From a58de07c8d1e8b618f25d3144309ee67c4d4d878 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Fri, 1 May 2020 18:07:31 +0900 Subject: [PATCH] Auto Update 2020/05/01 18:07:31 --- 2009/CVE-2009-1330.json | 46 ++++++++++++++++++++++++++++++++++++++++ 2014/CVE-2014-7169.json | 4 ++-- 2017/CVE-2017-12149.json | 8 +++---- 2017/CVE-2017-5638.json | 8 +++---- 2019/CVE-2019-12409.json | 8 +++---- 2019/CVE-2019-16278.json | 16 +++++++------- 2019/CVE-2019-19781.json | 8 +++---- 2019/CVE-2019-2215.json | 4 ++-- 2020/CVE-2020-0668.json | 8 +++---- 2020/CVE-2020-0796.json | 8 +++---- 2020/CVE-2020-1938.json | 8 +++---- 2020/CVE-2020-3952.json | 8 +++---- README.md | 36 ++++++++++++++++++++++++++++++- 13 files changed, 125 insertions(+), 45 deletions(-) diff --git a/2009/CVE-2009-1330.json b/2009/CVE-2009-1330.json index 339186b574..39109d701a 100644 --- a/2009/CVE-2009-1330.json +++ b/2009/CVE-2009-1330.json @@ -1,4 +1,27 @@ [ + { + "id": 163585014, + "name": "CVE-2009-1330", + "full_name": "adenkiewicz\/CVE-2009-1330", + "owner": { + "login": "adenkiewicz", + "id": 1060275, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/1060275?v=4", + "html_url": "https:\/\/github.com\/adenkiewicz" + }, + "html_url": "https:\/\/github.com\/adenkiewicz\/CVE-2009-1330", + "description": "Simple exploit for Easy RM to MP3 Converter 2.7.3.700 on Windows 7 32b.", + "fork": false, + "created_at": "2018-12-30T12:17:08Z", + "updated_at": "2018-12-31T10:09:34Z", + "pushed_at": "2018-12-31T09:59:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 164236833, "name": "CVE-2009-1330", @@ -21,5 +44,28 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 171340357, + "name": "CVE-2009-1330_EasyRMToMp3Converter", + "full_name": "exploitwritter\/CVE-2009-1330_EasyRMToMp3Converter", + "owner": { + "login": "exploitwritter", + "id": 47488127, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/47488127?v=4", + "html_url": "https:\/\/github.com\/exploitwritter" + }, + "html_url": "https:\/\/github.com\/exploitwritter\/CVE-2009-1330_EasyRMToMp3Converter", + "description": "Easy RM to MP3 Converter es un software que sufre de una vulnerabiliad de desbordamiento de buffer basada en la pila o StackBufferOverflow lo cual puede permite a los atacantes remotos ejecutar código arbitrario a través de un nombre de archivo largo en un archivo de lista de reproducción (.pls)", + "fork": false, + "created_at": "2019-02-18T19:07:02Z", + "updated_at": "2019-02-28T20:19:32Z", + "pushed_at": "2019-02-28T20:19:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2014/CVE-2014-7169.json b/2014/CVE-2014-7169.json index 16311e22e1..536c2579c4 100644 --- a/2014/CVE-2014-7169.json +++ b/2014/CVE-2014-7169.json @@ -17,8 +17,8 @@ "pushed_at": "2017-04-25T06:31:01Z", "stargazers_count": 5, "watchers_count": 5, - "forks_count": 2, - "forks": 2, + "forks_count": 1, + "forks": 1, "watchers": 5, "score": 0 }, diff --git a/2017/CVE-2017-12149.json b/2017/CVE-2017-12149.json index 9936b6140a..ba611384d5 100644 --- a/2017/CVE-2017-12149.json +++ b/2017/CVE-2017-12149.json @@ -36,13 +36,13 @@ "description": "CVE-2017-12149 jboss反序列化 可回显", "fork": false, "created_at": "2017-11-28T02:52:47Z", - "updated_at": "2020-04-29T02:45:07Z", + "updated_at": "2020-05-01T05:14:39Z", "pushed_at": "2019-03-13T08:57:50Z", - "stargazers_count": 92, - "watchers_count": 92, + "stargazers_count": 93, + "watchers_count": 93, "forks_count": 33, "forks": 33, - "watchers": 92, + "watchers": 93, "score": 0 }, { diff --git a/2017/CVE-2017-5638.json b/2017/CVE-2017-5638.json index cb85a4b65d..0f3822b734 100644 --- a/2017/CVE-2017-5638.json +++ b/2017/CVE-2017-5638.json @@ -715,14 +715,14 @@ { "id": 92664422, "name": "Apache-Struts", - "full_name": "Reslient\/Apache-Struts", + "full_name": "NyaMeeEain\/Apache-Struts", "owner": { - "login": "Reslient", + "login": "NyaMeeEain", "id": 