From ba7addf7a1cd4350b6a25334ed7061ca1e24f6e6 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sat, 1 Jun 2024 09:29:04 +0900 Subject: [PATCH] Auto Update 2024/06/01 00:29:04 --- 2013/CVE-2013-4378.json | 30 ++++++++++++++ 2015/CVE-2015-6748.json | 32 +++++++++++++++ 2016/CVE-2016-10006.json | 32 +++++++++++++++ 2016/CVE-2016-5394.json | 32 +++++++++++++++ 2018/CVE-2018-1000844.json | 32 +++++++++++++++ 2019/CVE-2019-13990.json | 32 +++++++++++++++ 2019/CVE-2019-15477.json | 2 +- 2019/CVE-2019-17513.json | 32 +++++++++++++++ 2019/CVE-2019-3396.json | 2 +- 2020/CVE-2020-13973.json | 2 +- 2020/CVE-2020-15368.json | 8 ++-- 2020/CVE-2020-26217.json | 30 ++++++++++++++ 2021/CVE-2021-3156.json | 4 +- 2022/CVE-2022-37706.json | 8 ++-- 2022/CVE-2022-38694.json | 8 ++-- 2023/CVE-2023-23397.json | 8 ++-- 2023/CVE-2023-30253.json | 8 ++-- 2023/CVE-2023-36424.json | 2 +- 2023/CVE-2023-36802.json | 8 ++-- 2023/CVE-2023-38646.json | 8 ++-- 2023/CVE-2023-45866.json | 4 +- 2023/CVE-2023-6246.json | 4 +- 2024/CVE-2024-1086.json | 8 ++-- 2024/CVE-2024-21338.json | 2 +- 2024/CVE-2024-21683.json | 8 ++-- 2024/CVE-2024-23108.json | 20 +++++----- 2024/CVE-2024-24919.json | 80 +++++++++++++++++++++++++++++++++----- 2024/CVE-2024-27348.json | 39 +++++++++++++++++++ 2024/CVE-2024-2961.json | 8 ++-- 2024/CVE-2024-30056.json | 8 ++-- 2024/CVE-2024-32002.json | 12 +++--- 2024/CVE-2024-32459.json | 8 ++-- 2024/CVE-2024-33559.json | 8 ++-- 2024/CVE-2024-4367.json | 52 +++++++++++++++++++++++-- 2024/CVE-2024-5084.json | 17 ++++++-- README.md | 56 +++++++++++++++++++++++++- 36 files changed, 556 insertions(+), 98 deletions(-) create mode 100644 2015/CVE-2015-6748.json create mode 100644 2016/CVE-2016-10006.json create mode 100644 2016/CVE-2016-5394.json create mode 100644 2018/CVE-2018-1000844.json create mode 100644 2019/CVE-2019-13990.json create mode 100644 2019/CVE-2019-17513.json create mode 100644 2024/CVE-2024-27348.json diff --git a/2013/CVE-2013-4378.json b/2013/CVE-2013-4378.json index a86a55d53f..a81c250bb3 100644 --- a/2013/CVE-2013-4378.json +++ b/2013/CVE-2013-4378.json @@ -28,5 +28,35 @@ "watchers": 0, "score": 0, "subscribers_count": 3 + }, + { + "id": 808806365, + "name": "VUL4J-50", + "full_name": "epicosy\/VUL4J-50", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/VUL4J-50", + "description": "javamelody\/javamelody with CVE-2013-4378", + "fork": false, + "created_at": "2024-05-31T21:31:15Z", + "updated_at": "2024-05-31T21:32:50Z", + "pushed_at": "2024-05-31T21:32:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2015/CVE-2015-6748.json b/2015/CVE-2015-6748.json new file mode 100644 index 0000000000..3c24033121 --- /dev/null +++ b/2015/CVE-2015-6748.json @@ -0,0 +1,32 @@ +[ + { + "id": 808804751, + "name": "VUL4J-59", + "full_name": "epicosy\/VUL4J-59", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/VUL4J-59", + "description": "jhy\/jsoup with CVE-2015-6748", + "fork": false, + "created_at": "2024-05-31T21:24:39Z", + "updated_at": "2024-05-31T21:25:53Z", + "pushed_at": "2024-05-31T21:25:49Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-10006.json b/2016/CVE-2016-10006.json new file mode 100644 index 0000000000..4845d315bb --- /dev/null +++ b/2016/CVE-2016-10006.json @@ -0,0 +1,32 @@ +[ + { + "id": 808801443, + "name": "VUL4J-60", + "full_name": "epicosy\/VUL4J-60", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/VUL4J-60", + "description": "nahsra\/antisamy with CVE-2016-10006", + "fork": false, + "created_at": "2024-05-31T21:12:16Z", + "updated_at": "2024-05-31T21:13:22Z", + "pushed_at": "2024-05-31T21:13:17Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-5394.json b/2016/CVE-2016-5394.json new file mode 100644 index 0000000000..0211bfeafc --- /dev/null +++ b/2016/CVE-2016-5394.json @@ -0,0 +1,32 @@ +[ + { + "id": 808799718, + "name": "VUL4J-23", + "full_name": "epicosy\/VUL4J-23", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/VUL4J-23", + "description": "apache\/sling with CVE-2016-5394", + "fork": false, + "created_at": "2024-05-31T21:05:46Z", + "updated_at": "2024-05-31T21:09:29Z", + "pushed_at": "2024-05-31T21:09:08Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-1000844.json