mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2025/01/04 18:31:46

Browse source
This commit is contained in:
motikan2010-bot 2025-01-05 03:31:46 +09:00
parent a1f5e5eff0
commit 9f6164687b
30 changed files with 299 additions and 139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2017/CVE-2017-9841.json
View file

@ -341,10 +341,10 @@
"description": "PHPunit Checker CVE-2017-9841 By MrMad",
"fork": false,
"created_at": "2022-12-07T11:26:16Z",
"updated_at": "2024-05-19T16:48:19Z",
"updated_at": "2025-01-04T16:03:24Z",
"pushed_at": "2023-02-04T12:51:32Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -360,7 +360,7 @@
],
"visibility": "public",
"forks": 2,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 1
},

2
2018/CVE-2018-1207.json
View file

@ -28,7 +28,7 @@
"forks": 5,
"watchers": 12,
"score": 0,
"subscribers_count": 2
"subscribers_count": 3
},
{
"id": 600179899,

8
2018/CVE-2018-9995.json
View file

@ -705,10 +705,10 @@
"description": "Simple python3 script to automate CVE-2018-9995",
"fork": false,
"created_at": "2024-02-18T12:46:32Z",
"updated_at": "2024-11-08T09:41:22Z",
"updated_at": "2025-01-04T16:35:46Z",
"pushed_at": "2024-02-20T04:55:46Z",
"stargazers_count": 6,
"watchers_count": 6,
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -717,7 +717,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 6,
"watchers": 7,
"score": 0,
"subscribers_count": 1
},

33
2019/CVE-2019-1619.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 912032873,
"name": "CVE-2019-1619",
"full_name": "Cipolone95\/CVE-2019-1619",
"owner": {
"login": "Cipolone95",
"id": 9384617,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/9384617?v=4",
"html_url": "https:\/\/github.com\/Cipolone95",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Cipolone95\/CVE-2019-1619",
"description": "Powershell Script to build token for CVE-2019-1619",
"fork": false,
"created_at": "2025-01-04T14:04:53Z",
"updated_at": "2025-01-04T16:07:05Z",
"pushed_at": "2025-01-04T16:07:02Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

4
2020/CVE-2020-0796.json
View file

@ -1750,7 +1750,7 @@
"stargazers_count": 46,
"watchers_count": 46,
"has_discussions": false,
"forks_count": 16,
"forks_count": 15,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -1761,7 +1761,7 @@
"smbleed"
],
"visibility": "public",
"forks": 16,
"forks": 15,
"watchers": 46,
"score": 0,
"subscribers_count": 8

8
2021/CVE-2021-21551.json
View file

@ -107,10 +107,10 @@
"description": "arbitrary kernel read\/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority\/system",
"fork": false,
"created_at": "2021-05-30T10:15:10Z",
"updated_at": "2024-12-03T17:29:40Z",
"updated_at": "2025-01-04T13:50:28Z",
"pushed_at": "2021-11-16T17:34:11Z",
"stargazers_count": 54,
"watchers_count": 54,
"stargazers_count": 55,
"watchers_count": 55,
"has_discussions": false,
"forks_count": 11,
"allow_forking": true,
@ -134,7 +134,7 @@
],
"visibility": "public",
"forks": 11,
"watchers": 54,
"watchers": 55,
"score": 0,
"subscribers_count": 4
},

8
2021/CVE-2021-23017.json
View file

@ -141,10 +141,10 @@
"description": "The issue only affects nginx if the \"resolver\" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to forge UDP packets from the DNS server.",
"fork": false,
"created_at": "2024-12-08T09:47:52Z",
"updated_at": "2024-12-08T09:52:26Z",
"updated_at": "2025-01-04T18:06:33Z",
"pushed_at": "2024-12-08T09:52:23Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -153,7 +153,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
}