28331671, "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/28331671?v=4", - "html_url": "https:\/\/github.com\/Reslient" + "html_url": "https:\/\/github.com\/NyaMeeEain" }, - "html_url": "https:\/\/github.com\/Reslient\/Apache-Struts", + "html_url": "https:\/\/github.com\/NyaMeeEain\/Apache-Struts", "description": " An exploit for Apache Struts CVE-2017-5638", "fork": false, "created_at": "2017-05-28T13:56:59Z", diff --git a/2019/CVE-2019-12409.json b/2019/CVE-2019-12409.json index aa1ff58cb0..f2176015d3 100644 --- a/2019/CVE-2019-12409.json +++ b/2019/CVE-2019-12409.json @@ -13,13 +13,13 @@ "description": "Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS=\"true\")", "fork": false, "created_at": "2019-11-19T08:53:56Z", - "updated_at": "2020-04-27T11:24:05Z", + "updated_at": "2020-05-01T06:05:15Z", "pushed_at": "2019-11-19T09:18:00Z", - "stargazers_count": 84, - "watchers_count": 84, + "stargazers_count": 85, + "watchers_count": 85, "forks_count": 25, "forks": 25, - "watchers": 84, + "watchers": 85, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-16278.json b/2019/CVE-2019-16278.json index 28e1351a71..7ca09f3789 100644 --- a/2019/CVE-2019-16278.json +++ b/2019/CVE-2019-16278.json @@ -36,13 +36,13 @@ "description": "CVE-2019-16728 Proof of Concept", "fork": false, "created_at": "2019-10-15T09:22:36Z", - "updated_at": "2020-04-24T12:52:02Z", + "updated_at": "2020-05-01T05:50:43Z", "pushed_at": "2019-10-15T09:28:25Z", - "stargazers_count": 6, - "watchers_count": 6, - "forks_count": 0, - "forks": 0, - "watchers": 6, + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 1, + "forks": 1, + "watchers": 7, "score": 0 }, { @@ -63,8 +63,8 @@ "pushed_at": "2020-01-11T07:25:38Z", "stargazers_count": 3, "watchers_count": 3, - "forks_count": 3, - "forks": 3, + "forks_count": 4, + "forks": 4, "watchers": 3, "score": 0 }, diff --git a/2019/CVE-2019-19781.json b/2019/CVE-2019-19781.json index 5a9fde9515..4eaf90e3e0 100644 --- a/2019/CVE-2019-19781.json +++ b/2019/CVE-2019-19781.json @@ -105,13 +105,13 @@ "description": "Citrix ADC Remote Code Execution", "fork": false, "created_at": "2020-01-11T03:10:12Z", - "updated_at": "2020-04-29T04:55:19Z", + "updated_at": "2020-05-01T06:03:56Z", "pushed_at": "2020-01-11T14:03:52Z", - "stargazers_count": 66, - "watchers_count": 66, + "stargazers_count": 67, + "watchers_count": 67, "forks_count": 16, "forks": 16, - "watchers": 66, + "watchers": 67, "score": 0 }, { diff --git a/2019/CVE-2019-2215.json b/2019/CVE-2019-2215.json index 3ef4cd34a2..69c3508455 100644 --- a/2019/CVE-2019-2215.json +++ b/2019/CVE-2019-2215.json @@ -63,8 +63,8 @@ "pushed_at": "2019-10-15T01:04:08Z", "stargazers_count": 46, "watchers_count": 46, - "forks_count": 33, - "forks": 33, + "forks_count": 34, + "forks": 34, "watchers": 46, "score": 0 }, diff --git a/2020/CVE-2020-0668.json b/2020/CVE-2020-0668.json index 1b5caa20ad..ff94549726 100644 --- a/2020/CVE-2020-0668.json +++ b/2020/CVE-2020-0668.json @@ -36,13 +36,13 @@ "description": "Use CVE-2020-0668 to perform an arbitrary privileged file move operation.", "fork": false, "created_at": "2020-02-20T06:22:40Z", - "updated_at": "2020-04-30T18:05:56Z", + "updated_at": "2020-05-01T09:00:51Z", "pushed_at": "2020-02-20T11:03:18Z", - "stargazers_count": 163, - "watchers_count": 163, + "stargazers_count": 165, + "watchers_count": 165, "forks_count": 39, "forks": 39, - "watchers": 163, + "watchers": 165, "score": 0 }, { diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index 4a0293ef57..c7e9fdc220 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -956,13 +956,13 @@ "description": "CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost", "fork": false, "created_at": "2020-03-30T11:42:56Z", - "updated_at": "2020-05-01T02:43:24Z", + "updated_at": "2020-05-01T06:02:04Z", "pushed_at": "2020-04-08T19:27:07Z", - "stargazers_count": 850, - "watchers_count": 850, + "stargazers_count": 851, + "watchers_count": 851, "forks_count": 245, "forks": 245, - "watchers": 850, + "watchers": 851, "score": 0 }, { diff --git a/2020/CVE-2020-1938.json b/2020/CVE-2020-1938.json index 639a0968b6..25fb3f0d68 100644 --- a/2020/CVE-2020-1938.json +++ b/2020/CVE-2020-1938.json @@ -13,13 +13,13 @@ "description": "CVE-2020-1938", "fork": false, "created_at": "2020-02-20T16:32:52Z", - "updated_at": "2020-04-27T11:24:59Z", + "updated_at": "2020-05-01T06:03:09Z", "pushed_at": "2020-02-25T02:04:16Z", - "stargazers_count": 159, - "watchers_count": 159, + "stargazers_count": 160, + "watchers_count": 160, "forks_count": 88, "forks": 88, - "watchers": 159, + "watchers": 160, "score": 0 }, { diff --git a/2020/CVE-2020-3952.json b/2020/CVE-2020-3952.json index 7b6e8c0531..a4c8f3d6ab 100644 --- a/2020/CVE-2020-3952.json +++ b/2020/CVE-2020-3952.json @@ -59,13 +59,13 @@ "description": "Exploit for CVE-2020-3952 in vCenter 6.7", "fork": false, "created_at": "2020-04-16T07:40:51Z", - "updated_at": "2020-04-30T01:13:07Z", + "updated_at": "2020-05-01T04:12:04Z", "pushed_at": "2020-04-16T08:38:42Z", - "stargazers_count": 180, - "watchers_count": 180, + "stargazers_count": 181, + "watchers_count": 181, "forks_count": 33, "forks": 33, - "watchers": 180, + "watchers": 181, "score": 0 }, { diff --git a/README.md b/README.md index 22ca06ead3..cfe543bd0d 100644 --- a/README.md +++ b/README.md @@ -8520,7 +8520,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be - [Aasron/Struts2-045-Exp](https://github.com/Aasron/Struts2-045-Exp) - [SpiderMate/Stutsfi](https://github.com/SpiderMate/Stutsfi) - [jpacora/Struts2Shell](https://github.com/jpacora/Struts2Shell) -- [Reslient/Apache-Struts](https://github.com/Reslient/Apache-Struts) +- [NyaMeeEain/Apache-Struts](https://github.com/NyaMeeEain/Apache-Struts) - [AndreasKl/CVE-2017-5638](https://github.com/AndreasKl/CVE-2017-5638) - [riyazwalikar/struts-rce-cve-2017-5638](https://github.com/riyazwalikar/struts-rce-cve-2017-5638) - [homjxi0e/CVE-2017-5638](https://github.com/homjxi0e/CVE-2017-5638) @@ -12742,6 +12742,14 @@ Open redirect vulnerability in the web interface in the Rockwell Automation Cont - [akbarq/CVE-2009-0473](https://github.com/akbarq/CVE-2009-0473) +### CVE-2009-0689 + + +Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. + + +- [Fullmetal5/str2hax](https://github.com/Fullmetal5/str2hax) + ### CVE-2009-1151 @@ -12750,13 +12758,31 @@ Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.1 - [minervais/pocs](https://github.com/minervais/pocs) +### CVE-2009-1244 + + +Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916. + + +- [piotrbania/vmware_exploit_pack_CVE-2009-1244](https://github.com/piotrbania/vmware_exploit_pack_CVE-2009-1244) + +### CVE-2009-1324 + + +Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file. + + +- [war4uthor/CVE-2009-1324](https://github.com/war4uthor/CVE-2009-1324) + ### CVE-2009-1330 Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file. +- [adenkiewicz/CVE-2009-1330](https://github.com/adenkiewicz/CVE-2009-1330) - [war4uthor/CVE-2009-1330](https://github.com/war4uthor/CVE-2009-1330) +- [exploitwritter/CVE-2009-1330_EasyRMToMp3Converter](https://github.com/exploitwritter/CVE-2009-1330_EasyRMToMp3Converter) ### CVE-2009-1437 @@ -12782,6 +12808,14 @@ The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not in - [jdvalentini/CVE-2009-2692](https://github.com/jdvalentini/CVE-2009-2692) +### CVE-2009-2698 + + +The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. + + +- [xiaoxiaoleo/CVE-2009-2698](https://github.com/xiaoxiaoleo/CVE-2009-2698) + ### CVE-2009-3103