From bda26a6f2a8ef8283dc59cf332d6f969b000158f Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Tue, 12 Dec 2023 09:27:20 +0900 Subject: [PATCH] Auto Update 2023/12/12 00:27:20 --- 2007/CVE-2007-2447.json | 60 ++++++++++++++++++++++++++++++++++++++++ 2016/CVE-2016-0752.json | 30 ++++++++++++++++++++ 2016/CVE-2016-1764.json | 39 ++++++++++++++++++++++++++ 2016/CVE-2016-2118.json | 32 +++++++++++++++++++++ 2016/CVE-2016-3141.json | 32 +++++++++++++++++++++ 2018/CVE-2018-4407.json | 8 +++--- 2019/CVE-2019-3396.json | 8 +++--- 2019/CVE-2019-8451.json | 8 +++--- 2021/CVE-2021-4034.json | 8 +++--- 2022/CVE-2022-21907.json | 2 +- 2022/CVE-2022-46689.json | 4 +-- 2023/CVE-2023-22515.json | 8 +++--- 2023/CVE-2023-26035.json | 35 +++++++++++++++++++++++ 2023/CVE-2023-28197.json | 32 +++++++++++++++++++++ 2023/CVE-2023-30547.json | 12 ++++---- 2023/CVE-2023-32571.json | 36 ++++++++++++++++++++++++ 2023/CVE-2023-38831.json | 8 +++--- 2023/CVE-2023-44487.json | 60 ++++++++++++++++++++-------------------- 2023/CVE-2023-46604.json | 8 +++--- README.md | 39 ++++++++++++++++++++++++-- 20 files changed, 400 insertions(+), 69 deletions(-) create mode 100644 2016/CVE-2016-1764.json create mode 100644 2016/CVE-2016-2118.json create mode 100644 2016/CVE-2016-3141.json create mode 100644 2023/CVE-2023-26035.json create mode 100644 2023/CVE-2023-28197.json diff --git a/2007/CVE-2007-2447.json b/2007/CVE-2007-2447.json index 676dd82c32..e9e677ba5f 100644 --- a/2007/CVE-2007-2447.json +++ b/2007/CVE-2007-2447.json @@ -1,4 +1,34 @@ [ + { + "id": 143461594, + "name": "CVE-2007-2447", + "full_name": "amriunix\/CVE-2007-2447", + "owner": { + "login": "amriunix", + "id": 6618368, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/6618368?v=4", + "html_url": "https:\/\/github.com\/amriunix" + }, + "html_url": "https:\/\/github.com\/amriunix\/CVE-2007-2447", + "description": "CVE-2007-2447 - Samba usermap script", + "fork": false, + "created_at": "2018-08-03T18:39:56Z", + "updated_at": "2023-09-28T10:52:50Z", + "pushed_at": "2020-08-16T18:54:38Z", + "stargazers_count": 53, + "watchers_count": 53, + "has_discussions": false, + "forks_count": 32, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 32, + "watchers": 53, + "score": 0, + "subscribers_count": 2 + }, { "id": 195401614, "name": "metasploitable2", @@ -119,6 +149,36 @@ "score": 0, "subscribers_count": 2 }, + { + "id": 319098047, + "name": "exploit-CVE-2007-2447", + "full_name": "xlcc4096\/exploit-CVE-2007-2447", + "owner": { + "login": "xlcc4096", + "id": 75581853, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/75581853?v=4", + "html_url": "https:\/\/github.com\/xlcc4096" + }, + "html_url": "https:\/\/github.com\/xlcc4096\/exploit-CVE-2007-2447", + "description": "Exploit for the vulnerability CVE-2007-2447", + "fork": false, + "created_at": "2020-12-06T18:04:44Z", + "updated_at": "2020-12-06T18:09:38Z", + "pushed_at": "2020-12-06T18:09:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 1 + }, { "id": 319992014, "name": "CVE-2007-2447_Samba_3.0.25rc3", diff --git a/2016/CVE-2016-0752.json b/2016/CVE-2016-0752.json index e33d7384fb..14a13dc216 100644 --- a/2016/CVE-2016-0752.json +++ b/2016/CVE-2016-0752.json @@ -1,4 +1,34 @@ [ + { + "id": 50437751, + "name": "rails-rce-cve-2016-0752", + "full_name": "forced-request\/rails-rce-cve-2016-0752", + "owner": { + "login": "forced-request", + "id": 961246, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/961246?v=4", + "html_url": "https:\/\/github.com\/forced-request" + }, + "html_url": "https:\/\/github.com\/forced-request\/rails-rce-cve-2016-0752", + "description": null, + "fork": false, + "created_at": "2016-01-26T15:25:34Z", + "updated_at": "2017-03-22T01:11:06Z", + "pushed_at": "2016-01-26T15:30:22Z", + "stargazers_count": 11, + "watchers_count": 11, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 11, + "score": 0, + "subscribers_count": 2 + }, { "id": 54231678, "name": "CVE-2016-0752", diff --git a/2016/CVE-2016-1764.json b/2016/CVE-2016-1764.json new file mode 100644 index 0000000000..848d8eca0e --- /dev/null +++ b/2016/CVE-2016-1764.json @@ -0,0 +1,39 @@ +[ + { + "id": 55790687, + "name": "cve-2016-1764", + "full_name": "moloch--\/cve-2016-1764", + "owner": { + "login": "moloch--", + "id": 875022, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/875022?v=4", + "html_url": "https:\/\/github.com\/moloch--" + }, + "html_url": "https:\/\/github.com\/moloch--\/cve-2016-1764", + "description": "Extraction of iMessage Data via XSS", + "fork": false, + "created_at": "2016-04-08T15:45:44Z", + "updated_at": "2023-12-04T18:09:20Z", + "pushed_at": "2016-04-08T23:00:58Z", + "stargazers_count": 53, + "watchers_count": 53, + "has_discussions": false, + "forks_count": 37, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "cve", + "exploit", + "imessage", + "security", + "vulnerability", + "xss" + ], + "visibility": "public", + "forks": 37, + "watchers": 53, + "score": 0, + "subscribers_count": 4 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-2118.json b/2016/CVE-2016-2118.json new file mode 100644 index 0000000000..51822187ee --- /dev/null +++ b/2016/CVE-2016-2118.json @@ -0,0 +1,32 @@ +[ + { + "id": 56461631, + "name": "cfengine-CVE-2016-2118", + "full_name": "nickanderson\/cfengine-CVE-2016-2118", + "owner": { + "login": "nickanderson", + "id": 202896, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/202896?v=4", + "html_url": "https:\/\/github.com\/nickanderson" + }, + "html_url": "https:\/\/github.com\/nickanderson\/cfengine-CVE-2016-2118", + "description": "An example detection and remediation policy.", + "fork": false, + "created_at": "2016-04-17T22:22:04Z", + "updated_at": "2016-04-18T02:57:44Z", + "pushed_at": "2016-04-19T14:24:20Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 1 + } +] \ No newline at end of file diff --git a/2016/CVE-2016-3141.json b/2016/CVE-2016-3141.json new file mode 100644 index 0000000000..c8f293c780 --- /dev/null +++ b/2016/CVE-2016-3141.json @@ -0,0 +1,32 @@ +[ + { + "id": 56758577, + "name": "CVE-2016-3141", + "full_name": "peternguyen93\/CVE-2016-3141", + "owner": { + "login": "peternguyen93", + "id": 1802870, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/1802870?v=4", + "html_url": "https:\/\/github.com\/peternguyen93" + }, + "html_url": "https:\/\/github.com\/peternguyen93\/CVE-2016-3141", + "description": "CVE-2016-3141", + "fork": false, + "created_at": "2016-04-21T08:59:05Z", + "updated_at": "2023-03-11T18:41:15Z", + "pushed_at": "2016-04-23T15:55:01Z", + "stargazers_count": 