From a4fea4b2625949741ae08ca6f376ba4597acb873 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Thu, 26 Dec 2024 09:31:44 +0900 Subject: [PATCH] Auto Update 2024/12/26 00:31:44 --- 2011/CVE-2011-2523.json | 31 ++++++++++++++++++ 2021/CVE-2021-1675.json | 8 ++--- 2021/CVE-2021-20323.json | 8 ++--- 2023/CVE-2023-46805.json | 8 ++--- 2024/CVE-2024-11281.json | 33 +++++++++++++++++++ 2024/CVE-2024-12209.json | 2 +- 2024/CVE-2024-36401.json | 8 ++--- 2024/CVE-2024-50379.json | 70 +++++++++++++++++++++++++++++++++++++--- 2024/CVE-2024-56145.json | 8 ++--- 2024/CVE-2024-7954.json | 8 ++--- 2024/CVE-2024-8517.json | 8 ++--- 2024/CVE-2024-9474.json | 8 ++--- 2024/CVE-2024-9935.json | 31 ++++++++++++++++++ README.md | 11 +++++++ 14 files changed, 205 insertions(+), 37 deletions(-) create mode 100644 2024/CVE-2024-11281.json diff --git a/2011/CVE-2011-2523.json b/2011/CVE-2011-2523.json index 9f8c2a41ee..0f53cdb8ce 100644 --- a/2011/CVE-2011-2523.json +++ b/2011/CVE-2011-2523.json @@ -648,5 +648,36 @@ "watchers": 1, "score": 0, "subscribers_count": 1 + }, + { + "id": 908317555, + "name": "CVE-2011-2523", + "full_name": "NullBrunk\/CVE-2011-2523", + "owner": { + "login": "NullBrunk", + "id": 125673909, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/125673909?v=4", + "html_url": "https:\/\/github.com\/NullBrunk", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/NullBrunk\/CVE-2011-2523", + "description": "VsFTPd 2.3.4 Backdoor Command Execution", + "fork": false, + "created_at": "2024-12-25T18:04:10Z", + "updated_at": "2024-12-25T21:52:47Z", + "pushed_at": "2024-12-25T21:52:43Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-1675.json b/2021/CVE-2021-1675.json index 55b95fe9b7..a2ce8d8349 100644 --- a/2021/CVE-2021-1675.json +++ b/2021/CVE-2021-1675.json @@ -178,10 +178,10 @@ "description": "Local Privilege Escalation Edition for CVE-2021-1675\/CVE-2021-34527", "fork": false, "created_at": "2021-07-01T09:47:13Z", - "updated_at": "2024-12-06T06:42:42Z", + "updated_at": "2024-12-25T21:21:44Z", "pushed_at": "2021-07-05T06:46:12Z", - "stargazers_count": 331, - "watchers_count": 331, + "stargazers_count": 332, + "watchers_count": 332, "has_discussions": false, "forks_count": 79, "allow_forking": true, @@ -199,7 +199,7 @@ ], "visibility": "public", "forks": 79, - "watchers": 331, + "watchers": 332, "score": 0, "subscribers_count": 13 }, diff --git a/2021/CVE-2021-20323.json b/2021/CVE-2021-20323.json index d2923e36e7..20f86302b0 100644 --- a/2021/CVE-2021-20323.json +++ b/2021/CVE-2021-20323.json @@ -14,10 +14,10 @@ "description": null, "fork": false, "created_at": "2022-12-07T21:15:23Z", - "updated_at": "2024-12-13T16:13:51Z", + "updated_at": "2024-12-25T21:52:30Z", "pushed_at": "2022-12-07T21:26:44Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 7, + "watchers": 8, "score": 0, "subscribers_count": 1 }, diff --git a/2023/CVE-2023-46805.json b/2023/CVE-2023-46805.json index 6d88c054c4..2bf6245890 100644 --- a/2023/CVE-2023-46805.json +++ b/2023/CVE-2023-46805.json @@ -173,10 +173,10 @@ "description": "Ivanti Pulse Secure CVE-2023-46805 Scanner - Based on Assetnote's Research", "fork": false, "created_at": "2024-01-19T02:23:13Z", - "updated_at": "2024-07-09T21:51:46Z", + "updated_at": "2024-12-25T19:19:03Z", "pushed_at": "2024-01-19T03:17:13Z", - "stargazers_count": 11, - "watchers_count": 11, + "stargazers_count": 12, + "watchers_count": 12, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -185,7 +185,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 11, + "watchers": 12, "score": 0, "subscribers_count": 2 }, diff --git a/2024/CVE-2024-11281.json b/2024/CVE-2024-11281.json new file mode 100644 index 0000000000..f5c38b5486 --- /dev/null +++ b/2024/CVE-2024-11281.json @@ -0,0 +1,33 @@ +[ + { + "id": 908326183, + "name": "CVE-2024-11281", + "full_name": "McTavishSue\/CVE-2024-11281", + "owner": { + "login": "McTavishSue", + "id": 186207823, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/186207823?v=4", + "html_url": "https:\/\/github.com\/McTavishSue", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/McTavishSue\/CVE-2024-11281", + "description": "Missing Authorization (CWE-862)", + "fork": false, + "created_at": "2024-12-25T18:38:46Z", + "updated_at": "2024-12-25T18:52:39Z", + "pushed_at": "2024-12-25T18:49:41Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-12209.json