From c5e843b6c49bb6dccf9001e0d7590849ac689dd1 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sun, 22 Nov 2020 18:09:20 +0900 Subject: [PATCH] Auto Update 2020/11/22 18:09:20 --- 2010/CVE-2010-0426.json | 23 +++++++++++ 2010/CVE-2010-0738.json | 23 +++++++++++ 2010/CVE-2010-1205.json | 25 ++++++++++++ 2010/CVE-2010-2075.json | 25 ++++++++++++ 2010/CVE-2010-3332.json | 25 ++++++++++++ 2010/CVE-2010-3437.json | 25 ++++++++++++ 2010/CVE-2010-3490.json | 25 ++++++++++++ 2010/CVE-2010-3971.json | 25 ++++++++++++ 2010/CVE-2010-4221.json | 25 ++++++++++++ 2010/CVE-2010-4258.json | 25 ++++++++++++ 2010/CVE-2010-4804.json | 25 ++++++++++++ 2014/CVE-2014-4210.json | 8 ++-- 2015/CVE-2015-6639.json | 8 ++-- 2016/CVE-2016-0638.json | 8 ++-- 2016/CVE-2016-2431.json | 8 ++-- 2017/CVE-2017-3248.json | 8 ++-- 2018/CVE-2018-2628.json | 8 ++-- 2019/CVE-2019-17558.json | 12 +++--- 2019/CVE-2019-2215.json | 4 +- 2019/CVE-2019-2618.json | 8 ++-- 2019/CVE-2019-7192.json | 8 ++-- 2020/CVE-2020-1350.json | 8 ++-- 2020/CVE-2020-13942.json | 12 +++--- 2020/CVE-2020-13957.json | 25 ++++++++++++ 2020/CVE-2020-14882.json | 20 +++++----- 2020/CVE-2020-2551.json | 8 ++-- 2020/CVE-2020-27955.json | 4 +- 2020/CVE-2020-5902.json | 8 ++-- README.md | 82 ++++++++++++++++++++++++++++++++++++++++ 29 files changed, 448 insertions(+), 70 deletions(-) create mode 100644 2010/CVE-2010-1205.json create mode 100644 2010/CVE-2010-2075.json create mode 100644 2010/CVE-2010-3332.json create mode 100644 2010/CVE-2010-3437.json create mode 100644 2010/CVE-2010-3490.json create mode 100644 2010/CVE-2010-3971.json create mode 100644 2010/CVE-2010-4221.json create mode 100644 2010/CVE-2010-4258.json create mode 100644 2010/CVE-2010-4804.json create mode 100644 2020/CVE-2020-13957.json diff --git a/2010/CVE-2010-0426.json b/2010/CVE-2010-0426.json index 03b2dd8f82..81a825ffaa 100644 --- a/2010/CVE-2010-0426.json +++ b/2010/CVE-2010-0426.json @@ -1,4 +1,27 @@ [ + { + "id": 114424141, + "name": "privesc-CVE-2010-0426", + "full_name": "t0kx\/privesc-CVE-2010-0426", + "owner": { + "login": "t0kx", + "id": 24924517, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/24924517?v=4", + "html_url": "https:\/\/github.com\/t0kx" + }, + "html_url": "https:\/\/github.com\/t0kx\/privesc-CVE-2010-0426", + "description": "Sudo 1.6.x <= 1.6.9p21 and 1.7.x <= 1.7.2p4 Local Privilege Escalation and vulnerable container", + "fork": false, + "created_at": "2017-12-16T01:16:44Z", + "updated_at": "2020-04-20T12:29:23Z", + "pushed_at": "2017-12-16T01:19:11Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 7, + "forks": 7, + "watchers": 5, + "score": 0 + }, { "id": 164330369, "name": "cve-2010-0426", diff --git a/2010/CVE-2010-0738.json b/2010/CVE-2010-0738.json index e7da22b3b6..3724dc1834 100644 --- a/2010/CVE-2010-0738.json +++ b/2010/CVE-2010-0738.json @@ -1,4 +1,27 @@ [ + { + "id": 29914821, + "name": "jboss-autopwn", + "full_name": "ChristianPapathanasiou\/jboss-autopwn", + "owner": { + "login": "ChristianPapathanasiou", + "id": 5354349, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/5354349?v=4", + "html_url": "https:\/\/github.com\/ChristianPapathanasiou" + }, + "html_url": "https:\/\/github.com\/ChristianPapathanasiou\/jboss-autopwn", + "description": "JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security", + "fork": false, + "created_at": "2015-01-27T13:16:45Z", + "updated_at": "2020-07-02T11:52:16Z", + "pushed_at": "2015-01-27T13:23:18Z", + "stargazers_count": 