mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-16 04:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2021/06/26 00:11:33

Browse source
This commit is contained in:
motikan2010-bot 2021-06-26 00:11:33 +09:00
parent 8c297471d5
commit bebad3ddff
24 changed files with 111 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
2008/CVE-2008-0166.json
View file

@ -44,28 +44,5 @@
"forks": 0,
"watchers": 0,
"score": 0
},
{
"id": 173164801,
"name": "debian-ssh",
"full_name": "nu11secur1ty\/debian-ssh",
"owner": {
"login": "nu11secur1ty",
"id": 3677559,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3677559?v=4",
"html_url": "https:\/\/github.com\/nu11secur1ty"
},
"html_url": "https:\/\/github.com\/nu11secur1ty\/debian-ssh",
"description": "Debian OpenSSL Predictable PRNG (CVE-2008-0166) http:\/\/web.archive.org\/web\/20110723091928\/http:\/\/digitaloffense.net\/tools\/debian-openssl\/",
"fork": false,
"created_at": "2019-02-28T18:22:06Z",
"updated_at": "2021-02-03T21:34:29Z",
"pushed_at": "2019-02-28T18:30:21Z",
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 0,
"forks": 0,
"watchers": 2,
"score": 0
}
]

8
2014/CVE-2014-4210.json
View file

@ -36,13 +36,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-06-24T07:43:22Z",
"updated_at": "2021-06-25T12:59:47Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 1080,
"watchers_count": 1080,
"stargazers_count": 1081,
"watchers_count": 1081,
"forks_count": 242,
"forks": 242,
"watchers": 1080,
"watchers": 1081,
"score": 0
},
{

8
2016/CVE-2016-0638.json
View file

@ -13,13 +13,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-06-24T07:43:22Z",
"updated_at": "2021-06-25T12:59:47Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 1080,
"watchers_count": 1080,
"stargazers_count": 1081,
"watchers_count": 1081,
"forks_count": 242,
"forks": 242,
"watchers": 1080,
"watchers": 1081,
"score": 0
},
{

23
2016/CVE-2016-5195.json
View file

@ -413,29 +413,6 @@
"watchers": 3,
"score": 0
},
{
"id": 79456585,
"name": "Protect-CVE-2016-5195-DirtyCow",
"full_name": "nu11secur1ty\/Protect-CVE-2016-5195-DirtyCow",
"owner": {
"login": "nu11secur1ty",
"id": 3677559,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3677559?v=4",
"html_url": "https:\/\/github.com\/nu11secur1ty"
},
"html_url": "https:\/\/github.com\/nu11secur1ty\/Protect-CVE-2016-5195-DirtyCow",
"description": null,
"fork": false,
"created_at": "2017-01-19T13:36:58Z",
"updated_at": "2020-03-07T06:16:31Z",
"pushed_at": "2017-01-19T13:43:30Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
},
{
"id": 79528338,
"name": "VIKIROOT",

8
2017/CVE-2017-3248.json
View file

@ -36,13 +36,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-06-24T07:43:22Z",
"updated_at": "2021-06-25T12:59:47Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 1080,
"watchers_count": 1080,
"stargazers_count": 1081,
"watchers_count": 1081,
"forks_count": 242,
"forks": 242,
"watchers": 1080,
"watchers": 1081,
"score": 0
}
]

8
2018/CVE-2018-2628.json
View file

@ -450,13 +450,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-06-24T07:43:22Z",
"updated_at": "2021-06-25T12:59:47Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 1080,
"watchers_count": 1080,
"stargazers_count": 1081,
"watchers_count": 1081,
"forks_count": 242,
"forks": 242,
"watchers": 1080,
"watchers": 1081,
"score": 0
},
{

8
2019/CVE-2019-13272.json
View file

@ -13,13 +13,13 @@
"description": "Linux 4.10 < 5.1.17 PTRACE_TRACEME local root",
"fork": false,
"created_at": "2019-07-31T04:51:43Z",
"updated_at": "2021-05-25T22:32:25Z",
"updated_at": "2021-06-25T15:12:09Z",
"pushed_at": "2019-08-01T16:02:59Z",
"stargazers_count": 256,
"watchers_count": 256,
"stargazers_count": 257,
"watchers_count": 257,
"forks_count": 96,
"forks": 96,
"watchers": 256,
"watchers": 257,
"score": 0
},
{

