From aa467a643fd556a35f36f503f26f946313199147 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Mon, 28 Sep 2020 00:08:56 +0900 Subject: [PATCH] Auto Update 2020/09/28 00:08:56 --- 2014/CVE-2014-0160.json | 8 +- 2014/CVE-2014-0472.json | 4 +- 2017/CVE-2017-8464.json | 24 ++-- 2018/CVE-2018-14847.json | 4 +- 2018/CVE-2018-6396.json | 4 +- 2019/CVE-2019-0192.json | 23 ++++ 2019/CVE-2019-0193.json | 23 ++++ 2019/CVE-2019-0604.json | 46 +++++++ 2019/CVE-2019-0708.json | 4 +- 2019/CVE-2019-0808.json | 23 ++++ 2019/CVE-2019-0841.json | 46 +++++++ 2019/CVE-2019-1002101.json | 25 ++++ 2019/CVE-2019-1003000.json | 46 +++++++ 2019/CVE-2019-11076.json | 25 ++++ 2019/CVE-2019-1405.json | 8 +- 2019/CVE-2019-1652.json | 25 ++++ 2019/CVE-2019-1653.json | 48 +++++++ 2019/CVE-2019-17558.json | 8 +- 2019/CVE-2019-1987.json | 25 ++++ 2019/CVE-2019-2618.json | 8 +- 2019/CVE-2019-3396.json | 115 +++++++++++++++++ 2019/CVE-2019-3462.json | 48 +++++++ 2019/CVE-2019-5418.json | 115 +++++++++++++++++ 2019/CVE-2019-5420.json | 48 +++++++ 2019/CVE-2019-5736.json | 253 +++++++++++++++++++++++++++++++++++++ 2019/CVE-2019-5737.json | 25 ++++ 2019/CVE-2019-5786.json | 25 ++++ 2019/CVE-2019-5893.json | 25 ++++ 2019/CVE-2019-6225.json | 46 +++++++ 2019/CVE-2019-6249.json | 25 ++++ 2019/CVE-2019-6263.json | 25 ++++ 2019/CVE-2019-6340.json | 138 ++++++++++++++++++++ 2019/CVE-2019-6440.json | 25 ++++ 2019/CVE-2019-6447.json | 23 ++++ 2019/CVE-2019-6453.json | 23 ++++ 2019/CVE-2019-6487.json | 25 ++++ 2019/CVE-2019-6690.json | 23 ++++ 2019/CVE-2019-7216.json | 25 ++++ 2019/CVE-2019-7219.json | 25 ++++ 2019/CVE-2019-7238.json | 23 ++++ 2019/CVE-2019-7304.json | 23 ++++ 2019/CVE-2019-7642.json | 25 ++++ 2019/CVE-2019-8389.json | 25 ++++ 2019/CVE-2019-8942.json | 23 ++++ 2019/CVE-2019-9184.json | 25 ++++ 2019/CVE-2019-9194.json | 25 ++++ 2019/CVE-2019-9580.json | 25 ++++ 2019/CVE-2019-9653.json | 25 ++++ 2019/CVE-2019-9673.json | 25 ++++ 2019/CVE-2019-9729.json | 25 ++++ 2019/CVE-2019-9810.json | 23 ++++ 2020/CVE-2020-0668.json | 8 +- 2020/CVE-2020-0796.json | 16 +-- 2020/CVE-2020-14645.json | 4 +- 2020/CVE-2020-1472.json | 16 +-- 2020/CVE-2020-17382.json | 8 +- 2020/CVE-2020-25270.json | 8 +- 2020/CVE-2020-25272.json | 8 +- 2020/CVE-2020-3433.json | 12 +- 2020/CVE-2020-5902.json | 8 +- 2020/CVE-2020-6287.json | 8 +- README.md | 240 +++++++++++++++++++++++++++++++++++ 62 files changed, 2028 insertions(+), 84 deletions(-) create mode 100644 2019/CVE-2019-1002101.json create mode 100644 2019/CVE-2019-11076.json create mode 100644 2019/CVE-2019-1652.json create mode 100644 2019/CVE-2019-1653.json create mode 100644 2019/CVE-2019-1987.json create mode 100644 2019/CVE-2019-3462.json create mode 100644 2019/CVE-2019-5420.json create mode 100644 2019/CVE-2019-5737.json create mode 100644 2019/CVE-2019-5786.json create mode 100644 2019/CVE-2019-5893.json create mode 100644 2019/CVE-2019-6249.json create mode 100644 2019/CVE-2019-6263.json create mode 100644 2019/CVE-2019-6440.json create mode 100644 2019/CVE-2019-6487.json create mode 100644 2019/CVE-2019-7216.json create mode 100644 2019/CVE-2019-7219.json create mode 100644 2019/CVE-2019-7642.json create mode 100644 2019/CVE-2019-8389.json create mode 100644 2019/CVE-2019-9184.json create mode 100644 2019/CVE-2019-9194.json create mode 100644 2019/CVE-2019-9580.json create mode 100644 2019/CVE-2019-9653.json create mode 100644 2019/CVE-2019-9673.json create mode 100644 2019/CVE-2019-9729.json diff --git a/2014/CVE-2014-0160.json b/2014/CVE-2014-0160.json index 05732d7ea6..d53ee94360 100644 --- a/2014/CVE-2014-0160.json +++ b/2014/CVE-2014-0160.json @@ -36,13 +36,13 @@ "description": "OpenSSL CVE-2014-0160 Heartbleed vulnerability test", "fork": false, "created_at": "2014-04-08T04:25:23Z", - "updated_at": "2020-05-25T15:56:29Z", + "updated_at": "2020-09-27T13:03:07Z", "pushed_at": "2014-05-27T22:32:26Z", - "stargazers_count": 450, - "watchers_count": 450, + "stargazers_count": 449, + "watchers_count": 449, "forks_count": 97, "forks": 97, - "watchers": 450, + "watchers": 449, "score": 0 }, { diff --git a/2014/CVE-2014-0472.json b/2014/CVE-2014-0472.json index d09706e715..10d4d641e1 100644 --- a/2014/CVE-2014-0472.json +++ b/2014/CVE-2014-0472.json @@ -13,8 +13,8 @@ "description": "CVE-2014-0472 Django unexpected code execution using reverse()", "fork": false, "created_at": "2020-09-23T16:21:57Z", - "updated_at": "2020-09-27T06:16:30Z", - "pushed_at": "2020-09-23T16:25:07Z", + "updated_at": "2020-09-27T10:27:15Z", + "pushed_at": "2020-09-27T10:27:13Z", "stargazers_count": 1, "watchers_count": 1, "forks_count": 0, diff --git a/2017/CVE-2017-8464.json b/2017/CVE-2017-8464.json index 6bef1101c5..3442577f08 100644 --- a/2017/CVE-2017-8464.json +++ b/2017/CVE-2017-8464.json @@ -13,13 +13,13 @@ "description": null, "fork": false, "created_at": "2016-02-24T17:36:29Z", - "updated_at": "2019-01-03T09:34:02Z", + "updated_at": "2020-09-27T13:06:39Z", "pushed_at": "2017-09-20T23:50:54Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "forks_count": 2, "forks": 2, - "watchers": 2, + "watchers": 3, "score": 0 }, { @@ -36,13 +36,13 @@ "description": "Support x86 and x64", "fork": false, "created_at": "2017-08-02T02:14:37Z", - "updated_at": "2020-08-06T06:13:16Z", + "updated_at": "2020-09-27T13:06:35Z", "pushed_at": "2017-10-09T01:01:20Z", - "stargazers_count": 62, - "watchers_count": 62, + "stargazers_count": 63, + "watchers_count": 63, "forks_count": 31, "forks": 31, - "watchers": 62, + "watchers": 63, "score": 0 }, { @@ -59,13 +59,13 @@ "description": "this tool can generate a exp for cve-2017-8486, it is developed by python", "fork": false, "created_at": "2017-08-07T11:56:11Z", - "updated_at": "2019-09-09T08:55:00Z", + "updated_at": "2020-09-27T13:06:43Z", "pushed_at": "2017-08-07T12:42:33Z", - "stargazers_count": 5, - "watchers_count": 5, + "stargazers_count": 6, + "watchers_count": 6, "forks_count": 6, "forks": 6, - "watchers": 5, + "watchers": 6, "score": 0 }, { diff --git a/2018/CVE-2018-14847.json b/2018/CVE-2018-14847.json index 191ed7ef78..74a52fab7e 100644 --- a/2018/CVE-2018-14847.json +++ b/2018/CVE-2018-14847.json @@ -17,8 +17,8 @@ "pushed_at": "2020-09-24T06:09:14Z", "stargazers_count": 385, "watchers_count": 385, - "forks_count": 349, - "forks": 349, + "forks_count": 350, + "forks": 350, "watchers": 385, "score": 0 }, diff --git a/2018/CVE-2018-6396.json b/2018/CVE-2018-6396.json index 8f9b21f343..684ac62d1e 100644 --- a/2018/CVE-2018-6396.json +++ b/2018/CVE-2018-6396.json @@ -17,8 +17,8 @@ "pushed_at": "2018-03-07T20:13:21Z", "stargazers_count": 8, "watchers_count": 8, - "forks_count": 2, - "forks": 2, + "forks_count": 3, + "forks": 3, "watchers": 8, "score": 0 } diff --git a/2019/CVE-2019-0192.json b/2019/CVE-2019-0192.json index c02f842147..403b370939 100644 --- a/2019/CVE-2019-0192.json +++ b/2019/CVE-2019-0192.json @@ -1,4 +1,27 @@ [ + { + "id": 174814901, + "name": "CVE-2019-0192", + "full_name": "mpgn\/CVE-2019-0192", + "owner": { + "login": "mpgn", + "id": 5891788, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/5891788?v=4", + "html_url": "https:\/\/github.com\/mpgn" + }, + "html_url": "https:\/\/github.com\/mpgn\/CVE-2019-0192", + "description": "RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl", + "fork": false, + "created_at": "2019-03-10T11:35:26Z", + "updated_at": "2020-09-10T07:47:39Z", + "pushed_at": "2019-03-10T18:33:43Z", + "stargazers_count": 209, + "watchers_count": 209, + "forks_count": 60, + "forks": 60, + "watchers": 209, + "score": 0 + }, { "id": 218993619, "name": "Solr-RCE-CVE-2019-0192", diff --git a/2019/CVE-2019-0193.json b/2019/CVE-2019-0193.json index fa92c3e342..ad1ae91006 100644 --- a/2019/CVE-2019-0193.json +++ b/2019/CVE-2019-0193.json @@ -1,4 +1,27 @@ [ + { + "id": 176290079, + "name": "CVE-2019-0193", + "full_name": "xConsoIe\/CVE-2019-0193", + "owner": { + "login": "xConsoIe", + "id": 48456709, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/48456709?v=4", + "html_url": "https:\/\/github.com\/xConsoIe" + }, + "html_url": "https:\/\/github.com\/xConsoIe\/CVE-2019-0193", + "description": null, + "fork": false, + "created_at": "2019-03-18T13:18:01Z", + "updated_at": "2020-08-23T10:28:32Z", + "pushed_at": "2019-03-18T13:22:48Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 7, + "forks": 7, + "watchers": 7, + "score": 0 + }, { "id": 201405406, "name": "CVE-2019-0193", diff --git a/2019/CVE-2019-0604.json b/2019/CVE-2019-0604.json index 78b318b1e6..a85885bec5 100644 --- a/2019/CVE-2019-0604.json +++ b/2019/CVE-2019-0604.json @@ -1,4 +1,50 @@ [ + { + "id": 177246255, + "name": "CVE-2019-0604", + "full_name": "linhlhq\/CVE-2019-0604", + "owner": { + "login": "linhlhq", + "id": 28854132, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/28854132?v=4", + "html_url": "https:\/\/github.com\/linhlhq" + }, + "html_url": "https:\/\/github.com\/linhlhq\/CVE-2019-0604", + "description": "CVE-2019-0604", + "fork": false, + "created_at": "2019-03-23T05:01:54Z", + "updated_at": "2020-08-03T17:08:15Z", + "pushed_at": "2019-03-22T05:45:44Z", + "stargazers_count": 126, + "watchers_count": 126, + "forks_count": 75, + "forks": 75, + "watchers": 126, + "score": 0 + }, + { + "id": 179413290, + "name": "CVE-2019-0604_sharepoint_CVE", + "full_name": "likescam\/CVE-2019-0604_sharepoint_CVE", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2019-0604_sharepoint_CVE", + "description": null, + "fork": false, + "created_at": "2019-04-04T03:17:30Z", + "updated_at": "2019-04-04T03:17:59Z", + "pushed_at": "2019-04-04T03:17:57Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 3, + "forks": 3, + "watchers": 0, + "score": 0 + }, { "id": 193926769, "name": "CVE-2019-0604", diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index c6e1473af1..52235586ff 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -2340,8 +2340,8 @@ "pushed_at": "2019-10-16T01:04:12Z", "stargazers_count": 165, "watchers_count": 165, - "forks_count": 59, - "forks": 59, + "forks_count": 60, + "forks": 60, "watchers": 165, "score": 0 }, diff --git a/2019/CVE-2019-0808.json b/2019/CVE-2019-0808.json index cc38158187..81a1b370f8 100644 --- a/2019/CVE-2019-0808.json +++ b/2019/CVE-2019-0808.json @@ -1,4 +1,27 @@ [ + { + "id": 177576776, + "name": "cve-2019-0808-poc", + "full_name": "ze0r\/cve-2019-0808-poc", + "owner": { + "login": "ze0r", + "id": 43227253, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/43227253?v=4", + "html_url": "https:\/\/github.com\/ze0r" + }, + "html_url": "https:\/\/github.com\/ze0r\/cve-2019-0808-poc", + "description": "cve-2019-0808-poc", + "fork": false, + "created_at": "2019-03-25T11:53:35Z", + "updated_at": "2020-06-07T11:49:31Z", + "pushed_at": "2019-03-25T12:10:40Z", + "stargazers_count": 