15, + "watchers_count": 15, + "has_discussions": false, + "forks_count": 5, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 5, + "watchers": 15, + "score": 0, + "subscribers_count": 3 + } +] \ No newline at end of file diff --git a/2018/CVE-2018-4407.json b/2018/CVE-2018-4407.json index 51d094c0f1..719a3cf372 100644 --- a/2018/CVE-2018-4407.json +++ b/2018/CVE-2018-4407.json @@ -232,10 +232,10 @@ "description": "IOS\/MAC Denial-Of-Service [POC\/EXPLOIT FOR MASSIVE ATTACK TO IOS\/MAC IN NETWORK]", "fork": false, "created_at": "2018-11-04T01:47:05Z", - "updated_at": "2023-10-06T10:19:34Z", + "updated_at": "2023-12-11T21:36:02Z", "pushed_at": "2018-11-04T02:25:08Z", - "stargazers_count": 29, - "watchers_count": 29, + "stargazers_count": 30, + "watchers_count": 30, "has_discussions": false, "forks_count": 9, "allow_forking": true, @@ -261,7 +261,7 @@ ], "visibility": "public", "forks": 9, - "watchers": 29, + "watchers": 30, "score": 0, "subscribers_count": 6 }, diff --git a/2019/CVE-2019-3396.json b/2019/CVE-2019-3396.json index 4c3588f4ff..546f75399d 100644 --- a/2019/CVE-2019-3396.json +++ b/2019/CVE-2019-3396.json @@ -457,14 +457,14 @@ { "id": 335007063, "name": "cve-2019-3396", - "full_name": "abdallah-elsharif\/cve-2019-3396", + "full_name": "0xNinjaCyclone\/cve-2019-3396", "owner": { - "login": "abdallah-elsharif", + "login": "0xNinjaCyclone", "id": 66518921, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/66518921?v=4", - "html_url": "https:\/\/github.com\/abdallah-elsharif" + "html_url": "https:\/\/github.com\/0xNinjaCyclone" }, - "html_url": "https:\/\/github.com\/abdallah-elsharif\/cve-2019-3396", + "html_url": "https:\/\/github.com\/0xNinjaCyclone\/cve-2019-3396", "description": null, "fork": false, "created_at": "2021-02-01T16:10:27Z", diff --git a/2019/CVE-2019-8451.json b/2019/CVE-2019-8451.json index 40bb709ab4..6f182232e7 100644 --- a/2019/CVE-2019-8451.json +++ b/2019/CVE-2019-8451.json @@ -73,10 +73,10 @@ "description": "Jira未授权SSRF漏洞", "fork": false, "created_at": "2019-09-26T05:06:11Z", - "updated_at": "2023-03-27T05:57:55Z", + "updated_at": "2023-12-11T19:04:30Z", "pushed_at": "2019-09-30T01:45:50Z", - "stargazers_count": 31, - "watchers_count": 31, + "stargazers_count": 32, + "watchers_count": 32, "has_discussions": false, "forks_count": 15, "allow_forking": true, @@ -85,7 +85,7 @@ "topics": [], "visibility": "public", "forks": 15, - "watchers": 31, + "watchers": 32, "score": 0, "subscribers_count": 1 }, diff --git a/2021/CVE-2021-4034.json b/2021/CVE-2021-4034.json index c326691d5b..89626f1f11 100644 --- a/2021/CVE-2021-4034.json +++ b/2021/CVE-2021-4034.json @@ -938,10 +938,10 @@ "description": "Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation", "fork": false, "created_at": "2022-01-26T14:26:10Z", - "updated_at": "2023-12-11T06:16:28Z", + "updated_at": "2023-12-11T22:28:37Z", "pushed_at": "2022-06-21T14:52:05Z", - "stargazers_count": 914, - "watchers_count": 914, + "stargazers_count": 915, + "watchers_count": 915, "has_discussions": false, "forks_count": 