2024-38472 , CVE-2024-39573 , CVE-2024-38477 , CVE-2024-38476 , CVE-2024-38475 , CVE-2024-38474 , CVE-2024-38473 , CVE-2023-38709", "fork": false, "created_at": "2024-10-05T20:32:45Z", - "updated_at": "2025-01-02T10:10:22Z", + "updated_at": "2025-01-02T21:39:30Z", "pushed_at": "2024-10-05T20:37:02Z", - "stargazers_count": 61, - "watchers_count": 61, + "stargazers_count": 62, + "watchers_count": 62, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -68,7 +68,7 @@ ], "visibility": "public", "forks": 10, - "watchers": 61, + "watchers": 62, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-38819.json b/2024/CVE-2024-38819.json index 871fc37bc4..d21d523e59 100644 --- a/2024/CVE-2024-38819.json +++ b/2024/CVE-2024-38819.json @@ -14,10 +14,10 @@ "description": null, "fork": false, "created_at": "2024-12-14T09:22:33Z", - "updated_at": "2024-12-30T01:25:25Z", + "updated_at": "2025-01-02T23:24:33Z", "pushed_at": "2024-12-14T10:13:45Z", - "stargazers_count": 32, - "watchers_count": 32, + "stargazers_count": 33, + "watchers_count": 33, "has_discussions": false, "forks_count": 10, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 10, - "watchers": 32, + "watchers": 33, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-38856.json b/2024/CVE-2024-38856.json index 5f58d0c989..6ed106c400 100644 --- a/2024/CVE-2024-38856.json +++ b/2024/CVE-2024-38856.json @@ -239,10 +239,10 @@ "description": "Tentang Pemindai & Eksploitasi Apache OFBiz RCE (CVE-2024-38856)", "fork": false, "created_at": "2025-01-02T15:25:31Z", - "updated_at": "2025-01-02T15:27:38Z", + "updated_at": "2025-01-02T20:41:30Z", "pushed_at": "2025-01-02T15:27:34Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -251,7 +251,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 0 } diff --git a/2024/CVE-2024-42327.json b/2024/CVE-2024-42327.json index 7b986f1c9a..aeb58d6e73 100644 --- a/2024/CVE-2024-42327.json +++ b/2024/CVE-2024-42327.json @@ -184,5 +184,36 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 910901711, + "name": "Zabbix-CVE-2024-42327-SQL-Injection-RCE", + "full_name": "BridgerAlderson\/Zabbix-CVE-2024-42327-SQL-Injection-RCE", + "owner": { + "login": "BridgerAlderson", + "id": 139403792, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/139403792?v=4", + "html_url": "https:\/\/github.com\/BridgerAlderson", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/BridgerAlderson\/Zabbix-CVE-2024-42327-SQL-Injection-RCE", + "description": "Zabbix CVE-2024-42327 PoC", + "fork": false, + "created_at": "2025-01-01T18:25:44Z", + "updated_at": "2025-01-02T20:40:49Z", + "pushed_at": "2025-01-02T20:40:45Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2024/CVE-2024-49113.json b/2024/CVE-2024-49113.json index 3673e5310f..c671fda41a 100644 --- a/2024/CVE-2024-49113.json +++ b/2024/CVE-2024-49113.json @@ -14,19 +14,19 @@ "description": "LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113", "fork": false, "created_at": "2025-01-01T15:48:38Z", - "updated_at": "2025-01-02T17:50:29Z", + "updated_at": "2025-01-03T00:25:54Z", "pushed_at": "2025-01-02T16:07:23Z", - "stargazers_count": 212, - "watchers_count": 212, + "stargazers_count": 246, + "watchers_count": 246, "has_discussions": false, - "forks_count": 52, + "forks_count": 58, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 52, - "watchers": 212, + "forks": 58, + "watchers": 246, "score": 0, "subscribers_count": 2 } diff --git a/2024/CVE-2024-50944.json b/2024/CVE-2024-50944.json index f00299a65e..ac915627ff 100644 --- a/2024/CVE-2024-50944.json +++ b/2024/CVE-2024-50944.json @@ -14,8 +14,8 @@ "description": "Integer Overflow in Cart Logic in SimplCommerce allows remote attackers to manipulate product quantities and total prices via crafted inputs that exploit insufficient validation of the quantity parameter.", "fork": false, "created_at": "2024-12-19T23:33:21Z", - "updated_at": "2024-12-24T12:02:39Z", - "pushed_at": "2024-12-24T12:02:35Z", + "updated_at": "2025-01-02T20:58:37Z", + "pushed_at": "2025-01-02T20:58:34Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-50945.json b/2024/CVE-2024-50945.json index b06a22d8e3..b0430fb91d 100644 --- a/2024/CVE-2024-50945.json +++ b/2024/CVE-2024-50945.json @@ -14,8 +14,8 @@ "description": "SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased.", "fork": false, "created_at": "2024-12-20T00:43:18Z", - "updated_at": "2024-12-24T12:02:58Z", - "pushed_at": "2024-12-24T12:02:54Z", + "updated_at": "2025-01-02T20:59:58Z", + "pushed_at": "2025-01-02T20:59:54Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-53476.json b/2024/CVE-2024-53476.json