39, + "watchers_count": 39, + "forks_count": 17, + "forks": 17, + "watchers": 39, + "score": 0 + }, { "id": 182577297, "name": "CVE-2019-0808", diff --git a/2019/CVE-2019-0841.json b/2019/CVE-2019-0841.json index ccd8e833f6..530727c50f 100644 --- a/2019/CVE-2019-0841.json +++ b/2019/CVE-2019-0841.json @@ -1,4 +1,50 @@ [ + { + "id": 179680988, + "name": "CVE-2019-0841", + "full_name": "rogue-kdc\/CVE-2019-0841", + "owner": { + "login": "rogue-kdc", + "id": 49311295, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/49311295?v=4", + "html_url": "https:\/\/github.com\/rogue-kdc" + }, + "html_url": "https:\/\/github.com\/rogue-kdc\/CVE-2019-0841", + "description": "PoC code for CVE-2019-0841 Privilege Escalation vulnerability", + "fork": false, + "created_at": "2019-04-05T12:53:52Z", + "updated_at": "2020-07-09T02:13:28Z", + "pushed_at": "2019-04-09T16:49:19Z", + "stargazers_count": 219, + "watchers_count": 219, + "forks_count": 97, + "forks": 97, + "watchers": 219, + "score": 0 + }, + { + "id": 180605162, + "name": "CVE-2019-0841", + "full_name": "likescam\/CVE-2019-0841", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2019-0841", + "description": null, + "fork": false, + "created_at": "2019-04-10T14:58:22Z", + "updated_at": "2019-05-26T06:57:44Z", + "pushed_at": "2019-04-10T14:58:49Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + }, { "id": 191441504, "name": "CVE-2019-0841-BYPASS", diff --git a/2019/CVE-2019-1002101.json b/2019/CVE-2019-1002101.json new file mode 100644 index 0000000000..e2c4167a02 --- /dev/null +++ b/2019/CVE-2019-1002101.json @@ -0,0 +1,25 @@ +[ + { + "id": 179330253, + "name": "CVE-2019-1002101-Helpers", + "full_name": "brompwnie\/CVE-2019-1002101-Helpers", + "owner": { + "login": "brompwnie", + "id": 8638589, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/8638589?v=4", + "html_url": "https:\/\/github.com\/brompwnie" + }, + "html_url": "https:\/\/github.com\/brompwnie\/CVE-2019-1002101-Helpers", + "description": "PoC helper scripts and Dockerfile for CVE-2019-1002101", + "fork": false, + "created_at": "2019-04-03T16:36:58Z", + "updated_at": "2020-07-14T14:11:03Z", + "pushed_at": "2019-04-03T17:35:03Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 5, + "forks": 5, + "watchers": 5, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-1003000.json b/2019/CVE-2019-1003000.json index 05f669acb6..0cc8c276ef 100644 --- a/2019/CVE-2019-1003000.json +++ b/2019/CVE-2019-1003000.json @@ -22,6 +22,52 @@ "watchers": 50, "score": 0 }, + { + "id": 170809838, + "name": "cve-2019-1003000-jenkins-rce-poc", + "full_name": "adamyordan\/cve-2019-1003000-jenkins-rce-poc", + "owner": { + "login": "adamyordan", + "id": 9531164, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/9531164?v=4", + "html_url": "https:\/\/github.com\/adamyordan" + }, + "html_url": "https:\/\/github.com\/adamyordan\/cve-2019-1003000-jenkins-rce-poc", + "description": "Jenkins RCE Proof-of-Concept: SECURITY-1266 \/ CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)", + "fork": false, + "created_at": "2019-02-15T05:59:24Z", + "updated_at": "2020-09-21T08:10:26Z", + "pushed_at": "2019-04-01T13:19:49Z", + "stargazers_count": 267, + "watchers_count": 267, + "forks_count": 81, + "forks": 81, + "watchers": 267, + "score": 0 + }, + { + "id": 172198653, + "name": "CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins", + "full_name": "0xtavian\/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins", + "owner": { + "login": "0xtavian", + "id": 21030907, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/21030907?v=4", + "html_url": "https:\/\/github.com\/0xtavian" + }, + "html_url": "https:\/\/github.com\/0xtavian\/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins", + "description": "Python CVE-2019-1003000 and CVE-2018-1999002 Pre-Auth RCE Jenkins ", + "fork": false, + "created_at": "2019-02-23T10:00:03Z", + "updated_at": "2020-04-20T00:16:50Z", + "pushed_at": "2019-02-23T10:01:26Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 3, + "forks": 3, + "watchers": 7, + "score": 0 + }, { "id": 183322760, "name": "CVE-2019-1003000_RCE-DETECTION", diff --git a/2019/CVE-2019-11076.json b/2019/CVE-2019-11076.json new file mode 100644 index 0000000000..e318aba139 --- /dev/null +++ b/2019/CVE-2019-11076.json @@ -0,0 +1,25 @@ +[ + { + "id": 180679185, + "name": "poc-cribl-rce", + "full_name": "livehybrid\/poc-cribl-rce", + "owner": { + "login": "livehybrid", + "id": 5527349, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/5527349?v=4", + "html_url": "https:\/\/github.com\/livehybrid" + }, + "html_url": "https:\/\/github.com\/livehybrid\/poc-cribl-rce", + "description": "CVE-2019-11076 - Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request", + "fork": false, + "created_at": "2019-04-10T23:31:39Z", + "updated_at": "2020-03-15T20:21:00Z", + "pushed_at": "2019-04-11T12:50:39Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 0, + "forks": 0, + "watchers": 5, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-1405.json b/2019/CVE-2019-1405.json index 1c54e0d297..9db96ed041 100644 --- a/2019/CVE-2019-1405.json +++ b/2019/CVE-2019-1405.json @@ -13,13 +13,13 @@ "description": "Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322", "fork": false, "created_at": "2019-11-13T16:34:03Z", - "updated_at": "2020-09-19T20:59:44Z", + "updated_at": "2020-09-27T10:35:06Z", "pushed_at": "2019-11-14T14:16:54Z", - "stargazers_count": 250, - "watchers_count": 250, + "stargazers_count": 251, + "watchers_count": 251, "forks_count": 62, "forks": 62, - "watchers": 250, + "watchers": 251, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-1652.json b/2019/CVE-2019-1652.json new file mode 100644 index 0000000000..724df17754 --- /dev/null +++ b/2019/CVE-2019-1652.json @@ -0,0 +1,25 @@ +[ + { + "id": 167347037, + "name": "CiscoRV320Dump", + "full_name": "0x27\/CiscoRV320Dump", + "owner": { + "login": "0x27", + "id": 9094330, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/9094330?v=4", + "html_url": "https:\/\/github.com\/0x27" + }, + "html_url": "https:\/\/github.com\/0x27\/CiscoRV320Dump", + "description": "CVE-2019-1652 \/CVE-2019-1653 Exploits For Dumping Cisco RV320 Configurations & Debugging Data AND Remote Root Exploit!", + "fork": false, + "created_at": "2019-01-24T10:12:44Z", + "updated_at": "2020-08-25T05:16:28Z", + "pushed_at": "2019-02-08T12:38:05Z", + "stargazers_count": 196, + "watchers_count": 196, + "forks_count": 63, + "forks": 63, + "watchers": 196, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-1653.json b/2019/CVE-2019-1653.json new file mode 100644 index 0000000000..7f6c86397b --- /dev/null +++ b/2019/CVE-2019-1653.json @@ -0,0 +1,48 @@ +[ + { + "id": 168361115, + "name": "CVE-2019-1653", + "full_name": "dubfr33\/CVE-2019-1653", + "owner": { + "login": "dubfr33", + "id": 20056018, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/20056018?v=4", + "html_url": "https:\/\/github.com\/dubfr33" + }, + "html_url": "https:\/\/github.com\/dubfr33\/CVE-2019-1653", + "description": "NSE script to scan for Cisco routers vulnerable to CVE-2019-1653", + "fork": false, + "created_at": "2019-01-30T14:58:48Z", + "updated_at": "2020-04-21T04:04:11Z", + "pushed_at": "2019-01-30T15:01:41Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + }, + { + "id": 178810790, + "name": "CiscoSpill", + "full_name": "shaheemirza\/CiscoSpill", + "owner": { + "login": "shaheemirza", + "id": 4853436, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/4853436?v=4", + "html_url": "https:\/\/github.com\/shaheemirza" + }, + "html_url": "https:\/\/github.com\/shaheemirza\/CiscoSpill", + "description": "Just a PoC tool to extract password using CVE-2019-1653.", + "fork": false, + "created_at": "2019-04-01T07:40:01Z", + "updated_at": "2019-04-02T04:57:33Z", + "pushed_at": "2019-04-01T07:50:48Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 3, + "forks": 3, + "watchers": 3, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index affad44ca3..3b7487e20f 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -36,13 +36,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-09-27T05:45:44Z", + "updated_at": "2020-09-27T11:15:00Z", "pushed_at": "2020-08-03T04:37:30Z", - "stargazers_count": 1892, - "watchers_count": 1892, + "stargazers_count": 1893, + "watchers_count": 1893, "forks_count": 492, "forks": 492, - "watchers": 1892, + "watchers": 1893, "score": 0 }, { diff --git a/2019/CVE-2019-1987.json b/2019/CVE-2019-1987.json new file mode 100644 index 0000000000..ad77b08c9b --- /dev/null +++ b/2019/CVE-2019-1987.json @@ -0,0 +1,25 @@ +[ + { + "id": 171108223, + "name": "android-7-9-png-bug", + "full_name": "marcinguy\/android-7-9-png-bug", + "owner": { + "login": "marcinguy", + "id": 20355405, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/20355405?v=4", + "html_url": "https:\/\/github.com\/marcinguy" + }, + "html_url": "https:\/\/github.com\/marcinguy\/android-7-9-png-bug", + "description": "CVE-2019-1987", + "fork": false, + "created_at": "2019-02-17T10:22:01Z", + "updated_at": "2020-05-18T10:42:55Z", + "pushed_at": "2019-03-02T19:54:06Z", + "stargazers_count": 12, + "watchers_count": 12, + "forks_count": 4, + "forks": 4, + "watchers": 12, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-2618.json b/2019/CVE-2019-2618.json index 03204797c0..1d19977b05 100644 --- a/2019/CVE-2019-2618.json +++ b/2019/CVE-2019-2618.json @@ -82,13 +82,13 @@ "description": "增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618,CVE-2019-2729检测,Python3支持", "fork": false, "created_at": "2019-06-21T09:22:43Z", - "updated_at": "2020-09-25T13:29:26Z", + "updated_at": "2020-09-27T10:18:46Z", "pushed_at": "2020-04-26T10:49:25Z", - "stargazers_count": 639, - "watchers_count": 639, + "stargazers_count": 640, + "watchers_count": 640, "forks_count": 135, "forks": 135, - "watchers": 639, + "watchers": 640, "score": 0 }, { diff --git a/2019/CVE-2019-3396.json b/2019/CVE-2019-3396.json index e8b7c992ef..232b877208 100644 --- a/2019/CVE-2019-3396.json +++ b/2019/CVE-2019-3396.json @@ -1,4 +1,27 @@ [ + { + "id": 180277406, + "name": "CVE-2019-3396", + "full_name": "dothanthitiendiettiende\/CVE-2019-3396", + "owner": { + "login": "dothanthitiendiettiende", + "id": 29480786, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/29480786?v=4", + "html_url": "https:\/\/github.com\/dothanthitiendiettiende" + }, + "html_url": "https:\/\/github.com\/dothanthitiendiettiende\/CVE-2019-3396", + "description": "Confluence Widget Connector RCE", + "fork": false, + "created_at": "2019-04-09T03:26:06Z", + "updated_at": "2019-04-09T11:34:37Z", + "pushed_at": "2019-04-09T03:25:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 4, + "forks": 