13, + "watchers_count": 13, + "forks_count": 7, + "forks": 7, + "watchers": 13, + "score": 0 + }, { "id": 62456741, "name": "jboss-autopwn", diff --git a/2010/CVE-2010-1205.json b/2010/CVE-2010-1205.json new file mode 100644 index 0000000000..a2a7366b73 --- /dev/null +++ b/2010/CVE-2010-1205.json @@ -0,0 +1,25 @@ +[ + { + "id": 911174, + "name": "CVE-2010-1205", + "full_name": "mk219533\/CVE-2010-1205", + "owner": { + "login": "mk219533", + "id": 91629, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/91629?v=4", + "html_url": "https:\/\/github.com\/mk219533" + }, + "html_url": "https:\/\/github.com\/mk219533\/CVE-2010-1205", + "description": "sample exploit of buffer overflow in libpng ", + "fork": false, + "created_at": "2010-09-14T22:16:11Z", + "updated_at": "2020-05-07T01:35:39Z", + "pushed_at": "2010-10-03T14:06:12Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 0, + "forks": 0, + "watchers": 4, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-2075.json b/2010/CVE-2010-2075.json new file mode 100644 index 0000000000..261cd7de06 --- /dev/null +++ b/2010/CVE-2010-2075.json @@ -0,0 +1,25 @@ +[ + { + "id": 183259128, + "name": "UnrealIRCd-3.2.8.1-RCE", + "full_name": "M4LV0\/UnrealIRCd-3.2.8.1-RCE", + "owner": { + "login": "M4LV0", + "id": 40957476, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/40957476?v=4", + "html_url": "https:\/\/github.com\/M4LV0" + }, + "html_url": "https:\/\/github.com\/M4LV0\/UnrealIRCd-3.2.8.1-RCE", + "description": "cve-2010-2075 ", + "fork": false, + "created_at": "2019-04-24T15:41:22Z", + "updated_at": "2020-05-01T17:43:33Z", + "pushed_at": "2019-04-24T15:44:50Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-3332.json b/2010/CVE-2010-3332.json new file mode 100644 index 0000000000..3418e32506 --- /dev/null +++ b/2010/CVE-2010-3332.json @@ -0,0 +1,25 @@ +[ + { + "id": 106621452, + "name": "MS10-070", + "full_name": "bongbongco\/MS10-070", + "owner": { + "login": "bongbongco", + "id": 3170006, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/3170006?v=4", + "html_url": "https:\/\/github.com\/bongbongco" + }, + "html_url": "https:\/\/github.com\/bongbongco\/MS10-070", + "description": "CVE-2010-3332 Oracle Padding Vulnerability in Microsoft ASP.NET", + "fork": false, + "created_at": "2017-10-11T23:50:33Z", + "updated_at": "2020-07-17T05:12:24Z", + "pushed_at": "2017-10-11T23:50:58Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-3437.json b/2010/CVE-2010-3437.json new file mode 100644 index 0000000000..9575a41360 --- /dev/null +++ b/2010/CVE-2010-3437.json @@ -0,0 +1,25 @@ +[ + { + "id": 222810581, + "name": "CVE-2010-3437", + "full_name": "huang-emily\/CVE-2010-3437", + "owner": { + "login": "huang-emily", + "id": 25013982, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/25013982?v=4", + "html_url": "https:\/\/github.com\/huang-emily" + }, + "html_url": "https:\/\/github.com\/huang-emily\/CVE-2010-3437", + "description": null, + "fork": false, + "created_at": "2019-11-19T23:35:57Z", + "updated_at": "2019-11-19T23:36:01Z", + "pushed_at": "2019-11-19T23:35:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-3490.json