8
2021/CVE-2021-3129.json
View file

@ -532,10 +532,10 @@
"description": "CVE-2021-3129 Exploit Checker By .\/MrMad",
"fork": false,
"created_at": "2022-12-10T03:32:34Z",
"updated_at": "2024-10-15T11:18:56Z",
"updated_at": "2025-01-04T16:01:59Z",
"pushed_at": "2024-03-20T14:21:14Z",
"stargazers_count": 5,
"watchers_count": 5,
"stargazers_count": 6,
"watchers_count": 6,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -547,7 +547,7 @@
],
"visibility": "public",
"forks": 0,
"watchers": 5,
"watchers": 6,
"score": 0,
"subscribers_count": 1
},

8
2021/CVE-2021-4034.json
View file

@ -1346,10 +1346,10 @@
"description": "Python exploit code for CVE-2021-4034 (pwnkit)",
"fork": false,
"created_at": "2022-01-26T17:53:16Z",
"updated_at": "2024-11-26T08:49:02Z",
"updated_at": "2025-01-04T14:02:51Z",
"pushed_at": "2022-01-28T00:29:15Z",
"stargazers_count": 156,
"watchers_count": 156,
"stargazers_count": 157,
"watchers_count": 157,
"has_discussions": false,
"forks_count": 37,
"allow_forking": true,
@ -1358,7 +1358,7 @@
"topics": [],
"visibility": "public",
"forks": 37,
"watchers": 156,
"watchers": 157,
"score": 0,
"subscribers_count": 2
},

8
2021/CVE-2021-4045.json
View file

@ -14,10 +14,10 @@
"description": "Exploit for command injection vulnerability found in uhttpd binary from TP-Link Tapo c200 IP camera",
"fork": false,
"created_at": "2021-11-15T14:48:14Z",
"updated_at": "2024-12-29T14:55:04Z",
"updated_at": "2025-01-04T15:32:04Z",
"pushed_at": "2024-10-31T18:50:48Z",
"stargazers_count": 76,
"watchers_count": 76,
"stargazers_count": 77,
"watchers_count": 77,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -32,7 +32,7 @@
],
"visibility": "public",
"forks": 9,
"watchers": 76,
"watchers": 77,
"score": 0,
"subscribers_count": 2
},

8
2021/CVE-2021-44228.json
View file

@ -5634,10 +5634,10 @@
"description": "A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.",
"fork": false,
"created_at": "2021-12-14T06:37:59Z",
"updated_at": "2024-12-29T15:06:36Z",
"updated_at": "2025-01-04T18:14:26Z",
"pushed_at": "2024-12-11T23:04:50Z",
"stargazers_count": 387,
"watchers_count": 387,
"stargazers_count": 389,
"watchers_count": 389,
"has_discussions": false,
"forks_count": 53,
"allow_forking": true,
@ -5652,7 +5652,7 @@
],
"visibility": "public",
"forks": 53,
"watchers": 387,
"watchers": 389,
"score": 0,
"subscribers_count": 12
},

8
2022/CVE-2022-0944.json
View file

@ -107,10 +107,10 @@
"description": null,
"fork": false,
"created_at": "2024-09-10T10:26:57Z",
"updated_at": "2024-12-30T13:27:34Z",
"updated_at": "2025-01-04T18:22:26Z",
"pushed_at": "2024-09-10T16:18:40Z",
"stargazers_count": 8,
"watchers_count": 8,
"stargazers_count": 9,
"watchers_count": 9,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -119,7 +119,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 8,
"watchers": 9,
"score": 0,
"subscribers_count": 1
},

8
2022/CVE-2022-26134.json
View file

@ -441,10 +441,10 @@
"description": null,
"fork": false,
"created_at": "2022-06-05T20:35:38Z",
"updated_at": "2024-12-21T04:26:27Z",
"updated_at": "2025-01-04T16:21:24Z",
"pushed_at": "2022-06-08T15:35:44Z",
"stargazers_count": 8,
"watchers_count": 8,
"stargazers_count": 9,
"watchers_count": 9,
"has_discussions": false,
"forks_count": 5,
"allow_forking": true,
@ -453,7 +453,7 @@
"topics": [],
"visibility": "public",
"forks": 5,
"watchers": 8,
"watchers": 9,
"score": 0,
"subscribers_count": 1
},