4, + "watchers": 0, + "score": 0 + }, { "id": 180298650, "name": "CVE-2019-3396", @@ -22,6 +45,52 @@ "watchers": 22, "score": 0 }, + { + "id": 180347878, + "name": "CVE-2019-3396", + "full_name": "xiaoshuier\/CVE-2019-3396", + "owner": { + "login": "xiaoshuier", + "id": 28529214, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/28529214?v=4", + "html_url": "https:\/\/github.com\/xiaoshuier" + }, + "html_url": "https:\/\/github.com\/xiaoshuier\/CVE-2019-3396", + "description": null, + "fork": false, + "created_at": "2019-04-09T11:01:41Z", + "updated_at": "2020-07-11T12:06:45Z", + "pushed_at": "2019-04-09T10:59:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 180483984, + "name": "CVE-2019-3396_EXP", + "full_name": "Yt1g3r\/CVE-2019-3396_EXP", + "owner": { + "login": "Yt1g3r", + "id": 12625147, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/12625147?v=4", + "html_url": "https:\/\/github.com\/Yt1g3r" + }, + "html_url": "https:\/\/github.com\/Yt1g3r\/CVE-2019-3396_EXP", + "description": "CVE-2019-3396 confluence SSTI RCE", + "fork": false, + "created_at": "2019-04-10T02:15:47Z", + "updated_at": "2020-09-20T02:27:56Z", + "pushed_at": "2019-04-12T01:46:33Z", + "stargazers_count": 151, + "watchers_count": 151, + "forks_count": 61, + "forks": 61, + "watchers": 151, + "score": 0 + }, { "id": 180484942, "name": "CVE-2019-3396", @@ -45,6 +114,29 @@ "watchers": 106, "score": 0 }, + { + "id": 180485239, + "name": "CVE-2019-3396", + "full_name": "pyn3rd\/CVE-2019-3396", + "owner": { + "login": "pyn3rd", + "id": 41412951, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/41412951?v=4", + "html_url": "https:\/\/github.com\/pyn3rd" + }, + "html_url": "https:\/\/github.com\/pyn3rd\/CVE-2019-3396", + "description": "Confluence Widget Connector RCE", + "fork": false, + "created_at": "2019-04-10T02:24:29Z", + "updated_at": "2020-07-12T16:14:50Z", + "pushed_at": "2019-04-10T02:26:45Z", + "stargazers_count": 34, + "watchers_count": 34, + "forks_count": 15, + "forks": 15, + "watchers": 34, + "score": 0 + }, { "id": 180528467, "name": "CVE-2019-3396", @@ -68,6 +160,29 @@ "watchers": 0, "score": 0 }, + { + "id": 180627265, + "name": "CVE-2019-3396", + "full_name": "quanpt103\/CVE-2019-3396", + "owner": { + "login": "quanpt103", + "id": 45188297, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/45188297?v=4", + "html_url": "https:\/\/github.com\/quanpt103" + }, + "html_url": "https:\/\/github.com\/quanpt103\/CVE-2019-3396", + "description": "Confluence Widget Connector RCE - ptquan", + "fork": false, + "created_at": "2019-04-10T17:05:10Z", + "updated_at": "2019-04-10T17:06:24Z", + "pushed_at": "2019-04-10T17:06:22Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 183862751, "name": "confluence_CVE-2019-3396", diff --git a/2019/CVE-2019-3462.json b/2019/CVE-2019-3462.json new file mode 100644 index 0000000000..35d045791f --- /dev/null +++ b/2019/CVE-2019-3462.json @@ -0,0 +1,48 @@ +[ + { + "id": 167275161, + "name": "check_CVE-2019-3462", + "full_name": "tonejito\/check_CVE-2019-3462", + "owner": { + "login": "tonejito", + "id": 618588, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/618588?v=4", + "html_url": "https:\/\/github.com\/tonejito" + }, + "html_url": "https:\/\/github.com\/tonejito\/check_CVE-2019-3462", + "description": "Check @Debian and @Ubuntu #GNU \/ #Linux for CVE-2019-3462 in APT", + "fork": false, + "created_at": "2019-01-24T00:30:15Z", + "updated_at": "2019-01-26T01:21:38Z", + "pushed_at": "2019-01-26T01:21:36Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 2, + "forks": 2, + "watchers": 1, + "score": 0 + }, + { + "id": 170573944, + "name": "update-apt-package", + "full_name": "atilacastro\/update-apt-package", + "owner": { + "login": "atilacastro", + "id": 5832809, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/5832809?v=4", + "html_url": "https:\/\/github.com\/atilacastro" + }, + "html_url": "https:\/\/github.com\/atilacastro\/update-apt-package", + "description": "Playbook update APT package because CVE-2019-3462", + "fork": false, + "created_at": "2019-02-13T20:22:33Z", + "updated_at": "2019-02-14T18:31:31Z", + "pushed_at": "2019-02-14T18:31:30Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-5418.json b/2019/CVE-2019-5418.json index 233b4086d7..6be8e8a448 100644 --- a/2019/CVE-2019-5418.json +++ b/2019/CVE-2019-5418.json @@ -1,4 +1,73 @@ [ + { + "id": 175966226, + "name": "CVE-2019-5418", + "full_name": "mpgn\/CVE-2019-5418", + "owner": { + "login": "mpgn", + "id": 5891788, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/5891788?v=4", + "html_url": "https:\/\/github.com\/mpgn" + }, + "html_url": "https:\/\/github.com\/mpgn\/CVE-2019-5418", + "description": "CVE-2019-5418 - File Content Disclosure on Ruby on Rails", + "fork": false, + "created_at": "2019-03-16T11:58:18Z", + "updated_at": "2020-09-22T05:10:56Z", + "pushed_at": "2019-03-25T07:19:58Z", + "stargazers_count": 158, + "watchers_count": 158, + "forks_count": 17, + "forks": 17, + "watchers": 158, + "score": 0 + }, + { + "id": 176323109, + "name": "CVE-2019-5418", + "full_name": "omarkurt\/CVE-2019-5418", + "owner": { + "login": "omarkurt", + "id": 1712468, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/1712468?v=4", + "html_url": "https:\/\/github.com\/omarkurt" + }, + "html_url": "https:\/\/github.com\/omarkurt\/CVE-2019-5418", + "description": "File Content Disclosure on Rails Test Case - CVE-2019-5418", + "fork": false, + "created_at": "2019-03-18T16:09:13Z", + "updated_at": "2020-04-17T21:45:45Z", + "pushed_at": "2019-03-18T16:15:25Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 1, + "forks": 1, + "watchers": 7, + "score": 0 + }, + { + "id": 176545257, + "name": "CVE-2019-5418-Scanner", + "full_name": "brompwnie\/CVE-2019-5418-Scanner", + "owner": { + "login": "brompwnie", + "id": 8638589, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/8638589?v=4", + "html_url": "https:\/\/github.com\/brompwnie" + }, + "html_url": "https:\/\/github.com\/brompwnie\/CVE-2019-5418-Scanner", + "description": "A multi-threaded Golang scanner to identify Ruby endpoints vulnerable to CVE-2019-5418", + "fork": false, + "created_at": "2019-03-19T15:38:01Z", + "updated_at": "2020-08-23T16:04:43Z", + "pushed_at": "2019-03-21T17:26:06Z", + "stargazers_count": 32, + "watchers_count": 32, + "forks_count": 16, + "forks": 16, + "watchers": 32, + "score": 0 + }, { "id": 177236589, "name": "Rails-doubletap-RCE", @@ -22,6 +91,52 @@ "watchers": 103, "score": 0 }, + { + "id": 178527770, + "name": "CVE-2019-5418", + "full_name": "takeokunn\/CVE-2019-5418", + "owner": { + "login": "takeokunn", + "id": 11222510, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/11222510?v=4", + "html_url": "https:\/\/github.com\/takeokunn" + }, + "html_url": "https:\/\/github.com\/takeokunn\/CVE-2019-5418", + "description": null, + "fork": false, + "created_at": "2019-03-30T07:40:11Z", + "updated_at": "2019-10-24T19:07:56Z", + "pushed_at": "2019-03-30T07:54:58Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 2, + "forks": 2, + "watchers": 2, + "score": 0 + }, + { + "id": 178909066, + "name": "RailroadBandit", + "full_name": "Bad3r\/RailroadBandit", + "owner": { + "login": "Bad3r", + "id": 25513724, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/25513724?v=4", + "html_url": "https:\/\/github.com\/Bad3r" + }, + "html_url": "https:\/\/github.com\/Bad3r\/RailroadBandit", + "description": "a demo for Ruby on Rails CVE-2019-5418", + "fork": false, + "created_at": "2019-04-01T17:02:57Z", + "updated_at": "2019-04-11T22:45:53Z", + "pushed_at": "2019-04-11T22:45:52Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 212888337, "name": "CVE-2019-5418-Rails3", diff --git a/2019/CVE-2019-5420.json b/2019/CVE-2019-5420.json new file mode 100644 index 0000000000..e24997cd8a --- /dev/null +++ b/2019/CVE-2019-5420.json @@ -0,0 +1,48 @@ +[ + { + "id": 176976251, + "name": "CVE-2019-5420", + "full_name": "knqyf263\/CVE-2019-5420", + "owner": { + "login": "knqyf263", + "id": 2253692, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/2253692?v=4", + "html_url": "https:\/\/github.com\/knqyf263" + }, + "html_url": "https:\/\/github.com\/knqyf263\/CVE-2019-5420", + "description": "CVE-2019-5420 (Ruby on Rails)", + "fork": false, + "created_at": "2019-03-21T15:42:54Z", + "updated_at": "2020-07-31T01:42:44Z", + "pushed_at": "2019-03-21T23:52:48Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 0, + "forks": 0, + "watchers": 7, + "score": 0 + }, + { + "id": 178050921, + "name": "cve-2019-5420", + "full_name": "cved-sources\/cve-2019-5420", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2019-5420", + "description": "cve-2019-5420", + "fork": false, + "created_at": "2019-03-27T18:16:46Z", + "updated_at": "2019-03-27T18:17:07Z", + "pushed_at": "2019-03-27T18:17:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-5736.json b/2019/CVE-2019-5736.json index c1d5ed2293..c03429f66c 100644 --- a/2019/CVE-2019-5736.json +++ b/2019/CVE-2019-5736.json @@ -1,4 +1,188 @@ [ + { + "id": 170398859, + "name": "cve-2019-5736-poc", + "full_name": "q3k\/cve-2019-5736-poc", + "owner": { + "login": "q3k", + "id": 315234, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/315234?v=4", + "html_url": "https:\/\/github.com\/q3k" + }, + "html_url": "https:\/\/github.com\/q3k\/cve-2019-5736-poc", + "description": "Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)", + "fork": false, + "created_at": "2019-02-12T22:07:47Z", + "updated_at": "2020-09-14T19:40:23Z", + "pushed_at": "2019-02-20T15:35:34Z", + "stargazers_count": 178, + "watchers_count": 178, + "forks_count": 63, + "forks": 63, + "watchers": 178, + "score": 0 + }, + { + "id": 170445833, + "name": "CVE-2019-5736-PoC", + "full_name": "Frichetten\/CVE-2019-5736-PoC", + "owner": { + "login": "Frichetten", + "id": 10386884, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/10386884?v=4", + "html_url": "https:\/\/github.com\/Frichetten" + }, + "html_url": "https:\/\/github.com\/Frichetten\/CVE-2019-5736-PoC", + "description": "PoC for CVE-2019-5736", + "fork": false, + "created_at": "2019-02-13T05:26:32Z", + "updated_at": "2020-09-26T13:56:52Z", + "pushed_at": "2019-02-19T11:45:13Z", + "stargazers_count": 398, + "watchers_count": 398, + "forks_count": 102, + "forks": 102, + "watchers": 398, + "score": 0 + }, + { + "id": 170454928, + "name": "cve-2019-5736", + "full_name": "jakubkrawczyk\/cve-2019-5736", + "owner": { + "login": "jakubkrawczyk", + "id": 22723539, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/22723539?v=4", + "html_url": "https:\/\/github.com\/jakubkrawczyk" + }, + "html_url": "https:\/\/github.com\/jakubkrawczyk\/cve-2019-5736", + "description": "My attempt to create PoC of CVE-2019-5736 (Docker escape)", + "fork": false, + "created_at": "2019-02-13T06:41:01Z", + "updated_at": "2020-08-06T13:05:54Z", + "pushed_at": "2019-02-13T06:46:01Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 170613828, + "name": "CVE-2019-5736", + "full_name": "jas502n\/CVE-2019-5736", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/CVE-2019-5736", + "description": "runc容器逃逸漏洞预警", + "fork": false, + "created_at": "2019-02-14T02:30:12Z", + "updated_at": "2020-02-03T01:45:33Z", + "pushed_at": "2019-02-14T02:40:55Z", + "stargazers_count": 14, + "watchers_count": 14, + "forks_count": 5, + "forks": 5, + "watchers": 14, + "score": 0 + }, + { + "id": 170656576, + "name": "CVE-2019-5736", + "full_name": "likescam\/CVE-2019-5736", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/CVE-2019-5736", + "description": null, + "fork": false, + "created_at": "2019-02-14T08:37:25Z", + "updated_at": "2019-02-14T08:37:36Z", + "pushed_at": "2019-02-14T08:37:34Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 170656601, + "name": "cve-2019-5736-poc", + "full_name": "likescam\/cve-2019-5736-poc", + "owner": { + "login": "likescam", + "id": 2469038, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/2469038?v=4", + "html_url": "https:\/\/github.com\/likescam" + }, + "html_url": "https:\/\/github.com\/likescam\/cve-2019-5736-poc", + "description": null, + "fork": false, + "created_at": "2019-02-14T08:37:39Z", + "updated_at": "2019-02-14T08:37:49Z", + "pushed_at": "2019-02-14T08:37:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 170836971, + "name": "cve-2019-5736-poc", + "full_name": "agppp\/cve-2019-5736-poc", + "owner": { + "login": "agppp", + "id": 10527860, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/10527860?v=4", + "html_url": "https:\/\/github.com\/agppp" + }, + "html_url": "https:\/\/github.com\/agppp\/cve-2019-5736-poc", + "description": "getshell test", + "fork": false, + "created_at": "2019-02-15T09:22:27Z", + "updated_at": "2019-02-15T09:49:47Z", + "pushed_at": "2019-02-15T09:49:46Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 2, + "forks": 2, + "watchers": 0, + "score": 0 + }, + { + "id": 171499608, + "name": "poc-cve-2019-5736", + "full_name": "b3d3c\/poc-cve-2019-5736", + "owner": { + "login": "b3d3c", + "id": 46558799, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/46558799?v=4", + "html_url": "https:\/\/github.com\/b3d3c" + }, + "html_url": "https:\/\/github.com\/b3d3c\/poc-cve-2019-5736", + "description": null, + "fork": false, + "created_at": "2019-02-19T15:34:18Z", + "updated_at": "2019-06-04T10:53:26Z", + "pushed_at": "2019-02-19T15:37:34Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, { "id": 171668415, "name": "RunC-CVE-2019-5736", @@ -22,6 +206,75 @@ "watchers": 50, "score": 0 }, + { + "id": 173057459, + "name": "CVE-2019-5736-PoC-2", + "full_name": "yyqs2008\/CVE-2019-5736-PoC-2", + "owner": { + "login": "yyqs2008", + "id": 1332668, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/1332668?v=4", + "html_url": "https:\/\/github.com\/yyqs2008" + }, + "html_url": "https:\/\/github.com\/yyqs2008\/CVE-2019-5736-PoC-2", + "description": null, + "fork": false, + "created_at": "2019-02-28T06:48:13Z", + "updated_at": "2020-06-11T14:27:08Z", + "pushed_at": "2019-02-23T13:20:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 174545720, + "name": "CVE-2019-5736-PoC", + "full_name": "zyriuse75\/CVE-2019-5736-PoC", + "owner": { + "login": "zyriuse75", + "id": 225690, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/225690?v=4", + "html_url": "https:\/\/github.com\/zyriuse75" + }, + "html_url": "https:\/\/github.com\/zyriuse75\/CVE-2019-5736-PoC", + "description": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-5736 poc of CVE-2019-5736 ", + "fork": false, + "created_at": "2019-03-08T13:50:57Z", + "updated_at": "2019-03-08T13:50:59Z", + "pushed_at": "2019-03-08T13:50:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 177891884, + "name": "CVE-2019-5736", + "full_name": "stillan00b\/CVE-2019-5736", + "owner": { + "login": "stillan00b", + "id": 48630837, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/48630837?v=4", + "html_url": "https:\/\/github.com\/stillan00b" + }, + "html_url": "https:\/\/github.com\/stillan00b\/CVE-2019-5736", + "description": null, + "fork": false, + "created_at": "2019-03-27T00:52:49Z", + "updated_at": "2019-03-27T01:05:08Z", + "pushed_at": "2019-03-27T01:05:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 181238407, "name": "cve-2019-5736-exp", diff --git a/2019/CVE-2019-5737.json b/2019/CVE-2019-5737.json new file mode 100644 index 0000000000..5e2a08e2c0 --- /dev/null +++ b/2019/CVE-2019-5737.json @@ -0,0 +1,25 @@ +[ + { + "id": 172282648, + "name": "cve-2019-5737", + "full_name": "beelzebruh\/cve-2019-5737", + "owner": { + "login": "beelzebruh", + "id": 39379168, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/39379168?v=4", + "html_url": "https:\/\/github.com\/beelzebruh" + }, + "html_url": "https:\/\/github.com\/beelzebruh\/cve-2019-5737", + "description": null, + "fork": false, + "created_at": "2019-02-24T01:20:04Z", + "updated_at": "2020-05-12T03:29:52Z", + "pushed_at": "2019-02-24T03:43:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-5786.json b/2019/CVE-2019-5786.json new file mode 100644 index 0000000000..6fb45e28dd --- /dev/null +++ b/2019/CVE-2019-5786.json @@ -0,0 +1,25 @@ +[ + { + "id": 176796740, + "name": "CVE-2019-5786", + "full_name": "exodusintel\/CVE-2019-5786", + "owner": { + "login": "exodusintel", + "id": 16653014, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/16653014?v=4", + "html_url": "https:\/\/github.com\/exodusintel" + }, + "html_url": "https:\/\/github.com\/exodusintel\/CVE-2019-5786", + "description": "FileReader Exploit", + "fork": false, + "created_at": "2019-03-20T18:43:49Z", + "updated_at": "2020-08-03T09:53:17Z", + "pushed_at": "2019-03-20T18:47:25Z", + "stargazers_count": 247, + "watchers_count": 247, + "forks_count": 85, + "forks": 85, + "watchers": 247, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-5893.json b/2019/CVE-2019-5893.json new file mode 100644 index 0000000000..0d20dd558f --- /dev/null +++ b/2019/CVE-2019-5893.json @@ -0,0 +1,25 @@ +[ + { + "id": 165075365, + "name": "OpenSource-ERP-SQL-Injection", + "full_name": "EmreOvunc\/OpenSource-ERP-SQL-Injection", + "owner": { + "login": "EmreOvunc", + "id": 15659223, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/15659223?v=4", + "html_url": "https:\/\/github.com\/EmreOvunc" + }, + "html_url": "https:\/\/github.com\/EmreOvunc\/OpenSource-ERP-SQL-Injection", + "description": "CVE-2019-5893 | OpenSource ERP application has SQL Injection vulnerability.", + "fork": false, + "created_at": "2019-01-10T14:36:55Z", + "updated_at": "2020-05-16T12:47:44Z", + "pushed_at": "2019-01-11T07:45:37Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 3, + "forks": 3, + "watchers": 3, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-6225.json b/2019/CVE-2019-6225.json index eab1ebc12e..f81ecdaab2 100644 --- a/2019/CVE-2019-6225.json +++ b/2019/CVE-2019-6225.json @@ -1,4 +1,27 @@ [ + { + "id": 168440280, + "name": "OsirisJailbreak12", + "full_name": "fatgrass\/OsirisJailbreak12", + "owner": { + "login": "fatgrass", + "id": 19977419, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/19977419?v=4", + "html_url": "https:\/\/github.com\/fatgrass" + }, + "html_url": "https:\/\/github.com\/fatgrass\/OsirisJailbreak12", + "description": "iOS 12.0 -> 12.1.2 Incomplete Osiris Jailbreak with CVE-2019-6225 by GeoSn0w (FCE365)", + "fork": false, + "created_at": "2019-01-31T01:03:43Z", + "updated_at": "2020-07-28T09:05:58Z", + "pushed_at": "2019-01-31T00:53:03Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 73, + "forks": 73, + "watchers": 10, + "score": 0 + }, { "id": 194542840, "name": "CVE-2019-6225-macOS", @@ -21,5 +44,28 @@ "forks": 2, "watchers": 2, "score": 0 + }, + { + "id": 201224192, + "name": "jailbreak-iOS12", + "full_name": "raystyle\/jailbreak-iOS12", + "owner": { + "login": "raystyle", + "id": 3284570, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/3284570?v=4", + "html_url": "https:\/\/github.com\/raystyle" + }, + "html_url": "https:\/\/github.com\/raystyle\/jailbreak-iOS12", + "description": "OS 12.0 & 12.1.2 - Jailbreak with CVE-2019-6225", + "fork": false, + "created_at": "2019-08-08T09:22:57Z", + "updated_at": "2019-09-28T04:38:14Z", + "pushed_at": "2019-02-27T12:57:21Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-6249.json b/2019/CVE-2019-6249.json new file mode 100644 index 0000000000..c5a86d0fc2 --- /dev/null +++ b/2019/CVE-2019-6249.json @@ -0,0 +1,25 @@ +[ + { + "id": 171827364, + "name": "CVE-2019-6249_Hucart-cms", + "full_name": "NMTech0x90\/CVE-2019-6249_Hucart-cms", + "owner": { + "login": "NMTech0x90", + "id": 27001865, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/27001865?v=4", + "html_url": "https:\/\/github.com\/NMTech0x90" + }, + "html_url": "https:\/\/github.com\/NMTech0x90\/CVE-2019-6249_Hucart-cms", + "description": "CVE-2019-6249 Hucart cms 复现环境", + "fork": false, + "created_at": "2019-02-21T08:03:43Z", + "updated_at": "2020-03-25T03:29:55Z", + "pushed_at": "2019-02-21T08:22:34Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 2, + "forks": 2, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-6263.json b/2019/CVE-2019-6263.json new file mode 100644 index 0000000000..fd9e93fea7 --- /dev/null +++ b/2019/CVE-2019-6263.json @@ -0,0 +1,25 @@ +[ + { + "id": 166368513, + "name": "CVE-2019-6263-Joomla-POC", + "full_name": "praveensutar\/CVE-2019-6263-Joomla-POC", + "owner": { + "login": "praveensutar", + "id": 12555214, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/12555214?v=4", + "html_url": "https:\/\/github.com\/praveensutar" + }, + "html_url": "https:\/\/github.com\/praveensutar\/CVE-2019-6263-Joomla-POC", + "description": null, + "fork": false, + "created_at": "2019-01-18T08:10:11Z", + "updated_at": "2019-09-12T15:02:55Z", + "pushed_at": "2019-01-19T04:29:22Z", + "stargazers_count": 6, + "watchers_count": 6, + "forks_count": 0, + "forks": 0, + "watchers": 6, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-6340.json b/2019/CVE-2019-6340.json index 463a1d3514..2dc52cc119 100644 --- a/2019/CVE-2019-6340.json +++ b/2019/CVE-2019-6340.json @@ -1,4 +1,142 @@ [ + { + "id": 172094613, + "name": "Drupal-SA-CORE-2019-003", + "full_name": "g0rx\/Drupal-SA-CORE-2019-003", + "owner": { + "login": "g0rx", + "id": 10961397, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/10961397?v=4", + "html_url": "https:\/\/github.com\/g0rx" + }, + "html_url": "https:\/\/github.com\/g0rx\/Drupal-SA-CORE-2019-003", + "description": "CVE-2019-6340-Drupal