176, "allow_forking": true, @@ -952,7 +952,7 @@ ], "visibility": "public", "forks": 176, - "watchers": 914, + "watchers": 915, "score": 0, "subscribers_count": 14 }, diff --git a/2022/CVE-2022-21907.json b/2022/CVE-2022-21907.json index c8c135593f..d05da418f9 100644 --- a/2022/CVE-2022-21907.json +++ b/2022/CVE-2022-21907.json @@ -508,7 +508,7 @@ "description": "Vulnerability in HTTP Protocol Stack Enabling Remote Code Execution and Potential System Crash.", "fork": false, "created_at": "2023-12-09T22:26:49Z", - "updated_at": "2023-12-11T02:39:57Z", + "updated_at": "2023-12-11T20:32:49Z", "pushed_at": "2023-12-10T21:50:23Z", "stargazers_count": 1, "watchers_count": 1, diff --git a/2022/CVE-2022-46689.json b/2022/CVE-2022-46689.json index 0e9dda92b9..804d26647c 100644 --- a/2022/CVE-2022-46689.json +++ b/2022/CVE-2022-46689.json @@ -335,13 +335,13 @@ "stargazers_count": 16, "watchers_count": 16, "has_discussions": false, - "forks_count": 1, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 1, + "forks": 2, "watchers": 16, "score": 0, "subscribers_count": 2 diff --git a/2023/CVE-2023-22515.json b/2023/CVE-2023-22515.json index 6e8ba3b048..360174b3d3 100644 --- a/2023/CVE-2023-22515.json +++ b/2023/CVE-2023-22515.json @@ -13,10 +13,10 @@ "description": "Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluence", "fork": false, "created_at": "2023-10-06T20:29:44Z", - "updated_at": "2023-11-12T04:03:09Z", + "updated_at": "2023-12-11T19:43:13Z", "pushed_at": "2023-10-06T21:59:30Z", - "stargazers_count": 70, - "watchers_count": 70, + "stargazers_count": 69, + "watchers_count": 69, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -25,7 +25,7 @@ "topics": [], "visibility": "public", "forks": 4, - "watchers": 70, + "watchers": 69, "score": 0, "subscribers_count": 2 }, diff --git a/2023/CVE-2023-26035.json b/2023/CVE-2023-26035.json new file mode 100644 index 0000000000..71de4dad41 --- /dev/null +++ b/2023/CVE-2023-26035.json @@ -0,0 +1,35 @@ +[ + { + "id": 730370673, + "name": "CVE-2023-26035", + "full_name": "rvizx\/CVE-2023-26035", + "owner": { + "login": "rvizx", + "id": 84989569, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/84989569?v=4", + "html_url": "https:\/\/github.com\/rvizx" + }, + "html_url": "https:\/\/github.com\/rvizx\/CVE-2023-26035", + "description": "Unauthenticated RCE in ZoneMinder Snapshots - Poc Exploit", + "fork": false, + "created_at": "2023-12-11T19:23:13Z", + "updated_at": "2023-12-11T23:27:40Z", + "pushed_at": "2023-12-11T20:27:56Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "cve-2023-26035", + "exploit" + ], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2023/CVE-2023-28197.json b/2023/CVE-2023-28197.json new file mode 100644 index 0000000000..7e5466c852 --- /dev/null +++ b/2023/CVE-2023-28197.json @@ -0,0 +1,32 @@ +[ + { + "id": 730398815, + "name": "inputcontrol", + "full_name": "spotlightishere\/inputcontrol", + "owner": { + "login": "spotlightishere", + "id": 10055256, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10055256?v=4", + "html_url": "https:\/\/github.com\/spotlightishere" + }, + "html_url": "https:\/\/github.com\/spotlightishere\/inputcontrol", + "description": "proof-of-concept