b/2010/CVE-2010-3490.json new file mode 100644 index 0000000000..8a4e1923bc --- /dev/null +++ b/2010/CVE-2010-3490.json @@ -0,0 +1,25 @@ +[ + { + "id": 226908489, + "name": "CVE-2010-3490", + "full_name": "moayadalmalat\/CVE-2010-3490", + "owner": { + "login": "moayadalmalat", + "id": 42471675, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/42471675?v=4", + "html_url": "https:\/\/github.com\/moayadalmalat" + }, + "html_url": "https:\/\/github.com\/moayadalmalat\/CVE-2010-3490", + "description": "FreePBX exploit <= 2.8.0", + "fork": false, + "created_at": "2019-12-09T15:49:21Z", + "updated_at": "2019-12-09T15:57:52Z", + "pushed_at": "2019-12-09T15:57:50Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-3971.json b/2010/CVE-2010-3971.json new file mode 100644 index 0000000000..9201f69c36 --- /dev/null +++ b/2010/CVE-2010-3971.json @@ -0,0 +1,25 @@ +[ + { + "id": 11953883, + "name": "CVE-2010-3971-hotpatch", + "full_name": "nektra\/CVE-2010-3971-hotpatch", + "owner": { + "login": "nektra", + "id": 2100960, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/2100960?v=4", + "html_url": "https:\/\/github.com\/nektra" + }, + "html_url": "https:\/\/github.com\/nektra\/CVE-2010-3971-hotpatch", + "description": "Do you own security hotfix with Deviare hooking", + "fork": false, + "created_at": "2013-08-07T15:49:14Z", + "updated_at": "2020-11-05T08:59:09Z", + "pushed_at": "2013-08-07T18:01:38Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 2, + "forks": 2, + "watchers": 2, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-4221.json b/2010/CVE-2010-4221.json new file mode 100644 index 0000000000..6aaf377106 --- /dev/null +++ b/2010/CVE-2010-4221.json @@ -0,0 +1,25 @@ +[ + { + "id": 108682441, + "name": "cve-2010-4221", + "full_name": "M31MOTH\/cve-2010-4221", + "owner": { + "login": "M31MOTH", + "id": 10201432, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/10201432?v=4", + "html_url": "https:\/\/github.com\/M31MOTH" + }, + "html_url": "https:\/\/github.com\/M31MOTH\/cve-2010-4221", + "description": "This exploit was written to study some concepts, enjoy!", + "fork": false, + "created_at": "2017-10-28T20:37:26Z", + "updated_at": "2020-03-26T15:45:57Z", + "pushed_at": "2017-10-22T19:46:37Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 11, + "forks": 11, + "watchers": 1, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-4258.json b/2010/CVE-2010-4258.json new file mode 100644 index 0000000000..a7d05d8821 --- /dev/null +++ b/2010/CVE-2010-4258.json @@ -0,0 +1,25 @@ +[ + { + "id": 30897048, + "name": "CVE-2010-4258", + "full_name": "johnreginald\/CVE-2010-4258", + "owner": { + "login": "johnreginald", + "id": 8102802, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/8102802?v=4", + "html_url": "https:\/\/github.com\/johnreginald" + }, + "html_url": "https:\/\/github.com\/johnreginald\/CVE-2010-4258", + "description": "Exploit based on a faulty clone(2) implementation in Linux < 2.6.36.2 that allows overwrite of arbitrary kernel word with NULL. Research and personal-security use only. Not malicious.", + "fork": false, + "created_at": "2015-02-17T01:12:55Z", + "updated_at": "2016-09-04T16:50:03Z", + "pushed_at": "2012-07-12T18:58:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2010/CVE-2010-4804.json