SA-CORE-2019-003", + "fork": false, + "created_at": "2019-02-22T16:03:40Z", + "updated_at": "2020-09-21T14:45:25Z", + "pushed_at": "2019-02-24T18:43:05Z", + "stargazers_count": 31, + "watchers_count": 31, + "forks_count": 9, + "forks": 9, + "watchers": 31, + "score": 0 + }, + { + "id": 172217636, + "name": "CVE-2019-6340", + "full_name": "knqyf263\/CVE-2019-6340", + "owner": { + "login": "knqyf263", + "id": 2253692, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/2253692?v=4", + "html_url": "https:\/\/github.com\/knqyf263" + }, + "html_url": "https:\/\/github.com\/knqyf263\/CVE-2019-6340", + "description": "Environment for CVE-2019-6340 (Drupal)", + "fork": false, + "created_at": "2019-02-23T13:28:58Z", + "updated_at": "2020-04-02T13:09:08Z", + "pushed_at": "2019-02-23T17:34:19Z", + "stargazers_count": 41, + "watchers_count": 41, + "forks_count": 10, + "forks": 10, + "watchers": 41, + "score": 0 + }, + { + "id": 172429144, + "name": "CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass", + "full_name": "DevDungeon\/CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass", + "owner": { + "login": "DevDungeon", + "id": 16630634, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/16630634?v=4", + "html_url": "https:\/\/github.com\/DevDungeon" + }, + "html_url": "https:\/\/github.com\/DevDungeon\/CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass", + "description": "CVE-2019-6340 Drupal 8.6.9 REST Auth Bypass examples", + "fork": false, + "created_at": "2019-02-25T03:38:47Z", + "updated_at": "2020-05-30T04:32:25Z", + "pushed_at": "2019-02-25T03:47:37Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 6, + "forks": 6, + "watchers": 3, + "score": 0 + }, + { + "id": 172458734, + "name": "CVE-2019-6340", + "full_name": "oways\/CVE-2019-6340", + "owner": { + "login": "oways", + "id": 11142952, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/11142952?v=4", + "html_url": "https:\/\/github.com\/oways" + }, + "html_url": "https:\/\/github.com\/oways\/CVE-2019-6340", + "description": "CVE-2019-6340 POC Drupal rce", + "fork": false, + "created_at": "2019-02-25T07:47:16Z", + "updated_at": "2020-04-02T11:50:43Z", + "pushed_at": "2019-02-25T08:57:14Z", + "stargazers_count": 12, + "watchers_count": 12, + "forks_count": 6, + "forks": 6, + "watchers": 12, + "score": 0 + }, + { + "id": 172766416, + "name": "cve-2019-6340", + "full_name": "cved-sources\/cve-2019-6340", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2019-6340", + "description": "cve-2019-6340", + "fork": false, + "created_at": "2019-02-26T18:26:50Z", + "updated_at": "2020-04-02T13:08:58Z", + "pushed_at": "2019-02-26T18:38:59Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + }, + { + "id": 175109773, + "name": "cve-2019-6340-bits", + "full_name": "d1vious\/cve-2019-6340-bits", + "owner": { + "login": "d1vious", + "id": 1476868, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/1476868?v=4", + "html_url": "https:\/\/github.com\/d1vious" + }, + "html_url": "https:\/\/github.com\/d1vious\/cve-2019-6340-bits", + "description": "Bits generated while analyzing CVE-2019-6340 Drupal RESTful RCE", + "fork": false, + "created_at": "2019-03-12T01:13:56Z", + "updated_at": "2019-04-15T07:13:03Z", + "pushed_at": "2019-03-12T01:41:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 188896047, "name": "CVE-2019-6340", diff --git a/2019/CVE-2019-6440.json b/2019/CVE-2019-6440.json new file mode 100644 index 0000000000..db6f526fc8 --- /dev/null +++ b/2019/CVE-2019-6440.json @@ -0,0 +1,25 @@ +[ + { + "id": 170884262, + "name": "CVE-2019-6440", + "full_name": "hexnone\/CVE-2019-6440", + "owner": { + "login": "hexnone", + "id": 17256467, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/17256467?v=4", + "html_url": "https:\/\/github.com\/hexnone" + }, + "html_url": "https:\/\/github.com\/hexnone\/CVE-2019-6440", + "description": "CVE-2019-6440. Zemana RCE and privilege escalation.", + "fork": false, + "created_at": "2019-02-15T15:15:52Z", + "updated_at": "2019-03-22T18:53:26Z", + "pushed_at": "2019-03-22T18:53:24Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-6447.json b/2019/CVE-2019-6447.json index 84d7680872..9f5d3ebd9d 100644 --- a/2019/CVE-2019-6447.json +++ b/2019/CVE-2019-6447.json @@ -1,4 +1,27 @@ [ + { + "id": 164948400, + "name": "ESFileExplorerOpenPortVuln", + "full_name": "fs0c131y\/ESFileExplorerOpenPortVuln", + "owner": { + "login": "fs0c131y", + "id": 36547191, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/36547191?v=4", + "html_url": "https:\/\/github.com\/fs0c131y" + }, + "html_url": "https:\/\/github.com\/fs0c131y\/ESFileExplorerOpenPortVuln", + "description": "ES File Explorer Open Port Vulnerability - CVE-2019-6447", + "fork": false, + "created_at": "2019-01-09T22:30:42Z", + "updated_at": "2020-09-18T12:15:52Z", + "pushed_at": "2019-01-22T21:00:36Z", + "stargazers_count": 586, + "watchers_count": 586, + "forks_count": 131, + "forks": 131, + "watchers": 586, + "score": 0 + }, { "id": 263921419, "name": "ES-File-Explorer-Open-Port-Vulnerability---CVE-2019-6447", diff --git a/2019/CVE-2019-6453.json b/2019/CVE-2019-6453.json index c67a664418..c7223dd184 100644 --- a/2019/CVE-2019-6453.json +++ b/2019/CVE-2019-6453.json @@ -1,4 +1,27 @@ [ + { + "id": 171244957, + "name": "cve-2019-6453-poc", + "full_name": "proofofcalc\/cve-2019-6453-poc", + "owner": { + "login": "proofofcalc", + "id": 47607270, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/47607270?v=4", + "html_url": "https:\/\/github.com\/proofofcalc" + }, + "html_url": "https:\/\/github.com\/proofofcalc\/cve-2019-6453-poc", + "description": "Proof of calc for CVE-2019-6453", + "fork": false, + "created_at": "2019-02-18T08:35:03Z", + "updated_at": "2020-08-25T17:43:40Z", + "pushed_at": "2019-02-18T13:10:38Z", + "stargazers_count": 50, + "watchers_count": 50, + "forks_count": 13, + "forks": 13, + "watchers": 50, + "score": 0 + }, { "id": 197653851, "name": "mIRC-CVE-2019-6453", diff --git a/2019/CVE-2019-6487.json b/2019/CVE-2019-6487.json new file mode 100644 index 0000000000..9734353e96 --- /dev/null +++ b/2019/CVE-2019-6487.json @@ -0,0 +1,25 @@ +[ + { + "id": 166241615, + "name": "TP-Link-WDR-Router-Command-injection_POC", + "full_name": "afang5472\/TP-Link-WDR-Router-Command-injection_POC", + "owner": { + "login": "afang5472", + "id": 18503100, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/18503100?v=4", + "html_url": "https:\/\/github.com\/afang5472" + }, + "html_url": "https:\/\/github.com\/afang5472\/TP-Link-WDR-Router-Command-injection_POC", + "description": "CVE-2019-6487. A command injection vulnerability in TP-Link WDR5620 Series up to verion 3.", + "fork": false, + "created_at": "2019-01-17T14:44:12Z", + "updated_at": "2020-08-23T20:43:10Z", + "pushed_at": "2019-01-19T10:49:21Z", + "stargazers_count": 25, + "watchers_count": 25, + "forks_count": 12, + "forks": 12, + "watchers": 25, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-6690.json b/2019/CVE-2019-6690.json index 85421f4652..43ea50ecf7 100644 --- a/2019/CVE-2019-6690.json +++ b/2019/CVE-2019-6690.json @@ -21,5 +21,28 @@ "forks": 1, "watchers": 1, "score": 0 + }, + { + "id": 179225702, + "name": "CVE-2019-6690", + "full_name": "brianwrf\/CVE-2019-6690", + "owner": { + "login": "brianwrf", + "id": 8141813, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/8141813?v=4", + "html_url": "https:\/\/github.com\/brianwrf" + }, + "html_url": "https:\/\/github.com\/brianwrf\/CVE-2019-6690", + "description": "It is a simple PoC of Improper Input Validation in python-gnupg 0.4.3 (CVE-2019-6690).", + "fork": false, + "created_at": "2019-04-03T06:34:48Z", + "updated_at": "2019-04-08T14:49:17Z", + "pushed_at": "2019-04-03T07:57:14Z", + "stargazers_count": 6, + "watchers_count": 6, + "forks_count": 1, + "forks": 1, + "watchers": 6, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-7216.json b/2019/CVE-2019-7216.json new file mode 100644 index 0000000000..2506034ea5 --- /dev/null +++ b/2019/CVE-2019-7216.json @@ -0,0 +1,25 @@ +[ + { + "id": 168365175, + "name": "CVE-2019-7216", + "full_name": "Ekultek\/CVE-2019-7216", + "owner": { + "login": "Ekultek", + "id": 14183473, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/14183473?v=4", + "html_url": "https:\/\/github.com\/Ekultek" + }, + "html_url": "https:\/\/github.com\/Ekultek\/CVE-2019-7216", + "description": "Filechucker filter bypass Proof Of Concept", + "fork": false, + "created_at": "2019-01-30T15:23:40Z", + "updated_at": "2020-03-30T04:22:37Z", + "pushed_at": "2019-02-01T16:56:53Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 6, + "forks": 6, + "watchers": 10, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-7219.json b/2019/CVE-2019-7219.json new file mode 100644 index 0000000000..dcbab25536 --- /dev/null +++ b/2019/CVE-2019-7219.json @@ -0,0 +1,25 @@ +[ + { + "id": 170672635, + "name": "CVE-2019-7219", + "full_name": "verifysecurity\/CVE-2019-7219", + "owner": { + "login": "verifysecurity", + "id": 17159314, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/17159314?v=4", + "html_url": "https:\/\/github.com\/verifysecurity" + }, + "html_url": "https:\/\/github.com\/verifysecurity\/CVE-2019-7219", + "description": "CVE-2019-7219", + "fork": false, + "created_at": "2019-02-14T10:24:48Z", + "updated_at": "2019-04-12T19:30:42Z", + "pushed_at": "2019-04-12T19:30:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-7238.json b/2019/CVE-2019-7238.json index ead49581bc..1e6239872b 100644 --- a/2019/CVE-2019-7238.json +++ b/2019/CVE-2019-7238.json @@ -1,4 +1,27 @@ [ + { + "id": 172401532, + "name": "CVE-2019-7238", + "full_name": "mpgn\/CVE-2019-7238", + "owner": { + "login": "mpgn", + "id": 5891788, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/5891788?v=4", + "html_url": "https:\/\/github.com\/mpgn" + }, + "html_url": "https:\/\/github.com\/mpgn\/CVE-2019-7238", + "description": "🐱‍💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱‍💻", + "fork": false, + "created_at": "2019-02-24T23:09:43Z", + "updated_at": "2020-09-22T01:12:59Z", + "pushed_at": "2019-02-25T07:37:07Z", + "stargazers_count": 132, + "watchers_count": 132, + "forks_count": 42, + "forks": 42, + "watchers": 132, + "score": 0 + }, { "id": 187840869, "name": "CVE-2019-7238", diff --git a/2019/CVE-2019-7304.json b/2019/CVE-2019-7304.json index b0dab58c95..55d5e0cfb2 100644 --- a/2019/CVE-2019-7304.json +++ b/2019/CVE-2019-7304.json @@ -21,5 +21,28 @@ "forks": 109, "watchers": 523, "score": 0 + }, + { + "id": 170741210, + "name": "CVE-2019-7304_DirtySock", + "full_name": "SecuritySi\/CVE-2019-7304_DirtySock", + "owner": { + "login": "SecuritySi", + "id": 7517443, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/7517443?v=4", + "html_url": "https:\/\/github.com\/SecuritySi" + }, + "html_url": "https:\/\/github.com\/SecuritySi\/CVE-2019-7304_DirtySock", + "description": "Payload