33
2022/CVE-2022-2825.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 911267135,
"name": "MassCyberCenter-Mentorship-Project-",
"full_name": "alej6\/MassCyberCenter-Mentorship-Project-",
"owner": {
"login": "alej6",
"id": 157525975,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/157525975?v=4",
"html_url": "https:\/\/github.com\/alej6",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/alej6\/MassCyberCenter-Mentorship-Project-",
"description": "Exploiting CVE-2022-2825 on a VM ",
"fork": false,
"created_at": "2025-01-02T16:10:01Z",
"updated_at": "2025-01-04T17:53:54Z",
"pushed_at": "2025-01-04T16:57:40Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

33
2022/CVE-2022-41924.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 912115404,
"name": "CVE-2022-41924",
"full_name": "oalieno\/CVE-2022-41924",
"owner": {
"login": "oalieno",
"id": 18167730,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18167730?v=4",
"html_url": "https:\/\/github.com\/oalieno",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/oalieno\/CVE-2022-41924",
"description": null,
"fork": false,
"created_at": "2025-01-04T16:40:35Z",
"updated_at": "2025-01-04T17:29:18Z",
"pushed_at": "2025-01-04T17:29:15Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2023/CVE-2023-27997.json
View file

@ -45,10 +45,10 @@
"description": "Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing",
"fork": false,
"created_at": "2023-06-16T20:15:36Z",
"updated_at": "2024-12-13T06:37:07Z",
"updated_at": "2025-01-04T16:05:41Z",
"pushed_at": "2024-05-08T16:17:07Z",
"stargazers_count": 130,
"watchers_count": 130,
"stargazers_count": 131,
"watchers_count": 131,
"has_discussions": false,
"forks_count": 25,
"allow_forking": true,
@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 25,
"watchers": 130,
"watchers": 131,
"score": 0,
"subscribers_count": 3
},

8
2023/CVE-2023-38831.json
View file

@ -242,10 +242,10 @@
"description": "Understanding WinRAR Code Execution Vulnerability (CVE-2023-38831) ",
"fork": false,
"created_at": "2023-08-28T14:48:22Z",
"updated_at": "2024-10-03T05:17:38Z",
"updated_at": "2025-01-04T13:34:34Z",
"pushed_at": "2023-08-28T15:33:27Z",
"stargazers_count": 40,
"watchers_count": 40,
"stargazers_count": 41,
"watchers_count": 41,
"has_discussions": false,
"forks_count": 12,
"allow_forking": true,
@ -254,7 +254,7 @@
"topics": [],
"visibility": "public",
"forks": 12,
"watchers": 40,
"watchers": 41,
"score": 0,
"subscribers_count": 5
},

8
2023/CVE-2023-40028.json
View file

@ -178,10 +178,10 @@
"description": "CVE-2023-40028 PoC Exploit",
"fork": false,
"created_at": "2024-12-28T21:17:08Z",
"updated_at": "2024-12-28T22:02:49Z",
"updated_at": "2025-01-04T16:43:02Z",
"pushed_at": "2024-12-28T22:02:46Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -190,7 +190,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
}

8
2023/CVE-2023-41425.json
View file

@ -89,10 +89,10 @@
"description": "WonderCMS RCE CVE-2023-41425",
"fork": false,
"created_at": "2024-08-12T06:16:17Z",
"updated_at": "2025-01-03T19:42:21Z",
"updated_at": "2025-01-04T15:00:18Z",
"pushed_at": "2024-08-12T06:55:30Z",
"stargazers_count": 18,
"watchers_count": 18,
"stargazers_count": 19,
"watchers_count": 19,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -101,7 +101,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 18,
"watchers": 19,
"score": 0,
"subscribers_count": 1
},