b/2018/CVE-2018-1000844.json new file mode 100644 index 0000000000..ad4b582b9b --- /dev/null +++ b/2018/CVE-2018-1000844.json @@ -0,0 +1,32 @@ +[ + { + "id": 808783620, + "name": "Retrofit-1", + "full_name": "epicosy\/Retrofit-1", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/Retrofit-1", + "description": "retrofit with CVE-2018-1000844", + "fork": false, + "created_at": "2024-05-31T20:09:00Z", + "updated_at": "2024-05-31T20:10:48Z", + "pushed_at": "2024-05-31T20:10:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-13990.json b/2019/CVE-2019-13990.json new file mode 100644 index 0000000000..1496ff58f7 --- /dev/null +++ b/2019/CVE-2019-13990.json @@ -0,0 +1,32 @@ +[ + { + "id": 808786062, + "name": "Quartz-1", + "full_name": "epicosy\/Quartz-1", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/Quartz-1", + "description": "quartz with CVE-2019-13990", + "fork": false, + "created_at": "2024-05-31T20:17:54Z", + "updated_at": "2024-05-31T20:19:05Z", + "pushed_at": "2024-05-31T20:19:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-15477.json b/2019/CVE-2019-15477.json index 08028c8084..0a494217dc 100644 --- a/2019/CVE-2019-15477.json +++ b/2019/CVE-2019-15477.json @@ -27,6 +27,6 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2019/CVE-2019-17513.json b/2019/CVE-2019-17513.json new file mode 100644 index 0000000000..e1dd4d8f71 --- /dev/null +++ b/2019/CVE-2019-17513.json @@ -0,0 +1,32 @@ +[ + { + "id": 808788930, + "name": "Ratpack-1", + "full_name": "epicosy\/Ratpack-1", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/Ratpack-1", + "description": "ratpack with CVE-2019-17513", + "fork": false, + "created_at": "2024-05-31T20:26:56Z", + "updated_at": "2024-05-31T20:28:20Z", + "pushed_at": "2024-05-31T20:28:14Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2019/CVE-2019-3396.json b/2019/CVE-2019-3396.json index fceff12bbb..e0fa16765f 100644 --- a/2019/CVE-2019-3396.json +++ b/2019/CVE-2019-3396.json @@ -482,7 +482,7 @@ "forks": 0, "watchers": 3, "score": 0, - "subscribers_count": 1 + "subscribers_count": 2 }, { "id": 336327102, diff --git a/2020/CVE-2020-13973.json b/2020/CVE-2020-13973.json index a225fc8157..6df44bba1a 100644 --- a/2020/CVE-2020-13973.json +++ b/2020/CVE-2020-13973.json @@ -27,6 +27,6 @@ "forks": 0, "watchers": 0, "score": 0, - "subscribers_count": 0 + "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2020/CVE-2020-15368.json b/2020/CVE-2020-15368.json index 3a65c34d0d..691800f231 100644 --- a/2020/CVE-2020-15368.json +++ b/2020/CVE-2020-15368.json @@ -13,10 +13,10 @@ "description": "CVE-2020-15368, aka \"How to exploit a vulnerable driver\"", "fork": false, "created_at": "2021-06-29T04:38:24Z", - "updated_at": "2024-04-24T17:28:12Z", + "updated_at": "2024-05-31T20:10:03Z", "pushed_at": "2022-04-14T03:17:44Z", - "stargazers_count": 407, - "watchers_count": 407, + "stargazers_count": 408, + "watchers_count": 408, "has_discussions": false, "forks_count": 45, "allow_forking": true, @@ -30,7 +30,7 @@ ], "visibility": "public", "forks": 45, - "watchers": 407, + "watchers": 408, "score": 0, "subscribers_count": 6 } diff --git a/2020/CVE-2020-26217.json b/2020/CVE-2020-26217.json index d3530784bd..419b36f230 100644 --- a/2020/CVE-2020-26217.json +++ b/2020/CVE-2020-26217.json @@ -62,5 +62,35 @@ "watchers": 3, "score": 0, "subscribers_count": 2 + }, + { + "id": 808796135, + "name": "XStream-1", + "full_name": "epicosy\/XStream-1", + "owner": { + "login": "epicosy", + "id": 30272775, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/30272775?v=4", + "html_url": "https:\/\/github.com\/epicosy" + }, + "html_url": "https:\/\/github.com\/epicosy\/XStream-1", + "description": "xstream with CVE-2020-26217", + "fork": false, + "created_at": "2024-05-31T20:52:08Z", + "updated_at": "2024-05-31T20:53:09Z", + "pushed_at": "2024-05-31T20:53:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index c5fc0cf1bb..2b413622d4 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -809,13 +809,13 @@ "stargazers_count": 142, "watchers_count": 142, "has_discussions": false, - "forks_count": 59, + "forks_count": 60, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 59, + "forks": 60, "watchers": 142, "score": 0, "subscribers_count": 1 diff --git a/2022/CVE-2022-37706.json b/2022/CVE-2022-37706.json index c3b98e80bc..85e4e46c77 100644 --- a/2022/CVE-2022-37706.json +++ b/2022/CVE-2022-37706.json @@ -13,10 +13,10 @@ "description": "A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04)", "fork": false, "created_at": "2022-09-12T19:22:44Z", - "updated_at": "2024-05-30T17:18:24Z", + "updated_at": "2024-05-31T19:57:53Z", "pushed_at": "2022-09-19T19:41:34Z", - "stargazers_count": 253, - "watchers_count": 253, + "stargazers_count": 254, + "watchers_count": 254, "has_discussions": false, "forks_count": 36, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 36, - "watchers": 253, + "watchers": 254, "score": 0, "subscribers_count": 5 }, diff --git a/2022/CVE-2022-38694.json b/2022/CVE-2022-38694.json index 830344547d..b1ffdf4929 100644 --- a/2022/CVE-2022-38694.json +++ b/2022/CVE-2022-38694.json @@ -13,10 +13,10 @@ "description": "This is a one-time signature verification bypass. For persistent signature verification bypass, check https:\/\/github.com\/TomKing062\/CVE-2022-38691_38692", "fork": false, "created_at": "2023-06-10T08:31:26Z", - "updated_at": "2024-05-29T05:37:41Z", + "updated_at": "2024-05-31T20:12:05Z", "pushed_at": "2024-04-05T06:46:47Z", - "stargazers_count": 217, - "watchers_count": 217, + "stargazers_count": 218, + "watchers_count": 218, "has_discussions": true, "forks_count": 29, "allow_forking": true, @@ -28,7 +28,7 @@ ], "visibility": "public", "forks": 29, - "watchers": 217, + "watchers": 218, "score": 0, "subscribers_count": 6 } diff --git a/2023/CVE-2023-23397.json b/2023/CVE-2023-23397.json index eebc499c40..207459c1d7 100644 --- a/2023/CVE-2023-23397.json +++ b/2023/CVE-2023-23397.json @@ -554,14 +554,14 @@ { "id": 618584783, "name": "CVE-2023-23397-Report", - "full_name": "madelynadams9\/CVE-2023-23397-Report", + "full_name": "Cyb3rMaddy\/CVE-2023-23397-Report", "owner": { - "login": "madelynadams9", + "login": "Cyb3rMaddy", "id": 61891953, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/61891953?v=4", - "html_url": "https:\/\/github.com\/madelynadams9" + "html_url": "https:\/\/github.com\/Cyb3rMaddy" }, - "html_url": "https:\/\/github.com\/madelynadams9\/CVE-2023-23397-Report", + "html_url": "https:\/\/github.com\/Cyb3rMaddy\/CVE-2023-23397-Report", "description": "An exploitation demo of Outlook Elevation of Privilege Vulnerability", "fork": false, "created_at": "2023-03-24T19:47:42Z", diff --git a/2023/CVE-2023-30253.json b/2023/CVE-2023-30253.json index 223b865d5a..b8187cff59 100644 --- a/2023/CVE-2023-30253.json +++ b/2023/CVE-2023-30253.json @@ -73,10 +73,10 @@ "description": "Reverse Shell POC exploit for Dolibarr <= 17.0.0 (CVE-2023-30253), PHP Code Injection", "fork": false, "created_at": "2024-05-27T15:10:12Z", - "updated_at": "2024-05-31T01:01:59Z", + "updated_at": "2024-05-31T21:15:05Z", "pushed_at": "2024-05-28T15:10:20Z", - "stargazers_count": 6, - "watchers_count": 6, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -85,7 +85,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 6, + "watchers": 8, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-36424.json b/2023/CVE-2023-36424.json index 2d5197e52d..58e5962a71 100644 --- a/2023/CVE-2023-36424.json +++ b/2023/CVE-2023-36424.json @@ -13,7 +13,7 @@ "description": "Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation", "fork": false, "created_at": "2024-03-21T21:39:24Z", - "updated_at": "2024-05-16T21:37:55Z", + "updated_at": "2024-05-31T20:35:25Z", "pushed_at": "2024-03-22T06:45:43Z", "stargazers_count": 104, "watchers_count": 104, diff --git a/2023/CVE-2023-36802.json b/2023/CVE-2023-36802.json index 8f5ee3d4ba..4b4f896529 100644 --- a/2023/CVE-2023-36802.json +++ b/2023/CVE-2023-36802.json @@ -103,10 +103,10 @@ "description": "Exploit for CVE-2023-36802 targeting MSKSSRV.SYS