for CVE-2023-28197", + "fork": false, + "created_at": "2023-12-11T20:55:21Z", + "updated_at": "2023-12-11T22:31:33Z", + "pushed_at": "2023-12-11T20:56:07Z", + "stargazers_count": 2, + "watchers_count": 2, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 2, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2023/CVE-2023-30547.json b/2023/CVE-2023-30547.json index 48e8f31ab8..c522b0b1f7 100644 --- a/2023/CVE-2023-30547.json +++ b/2023/CVE-2023-30547.json @@ -13,19 +13,19 @@ "description": "PoC Exploit for VM2 Sandbox Escape Vulnerability", "fork": false, "created_at": "2023-12-10T08:32:26Z", - "updated_at": "2023-12-11T18:17:41Z", + "updated_at": "2023-12-11T23:21:34Z", "pushed_at": "2023-12-11T07:11:30Z", - "stargazers_count": 9, - "watchers_count": 9, + "stargazers_count": 10, + "watchers_count": 10, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, - "watchers": 9, + "forks": 1, + "watchers": 10, "score": 0, "subscribers_count": 1 } diff --git a/2023/CVE-2023-32571.json b/2023/CVE-2023-32571.json index 7f9507c397..66cfb17e5c 100644 --- a/2023/CVE-2023-32571.json +++ b/2023/CVE-2023-32571.json @@ -1,4 +1,40 @@ [ + { + "id": 720307928, + "name": "CVE-2023-32571-POC", + "full_name": "Tris0n\/CVE-2023-32571-POC", + "owner": { + "login": "Tris0n", + "id": 93105314, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/93105314?v=4", + "html_url": "https:\/\/github.com\/Tris0n" + }, + "html_url": "https:\/\/github.com\/Tris0n\/CVE-2023-32571-POC", + "description": null, + "fork": false, + "created_at": "2023-11-18T04:35:37Z", + "updated_at": "2023-12-11T23:10:51Z", + "pushed_at": "2023-11-22T16:50:34Z", + "stargazers_count": 1, + "watchers_count": 1, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "cve-2023-32571", + "dynamic-linq", + "dynamic-linq-injection", + "dynamic-linq-injection-to-rce", + "linq-injection" + ], + "visibility": "public", + "forks": 0, + "watchers": 1, + "score": 0, + "subscribers_count": 1 + }, { "id": 720328032, "name": "CVE-2023-32571-POC", diff --git a/2023/CVE-2023-38831.json b/2023/CVE-2023-38831.json index 18a77bb3b9..9eb16c9891 100644 --- a/2023/CVE-2023-38831.json +++ b/2023/CVE-2023-38831.json @@ -43,10 +43,10 @@ "description": "CVE-2023-38831 winrar exploit generator", "fork": false, "created_at": "2023-08-25T09:44:08Z", - "updated_at": "2023-12-11T06:17:39Z", + "updated_at": "2023-12-11T23:54:58Z", "pushed_at": "2023-11-26T06:46:44Z", - "stargazers_count": 708, - "watchers_count": 708, + "stargazers_count": 709, + "watchers_count": 709, "has_discussions": false, "forks_count": 129, "allow_forking": true, @@ -59,7 +59,7 @@ ], "visibility": "public", "forks": 129, - "watchers": 708, + "watchers": 709, "score": 0, "subscribers_count": 9 }, diff --git a/2023/CVE-2023-44487.json b/2023/CVE-2023-44487.json index 60ff90b550..88937aabfe 100644 --- a/2023/CVE-2023-44487.json +++ b/2023/CVE-2023-44487.json @@ -227,36 +227,6 @@ "score": 0, "subscribers_count": 1 }, - { - "id": 714454643, - "name": "CVE-2023-44487", - "full_name": "sigridou\/CVE-2023-44487", - "owner": { - "login": "sigridou", - "id": 