b/2010/CVE-2010-4804.json new file mode 100644 index 0000000000..4321abbac1 --- /dev/null +++ b/2010/CVE-2010-4804.json @@ -0,0 +1,25 @@ +[ + { + "id": 16589706, + "name": "android-cve-2010-4804", + "full_name": "thomascannon\/android-cve-2010-4804", + "owner": { + "login": "thomascannon", + "id": 1297160, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/1297160?v=4", + "html_url": "https:\/\/github.com\/thomascannon" + }, + "html_url": "https:\/\/github.com\/thomascannon\/android-cve-2010-4804", + "description": "Android Data Stealing Vulnerability", + "fork": false, + "created_at": "2014-02-06T18:53:31Z", + "updated_at": "2020-09-26T10:56:29Z", + "pushed_at": "2014-02-06T19:06:01Z", + "stargazers_count": 6, + "watchers_count": 6, + "forks_count": 5, + "forks": 5, + "watchers": 6, + "score": 0 + } +] \ No newline at end of file diff --git a/2014/CVE-2014-4210.json b/2014/CVE-2014-4210.json index c0c5903238..6912764a23 100644 --- a/2014/CVE-2014-4210.json +++ b/2014/CVE-2014-4210.json @@ -36,13 +36,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-11-21T21:32:33Z", + "updated_at": "2020-11-22T06:36:18Z", "pushed_at": "2020-09-02T16:21:12Z", - "stargazers_count": 776, - "watchers_count": 776, + "stargazers_count": 777, + "watchers_count": 777, "forks_count": 187, "forks": 187, - "watchers": 776, + "watchers": 777, "score": 0 }, { diff --git a/2015/CVE-2015-6639.json b/2015/CVE-2015-6639.json index 80106d15a4..f6318f3655 100644 --- a/2015/CVE-2015-6639.json +++ b/2015/CVE-2015-6639.json @@ -36,13 +36,13 @@ "description": "Exploit that extracts Qualcomm's KeyMaster keys using CVE-2015-6639 and CVE-2016-2431", "fork": false, "created_at": "2016-06-30T11:56:44Z", - "updated_at": "2020-10-27T18:50:10Z", + "updated_at": "2020-11-22T05:29:02Z", "pushed_at": "2016-06-30T15:32:42Z", - "stargazers_count": 282, - "watchers_count": 282, + "stargazers_count": 281, + "watchers_count": 281, "forks_count": 88, "forks": 88, - "watchers": 282, + "watchers": 281, "score": 0 } ] \ No newline at end of file diff --git a/2016/CVE-2016-0638.json b/2016/CVE-2016-0638.json index e6563008c6..52d13b8150 100644 --- a/2016/CVE-2016-0638.json +++ b/2016/CVE-2016-0638.json @@ -13,13 +13,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-11-21T21:32:33Z", + "updated_at": "2020-11-22T06:36:18Z", "pushed_at": "2020-09-02T16:21:12Z", - "stargazers_count": 776, - "watchers_count": 776, + "stargazers_count": 777, + "watchers_count": 777, "forks_count": 187, "forks": 187, - "watchers": 776, + "watchers": 777, "score": 0 }, { diff --git a/2016/CVE-2016-2431.json b/2016/CVE-2016-2431.json index de3f5cf857..d2555cffd2 100644 --- a/2016/CVE-2016-2431.json +++ b/2016/CVE-2016-2431.json @@ -36,13 +36,13 @@ "description": "Exploit that extracts Qualcomm's KeyMaster keys using CVE-2015-6639 and CVE-2016-2431", "fork": false, "created_at": "2016-06-30T11:56:44Z", - "updated_at": "2020-10-27T18:50:10Z", + "updated_at": "2020-11-22T05:29:02Z", "pushed_at": "2016-06-30T15:32:42Z", - "stargazers_count": 282, - "watchers_count": 282, + "stargazers_count": 281, + "watchers_count": 281, "forks_count": 88, "forks": 88, - "watchers": 282, + "watchers": 281, "score": 0 } ] \ No newline at end of file diff --git a/2017/CVE-2017-3248.json b/2017/CVE-2017-3248.json