driver", "fork": false, "created_at": "2023-10-23T18:33:41Z", - "updated_at": "2024-05-20T21:07:57Z", + "updated_at": "2024-05-31T19:42:29Z", "pushed_at": "2023-10-26T11:44:46Z", - "stargazers_count": 103, - "watchers_count": 103, + "stargazers_count": 104, + "watchers_count": 104, "has_discussions": false, "forks_count": 25, "allow_forking": true, @@ -115,7 +115,7 @@ "topics": [], "visibility": "public", "forks": 25, - "watchers": 103, + "watchers": 104, "score": 0, "subscribers_count": 3 } diff --git a/2023/CVE-2023-38646.json b/2023/CVE-2023-38646.json index 60b5502cc3..b09d9817d3 100644 --- a/2023/CVE-2023-38646.json +++ b/2023/CVE-2023-38646.json @@ -169,10 +169,10 @@ "description": "POC for CVE-2023-38646", "fork": false, "created_at": "2023-07-30T09:56:52Z", - "updated_at": "2024-03-04T19:26:24Z", + "updated_at": "2024-06-01T00:11:52Z", "pushed_at": "2023-12-07T11:10:46Z", - "stargazers_count": 19, - "watchers_count": 19, + "stargazers_count": 20, + "watchers_count": 20, "has_discussions": false, "forks_count": 12, "allow_forking": true, @@ -181,7 +181,7 @@ "topics": [], "visibility": "public", "forks": 12, - "watchers": 19, + "watchers": 20, "score": 0, "subscribers_count": 0 }, diff --git a/2023/CVE-2023-45866.json b/2023/CVE-2023-45866.json index 6652cfb77f..c2f026538d 100644 --- a/2023/CVE-2023-45866.json +++ b/2023/CVE-2023-45866.json @@ -48,13 +48,13 @@ "stargazers_count": 6, "watchers_count": 6, "has_discussions": false, - "forks_count": 3, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 3, + "forks": 2, "watchers": 6, "score": 0, "subscribers_count": 0 diff --git a/2023/CVE-2023-6246.json b/2023/CVE-2023-6246.json index 88bd08ec7d..9af493ceb8 100644 --- a/2023/CVE-2023-6246.json +++ b/2023/CVE-2023-6246.json @@ -18,13 +18,13 @@ "stargazers_count": 3, "watchers_count": 3, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 3, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-1086.json b/2024/CVE-2024-1086.json index 0340700142..cfbc19e79d 100644 --- a/2024/CVE-2024-1086.json +++ b/2024/CVE-2024-1086.json @@ -13,10 +13,10 @@ "description": "Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.", "fork": false, "created_at": "2024-03-20T21:16:41Z", - "updated_at": "2024-05-31T14:01:04Z", + "updated_at": "2024-05-31T22:13:04Z", "pushed_at": "2024-04-17T16:09:54Z", - "stargazers_count": 1974, - "watchers_count": 1974, + "stargazers_count": 1976, + "watchers_count": 1976, "has_discussions": false, "forks_count": 245, "allow_forking": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 245, - "watchers": 1974, + "watchers": 1976, "score": 0, "subscribers_count": 21 }, diff --git a/2024/CVE-2024-21338.json b/2024/CVE-2024-21338.json index 7acc58dd44..78b8a4ca9a 100644 --- a/2024/CVE-2024-21338.json +++ b/2024/CVE-2024-21338.json @@ -13,7 +13,7 @@ "description": "Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.", "fork": false, "created_at": "2024-04-13T05:53:02Z", - "updated_at": "2024-05-31T10:29:00Z", + "updated_at": "2024-05-31T19:19:43Z", "pushed_at": "2024-04-16T21:00:14Z", "stargazers_count": 234, "watchers_count": 234, diff --git a/2024/CVE-2024-21683.json b/2024/CVE-2024-21683.json index 9eeb745607..d9970aa824 100644 --- a/2024/CVE-2024-21683.json +++ b/2024/CVE-2024-21683.json @@ -77,10 +77,10 @@ "description": "This vulnerability could allow an attacker to take complete control of a vulnerable Confluence server. This could allow the attacker to steal data, modify data, or disrupt the availability of the server.", "fork": false, "created_at": "2024-05-24T05:38:18Z", - "updated_at": "2024-05-28T07:58:07Z", + "updated_at": "2024-06-01T00:12:39Z", "pushed_at": "2024-05-24T05:56:48Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -89,7 +89,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-23108.json b/2024/CVE-2024-23108.json index c0681617b9..e9df339543 100644 --- a/2024/CVE-2024-23108.json +++ b/2024/CVE-2024-23108.json @@ -13,19 +13,19 @@ "description": "CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order Command Injection", "fork": false, "created_at": "2024-05-20T14:34:09Z", - "updated_at": "2024-05-31T16:06:07Z", + "updated_at": "2024-05-31T19:03:49Z", "pushed_at": "2024-05-21T11:56:19Z", - "stargazers_count": 