index 8a45423722..200c3f5c9b 100644 --- a/2024/CVE-2024-53476.json +++ b/2024/CVE-2024-53476.json @@ -14,8 +14,8 @@ "description": "SimplCommerce is affected by a race condition vulnerability in the checkout logic, allowing multiple users to purchase more products than are in stock via simultaneous checkout requests.", "fork": false, "created_at": "2024-12-20T00:27:22Z", - "updated_at": "2024-12-24T12:02:20Z", - "pushed_at": "2024-12-24T12:02:17Z", + "updated_at": "2025-01-02T20:59:27Z", + "pushed_at": "2025-01-02T20:59:23Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-54152.json b/2024/CVE-2024-54152.json index e7893d7430..aeccdac7db 100644 --- a/2024/CVE-2024-54152.json +++ b/2024/CVE-2024-54152.json @@ -14,10 +14,10 @@ "description": null, "fork": false, "created_at": "2024-12-30T01:07:48Z", - "updated_at": "2025-01-02T14:43:45Z", + "updated_at": "2025-01-02T20:06:07Z", "pushed_at": "2024-12-30T01:08:00Z", - "stargazers_count": 9, - "watchers_count": 9, + "stargazers_count": 11, + "watchers_count": 11, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 2, - "watchers": 9, + "watchers": 11, "score": 0, "subscribers_count": 1 } diff --git a/README.md b/README.md index 7229cd71b2..81e821dcb9 100644 --- a/README.md +++ b/README.md @@ -5582,7 +5582,7 @@ Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams. -- [Cha0sK3rn3l/CVE-2024-37742](https://github.com/Cha0sK3rn3l/CVE-2024-37742) +- [cha0sk3rn3l/CVE-2024-37742](https://github.com/cha0sk3rn3l/CVE-2024-37742) ### CVE-2024-37759 (2024-06-24) @@ -6329,6 +6329,7 @@ - [watchdog1337/CVE-2024-42327_Zabbix_SQLI](https://github.com/watchdog1337/CVE-2024-42327_Zabbix_SQLI) - [itform-fr/Zabbix---CVE-2024-42327](https://github.com/itform-fr/Zabbix---CVE-2024-42327) - [igorbf495/CVE-2024-42327](https://github.com/igorbf495/CVE-2024-42327) +- [BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE](https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE) ### CVE-2024-42346 (2024-09-20) @@ -6974,7 +6975,11 @@ - [MarioTesoro/CVE-2024-47854](https://github.com/MarioTesoro/CVE-2024-47854) -### CVE-2024-48197 +### CVE-2024-48197 (2025-01-02) + +Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface. + + - [GCatt-AS/CVE-2024-48197](https://github.com/GCatt-AS/CVE-2024-48197) ### CVE-2024-48208 (2024-10-24) @@ -20123,7 +20128,7 @@ ### CVE-2022-30190 (2022-06-01) -A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.\nPlease see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.\n +A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.\nPlease see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability. - [JMousqueton/PoC-CVE-2022-30190](https://github.com/JMousqueton/PoC-CVE-2022-30190) @@ -48464,7 +48469,7 @@ ### CVE-2013-3900 (2013-12-11) -Why is Microsoft republishing a CVE from 2013?\nWe are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, the information herein remains unchanged from the original text published on December 10, 2013.\nMicrosoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software.\nVulnerability Description\nA remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIf a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an existing signed file to include malicious code without invalidating the signature. This code would... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 +Why is Microsoft republishing a CVE from 2013?\nWe are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. While the format is different from the original CVE published in 2013, except for clarifications about how to configure the EnableCertPaddingCheck registry value, the information herein remains unchanged from the original text published on December 10, 2013,\nMicrosoft does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. This behavior remains available as an opt-in feature via reg key setting, and is available on supported editions of Windows released since December 10, 2013. This includes all currently supported versions of Windows 10 and Windows 11. The supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. See the Security Updates table for the list of affected software.\nVulnerability Description\nA remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\nIf a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\nExploitation of this vulnerability requires that a user or application run or install a specially crafted, signed PE file. An attacker could modify an... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 - [snoopopsec/vulnerability-CVE-2013-3900](https://github.com/snoopopsec/vulnerability-CVE-2013-3900)