101998818, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101998818?v=4", - "html_url": "https:\/\/github.com\/sigridou" - }, - "html_url": "https:\/\/github.com\/sigridou\/CVE-2023-44487", - "description": "HTTP\/2 RAPID RESET ", - "fork": false, - "created_at": "2023-11-04T22:34:23Z", - "updated_at": "2023-11-04T22:34:23Z", - "pushed_at": "2023-11-04T22:34:23Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0, - "subscribers_count": 1 - }, { "id": 716296930, "name": "http2-rst-stream-attacker", @@ -364,5 +334,35 @@ "watchers": 51, "score": 0, "subscribers_count": 1 + }, + { + "id": 730433558, + "name": "CVE-2023-44487-", + "full_name": "sigridou\/CVE-2023-44487-", + "owner": { + "login": "sigridou", + "id": 101998818, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/101998818?v=4", + "html_url": "https:\/\/github.com\/sigridou" + }, + "html_url": "https:\/\/github.com\/sigridou\/CVE-2023-44487-", + "description": null, + "fork": false, + "created_at": "2023-12-11T23:12:03Z", + "updated_at": "2023-12-11T23:13:25Z", + "pushed_at": "2023-12-11T23:19:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-46604.json b/2023/CVE-2023-46604.json index c938e50f2e..d7c4b7542d 100644 --- a/2023/CVE-2023-46604.json +++ b/2023/CVE-2023-46604.json @@ -103,10 +103,10 @@ "description": " Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604) ", "fork": false, "created_at": "2023-11-03T22:06:09Z", - "updated_at": "2023-12-11T14:24:46Z", + "updated_at": "2023-12-11T21:26:09Z", "pushed_at": "2023-11-03T22:37:16Z", - "stargazers_count": 61, - "watchers_count": 61, + "stargazers_count": 62, + "watchers_count": 62, "has_discussions": false, "forks_count": 19, "allow_forking": true, @@ -115,7 +115,7 @@ "topics": [], "visibility": "public", "forks": 19, - "watchers": 61, + "watchers": 62, "score": 0, "subscribers_count": 2 }, diff --git a/README.md b/README.md index 0d2fd124df..1daafede1d 100644 --- a/README.md +++ b/README.md @@ -1936,6 +1936,13 @@ - [dhmosfunk/HTTP3ONSTEROIDS](https://github.com/dhmosfunk/HTTP3ONSTEROIDS) +### CVE-2023-26035 (2023-02-24) + +ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. + + +- [rvizx/CVE-2023-26035](https://github.com/rvizx/CVE-2023-26035) + ### CVE-2023-26048 (2023-04-18) Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). @@ -2253,6 +2260,9 @@ - [Jenderal92/WP-CVE-2023-28121](https://github.com/Jenderal92/WP-CVE-2023-28121) - [1337nemojj/CVE-2023-28121](https://github.com/1337nemojj/CVE-2023-28121) +### CVE-2023-28197 +- [spotlightishere/inputcontrol](https://github.com/spotlightishere/inputcontrol) + ### CVE-2023-28206 (2023-04-10) An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. @@ -3047,6 +3057,7 @@ Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed. +- [Tris0n/CVE-2023-32571-POC](https://github.com/Tris0n/CVE-2023-32571-POC) - [vert16x/CVE-2023-32571-POC](https://github.com/vert16x/CVE-2023-32571-POC) ### CVE-2023-32629 (2023-07-25) @@ -5055,10 +5066,10 @@ - [secengjeff/rapidresetclient](https://github.com/secengjeff/rapidresetclient) - [studiogangster/CVE-2023-44487](https://github.com/studiogangster/CVE-2023-44487) - [ReToCode/golang-CVE-2023-44487](https://github.com/ReToCode/golang-CVE-2023-44487) -- [sigridou/CVE-2023-44487](https://github.com/sigridou/CVE-2023-44487) - [ndrscodes/http2-rst-stream-attacker](https://github.com/ndrscodes/http2-rst-stream-attacker) - [nxenon/cve-2023-44487](https://github.com/nxenon/cve-2023-44487) - [terrorist/HTTP-2-Rapid-Reset-Client](https://github.com/terrorist/HTTP-2-Rapid-Reset-Client) +- [sigridou/CVE-2023-44487-](https://github.com/sigridou/CVE-2023-44487-) ### CVE-2023-44758 (2023-10-06) @@ -24391,7 +24402,7 @@ - [am6539/CVE-2019-3396](https://github.com/am6539/CVE-2019-3396) - [W2Ning/CVE-2019-3396](https://github.com/W2Ning/CVE-2019-3396) - [yuehanked/cve-2019-3396](https://github.com/yuehanked/cve-2019-3396) -- [abdallah-elsharif/cve-2019-3396](https://github.com/abdallah-elsharif/cve-2019-3396) +- [0xNinjaCyclone/cve-2019-3396](https://github.com/0xNinjaCyclone/cve-2019-3396) - [46o60/CVE-2019-3396_Confluence](https://github.com/46o60/CVE-2019-3396_Confluence) - [PetrusViet/cve-2019-3396](https://github.com/PetrusViet/cve-2019-3396) @@ -33323,6 +33334,7 @@ Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. +- [forced-request/rails-rce-cve-2016-0752](https://github.com/forced-request/rails-rce-cve-2016-0752) - [dachidahu/CVE-2016-0752](https://github.com/dachidahu/CVE-2016-0752) ### CVE-2016-0792 (2016-04-07) @@ -33437,6 +33449,13 @@ - [gdbinit/mach_race](https://github.com/gdbinit/mach_race) +### CVE-2016-1764 (2016-03-23) + +The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. + + +- [moloch--/cve-2016-1764](https://github.com/moloch--/cve-2016-1764) + ### CVE-2016-1825 (2016-05-20) IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. @@ -33493,6 +33512,13 @@ - [FiloSottile/CVE-2016-2107](https://github.com/FiloSottile/CVE-2016-2107) - [tmiklas/docker-cve-2016-2107](https://github.com/tmiklas/docker-cve-2016-2107) +### CVE-2016-2118 (2016-04-12) + +The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK." + + +- [nickanderson/cfengine-CVE-2016-2118](https://github.com/nickanderson/cfengine-CVE-2016-2118) + ### CVE-2016-2173 (2017-04-21) org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. @@ -33614,6 +33640,13 @@ - [mxypoo/CVE-2016-3116-DropbearSSH](https://github.com/mxypoo/CVE-2016-3116-DropbearSSH) +### CVE-2016-3141 (2016-03-31) + +Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. + + +- [peternguyen93/CVE-2016-3141](https://github.com/peternguyen93/CVE-2016-3141) + ### CVE-2016-3238 (2016-07-12) The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability." @@ -37536,10 +37569,12 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. +- [amriunix/CVE-2007-2447](https://github.com/amriunix/CVE-2007-2447) - [Unix13/metasploitable2](https://github.com/Unix13/metasploitable2) - [b1fair/smb_usermap](https://github.com/b1fair/smb_usermap) - [JoseBarrios/CVE-2007-2447](https://github.com/JoseBarrios/CVE-2007-2447) - [3x1t1um/CVE-2007-2447](https://github.com/3x1t1um/CVE-2007-2447) +- [xlcc4096/exploit-CVE-2007-2447](https://github.com/xlcc4096/exploit-CVE-2007-2447) - [WildfootW/CVE-2007-2447_Samba_3.0.25rc3](https://github.com/WildfootW/CVE-2007-2447_Samba_3.0.25rc3) - [Ziemni/CVE-2007-2447-in-Python](https://github.com/Ziemni/CVE-2007-2447-in-Python) - [0xKn/CVE-2007-2447](https://github.com/0xKn/CVE-2007-2447)