4
2019/CVE-2019-15126.json
View file

@ -105,8 +105,8 @@
"description": "Resources for the Kr00k vulnerability (CVE-2019-15126)",
"fork": false,
"created_at": "2021-06-24T22:04:42Z",
"updated_at": "2021-06-25T04:10:11Z",
"pushed_at": "2021-06-25T04:10:08Z",
"updated_at": "2021-06-25T14:53:48Z",
"pushed_at": "2021-06-25T14:53:46Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,

8
2019/CVE-2019-2618.json
View file

@ -151,13 +151,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-06-24T07:43:22Z",
"updated_at": "2021-06-25T12:59:47Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 1080,
"watchers_count": 1080,
"stargazers_count": 1081,
"watchers_count": 1081,
"forks_count": 242,
"forks": 242,
"watchers": 1080,
"watchers": 1081,
"score": 0
}
]

8
2019/CVE-2019-7192.json
View file

@ -36,13 +36,13 @@
"description": "QNAP pre-auth root RCE Exploit (CVE-2019-7192 ~ CVE-2019-7195)",
"fork": false,
"created_at": "2020-05-24T15:44:29Z",
"updated_at": "2021-06-10T10:57:30Z",
"updated_at": "2021-06-25T09:52:39Z",
"pushed_at": "2020-05-24T16:28:46Z",
"stargazers_count": 49,
"watchers_count": 49,
"stargazers_count": 50,
"watchers_count": 50,
"forks_count": 24,
"forks": 24,
"watchers": 49,
"watchers": 50,
"score": 0
}
]

4
2019/CVE-2019-7304.json
View file

@ -17,8 +17,8 @@
"pushed_at": "2019-05-09T21:34:26Z",
"stargazers_count": 578,
"watchers_count": 578,
"forks_count": 137,
"forks": 137,
"forks_count": 138,
"forks": 138,
"watchers": 578,
"score": 0
},

8
2020/CVE-2020-0688.json
View file

@ -59,13 +59,13 @@
"description": "cve-2020-0688",
"fork": false,
"created_at": "2020-02-27T02:54:27Z",
"updated_at": "2021-06-01T10:59:55Z",
"updated_at": "2021-06-25T11:16:17Z",
"pushed_at": "2020-06-19T09:28:15Z",
"stargazers_count": 270,
"watchers_count": 270,
"stargazers_count": 269,
"watchers_count": 269,
"forks_count": 91,
"forks": 91,
"watchers": 270,
"watchers": 269,
"score": 0
},
{

8
2020/CVE-2020-1472.json
View file

@ -36,13 +36,13 @@
"description": "Test tool for CVE-2020-1472",
"fork": false,
"created_at": "2020-09-08T08:58:37Z",
"updated_at": "2021-06-25T08:58:58Z",
"updated_at": "2021-06-25T12:55:44Z",
"pushed_at": "2020-10-21T12:10:28Z",
"stargazers_count": 1301,
"watchers_count": 1301,
"stargazers_count": 1302,
"watchers_count": 1302,
"forks_count": 298,
"forks": 298,
"watchers": 1301,
"watchers": 1302,
"score": 0
},
{

8
2020/CVE-2020-14883.json
View file

@ -105,13 +105,13 @@
"description": "Alibaba-Nacos-Unauthorized\/ApacheDruid-RCE_CVE-2021-25646\/MS-Exchange-SSRF-CVE-2021-26885\/Oracle-WebLogic-CVE-2021-2109_RCE\/RG-CNVD-2021-14536\/RJ-SSL-VPN-UltraVires\/Redis-Unauthorized-RCE\/TDOA-V11.7-GetOnlineCookie\/VMware-vCenter-GetAnyFile\/yongyou-GRP-U8-XXE\/Oracle-WebLogic-CVE-2020-14883\/Oracle-WebLogic-CVE-2020-14882\/Apache-Solr-GetAnyFile\/F5-BIG-IP-CVE-2021-22986\/Sonicwall-SSL-VPN-RCE\/GitLab-Graphql-CNVD-2021-14193\/D-Link-DCS-CVE-2020-25078\/WLAN-AP-WEA453e-RCE\/360TianQing-Unauthorized\/360TianQing-SQLinjection\/FanWeiOA-V8-SQLinjection\/QiZhiBaoLeiJi-AnyUserLogin\/QiAnXin-WangKangFirewall-RCE\/金山-V8-终端安全系统\/NCCloud-SQLinjection\/ShowDoc-RCE",
"fork": false,
"created_at": "2021-03-11T22:49:17Z",
"updated_at": "2021-06-23T00:17:54Z",
"updated_at": "2021-06-25T09:43:46Z",
"pushed_at": "2021-04-26T02:30:11Z",
"stargazers_count": 788,
"watchers_count": 788,
"stargazers_count": 789,
"watchers_count": 789,
"forks_count": 248,
"forks": 248,
"watchers": 788,
"watchers": 789,
"score": 0
}
]