Generator", + "fork": false, + "created_at": "2019-02-14T18:48:56Z", + "updated_at": "2019-03-05T06:03:09Z", + "pushed_at": "2019-02-14T18:49:32Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 2, + "forks": 2, + "watchers": 5, + "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-7642.json b/2019/CVE-2019-7642.json new file mode 100644 index 0000000000..f588be6302 --- /dev/null +++ b/2019/CVE-2019-7642.json @@ -0,0 +1,25 @@ +[ + { + "id": 173723117, + "name": "CVE-2019-7642", + "full_name": "xw77cve\/CVE-2019-7642", + "owner": { + "login": "xw77cve", + "id": 48202281, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/48202281?v=4", + "html_url": "https:\/\/github.com\/xw77cve" + }, + "html_url": "https:\/\/github.com\/xw77cve\/CVE-2019-7642", + "description": null, + "fork": false, + "created_at": "2019-03-04T10:24:04Z", + "updated_at": "2019-10-04T12:40:46Z", + "pushed_at": "2019-03-04T11:04:30Z", + "stargazers_count": 15, + "watchers_count": 15, + "forks_count": 1, + "forks": 1, + "watchers": 15, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-8389.json b/2019/CVE-2019-8389.json new file mode 100644 index 0000000000..96a994591d --- /dev/null +++ b/2019/CVE-2019-8389.json @@ -0,0 +1,25 @@ +[ + { + "id": 171097356, + "name": "CVE-2019-8389", + "full_name": "shawarkhanethicalhacker\/CVE-2019-8389", + "owner": { + "login": "shawarkhanethicalhacker", + "id": 41706151, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/41706151?v=4", + "html_url": "https:\/\/github.com\/shawarkhanethicalhacker" + }, + "html_url": "https:\/\/github.com\/shawarkhanethicalhacker\/CVE-2019-8389", + "description": " [CVE-2019-8389] An exploit code for exploiting a local file read vulnerability in Musicloud v1.6 iOS Application ", + "fork": false, + "created_at": "2019-02-17T08:10:50Z", + "updated_at": "2020-08-13T10:37:29Z", + "pushed_at": "2019-02-17T08:40:06Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 5, + "forks": 5, + "watchers": 7, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-8942.json b/2019/CVE-2019-8942.json index 13858c227e..0276039877 100644 --- a/2019/CVE-2019-8942.json +++ b/2019/CVE-2019-8942.json @@ -1,4 +1,27 @@ [ + { + "id": 172448763, + "name": "WordPress_4.9.8_RCE_POC", + "full_name": "brianwrf\/WordPress_4.9.8_RCE_POC", + "owner": { + "login": "brianwrf", + "id": 8141813, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/8141813?v=4", + "html_url": "https:\/\/github.com\/brianwrf" + }, + "html_url": "https:\/\/github.com\/brianwrf\/WordPress_4.9.8_RCE_POC", + "description": "A simple PoC for WordPress RCE (author priviledge), refer to CVE-2019-8942 and CVE-2019-8943.", + "fork": false, + "created_at": "2019-02-25T06:38:15Z", + "updated_at": "2020-07-22T09:10:05Z", + "pushed_at": "2019-03-18T01:20:52Z", + "stargazers_count": 56, + "watchers_count": 56, + "forks_count": 19, + "forks": 19, + "watchers": 56, + "score": 0 + }, { "id": 184548123, "name": "CVE-2019-8942", diff --git a/2019/CVE-2019-9184.json b/2019/CVE-2019-9184.json new file mode 100644 index 0000000000..c289b57b8d --- /dev/null +++ b/2019/CVE-2019-9184.json @@ -0,0 +1,25 @@ +[ + { + "id": 175870177, + "name": "cve-2019-9184", + "full_name": "cved-sources\/cve-2019-9184", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2019-9184", + "description": "cve-2019-9184", + "fork": false, + "created_at": "2019-03-15T18:12:49Z", + "updated_at": "2019-03-15T18:15:09Z", + "pushed_at": "2019-03-15T18:15:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-9194.json b/2019/CVE-2019-9194.json new file mode 100644 index 0000000000..adbf15afcf --- /dev/null +++ b/2019/CVE-2019-9194.json @@ -0,0 +1,25 @@ +[ + { + "id": 175870594, + "name": "cve-2019-9194", + "full_name": "cved-sources\/cve-2019-9194", + "owner": { + "login": "cved-sources", + "id": 46423677, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/46423677?v=4", + "html_url": "https:\/\/github.com\/cved-sources" + }, + "html_url": "https:\/\/github.com\/cved-sources\/cve-2019-9194", + "description": "cve-2019-9194", + "fork": false, + "created_at": "2019-03-15T18:16:27Z", + "updated_at": "2019-03-15T18:17:32Z", + "pushed_at": "2019-03-15T18:17:31Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-9580.json b/2019/CVE-2019-9580.json new file mode 100644 index 0000000000..d511dd9ec8 --- /dev/null +++ b/2019/CVE-2019-9580.json @@ -0,0 +1,25 @@ +[ + { + "id": 175478558, + "name": "CVE-2019-9580", + "full_name": "mpgn\/CVE-2019-9580", + "owner": { + "login": "mpgn", + "id": 5891788, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/5891788?v=4", + "html_url": "https:\/\/github.com\/mpgn" + }, + "html_url": "https:\/\/github.com\/mpgn\/CVE-2019-9580", + "description": "CVE-2019-9580 - StackStorm: exploiting CORS misconfiguration (null origin) to gain RCE", + "fork": false, + "created_at": "2019-03-13T18:37:18Z", + "updated_at": "2020-04-05T17:19:04Z", + "pushed_at": "2019-03-13T19:26:27Z", + "stargazers_count": 28, + "watchers_count": 28, + "forks_count": 5, + "forks": 5, + "watchers": 28, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-9653.json b/2019/CVE-2019-9653.json new file mode 100644 index 0000000000..4fcbaee059 --- /dev/null +++ b/2019/CVE-2019-9653.json @@ -0,0 +1,25 @@ +[ + { + "id": 175789235, + "name": "CVE-2019-9653", + "full_name": "grayoneday\/CVE-2019-9653", + "owner": { + "login": "grayoneday", + "id": 28929076, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/28929076?v=4", + "html_url": "https:\/\/github.com\/grayoneday" + }, + "html_url": "https:\/\/github.com\/grayoneday\/CVE-2019-9653", + "description": null, + "fork": false, + "created_at": "2019-03-15T09:27:15Z", + "updated_at": "2019-03-15T09:32:42Z", + "pushed_at": "2019-03-15T09:32:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-9673.json b/2019/CVE-2019-9673.json new file mode 100644 index 0000000000..a380fffb64 --- /dev/null +++ b/2019/CVE-2019-9673.json @@ -0,0 +1,25 @@ +[ + { + "id": 175058439, + "name": "CVE-2019-9673", + "full_name": "mgrube\/CVE-2019-9673", + "owner": { + "login": "mgrube", + "id": 90159, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/90159?v=4", + "html_url": "https:\/\/github.com\/mgrube" + }, + "html_url": "https:\/\/github.com\/mgrube\/CVE-2019-9673", + "description": "Writeup", + "fork": false, + "created_at": "2019-03-11T18:16:15Z", + "updated_at": "2019-08-08T16:04:30Z", + "pushed_at": "2019-03-24T08:21:37Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 1, + "forks": 1, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-9729.json b/2019/CVE-2019-9729.json new file mode 100644 index 0000000000..3d11a16530 --- /dev/null +++ b/2019/CVE-2019-9729.json @@ -0,0 +1,25 @@ +[ + { + "id": 175226868, + "name": "SdoKeyCrypt-sys-local-privilege-elevation", + "full_name": "HyperSine\/SdoKeyCrypt-sys-local-privilege-elevation", + "owner": { + "login": "HyperSine", + "id": 58699351, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/58699351?v=4", + "html_url": "https:\/\/github.com\/HyperSine" + }, + "html_url": "https:\/\/github.com\/HyperSine\/SdoKeyCrypt-sys-local-privilege-elevation", + "description": "CVE-2019-9729. Transferred from https:\/\/github.com\/DoubleLabyrinth\/SdoKeyCrypt-sys-local-privilege-elevation", + "fork": false, + "created_at": "2019-03-12T14:18:20Z", + "updated_at": "2020-08-27T17:37:48Z", + "pushed_at": "2019-03-13T01:24:21Z", + "stargazers_count": 80, + "watchers_count": 80, + "forks_count": 26, + "forks": 26, + "watchers": 80, + "score": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-9810.json b/2019/CVE-2019-9810.json index f7dfbff9d2..69858d1ecf 100644 --- a/2019/CVE-2019-9810.json +++ b/2019/CVE-2019-9810.json @@ -1,4 +1,27 @@ [ + { + "id": 177500802, + "name": "CVE-2019-9810-PoC", + "full_name": "xuechiyaobai\/CVE-2019-9810-PoC", + "owner": { + "login": "xuechiyaobai", + "id": 8443947, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/8443947?v=4", + "html_url": "https:\/\/github.com\/xuechiyaobai" + }, + "html_url": "https:\/\/github.com\/xuechiyaobai\/CVE-2019-9810-PoC", + "description": "Array.prototype.slice wrong alias information.", + "fork": false, + "created_at": "2019-03-25T02:33:18Z", + "updated_at": "2020-09-11T14:55:44Z", + "pushed_at": "2019-03-25T02:41:43Z", + "stargazers_count": 68, + "watchers_count": 68, + "forks_count": 15, + "forks": 15, + "watchers": 68, + "score": 0 + }, { "id": 185060837, "name": "CVE-2019-9810", diff --git a/2020/CVE-2020-0668.json b/2020/CVE-2020-0668.json index 4cd6df23fc..67b84286d6 100644 --- a/2020/CVE-2020-0668.json +++ b/2020/CVE-2020-0668.json @@ -17,8 +17,8 @@ "pushed_at": "2020-02-26T09:24:45Z", "stargazers_count": 45, "watchers_count": 45, - "forks_count": 18, - "forks": 18, + "forks_count": 19, + "forks": 19, "watchers": 45, "score": 0 }, @@ -63,8 +63,8 @@ "pushed_at": "2020-06-02T13:21:26Z", "stargazers_count": 6, "watchers_count": 6, - "forks_count": 1, - "forks": 1, + "forks_count": 2, + "forks": 2, "watchers": 6, "score": 0 } diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index ed4457f537..93244eae64 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -864,13 +864,13 @@ "description": "CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost", "fork": false, "created_at": "2020-03-30T11:42:56Z", - "updated_at": "2020-09-24T01:45:45Z", + "updated_at": "2020-09-27T14:14:10Z", "pushed_at": "2020-04-08T19:27:07Z", - "stargazers_count": 1011, - "watchers_count": 1011, + "stargazers_count": 1012, + "watchers_count": 1012, "forks_count": 326, "forks": 326, - "watchers": 1011, + "watchers": 1012, "score": 0 }, { @@ -956,13 +956,13 @@ "description": "Coronablue exploit", "fork": false, "created_at": "2020-03-31T19:01:52Z", - "updated_at": "2020-04-22T00:30:24Z", + "updated_at": "2020-09-27T12:47:53Z", "pushed_at": "2020-03-31T19:05:32Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "forks_count": 1, "forks": 1, - "watchers": 1, + "watchers": 2, "score": 0 }, { diff --git a/2020/CVE-2020-14645.json b/2020/CVE-2020-14645.json index d3ff841ba7..1a4a4f4080 100644 --- a/2020/CVE-2020-14645.json +++ b/2020/CVE-2020-14645.json @@ -17,8 +17,8 @@ "pushed_at": "2020-07-20T03:51:06Z", "stargazers_count": 74, "watchers_count": 74, - "forks_count": 11, - "forks": 11, + "forks_count": 12, + "forks": 12, "watchers": 74, "score": 0 }, diff --git a/2020/CVE-2020-1472.json b/2020/CVE-2020-1472.json index 989d981245..daae8ba993 100644 --- a/2020/CVE-2020-1472.json +++ b/2020/CVE-2020-1472.json @@ -40,8 +40,8 @@ "pushed_at": "2020-09-23T07:04:58Z", "stargazers_count": 1064, "watchers_count": 1064, - "forks_count": 221, - "forks": 221, + "forks_count": 222, + "forks": 