12
2023/CVE-2023-45866.json
View file

@ -14,19 +14,19 @@
"description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)",
"fork": false,
"created_at": "2024-01-16T06:52:02Z",
"updated_at": "2025-01-04T07:29:58Z",
"updated_at": "2025-01-04T16:59:33Z",
"pushed_at": "2024-08-18T08:26:46Z",
"stargazers_count": 1336,
"watchers_count": 1336,
"stargazers_count": 1343,
"watchers_count": 1343,
"has_discussions": false,
"forks_count": 228,
"forks_count": 227,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 228,
"watchers": 1336,
"forks": 227,
"watchers": 1343,
"score": 0,
"subscribers_count": 21
},

4
2024/CVE-2024-0044.json
View file

@ -50,13 +50,13 @@
"stargazers_count": 265,
"watchers_count": 265,
"has_discussions": false,
"forks_count": 61,
"forks_count": 62,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 61,
"forks": 62,
"watchers": 265,
"score": 0,
"subscribers_count": 7

33
2024/CVE-2024-11349.json
View file

@ -1,33 +0,0 @@
[
{
"id": 907378803,
"name": "CVE-2024-11349",
"full_name": "linunyang\/CVE-2024-11349",
"owner": {
"login": "linunyang",
"id": 189039776,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/189039776?v=4",
"html_url": "https:\/\/github.com\/linunyang",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/linunyang\/CVE-2024-11349",
"description": "CVE-2024-11349: Authentication Bypass Using an Alternate Path or Channel (CWE-288)",
"fork": false,
"created_at": "2024-12-23T12:55:48Z",
"updated_at": "2024-12-23T13:10:12Z",
"pushed_at": "2024-12-23T13:10:09Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
}
]

33
2024/CVE-2024-12986.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 912059429,
"name": "CVE-2024-12986",
"full_name": "Aether-0\/CVE-2024-12986",
"owner": {
"login": "Aether-0",
"id": 143575444,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/143575444?v=4",
"html_url": "https:\/\/github.com\/Aether-0",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/Aether-0\/CVE-2024-12986",
"description": null,
"fork": false,
"created_at": "2025-01-04T14:47:09Z",
"updated_at": "2025-01-04T14:58:28Z",
"pushed_at": "2025-01-04T14:58:25Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

24
2024/CVE-2024-31319.json
View file

@ -1,33 +1,33 @@
[
{
"id": 846408517,
"id": 870013225,
"name": "fix-02-failure-CVE-2024-31319-CVE-2024-0039",
"full_name": "23Nero\/fix-02-failure-CVE-2024-31319-CVE-2024-0039",
"full_name": "MssGmz99\/fix-02-failure-CVE-2024-31319-CVE-2024-0039",
"owner": {
"login": "23Nero",
"id": 134192393,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/134192393?v=4",
"html_url": "https:\/\/github.com\/23Nero",
"login": "MssGmz99",
"id": 184337003,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/184337003?v=4",
"html_url": "https:\/\/github.com\/MssGmz99",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/23Nero\/fix-02-failure-CVE-2024-31319-CVE-2024-0039",
"html_url": "https:\/\/github.com\/MssGmz99\/fix-02-failure-CVE-2024-31319-CVE-2024-0039",
"description": null,
"fork": false,
"created_at": "2024-08-23T06:28:12Z",
"updated_at": "2024-08-23T09:34:22Z",
"created_at": "2024-10-09T09:40:10Z",
"updated_at": "2024-10-09T09:40:10Z",
"pushed_at": "2024-08-23T09:34:19Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 1,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
"subscribers_count": 0
}
]