8
2020/CVE-2020-2551.json
View file

@ -13,13 +13,13 @@
"description": "weblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14882、CVE-2020-14883",
"fork": false,
"created_at": "2020-01-15T04:26:29Z",
"updated_at": "2021-06-24T07:43:22Z",
"updated_at": "2021-06-25T12:59:47Z",
"pushed_at": "2020-11-27T15:10:58Z",
"stargazers_count": 1080,
"watchers_count": 1080,
"stargazers_count": 1081,
"watchers_count": 1081,
"forks_count": 242,
"forks": 242,
"watchers": 1080,
"watchers": 1081,
"score": 0
},
{

8
2020/CVE-2020-2883.json
View file

@ -82,13 +82,13 @@
"description": "WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞一键注册蚁剑filter内存shell",
"fork": false,
"created_at": "2020-08-19T03:34:06Z",
"updated_at": "2021-06-22T03:01:55Z",
"updated_at": "2021-06-25T10:30:11Z",
"pushed_at": "2020-08-25T03:17:32Z",
"stargazers_count": 257,
"watchers_count": 257,
"stargazers_count": 258,
"watchers_count": 258,
"forks_count": 41,
"forks": 41,
"watchers": 257,
"watchers": 258,
"score": 0
},
{

4
2020/CVE-2020-3580.json
View file

@ -13,8 +13,8 @@
"description": null,
"fork": false,
"created_at": "2021-06-25T04:39:30Z",
"updated_at": "2021-06-25T04:43:49Z",
"pushed_at": "2021-06-25T04:43:47Z",
"updated_at": "2021-06-25T10:42:06Z",
"pushed_at": "2021-06-25T10:42:03Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,

8
2021/CVE-2021-25646.json
View file

@ -105,13 +105,13 @@
"description": "Alibaba-Nacos-Unauthorized\/ApacheDruid-RCE_CVE-2021-25646\/MS-Exchange-SSRF-CVE-2021-26885\/Oracle-WebLogic-CVE-2021-2109_RCE\/RG-CNVD-2021-14536\/RJ-SSL-VPN-UltraVires\/Redis-Unauthorized-RCE\/TDOA-V11.7-GetOnlineCookie\/VMware-vCenter-GetAnyFile\/yongyou-GRP-U8-XXE\/Oracle-WebLogic-CVE-2020-14883\/Oracle-WebLogic-CVE-2020-14882\/Apache-Solr-GetAnyFile\/F5-BIG-IP-CVE-2021-22986\/Sonicwall-SSL-VPN-RCE\/GitLab-Graphql-CNVD-2021-14193\/D-Link-DCS-CVE-2020-25078\/WLAN-AP-WEA453e-RCE\/360TianQing-Unauthorized\/360TianQing-SQLinjection\/FanWeiOA-V8-SQLinjection\/QiZhiBaoLeiJi-AnyUserLogin\/QiAnXin-WangKangFirewall-RCE\/金山-V8-终端安全系统\/NCCloud-SQLinjection\/ShowDoc-RCE",
"fork": false,
"created_at": "2021-03-11T22:49:17Z",
"updated_at": "2021-06-23T00:17:54Z",
"updated_at": "2021-06-25T09:43:46Z",
"pushed_at": "2021-04-26T02:30:11Z",
"stargazers_count": 788,
"watchers_count": 788,
"stargazers_count": 789,
"watchers_count": 789,
"forks_count": 248,
"forks": 248,
"watchers": 788,
"watchers": 789,
"score": 0
},
{

25
2021/CVE-2021-27850.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 380253996,
"name": "CVE-2021-27850_POC",
"full_name": "kahla-sec\/CVE-2021-27850_POC",
"owner": {
"login": "kahla-sec",
"id": 53152235,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/53152235?v=4",
"html_url": "https:\/\/github.com\/kahla-sec"
},
"html_url": "https:\/\/github.com\/kahla-sec\/CVE-2021-27850_POC",
"description": "A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated remote code execution.",
"fork": false,
"created_at": "2021-06-25T13:55:41Z",
"updated_at": "2021-06-25T14:23:47Z",
"pushed_at": "2021-06-25T14:23:45Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