16, - "watchers_count": 16, + "stargazers_count": 17, + "watchers_count": 17, "has_discussions": false, - "forks_count": 4, + "forks_count": 5, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 4, - "watchers": 16, + "forks": 5, + "watchers": 17, "score": 0, "subscribers_count": 4 }, @@ -43,10 +43,10 @@ "description": "POC iteration for CVE-2024-23108", "fork": false, "created_at": "2024-05-28T17:21:11Z", - "updated_at": "2024-05-28T17:36:55Z", + "updated_at": "2024-05-31T19:41:43Z", "pushed_at": "2024-05-28T17:36:52Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -55,7 +55,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-24919.json b/2024/CVE-2024-24919.json index 075d7d972a..8d2a3681cd 100644 --- a/2024/CVE-2024-24919.json +++ b/2024/CVE-2024-24919.json @@ -103,10 +103,10 @@ "description": "CVE-2024-24919 Exploit PoC", "fork": false, "created_at": "2024-05-30T16:23:18Z", - "updated_at": "2024-05-31T14:43:35Z", + "updated_at": "2024-06-01T00:26:07Z", "pushed_at": "2024-05-30T17:08:11Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -121,7 +121,7 @@ ], "visibility": "public", "forks": 3, - "watchers": 4, + "watchers": 8, "score": 0, "subscribers_count": 1 }, @@ -139,8 +139,8 @@ "description": null, "fork": false, "created_at": "2024-05-30T17:26:08Z", - "updated_at": "2024-05-30T19:04:26Z", - "pushed_at": "2024-05-30T19:04:23Z", + "updated_at": "2024-06-01T00:09:54Z", + "pushed_at": "2024-06-01T00:09:51Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -406,6 +406,36 @@ "score": 0, "subscribers_count": 0 }, + { + "id": 808595288, + "name": "CVE-2024-24919-POC", + "full_name": "seed1337\/CVE-2024-24919-POC", + "owner": { + "login": "seed1337", + "id": 99613932, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/99613932?v=4", + "html_url": "https:\/\/github.com\/seed1337" + }, + "html_url": "https:\/\/github.com\/seed1337\/CVE-2024-24919-POC", + "description": null, + "fork": false, + "created_at": "2024-05-31T11:52:59Z", + "updated_at": "2024-05-31T23:18:29Z", + "pushed_at": "2024-05-31T22:55:07Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + }, { "id": 808601031, "name": "CVE-2024-24919", @@ -420,7 +450,7 @@ "description": null, "fork": false, "created_at": "2024-05-31T12:08:28Z", - "updated_at": "2024-05-31T13:55:13Z", + "updated_at": "2024-05-31T19:42:45Z", "pushed_at": "2024-05-31T13:55:09Z", "stargazers_count": 0, "watchers_count": 0, @@ -510,7 +540,7 @@ "description": "CVE-2024-24919 exploit", "fork": false, "created_at": "2024-05-31T13:11:40Z", - "updated_at": "2024-05-31T17:01:59Z", + "updated_at": "2024-05-31T22:16:59Z", "pushed_at": "2024-05-31T15:50:57Z", "stargazers_count": 2, "watchers_count": 2, @@ -600,8 +630,38 @@ "description": "This repository contains a proof-of-concept (PoC) exploit for CVE-2024-24919, a critical vulnerability discovered in Check Point SVN. The vulnerability allows for reading system files. CVE ID: CVE-2024-24919", "fork": false, "created_at": "2024-05-31T18:14:19Z", - "updated_at": "2024-05-31T18:27:05Z", - "pushed_at": "2024-05-31T18:24:09Z", + "updated_at": "2024-05-31T19:03:05Z", + "pushed_at": "2024-05-31T19:03:02Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, + { + "id": 808815211, + "name": "CVE-2024-24919", + "full_name": "MohamedWagdy7\/CVE-2024-24919", + "owner": { + "login": "MohamedWagdy7", + "id": 31960035, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/31960035?v=4", + "html_url": "https:\/\/github.com\/MohamedWagdy7" + }, + "html_url": "https:\/\/github.com\/MohamedWagdy7\/CVE-2024-24919", + "description": null, + "fork": false, + "created_at": "2024-05-31T22:07:21Z", + "updated_at": "2024-05-31T23:39:55Z", + "pushed_at": "2024-05-31T23:39:52Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2024/CVE-2024-27348.json b/2024/CVE-2024-27348.json new file mode 100644 index 0000000000..0a33cbc512 --- /dev/null +++ b/2024/CVE-2024-27348.json @@ -0,0 +1,39 @@ +[ + { + "id": 808784376, + "name": "CVE-2024-27348", + "full_name": "Zeyad-Azima\/CVE-2024-27348", + "owner": { + "login": "Zeyad-Azima", + "id": 