b/2024/CVE-2024-12209.json index 268db0ac98..53777ce76f 100644 --- a/2024/CVE-2024-12209.json +++ b/2024/CVE-2024-12209.json @@ -45,7 +45,7 @@ "description": "Unauthenticated Local File Inclusion", "fork": false, "created_at": "2024-12-24T03:59:15Z", - "updated_at": "2024-12-24T04:20:00Z", + "updated_at": "2024-12-25T23:36:11Z", "pushed_at": "2024-12-24T04:19:57Z", "stargazers_count": 0, "watchers_count": 0, diff --git a/2024/CVE-2024-36401.json b/2024/CVE-2024-36401.json index cd90c4bf4b..a1356a9e6f 100644 --- a/2024/CVE-2024-36401.json +++ b/2024/CVE-2024-36401.json @@ -207,10 +207,10 @@ "description": "GeoServer Remote Code Execution", "fork": false, "created_at": "2024-07-30T18:43:40Z", - "updated_at": "2024-12-12T06:28:21Z", + "updated_at": "2024-12-25T19:00:32Z", "pushed_at": "2024-08-02T14:57:26Z", - "stargazers_count": 75, - "watchers_count": 75, + "stargazers_count": 76, + "watchers_count": 76, "has_discussions": false, "forks_count": 12, "allow_forking": true, @@ -219,7 +219,7 @@ "topics": [], "visibility": "public", "forks": 12, - "watchers": 75, + "watchers": 76, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-50379.json b/2024/CVE-2024-50379.json index 75b853359b..e933c9bd57 100644 --- a/2024/CVE-2024-50379.json +++ b/2024/CVE-2024-50379.json @@ -200,10 +200,10 @@ "description": "tomcat CVE-2024-50379\/CVE-2024-56337 条件竞争文件上传exp", "fork": false, "created_at": "2024-12-23T07:20:47Z", - "updated_at": "2024-12-25T17:35:51Z", + "updated_at": "2024-12-25T21:53:18Z", "pushed_at": "2024-12-23T07:30:27Z", - "stargazers_count": 33, - "watchers_count": 33, + "stargazers_count": 35, + "watchers_count": 35, "has_discussions": false, "forks_count": 11, "allow_forking": true, @@ -212,7 +212,7 @@ "topics": [], "visibility": "public", "forks": 11, - "watchers": 33, + "watchers": 35, "score": 0, "subscribers_count": 2 }, @@ -277,5 +277,67 @@ "watchers": 0, "score": 0, "subscribers_count": 0 + }, + { + "id": 908327097, + "name": "CVE-2024-50379-POC", + "full_name": "dragonked2\/CVE-2024-50379-POC", + "owner": { + "login": "dragonked2", + "id": 66541902, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/66541902?v=4", + "html_url": "https:\/\/github.com\/dragonked2", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/dragonked2\/CVE-2024-50379-POC", + "description": "This repository contains a Python script designed to exploit CVE-2024-50379, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. This exploit is particularly useful when the \/uploads directory is either unprotected or not present on the target server.", + "fork": false, + "created_at": "2024-12-25T18:42:29Z", + "updated_at": "2024-12-25T19:01:14Z", + "pushed_at": "2024-12-25T19:01:10Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 908364457, + "name": "CVE-2024-50379", + "full_name": "bigb0x\/CVE-2024-50379", + "owner": { + "login": "bigb0x", + "id": 13532434, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/13532434?v=4", + "html_url": "https:\/\/github.com\/bigb0x", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/bigb0x\/CVE-2024-50379", + "description": "Testing the latset Apache Tomcat CVE-2024-50379 Vuln", + "fork": false, + "created_at": "2024-12-25T21:50:16Z", + "updated_at": "2024-12-25T21:51:40Z", + "pushed_at": "2024-12-25T21:51:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 1, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 1, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2024/CVE-2024-56145.json b/2024/CVE-2024-56145.json index 721a74ef3f..9b3fdd5082 100644 --- a/2024/CVE-2024-56145.json +++ b/2024/CVE-2024-56145.json @@ -14,10 +14,10 @@ "description": "Unauthenticated RCE on CraftCMS when PHP `register_argc_argv` config setting is enabled", "fork": false, "created_at": "2024-12-20T03:34:01Z", - "updated_at": "2024-12-25T18:13:04Z", + "updated_at": "2024-12-25T18:57:11Z", "pushed_at": "2024-12-23T12:51:54Z", - "stargazers_count": 28, - "watchers_count": 28, + "stargazers_count": 29, + "watchers_count": 29, "has_discussions": false, "forks_count": 8, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 8, - "watchers": 28, + "watchers": 29, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-7954.json b/2024/CVE-2024-7954.json index fdf5b89147..2a8bf508b9 100644 --- a/2024/CVE-2024-7954.json +++ b/2024/CVE-2024-7954.json @@ -14,10 +14,10 @@ "description": "Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12", "fork": false, "created_at": "2024-08-10T20:15:41Z", - "updated_at": "2024-10-29T09:54:56Z", + "updated_at": "2024-12-25T19:00:23Z", "pushed_at": "2024-08-12T13:46:06Z", - "stargazers_count": 9, - "watchers_count": 9, + "stargazers_count": 10, + "watchers_count": 10, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 4, - "watchers": 9, + "watchers": 10, "score": 0, "subscribers_count": 2 }, diff --git a/2024/CVE-2024-8517.json b/2024/CVE-2024-8517.json index b31082950b..8b0921bc82 100644 --- a/2024/CVE-2024-8517.json +++ b/2024/CVE-2024-8517.json @@ -14,10 +14,10 @@ "description": "SPIP BigUp Plugin Unauthenticated RCE", "fork": false, "created_at": "2024-09-06T18:17:18Z", - "updated_at": "2024-10-21T13:18:26Z", + "updated_at": "2024-12-25T19:00:10Z", "pushed_at": "2024-09-07T00:12:51Z", - "stargazers_count": 8, - "watchers_count": 8, + "stargazers_count": 9, + "watchers_count": 9, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 4, - "watchers": 8, + "watchers": 9, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-9474.json b/2024/CVE-2024-9474.json index d83b5748e7..f9537bed86 100644 --- a/2024/CVE-2024-9474.json +++ b/2024/CVE-2024-9474.json @@ -14,10 +14,10 @@ "description": "PAN-OS auth bypass + RCE", "fork": false, "created_at": "2024-11-19T17:26:27Z", - "updated_at": "2024-12-20T20:40:35Z", + "updated_at": "2024-12-25T18:56:41Z", "pushed_at": "2024-11-19T17:38:29Z", - "stargazers_count": 39, - "watchers_count": 39, + "stargazers_count": 40, + "watchers_count": 40, "has_discussions": false, "forks_count": 19, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 19, - "watchers": 39, + "watchers": 40, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-9935.json b/2024/CVE-2024-9935.json index 56e24bd378..62b8339536 100644 --- a/2024/CVE-2024-9935.json +++ b/2024/CVE-2024-9935.json @@ -67,5 +67,36 @@ "watchers": 3, "score": 0, "subscribers_count": 1 + }, + { + "id": 908375813, + "name": "CVE-2024-9935", + "full_name": "Nxploited\/CVE-2024-9935", + "owner": { + "login": "Nxploited", + "id": 188819918, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/188819918?v=4", + "html_url": "https:\/\/github.com\/Nxploited", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Nxploited\/CVE-2024-9935", + "description": null, + "fork": false, + "created_at": "2024-12-25T22:59:07Z", + "updated_at": "2024-12-25T23:04:49Z", + "pushed_at": "2024-12-25T23:04:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/README.md b/README.md index cb918fe19f..2df2a0db80 100644 --- a/README.md +++ b/README.md @@ -2006,6 +2006,7 @@ - [RandomRobbieBF/CVE-2024-9935](https://github.com/RandomRobbieBF/CVE-2024-9935) - [verylazytech/CVE-2024-9935](https://github.com/verylazytech/CVE-2024-9935) +- [Nxploited/CVE-2024-9935](https://github.com/Nxploited/CVE-2024-9935) ### CVE-2024-9955 (2024-10-15) @@ -2248,6 +2249,13 @@ - [reinh3rz/CVE-2024-11252-Sassy-Social-Share-XSS](https://github.com/reinh3rz/CVE-2024-11252-Sassy-Social-Share-XSS) +### CVE-2024-11281 (2024-12-25) + +The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account. + + +- [McTavishSue/CVE-2024-11281](https://github.com/McTavishSue/CVE-2024-11281) + ### CVE-2024-11318 (2024-11-18) An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint. @@ -7170,6 +7178,8 @@ - [SleepingBag945/CVE-2024-50379](https://github.com/SleepingBag945/CVE-2024-50379) - [dear-cell/CVE-2024-50379](https://github.com/dear-cell/CVE-2024-50379) - [lizhianyuguangming/CVE-2024-50379-exp](https://github.com/lizhianyuguangming/CVE-2024-50379-exp) +- [dragonked2/CVE-2024-50379-POC](https://github.com/dragonked2/CVE-2024-50379-POC) +- [bigb0x/CVE-2024-50379](https://github.com/bigb0x/CVE-2024-50379) ### CVE-2024-50395 (2024-11-22) @@ -48910,6 +48920,7 @@ - [AnugiArrawwala/CVE-Research](https://github.com/AnugiArrawwala/CVE-Research) - [Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exploit](https://github.com/Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exploit) - [everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-](https://github.com/everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-) +- [NullBrunk/CVE-2011-2523](https://github.com/NullBrunk/CVE-2011-2523) ### CVE-2011-2894 (2011-10-04)