4
2021/CVE-2021-3129.json
View file

@ -178,8 +178,8 @@
"pushed_at": "2021-02-21T06:34:17Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 2,
"forks": 2,
"forks_count": 3,
"forks": 3,
"watchers": 0,
"score": 0
}

8
2021/CVE-2021-3156.json
View file

@ -335,13 +335,13 @@
"description": "PoC for CVE-2021-3156 (sudo heap overflow)",
"fork": false,
"created_at": "2021-01-30T03:22:04Z",
"updated_at": "2021-06-21T01:09:33Z",
"updated_at": "2021-06-25T14:45:42Z",
"pushed_at": "2021-02-08T03:42:50Z",
"stargazers_count": 393,
"watchers_count": 393,
"stargazers_count": 394,
"watchers_count": 394,
"forks_count": 109,
"forks": 109,
"watchers": 393,
"watchers": 394,
"score": 0
},
{

8
2021/CVE-2021-32537.json
View file

@ -13,13 +13,13 @@
"description": "PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel.",
"fork": false,
"created_at": "2021-06-09T15:44:00Z",
"updated_at": "2021-06-25T08:24:58Z",
"updated_at": "2021-06-25T14:41:46Z",
"pushed_at": "2021-06-25T04:05:59Z",
"stargazers_count": 32,
"watchers_count": 32,
"stargazers_count": 34,
"watchers_count": 34,
"forks_count": 3,
"forks": 3,
"watchers": 32,
"watchers": 34,
"score": 0
}
]

8
2021/CVE-2021-33739.json
View file

@ -13,13 +13,13 @@
"description": null,
"fork": false,
"created_at": "2021-06-09T06:55:52Z",
"updated_at": "2021-06-25T07:21:48Z",
"updated_at": "2021-06-25T11:28:42Z",
"pushed_at": "2021-06-10T10:31:30Z",
"stargazers_count": 98,
"watchers_count": 98,
"stargazers_count": 100,
"watchers_count": 100,
"forks_count": 36,
"forks": 36,
"watchers": 98,
"watchers": 100,
"score": 0
}
]

17
README.md
View file

@ -1033,6 +1033,14 @@ In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionali
- [samwcyo/CVE-2021-27651-PoC](https://github.com/samwcyo/CVE-2021-27651-PoC)
- [Vulnmachines/CVE-2021-27651](https://github.com/Vulnmachines/CVE-2021-27651)
### CVE-2021-27850 (2021-04-15)
<code>
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
</code>
- [kahla-sec/CVE-2021-27850_POC](https://github.com/kahla-sec/CVE-2021-27850_POC)
### CVE-2021-27890 (2021-03-15)
<code>
@ -1409,7 +1417,12 @@ Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbi
- [deathflash1411/CVE-2021-35448](https://github.com/deathflash1411/CVE-2021-35448)
### CVE-2021-35475
### CVE-2021-35475 (2021-06-25)
<code>
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.
</code>
- [saitamang/CVE-2021-35475](https://github.com/saitamang/CVE-2021-35475)
@ -15604,7 +15617,6 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo
- [linhlt247/DirtyCOW_CVE-2016-5195](https://github.com/linhlt247/DirtyCOW_CVE-2016-5195)
- [sribaba/android-CVE-2016-5195](https://github.com/sribaba/android-CVE-2016-5195)
- [esc0rtd3w/org.cowpoop.moooooo](https://github.com/esc0rtd3w/org.cowpoop.moooooo)
- [nu11secur1ty/Protect-CVE-2016-5195-DirtyCow](https://github.com/nu11secur1ty/Protect-CVE-2016-5195-DirtyCow)
- [hyln9/VIKIROOT](https://github.com/hyln9/VIKIROOT)
- [droidvoider/dirtycow-replacer](https://github.com/droidvoider/dirtycow-replacer)
- [FloridSleeves/os-experiment-4](https://github.com/FloridSleeves/os-experiment-4)
@ -18907,7 +18919,6 @@ OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating system
- [g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh)
- [avarx/vulnkeys](https://github.com/avarx/vulnkeys)
- [nu11secur1ty/debian-ssh](https://github.com/nu11secur1ty/debian-ssh)
### CVE-2008-0228 (2008-01-10)