62406753, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/62406753?v=4", + "html_url": "https:\/\/github.com\/Zeyad-Azima" + }, + "html_url": "https:\/\/github.com\/Zeyad-Azima\/CVE-2024-27348", + "description": "Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 )", + "fork": false, + "created_at": "2024-05-31T20:11:37Z", + "updated_at": "2024-05-31T23:31:34Z", + "pushed_at": "2024-05-31T22:16:47Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "apache", + "cve", + "cve-scanning", + "exploit", + "vulnerability", + "vulnerability-scanners" + ], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-2961.json b/2024/CVE-2024-2961.json index cd65988e75..6d39da156e 100644 --- a/2024/CVE-2024-2961.json +++ b/2024/CVE-2024-2961.json @@ -73,10 +73,10 @@ "description": "Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()", "fork": false, "created_at": "2024-05-27T08:30:06Z", - "updated_at": "2024-05-31T16:49:13Z", + "updated_at": "2024-05-31T18:42:54Z", "pushed_at": "2024-05-28T03:19:34Z", - "stargazers_count": 217, - "watchers_count": 217, + "stargazers_count": 218, + "watchers_count": 218, "has_discussions": false, "forks_count": 26, "allow_forking": true, @@ -85,7 +85,7 @@ "topics": [], "visibility": "public", "forks": 26, - "watchers": 217, + "watchers": 218, "score": 0, "subscribers_count": 4 }, diff --git a/2024/CVE-2024-30056.json b/2024/CVE-2024-30056.json index eeb2a8a1a6..974eab9002 100644 --- a/2024/CVE-2024-30056.json +++ b/2024/CVE-2024-30056.json @@ -13,10 +13,10 @@ "description": "CVE-2024-30056 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability", "fork": false, "created_at": "2024-05-27T06:37:34Z", - "updated_at": "2024-05-31T02:31:59Z", + "updated_at": "2024-06-01T00:12:38Z", "pushed_at": "2024-05-27T06:47:27Z", - "stargazers_count": 13, - "watchers_count": 13, + "stargazers_count": 15, + "watchers_count": 15, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 13, + "watchers": 15, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-32002.json b/2024/CVE-2024-32002.json index 9b34996be8..20e3cb4b54 100644 --- a/2024/CVE-2024-32002.json +++ b/2024/CVE-2024-32002.json @@ -73,12 +73,12 @@ "description": "Exploit PoC for CVE-2024-32002", "fork": false, "created_at": "2024-05-17T19:33:08Z", - "updated_at": "2024-05-31T18:25:10Z", + "updated_at": "2024-05-31T23:47:03Z", "pushed_at": "2024-05-19T07:12:00Z", - "stargazers_count": 368, - "watchers_count": 368, + "stargazers_count": 379, + "watchers_count": 379, "has_discussions": false, - "forks_count": 104, + "forks_count": 105, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -89,8 +89,8 @@ "rce" ], "visibility": "public", - "forks": 104, - "watchers": 368, + "forks": 105, + "watchers": 379, "score": 0, "subscribers_count": 3 }, diff --git a/2024/CVE-2024-32459.json b/2024/CVE-2024-32459.json index 2e6defca74..953c9fa255 100644 --- a/2024/CVE-2024-32459.json +++ b/2024/CVE-2024-32459.json @@ -13,10 +13,10 @@ "description": "The FreeRDP - Out-of-Bounds Read (CVE-2024-32459) vulnerability concerns FreeRDP, a free implementation of Remote Desktop Protocol. FreeRDP-based clients and servers using a version of FreeRDP prior to version 3.5.0 or 2.11.6 are vulnerable to out-of-bounds reading12. Versions 3.5.0 and 2.11.6 correct the problem", "fork": false, "created_at": "2024-05-22T04:19:27Z", - "updated_at": "2024-05-23T08:35:20Z", + "updated_at": "2024-06-01T00:12:41Z", "pushed_at": "2024-05-22T04:30:21Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 1, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 1, - "watchers": 0, + "watchers": 1, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-33559.json b/2024/CVE-2024-33559.json index 7dffc67a04..3f9696231a 100644 --- a/2024/CVE-2024-33559.json +++ b/2024/CVE-2024-33559.json @@ -13,10 +13,10 @@ "description": "(CVE-2024-33559) The XStore theme for WordPress is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query", "fork": false, "created_at": "2024-05-17T04:15:34Z", - "updated_at": "2024-05-27T03:37:48Z", + "updated_at": "2024-06-01T00:12:51Z", "pushed_at": "2024-05-17T04:20:29Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-4367.json