222, "watchers": 1064, "score": 0 }, @@ -82,13 +82,13 @@ "description": "PoC for Zerologon - all research credits go to Tom Tervoort of Secura", "fork": false, "created_at": "2020-09-14T16:56:51Z", - "updated_at": "2020-09-27T02:41:00Z", + "updated_at": "2020-09-27T09:42:43Z", "pushed_at": "2020-09-25T15:32:01Z", - "stargazers_count": 613, - "watchers_count": 613, - "forks_count": 172, - "forks": 172, - "watchers": 613, + "stargazers_count": 615, + "watchers_count": 615, + "forks_count": 173, + "forks": 173, + "watchers": 615, "score": 0 }, { diff --git a/2020/CVE-2020-17382.json b/2020/CVE-2020-17382.json index 81ba4dcd86..40db5bd604 100644 --- a/2020/CVE-2020-17382.json +++ b/2020/CVE-2020-17382.json @@ -13,13 +13,13 @@ "description": "PoC exploits for CVE-2020-17382", "fork": false, "created_at": "2020-09-17T18:26:32Z", - "updated_at": "2020-09-27T06:06:49Z", + "updated_at": "2020-09-27T14:16:57Z", "pushed_at": "2020-09-26T15:17:50Z", - "stargazers_count": 45, - "watchers_count": 45, + "stargazers_count": 46, + "watchers_count": 46, "forks_count": 9, "forks": 9, - "watchers": 45, + "watchers": 46, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-25270.json b/2020/CVE-2020-25270.json index 125f360f9b..674debddbf 100644 --- a/2020/CVE-2020-25270.json +++ b/2020/CVE-2020-25270.json @@ -13,13 +13,13 @@ "description": "PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City", "fork": false, "created_at": "2020-09-23T03:16:08Z", - "updated_at": "2020-09-23T03:22:49Z", + "updated_at": "2020-09-27T13:34:18Z", "pushed_at": "2020-09-23T03:22:47Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "forks_count": 0, "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-25272.json b/2020/CVE-2020-25272.json index cc60ab49b1..7c358623fb 100644 --- a/2020/CVE-2020-25272.json +++ b/2020/CVE-2020-25272.json @@ -13,13 +13,13 @@ "description": "Online Bus Booking System 1.0,there is XSS through the name parameter in book_now.php", "fork": false, "created_at": "2020-09-23T04:20:16Z", - "updated_at": "2020-09-23T04:28:17Z", + "updated_at": "2020-09-27T13:37:22Z", "pushed_at": "2020-09-23T04:28:15Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "forks_count": 0, "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-3433.json b/2020/CVE-2020-3433.json index 261695182c..a8fd29170b 100644 --- a/2020/CVE-2020-3433.json +++ b/2020/CVE-2020-3433.json @@ -13,13 +13,13 @@ "description": "PoCs and technical analysis of three vulnerabilities found on Cisco AnyConnect for Windows: CVE-2020-3433, CVE-2020-3434 and CVE-2020-3435 ", "fork": false, "created_at": "2020-09-25T20:53:48Z", - "updated_at": "2020-09-26T12:09:50Z", + "updated_at": "2020-09-27T11:10:05Z", "pushed_at": "2020-09-25T20:55:17Z", - "stargazers_count": 4, - "watchers_count": 4, - "forks_count": 3, - "forks": 3, - "watchers": 4, + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 4, + "forks": 4, + "watchers": 5, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-5902.json b/2020/CVE-2020-5902.json index 6e2e9a2d36..a6b21f2081 100644 --- a/2020/CVE-2020-5902.json +++ b/2020/CVE-2020-5902.json @@ -13,13 +13,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-5902、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-09-27T05:45:44Z", + "updated_at": "2020-09-27T11:15:00Z", "pushed_at": "2020-08-03T04:37:30Z", - "stargazers_count": 1892, - "watchers_count": 1892, + "stargazers_count": 1893, + "watchers_count": 1893, "forks_count": 492, "forks": 492, - "watchers": 1892, + "watchers": 1893, "score": 0 }, { diff --git a/2020/CVE-2020-6287.json b/2020/CVE-2020-6287.json index 3d2d0adb2c..ef035360c9 100644 --- a/2020/CVE-2020-6287.json +++ b/2020/CVE-2020-6287.json @@ -13,13 +13,13 @@ "description": "PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)", "fork": false, "created_at": "2020-07-15T15:20:09Z", - "updated_at": "2020-09-22T05:49:19Z", + "updated_at": "2020-09-27T12:19:51Z", "pushed_at": "2020-07-23T19:45:25Z", - "stargazers_count": 123, - "watchers_count": 123, + "stargazers_count": 124, + "watchers_count": 124, "forks_count": 41, "forks": 41, - "watchers": 123, + "watchers": 124, "score": 0 }, { diff --git a/README.md b/README.md index ecc4a58590..da578b70c3 100644 --- a/README.md +++ b/README.md @@ -2365,6 +2365,7 @@ Memory access in virtual memory mapping for some microprocessors may allow an au In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. +- [mpgn/CVE-2019-0192](https://github.com/mpgn/CVE-2019-0192) - [Rapidsafeguard/Solr-RCE-CVE-2019-0192](https://github.com/Rapidsafeguard/Solr-RCE-CVE-2019-0192) ### CVE-2019-0193 @@ -2373,6 +2374,7 @@ In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. +- [xConsoIe/CVE-2019-0193](https://github.com/xConsoIe/CVE-2019-0193) - [jas502n/CVE-2019-0193](https://github.com/jas502n/CVE-2019-0193) - [1135/solr_exploit](https://github.com/1135/solr_exploit) - [jaychouzzk/CVE-2019-0193-exp](https://github.com/jaychouzzk/CVE-2019-0193-exp) @@ -2427,6 +2429,8 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. +- [linhlhq/CVE-2019-0604](https://github.com/linhlhq/CVE-2019-0604) +- [likescam/CVE-2019-0604_sharepoint_CVE](https://github.com/likescam/CVE-2019-0604_sharepoint_CVE) - [k8gege/CVE-2019-0604](https://github.com/k8gege/CVE-2019-0604) - [m5050/CVE-2019-0604](https://github.com/m5050/CVE-2019-0604) - [boxhg/CVE-2019-0604](https://github.com/boxhg/CVE-2019-0604) @@ -2605,6 +2609,7 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797. +- [ze0r/cve-2019-0808-poc](https://github.com/ze0r/cve-2019-0808-poc) - [rakesh143/CVE-2019-0808](https://github.com/rakesh143/CVE-2019-0808) - [exodusintel/CVE-2019-0808](https://github.com/exodusintel/CVE-2019-0808) - [DreamoneOnly/CVE-2019-0808-32-64-exp](https://github.com/DreamoneOnly/CVE-2019-0808-32-64-exp) @@ -2615,6 +2620,8 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836. +- [rogue-kdc/CVE-2019-0841](https://github.com/rogue-kdc/CVE-2019-0841) +- [likescam/CVE-2019-0841](https://github.com/likescam/CVE-2019-0841) - [0x00-0x00/CVE-2019-0841-BYPASS](https://github.com/0x00-0x00/CVE-2019-0841-BYPASS) ### CVE-2019-0859 @@ -2847,6 +2854,23 @@ Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier - [securifera/CVE-2019-1579](https://github.com/securifera/CVE-2019-1579) +### CVE-2019-1652 + + +A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability. + + +- [0x27/CiscoRV320Dump](https://github.com/0x27/CiscoRV320Dump) + +### CVE-2019-1653 + + +A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. + + +- [dubfr33/CVE-2019-1653](https://github.com/dubfr33/CVE-2019-1653) +- [shaheemirza/CiscoSpill](https://github.com/shaheemirza/CiscoSpill) + ### CVE-2019-1759 @@ -2863,6 +2887,14 @@ A vulnerability in the web-based management interface of Cisco Prime Infrastruct - [k8gege/CiscoExploit](https://github.com/k8gege/CiscoExploit) +### CVE-2019-1987 + + +In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775. + + +- [marcinguy/android-7-9-png-bug](https://github.com/marcinguy/android-7-9-png-bug) + ### CVE-2019-2107 @@ -3013,9 +3045,14 @@ There was a local file disclosure vulnerability in Confluence Server and Conflue The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. +- [dothanthitiendiettiende/CVE-2019-3396](https://github.com/dothanthitiendiettiende/CVE-2019-3396) - [x-f1v3/CVE-2019-3396](https://github.com/x-f1v3/CVE-2019-3396) +- [xiaoshuier/CVE-2019-3396](https://github.com/xiaoshuier/CVE-2019-3396) +- [Yt1g3r/CVE-2019-3396_EXP](https://github.com/Yt1g3r/CVE-2019-3396_EXP) - [jas502n/CVE-2019-3396](https://github.com/jas502n/CVE-2019-3396) +- [pyn3rd/CVE-2019-3396](https://github.com/pyn3rd/CVE-2019-3396) - [s1xg0d/CVE-2019-3396](https://github.com/s1xg0d/CVE-2019-3396) +- [quanpt103/CVE-2019-3396](https://github.com/quanpt103/CVE-2019-3396) - [vntest11/confluence_CVE-2019-3396](https://github.com/vntest11/confluence_CVE-2019-3396) - [tanw923/test1](https://github.com/tanw923/test1) - [skommando/CVE-2019-3396-confluence-poc](https://github.com/skommando/CVE-2019-3396-confluence-poc) @@ -3031,6 +3068,15 @@ Confluence Server and Data Center had a path traversal vulnerability in the down - [superevr/cve-2019-3398](https://github.com/superevr/cve-2019-3398) +### CVE-2019-3462 + + +Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. + + +- [tonejito/check_CVE-2019-3462](https://github.com/tonejito/check_CVE-2019-3462) +- [atilacastro/update-apt-package](https://github.com/atilacastro/update-apt-package) + ### CVE-2019-3663 @@ -3109,10 +3155,24 @@ An exploitable code execution vulnerability exists in the processing of multi-pa There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. +- [mpgn/CVE-2019-5418](https://github.com/mpgn/CVE-2019-5418) +- [omarkurt/CVE-2019-5418](https://github.com/omarkurt/CVE-2019-5418) +- [brompwnie/CVE-2019-5418-Scanner](https://github.com/brompwnie/CVE-2019-5418-Scanner) - [mpgn/Rails-doubletap-RCE](https://github.com/mpgn/Rails-doubletap-RCE) +- [takeokunn/CVE-2019-5418](https://github.com/takeokunn/CVE-2019-5418) +- [Bad3r/RailroadBandit](https://github.com/Bad3r/RailroadBandit) - [ztgrace/CVE-2019-5418-Rails3](https://github.com/ztgrace/CVE-2019-5418-Rails3) - [random-robbie/CVE-2019-5418](https://github.com/random-robbie/CVE-2019-5418) +### CVE-2019-5420 + + +A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. + + +- [knqyf263/CVE-2019-5420](https://github.com/knqyf263/CVE-2019-5420) +- [cved-sources/cve-2019-5420](https://github.com/cved-sources/cve-2019-5420) + ### CVE-2019-5475 @@ -3160,7 +3220,18 @@ NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vu runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. +- [q3k/cve-2019-5736-poc](https://github.com/q3k/cve-2019-5736-poc) +- [Frichetten/CVE-2019-5736-PoC](https://github.com/Frichetten/CVE-2019-5736-PoC) +- [jakubkrawczyk/cve-2019-5736](https://github.com/jakubkrawczyk/cve-2019-5736) +- [jas502n/CVE-2019-5736](https://github.com/jas502n/CVE-2019-5736) +- [likescam/CVE-2019-5736](https://github.com/likescam/CVE-2019-5736) +- [likescam/cve-2019-5736-poc](https://github.com/likescam/cve-2019-5736-poc) +- [agppp/cve-2019-5736-poc](https://github.com/agppp/cve-2019-5736-poc) +- [b3d3c/poc-cve-2019-5736](https://github.com/b3d3c/poc-cve-2019-5736) - [twistlock/RunC-CVE-2019-5736](https://github.com/twistlock/RunC-CVE-2019-5736) +- [yyqs2008/CVE-2019-5736-PoC-2](https://github.com/yyqs2008/CVE-2019-5736-PoC-2) +- [zyriuse75/CVE-2019-5736-PoC](https://github.com/zyriuse75/CVE-2019-5736-PoC) +- [stillan00b/CVE-2019-5736](https://github.com/stillan00b/CVE-2019-5736) - [milloni/cve-2019-5736-exp](https://github.com/milloni/cve-2019-5736-exp) - [13paulmurith/Docker-Runc-Exploit](https://github.com/13paulmurith/Docker-Runc-Exploit) - [RyanNgWH/CVE-2019-5736-POC](https://github.com/RyanNgWH/CVE-2019-5736-POC) @@ -3172,6 +3243,22 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow - [BBRathnayaka/POC-CVE-2019-5736](https://github.com/BBRathnayaka/POC-CVE-2019-5736) - [shen54/IT19172088](https://github.com/shen54/IT19172088) +### CVE-2019-5737 + + +In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1. + + +- [beelzebruh/cve-2019-5737](https://github.com/beelzebruh/cve-2019-5737) + +### CVE-2019-5786 + + +Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. + + +- [exodusintel/CVE-2019-5786](https://github.com/exodusintel/CVE-2019-5786) + ### CVE-2019-5822 @@ -3188,6 +3275,14 @@ Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed - [timwr/CVE-2019-5825](https://github.com/timwr/CVE-2019-5825) +### CVE-2019-5893 + + +Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter. + + +- [EmreOvunc/OpenSource-ERP-SQL-Injection](https://github.com/EmreOvunc/OpenSource-ERP-SQL-Injection) + ### CVE-2019-6111 @@ -3220,7 +3315,17 @@ An out-of-bounds read issue existed that led to the disclosure of kernel memory. A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges. +- [fatgrass/OsirisJailbreak12](https://github.com/fatgrass/OsirisJailbreak12) - [TrungNguyen1909/CVE-2019-6225-macOS](https://github.com/TrungNguyen1909/CVE-2019-6225-macOS) +- [raystyle/jailbreak-iOS12](https://github.com/raystyle/jailbreak-iOS12) + +### CVE-2019-6249 + + +An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. + + +- [NMTech0x90/CVE-2019-6249_Hucart-cms](https://github.com/NMTech0x90/CVE-2019-6249_Hucart-cms) ### CVE-2019-6260 @@ -3230,6 +3335,14 @@ The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and - [amboar/cve-2019-6260](https://github.com/amboar/cve-2019-6260) +### CVE-2019-6263 + + +An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS. + + +- [praveensutar/CVE-2019-6263-Joomla-POC](https://github.com/praveensutar/CVE-2019-6263-Joomla-POC) + ### CVE-2019-6329 @@ -3244,9 +3357,23 @@ HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege a Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.) +- [g0rx/Drupal-SA-CORE-2019-003](https://github.com/g0rx/Drupal-SA-CORE-2019-003) +- [knqyf263/CVE-2019-6340](https://github.com/knqyf263/CVE-2019-6340) +- [DevDungeon/CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass](https://github.com/DevDungeon/CVE-2019-6340-Drupal-8.6.9-REST-Auth-Bypass) +- [oways/CVE-2019-6340](https://github.com/oways/CVE-2019-6340) +- [cved-sources/cve-2019-6340](https://github.com/cved-sources/cve-2019-6340) +- [d1vious/cve-2019-6340-bits](https://github.com/d1vious/cve-2019-6340-bits) - [jas502n/CVE-2019-6340](https://github.com/jas502n/CVE-2019-6340) - [ludy-dev/drupal8-REST-RCE](https://github.com/ludy-dev/drupal8-REST-RCE) +### CVE-2019-6440 + + +Zemana AntiMalware before 3.0.658 Beta mishandles update logic. + + +- [hexnone/CVE-2019-6440](https://github.com/hexnone/CVE-2019-6440) + ### CVE-2019-6446 @@ -3261,6 +3388,7 @@ Some field types do not properly sanitize data from non-form sources in Drupal 8 The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP. +- [fs0c131y/ESFileExplorerOpenPortVuln](https://github.com/fs0c131y/ESFileExplorerOpenPortVuln) - [SandaRuFdo/ES-File-Explorer-Open-Port-Vulnerability---CVE-2019-6447](https://github.com/SandaRuFdo/ES-File-Explorer-Open-Port-Vulnerability---CVE-2019-6447) ### CVE-2019-6453 @@ -3269,6 +3397,7 @@ The ES File Explorer File Manager application through 4.1.9.7.4 for Android allo mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable). +- [proofofcalc/cve-2019-6453-poc](https://github.com/proofofcalc/cve-2019-6453-poc) - [andripwn/mIRC-CVE-2019-6453](https://github.com/andripwn/mIRC-CVE-2019-6453) ### CVE-2019-6467 @@ -3279,6 +3408,14 @@ A programming error in the nxdomain-redirect feature can cause an assertion fail - [knqyf263/CVE-2019-6467](https://github.com/knqyf263/CVE-2019-6467) +### CVE-2019-6487 + + +TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field. + + +- [afang5472/TP-Link-WDR-Router-Command-injection_POC](https://github.com/afang5472/TP-Link-WDR-Router-Command-injection_POC) + ### CVE-2019-6690 @@ -3286,6 +3423,7 @@ python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt - [stigtsp/CVE-2019-6690-python-gnupg-vulnerability](https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability) +- [brianwrf/CVE-2019-6690](https://github.com/brianwrf/CVE-2019-6690) ### CVE-2019-6715 @@ -3304,12 +3442,29 @@ This improper access control vulnerability allows remote attackers to gain unaut - [cycraft-corp/cve-2019-7192-check](https://github.com/cycraft-corp/cve-2019-7192-check) - [th3gundy/CVE-2019-7192_QNAP_Exploit](https://github.com/th3gundy/CVE-2019-7192_QNAP_Exploit) +### CVE-2019-7216 + + +An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php. + + +- [Ekultek/CVE-2019-7216](https://github.com/Ekultek/CVE-2019-7216) + +### CVE-2019-7219 + + +Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. + + +- [verifysecurity/CVE-2019-7219](https://github.com/verifysecurity/CVE-2019-7219) + ### CVE-2019-7238 Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. +- [mpgn/CVE-2019-7238](https://github.com/mpgn/CVE-2019-7238) - [jas502n/CVE-2019-7238](https://github.com/jas502n/CVE-2019-7238) - [verctor/nexus_rce_CVE-2019-7238](https://github.com/verctor/nexus_rce_CVE-2019-7238) - [magicming200/CVE-2019-7238_Nexus_RCE_Tool](https://github.com/magicming200/CVE-2019-7238_Nexus_RCE_Tool) @@ -3321,6 +3476,7 @@ Canonical snapd before version 2.37.1 incorrectly performed socket owner validat - [initstring/dirty_sock](https://github.com/initstring/dirty_sock) +- [SecuritySi/CVE-2019-7304_DirtySock](https://github.com/SecuritySi/CVE-2019-7304_DirtySock) ### CVE-2019-7482 @@ -3359,6 +3515,14 @@ Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SS - [random-robbie/CVE-2019-7616](https://github.com/random-robbie/CVE-2019-7616) +### CVE-2019-7642 + + +D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware versions of DIR-817LW (A1-1.04), DIR-816L (B1-2.06), DIR-816 (B1-2.06?), DIR-850L (A1-1.09), and DIR-868L (A1-1.10). + + +- [xw77cve/CVE-2019-7642](https://github.com/xw77cve/CVE-2019-7642) + ### CVE-2019-7839 @@ -3367,6 +3531,14 @@ ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 a - [securifera/CVE-2019-7839](https://github.com/securifera/CVE-2019-7839) +### CVE-2019-8389 + + +A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder (with a crafted ../ payload) to the download.script endpoint. This will create a MusicPlayerArchive.zip archive that is publicly accessible and includes the content of any requested file (such as the /etc/passwd file). + + +- [shawarkhanethicalhacker/CVE-2019-8389](https://github.com/shawarkhanethicalhacker/CVE-2019-8389) + ### CVE-2019-8446 @@ -3472,6 +3644,7 @@ NTP through 4.2.8p12 has a NULL Pointer Dereference. WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata. Exploitation can leverage CVE-2019-8943. +- [brianwrf/WordPress_4.9.8_RCE_POC](https://github.com/brianwrf/WordPress_4.9.8_RCE_POC) - [synacktiv/CVE-2019-8942](https://github.com/synacktiv/CVE-2019-8942) ### CVE-2019-8956 @@ -3506,6 +3679,14 @@ Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allo - [ZenyWay/opgp-service-cve-2019-9153](https://github.com/ZenyWay/opgp-service-cve-2019-9153) +### CVE-2019-9184 + + +SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter. + + +- [cved-sources/cve-2019-9184](https://github.com/cved-sources/cve-2019-9184) + ### CVE-2019-9193 @@ -3514,6 +3695,14 @@ Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allo - [skyship36/CVE-2019-9193](https://github.com/skyship36/CVE-2019-9193) +### CVE-2019-9194 + + +elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. + + +- [cved-sources/cve-2019-9194](https://github.com/cved-sources/cve-2019-9194) + ### CVE-2019-9202 @@ -3538,6 +3727,14 @@ The Bluetooth BR/EDR specification up to and including version 5.1 permits suffi - [francozappa/knob](https://github.com/francozappa/knob) +### CVE-2019-9580 + + +In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS. + + +- [mpgn/CVE-2019-9580](https://github.com/mpgn/CVE-2019-9580) + ### CVE-2019-9596 @@ -3562,6 +3759,14 @@ Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, an - [k8gege/ZimbraExploit](https://github.com/k8gege/ZimbraExploit) +### CVE-2019-9653 + + +NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php. + + +- [grayoneday/CVE-2019-9653](https://github.com/grayoneday/CVE-2019-9653) + ### CVE-2019-9670 @@ -3571,6 +3776,22 @@ mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 - [rek7/Zimbra-RCE](https://github.com/rek7/Zimbra-RCE) - [attackgithub/Zimbra-RCE](https://github.com/attackgithub/Zimbra-RCE) +### CVE-2019-9673 + + +Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. + + +- [mgrube/CVE-2019-9673](https://github.com/mgrube/CVE-2019-9673) + +### CVE-2019-9729 + + +In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer underflow. + + +- [HyperSine/SdoKeyCrypt-sys-local-privilege-elevation](https://github.com/HyperSine/SdoKeyCrypt-sys-local-privilege-elevation) + ### CVE-2019-9730 @@ -3612,6 +3833,7 @@ WordPress before 5.1.1 does not properly filter comment content, leading to Remo Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. +- [xuechiyaobai/CVE-2019-9810-PoC](https://github.com/xuechiyaobai/CVE-2019-9810-PoC) - [0vercl0k/CVE-2019-9810](https://github.com/0vercl0k/CVE-2019-9810) ### CVE-2019-9896 @@ -3790,6 +4012,14 @@ A broken access control vulnerability in HG100 firmware versions up to 4.00.06 a - [tim124058/ASUS-SmartHome-Exploit](https://github.com/tim124058/ASUS-SmartHome-Exploit) +### CVE-2019-11076 + + +Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. + + +- [livehybrid/poc-cribl-rce](https://github.com/livehybrid/poc-cribl-rce) + ### CVE-2019-11157 @@ -5509,6 +5739,14 @@ A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in exten ### CVE-2019-48814 - [wucj001/cve-2019-48814](https://github.com/wucj001/cve-2019-48814) +### CVE-2019-1002101 + + +The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0. + + +- [brompwnie/CVE-2019-1002101-Helpers](https://github.com/brompwnie/CVE-2019-1002101-Helpers) + ### CVE-2019-1003000 @@ -5516,6 +5754,8 @@ A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier - [wetw0rk/Exploit-Development](https://github.com/wetw0rk/Exploit-Development) +- [adamyordan/cve-2019-1003000-jenkins-rce-poc](https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc) +- [0xtavian/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins](https://github.com/0xtavian/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins) - [1NTheKut/CVE-2019-1003000_RCE-DETECTION](https://github.com/1NTheKut/CVE-2019-1003000_RCE-DETECTION) ### CVE-2019-1010054