8
2024/CVE-2024-3400.json
View file

@ -293,10 +293,10 @@
"description": "CVE-2024-3400 Palo Alto OS Command Injection",
"fork": false,
"created_at": "2024-04-16T14:18:08Z",
"updated_at": "2024-11-21T05:25:01Z",
"updated_at": "2025-01-04T13:34:10Z",
"pushed_at": "2024-04-16T22:35:43Z",
"stargazers_count": 150,
"watchers_count": 150,
"stargazers_count": 151,
"watchers_count": 151,
"has_discussions": false,
"forks_count": 24,
"allow_forking": true,
@ -305,7 +305,7 @@
"topics": [],
"visibility": "public",
"forks": 24,
"watchers": 150,
"watchers": 151,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-37393.json
View file

@ -2,15 +2,15 @@
{
"id": 813073392,
"name": "securenvoy-cve-2024-37393",
"full_name": "optistream\/securenvoy-cve-2024-37393",
"full_name": "noways-io\/securenvoy-cve-2024-37393",
"owner": {
"login": "optistream",
"login": "noways-io",
"id": 160848410,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/160848410?v=4",
"html_url": "https:\/\/github.com\/optistream",
"html_url": "https:\/\/github.com\/noways-io",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/optistream\/securenvoy-cve-2024-37393",
"html_url": "https:\/\/github.com\/noways-io\/securenvoy-cve-2024-37393",
"description": "Vulnerability check script for CVE-2024-37393 (SecurEnvoy MFA 9.4.513)",
"fork": false,
"created_at": "2024-06-10T12:42:57Z",

8
2024/CVE-2024-44625.json
View file

@ -14,10 +14,10 @@
"description": "Symbolic link path traversal vulnerability in Gogs",
"fork": false,
"created_at": "2024-11-13T16:16:31Z",
"updated_at": "2024-11-20T16:31:10Z",
"updated_at": "2025-01-04T13:33:20Z",
"pushed_at": "2024-11-14T02:54:13Z",
"stargazers_count": 2,
"watchers_count": 2,
"stargazers_count": 3,
"watchers_count": 3,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 2,
"watchers": 3,
"score": 0,
"subscribers_count": 1
}

33
2024/CVE-2024-47138.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 912092069,
"name": "CVE-2024-47138",
"full_name": "wilguard\/CVE-2024-47138",
"owner": {
"login": "wilguard",
"id": 189017838,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/189017838?v=4",
"html_url": "https:\/\/github.com\/wilguard",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/wilguard\/CVE-2024-47138",
"description": "CVE-2024-47138: Missing Authentication for Critical Function (CWE-306)",
"fork": false,
"created_at": "2025-01-04T15:27:32Z",
"updated_at": "2025-01-04T17:02:05Z",
"pushed_at": "2025-01-04T15:35:20Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 2,
"score": 0,
"subscribers_count": 0
}
]

12
2024/CVE-2024-49113.json
View file

@ -14,19 +14,19 @@
"description": "LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113",
"fork": false,
"created_at": "2025-01-01T15:48:38Z",
"updated_at": "2025-01-04T12:29:47Z",
"updated_at": "2025-01-04T17:03:06Z",
"pushed_at": "2025-01-02T16:07:23Z",
"stargazers_count": 328,
"watchers_count": 328,
"stargazers_count": 333,
"watchers_count": 333,
"has_discussions": false,
"forks_count": 72,
"forks_count": 75,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 72,
"watchers": 328,
"forks": 75,
"watchers": 333,
"score": 0,
"subscribers_count": 3
},