b/2024/CVE-2024-4367.json index cad571af17..99910ef12e 100644 --- a/2024/CVE-2024-4367.json +++ b/2024/CVE-2024-4367.json @@ -13,10 +13,10 @@ "description": "CVE-2024-4367 & CVE-2024-34342 Proof of Concept", "fork": false, "created_at": "2024-05-20T10:02:23Z", - "updated_at": "2024-05-31T13:39:19Z", + "updated_at": "2024-05-31T21:02:55Z", "pushed_at": "2024-05-31T13:39:16Z", - "stargazers_count": 46, - "watchers_count": 46, + "stargazers_count": 48, + "watchers_count": 48, "has_discussions": false, "forks_count": 9, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 9, - "watchers": 46, + "watchers": 48, "score": 0, "subscribers_count": 1 }, @@ -89,6 +89,50 @@ "score": 0, "subscribers_count": 1 }, + { + "id": 804608693, + "name": "pdfjs-vuln-demo", + "full_name": "clarkio\/pdfjs-vuln-demo", + "owner": { + "login": "clarkio", + "id": 6265396, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6265396?v=4", + "html_url": "https:\/\/github.com\/clarkio" + }, + "html_url": "https:\/\/github.com\/clarkio\/pdfjs-vuln-demo", + "description": "This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367", + "fork": false, + "created_at": "2024-05-22T23:18:20Z", + "updated_at": "2024-05-31T19:57:42Z", + "pushed_at": "2024-05-31T19:57:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "application-security", + "appsec", + "astro", + "astrojs", + "pdf", + "pdfjs", + "pdfjs-dist", + "react", + "security", + "svelte", + "vue", + "vuejs", + "web" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + }, { "id": 804747982, "name": "pdfjs_disable_eval", diff --git a/2024/CVE-2024-5084.json b/2024/CVE-2024-5084.json index 6256f9afcc..448624b42e 100644 --- a/2024/CVE-2024-5084.json +++ b/2024/CVE-2024-5084.json @@ -10,11 +10,11 @@ "html_url": "https:\/\/github.com\/KTN1990" }, "html_url": "https:\/\/github.com\/KTN1990\/CVE-2024-5084", - "description": "Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution", + "description": "WordPress Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution", "fork": false, "created_at": "2024-05-25T03:49:04Z", - "updated_at": "2024-05-25T03:52:32Z", - "pushed_at": "2024-05-25T03:52:29Z", + "updated_at": "2024-05-31T19:51:17Z", + "pushed_at": "2024-05-31T19:51:13Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, @@ -22,7 +22,16 @@ "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, - "topics": [], + "topics": [ + "cve", + "exploit", + "exploitwordpress", + "shell", + "upload", + "vulnerability", + "wordpress", + "wordpressexploit" + ], "visibility": "public", "forks": 0, "watchers": 0, diff --git a/README.md b/README.md index da06a51a87..e6e9e5f4b2 100644 --- a/README.md +++ b/README.md @@ -573,6 +573,7 @@ - [LOURC0D3/CVE-2024-4367-PoC](https://github.com/LOURC0D3/CVE-2024-4367-PoC) - [s4vvysec/CVE-2024-4367-POC](https://github.com/s4vvysec/CVE-2024-4367-POC) - [spaceraccoon/detect-cve-2024-4367](https://github.com/spaceraccoon/detect-cve-2024-4367) +- [clarkio/pdfjs-vuln-demo](https://github.com/clarkio/pdfjs-vuln-demo) - [avalahEE/pdfjs_disable_eval](https://github.com/avalahEE/pdfjs_disable_eval) ### CVE-2024-4439 (2024-05-03) @@ -1416,6 +1417,7 @@ - [3UR/CVE-2024-24919](https://github.com/3UR/CVE-2024-24919) - [RevoltSecurities/CVE-2024-24919](https://github.com/RevoltSecurities/CVE-2024-24919) - [Vulnpire/CVE-2024-24919](https://github.com/Vulnpire/CVE-2024-24919) +- [seed1337/CVE-2024-24919-POC](https://github.com/seed1337/CVE-2024-24919-POC) - [0x3f3c/CVE-2024-24919](https://github.com/0x3f3c/CVE-2024-24919) - [Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN](https://github.com/Praison001/CVE-2024-24919-Check-Point-Remote-Access-VPN) - [smackerdodi/CVE-2024-24919-nuclei-templater](https://github.com/smackerdodi/CVE-2024-24919-nuclei-templater) @@ -1423,6 +1425,7 @@ - [GlobalsecureAcademy/CVE-2024-24919](https://github.com/GlobalsecureAcademy/CVE-2024-24919) - [nexblade12/CVE-2024-24919](https://github.com/nexblade12/CVE-2024-24919) - [un9nplayer/CVE-2024-24919](https://github.com/un9nplayer/CVE-2024-24919) +- [MohamedWagdy7/CVE-2024-24919](https://github.com/MohamedWagdy7/CVE-2024-24919) ### CVE-2024-25092 - [RandomRobbieBF/CVE-2024-25092](https://github.com/RandomRobbieBF/CVE-2024-25092) @@ -1651,6 +1654,13 @@ - [lockness-Ko/CVE-2024-27316](https://github.com/lockness-Ko/CVE-2024-27316) - [aeyesec/CVE-2024-27316_poc](https://github.com/aeyesec/CVE-2024-27316_poc) +### CVE-2024-27348 (2024-04-22) + +RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11\n\nUsers are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.\n\n + + +- [Zeyad-Azima/CVE-2024-27348](https://github.com/Zeyad-Azima/CVE-2024-27348) + ### CVE-2024-27460 (2024-05-10) A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. @@ -4488,7 +4498,7 @@ - [tiepologian/CVE-2023-23397](https://github.com/tiepologian/CVE-2023-23397) - [BronzeBee/cve-2023-23397](https://github.com/BronzeBee/cve-2023-23397) - [stevesec/CVE-2023-23397](https://github.com/stevesec/CVE-2023-23397) -- [madelynadams9/CVE-2023-23397-Report](https://github.com/madelynadams9/CVE-2023-23397-Report) +- [Cyb3rMaddy/CVE-2023-23397-Report](https://github.com/Cyb3rMaddy/CVE-2023-23397-Report) - [Zeppperoni/CVE-2023-23397-Patch](https://github.com/Zeppperoni/CVE-2023-23397-Patch) - [jacquesquail/CVE-2023-23397](https://github.com/jacquesquail/CVE-2023-23397) - [CKevens/CVE-2023-23397-POC](https://github.com/CKevens/CVE-2023-23397-POC) @@ -27931,6 +27941,7 @@ - [novysodope/CVE-2020-26217-XStream-RCE-POC](https://github.com/novysodope/CVE-2020-26217-XStream-RCE-POC) - [Al1ex/CVE-2020-26217](https://github.com/Al1ex/CVE-2020-26217) +- [epicosy/XStream-1](https://github.com/epicosy/XStream-1) ### CVE-2020-26233 (2020-12-08) @@ -31280,6 +31291,13 @@ - [rhbb/CVE-2019-13956](https://github.com/rhbb/CVE-2019-13956) +### CVE-2019-13990 (2019-07-26) + +initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. + + +- [epicosy/Quartz-1](https://github.com/epicosy/Quartz-1) + ### CVE-2019-14040 (2020-02-07) Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130 @@ -31982,6 +32000,13 @@ - [Timon-L/3007Project](https://github.com/Timon-L/3007Project) +### CVE-2019-17513 (2019-10-18) + +An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. + + +- [epicosy/Ratpack-1](https://github.com/epicosy/Ratpack-1) + ### CVE-2019-17525 (2020-04-21) The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. @@ -35995,6 +36020,13 @@ - [tna0y/CVE-2018-1000802-PoC](https://github.com/tna0y/CVE-2018-1000802-PoC) +### CVE-2018-1000844 (2022-10-03) + +Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437. + + +- [epicosy/Retrofit-1](https://github.com/epicosy/Retrofit-1) + ### CVE-2018-1000861 (2018-12-10) A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. @@ -39140,6 +39172,13 @@ - [NickStephens/cve-2016-5345](https://github.com/NickStephens/cve-2016-5345) +### CVE-2016-5394 (2017-07-18) + +In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. + + +- [epicosy/VUL4J-23](https://github.com/epicosy/VUL4J-23) + ### CVE-2016-5636 (2016-09-02) Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. @@ -39534,6 +39573,13 @@ - [t0kx/exploit-CVE-2016-9920](https://github.com/t0kx/exploit-CVE-2016-9920) +### CVE-2016-10006 (2016-12-24) + +In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. + + +- [epicosy/VUL4J-60](https://github.com/epicosy/VUL4J-60) + ### CVE-2016-10033 (2016-12-30) The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. @@ -40380,6 +40426,13 @@ - [G01d3nW01f/CVE-2015-6668](https://github.com/G01d3nW01f/CVE-2015-6668) - [c0d3cr4f73r/CVE-2015-6668](https://github.com/c0d3cr4f73r/CVE-2015-6668) +### CVE-2015-6748 (2017-09-25) + +Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. + + +- [epicosy/VUL4J-59](https://github.com/epicosy/VUL4J-59) + ### CVE-2015-6835 (2016-05-16) The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. @@ -41737,6 +41790,7 @@ - [theratpack/grails-javamelody-sample-app](https://github.com/theratpack/grails-javamelody-sample-app) +- [epicosy/VUL4J-50](https://github.com/epicosy/VUL4J-50) ### CVE-2013-4434 (2013-10-25)