46
README.md
View file

@ -2294,13 +2294,6 @@
- [mhaskar/CVE-2024-11320](https://github.com/mhaskar/CVE-2024-11320)
### CVE-2024-11349 (2024-12-21)
<code>The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
</code>
- [linunyang/CVE-2024-11349](https://github.com/linunyang/CVE-2024-11349)
### CVE-2024-11381 (2024-11-22)
<code>The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
@ -2455,6 +2448,13 @@
### CVE-2024-12970
- [osmancanvural/CVE-2024-12970](https://github.com/osmancanvural/CVE-2024-12970)
### CVE-2024-12986 (2024-12-27)
<code>Eine Schwachstelle wurde in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /cgi-bin/mainfunction.cgi/apmcfgupptim der Komponente Web Management Interface. Mit der Manipulation des Arguments session mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.5.1.5 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
</code>
- [Aether-0/CVE-2024-12986](https://github.com/Aether-0/CVE-2024-12986)
### CVE-2024-20017 (2024-03-04)
<code>In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
@ -4683,7 +4683,7 @@
<code>In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
</code>
- [23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039](https://github.com/23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039)
- [MssGmz99/fix-02-failure-CVE-2024-31319-CVE-2024-0039](https://github.com/MssGmz99/fix-02-failure-CVE-2024-31319-CVE-2024-0039)
### CVE-2024-31351 (2024-05-17)
@ -5578,7 +5578,7 @@
<code>Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the /secserver HTTP endpoint. This may include ms-Mcs-AdmPwd, which has a cleartext password for the Local Administrator Password Solution (LAPS) feature.
</code>
- [optistream/securenvoy-cve-2024-37393](https://github.com/optistream/securenvoy-cve-2024-37393)
- [noways-io/securenvoy-cve-2024-37393](https://github.com/noways-io/securenvoy-cve-2024-37393)
### CVE-2024-37726 (2024-07-03)
@ -6943,6 +6943,13 @@
- [mutkus/CVE-2024-47076](https://github.com/mutkus/CVE-2024-47076)
### CVE-2024-47138 (2024-11-22)
<code>The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.
</code>
- [wilguard/CVE-2024-47138](https://github.com/wilguard/CVE-2024-47138)
### CVE-2024-47176 (2024-09-26)
<code>CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
@ -17137,6 +17144,13 @@
- [letsr00t/-2022-LOCALROOT-CVE-2022-2639](https://github.com/letsr00t/-2022-LOCALROOT-CVE-2022-2639)
- [devetop/CVE-2022-2639-PipeVersion](https://github.com/devetop/CVE-2022-2639-PipeVersion)
### CVE-2022-2825 (2023-03-29)
<code>This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
</code>
- [alej6/MassCyberCenter-Mentorship-Project-](https://github.com/alej6/MassCyberCenter-Mentorship-Project-)
### CVE-2022-2884 (2022-10-17)
<code>A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
@ -22116,6 +22130,13 @@
- [grails/GSSC-CVE-2022-41923](https://github.com/grails/GSSC-CVE-2022-41923)
### CVE-2022-41924 (2022-11-23)
<code>A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows client GUI in cleartext with no Host header verification. This allowed an attacker-controlled website visited by the node to rebind DNS to an attacker-controlled DNS server, and then make local API requests in the client, including changing the coordination server to an attacker-controlled coordination server. An attacker-controlled coordination server can send malicious URL responses to the client, including pushing executables or installing an SMB share. These allow the attacker to remotely execute code on the node. All Windows clients prior to version v.1.32.3 are affected. If you are running Tailscale on Windows, upgrade to v1.32.3 or later to remediate the issue.
</code>
- [oalieno/CVE-2022-41924](https://github.com/oalieno/CVE-2022-41924)
### CVE-2022-41966 (2022-12-27)
<code>XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable.
@ -35732,6 +35753,13 @@
- [securifera/CVE-2019-1579](https://github.com/securifera/CVE-2019-1579)
- [Elsfa7-110/CVE-2019-1579](https://github.com/Elsfa7-110/CVE-2019-1579)
### CVE-2019-1619 (2019-06-27)
<code>A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.
</code>
- [Cipolone95/CVE-2019-1619](https://github.com/Cipolone95/CVE-2019-1619)
### CVE-2019-1652 (2019-01-24)
<code>A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.