index 191e64f754..b92964fe03 100644 --- a/2017/CVE-2017-3248.json +++ b/2017/CVE-2017-3248.json @@ -36,13 +36,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-11-21T21:32:33Z", + "updated_at": "2020-11-22T06:36:18Z", "pushed_at": "2020-09-02T16:21:12Z", - "stargazers_count": 776, - "watchers_count": 776, + "stargazers_count": 777, + "watchers_count": 777, "forks_count": 187, "forks": 187, - "watchers": 776, + "watchers": 777, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-2628.json b/2018/CVE-2018-2628.json index d8c97e18c3..ff84561c29 100644 --- a/2018/CVE-2018-2628.json +++ b/2018/CVE-2018-2628.json @@ -450,13 +450,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-11-21T21:32:33Z", + "updated_at": "2020-11-22T06:36:18Z", "pushed_at": "2020-09-02T16:21:12Z", - "stargazers_count": 776, - "watchers_count": 776, + "stargazers_count": 777, + "watchers_count": 777, "forks_count": 187, "forks": 187, - "watchers": 776, + "watchers": 777, "score": 0 }, { diff --git a/2019/CVE-2019-17558.json b/2019/CVE-2019-17558.json index 80ff9b81d0..cdf0b5a278 100644 --- a/2019/CVE-2019-17558.json +++ b/2019/CVE-2019-17558.json @@ -36,13 +36,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-11-22T00:45:15Z", + "updated_at": "2020-11-22T07:39:01Z", "pushed_at": "2020-11-07T05:55:00Z", - "stargazers_count": 2075, - "watchers_count": 2075, - "forks_count": 566, - "forks": 566, - "watchers": 2075, + "stargazers_count": 2076, + "watchers_count": 2076, + "forks_count": 567, + "forks": 567, + "watchers": 2076, "score": 0 }, { diff --git a/2019/CVE-2019-2215.json b/2019/CVE-2019-2215.json index a7b38e31d1..706fc7856e 100644 --- a/2019/CVE-2019-2215.json +++ b/2019/CVE-2019-2215.json @@ -63,8 +63,8 @@ "pushed_at": "2019-10-15T01:04:08Z", "stargazers_count": 55, "watchers_count": 55, - "forks_count": 40, - "forks": 40, + "forks_count": 41, + "forks": 41, "watchers": 55, "score": 0 }, diff --git a/2019/CVE-2019-2618.json b/2019/CVE-2019-2618.json index 0eac8520f2..5ab1bc6fee 100644 --- a/2019/CVE-2019-2618.json +++ b/2019/CVE-2019-2618.json @@ -151,13 +151,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-11-21T21:32:33Z", + "updated_at": "2020-11-22T06:36:18Z", "pushed_at": "2020-09-02T16:21:12Z", - "stargazers_count": 776, - "watchers_count": 776, + "stargazers_count": 777, + "watchers_count": 777, "forks_count": 187, "forks": 187, - "watchers": 776, + "watchers": 777, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-7192.json b/2019/CVE-2019-7192.json index c391d0fc59..c2f6c27814 100644 --- a/2019/CVE-2019-7192.json +++ b/2019/CVE-2019-7192.json @@ -36,13 +36,13 @@ "description": "QNAP pre-auth root RCE Exploit (CVE-2019-7192 ~ CVE-2019-7195)", "fork": false, "created_at": "2020-05-24T15:44:29Z", - "updated_at": "2020-09-21T07:47:12Z", + "updated_at": "2020-11-22T03:12:11Z", "pushed_at": "2020-05-24T16:28:46Z", - "stargazers_count": 44, - "watchers_count": 44, + "stargazers_count": 45, + "watchers_count": 45, "forks_count": 19, "forks": 19, - "watchers": 44, + "watchers": 45, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-1350.json b/2020/CVE-2020-1350.json index 81a472cb6e..b9b9603bdb 100644 --- a/2020/CVE-2020-1350.json +++ b/2020/CVE-2020-1350.json @@ -13,13 +13,13 @@ "description": "NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST", "fork": false, "created_at": "2020-03-11T17:51:29Z", - "updated_at": "2020-11-04T17:33:17Z", + "updated_at": "2020-11-22T04:33:14Z", "pushed_at": "2020-11-04T17:33:15Z", - "stargazers_count": 35, - "watchers_count": 35, + "stargazers_count": 36, + "watchers_count": 36, "forks_count": 11, "forks": 11, - "watchers": 35, + "watchers": 36, "score": 0 }, { diff --git a/2020/CVE-2020-13942.json b/2020/CVE-2020-13942.json index 8c4959fbc3..4242d7f467 100644 --- a/2020/CVE-2020-13942.json +++ b/2020/CVE-2020-13942.json @@ -59,13 +59,13 @@ "description": "CVE-2020-13942 POC + Automation Script", "fork": false, "created_at": "2020-11-20T23:25:44Z", - "updated_at": "2020-11-21T06:04:00Z", + "updated_at": "2020-11-22T08:58:13Z", "pushed_at": "2020-11-21T01:23:50Z", - "stargazers_count": 2, - "watchers_count": 2, - "forks_count": 3, - "forks": 3, - "watchers": 2, + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 4, + "forks": 4, + "watchers": 3, "score": 0 }, { diff --git a/2020/CVE-2020-13957.json b/2020/CVE-2020-13957.json new file mode 100644 index 0000000000..062950b269 --- /dev/null +++ b/2020/CVE-2020-13957.json @@ -0,0 +1,25 @@ +[ + { + "id": 314516329, + "name": "xray-poc-cve-2020-13957", + "full_name": "MagicPiperSec\/xray-poc-cve-2020-13957", + "owner": { + "login": "MagicPiperSec", + "id": 69208919, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/69208919?v=4", + "html_url": "https:\/\/github.com\/MagicPiperSec" + }, + "html_url": "https:\/\/github.com\/MagicPiperSec\/xray-poc-cve-2020-13957", + "description": null, + "fork": false, + "created_at": "2020-11-20T10:11:00Z", + "updated_at": "2020-11-22T09:07:18Z", + "pushed_at": "2020-11-22T09:06:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2020/CVE-2020-14882.json b/2020/CVE-2020-14882.json index 13bc0a419d..4d49aca53a 100644 --- a/2020/CVE-2020-14882.json +++ b/2020/CVE-2020-14882.json @@ -13,13 +13,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-11-22T00:45:15Z", + "updated_at": "2020-11-22T07:39:01Z", "pushed_at": "2020-11-07T05:55:00Z", - "stargazers_count": 2075, - "watchers_count": 2075, - "forks_count": 566, - "forks": 566, - "watchers": 2075, + "stargazers_count": 2076, + "watchers_count": 2076, + "forks_count": 567, + "forks": 567, + "watchers": 2076, "score": 0 }, { @@ -36,13 +36,13 @@ "description": "Vulmap - Web漏洞扫描和验证工具,可对Web容器、Web服务器、Web中间件以及CMS等Web程序进行漏洞扫描,并且具备漏洞利用功能。 相关测试人员可以使用vulmap检测目标是否存在特定漏洞,并且可以使用漏洞利用功能验证漏洞是否真实存在。CVE-2020-14882, CVE-2020-2555, CVE-2020-2883", "fork": false, "created_at": "2020-10-09T06:34:36Z", - "updated_at": "2020-11-21T18:11:09Z", + "updated_at": "2020-11-22T07:37:45Z", "pushed_at": "2020-11-10T02:58:25Z", - "stargazers_count": 362, - "watchers_count": 362, + "stargazers_count": 363, + "watchers_count": 363, "forks_count": 67, "forks": 67, - "watchers": 362, + "watchers": 363, "score": 0 }, { diff --git a/2020/CVE-2020-2551.json b/2020/CVE-2020-2551.json index 0aa764d1db..ca64dd647e 100644 --- a/2020/CVE-2020-2551.json +++ b/2020/CVE-2020-2551.json @@ -13,13 +13,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-11-21T21:32:33Z", + "updated_at": "2020-11-22T06:36:18Z", "pushed_at": "2020-09-02T16:21:12Z", - "stargazers_count": 776, - "watchers_count": 776, + "stargazers_count": 777, + "watchers_count": 777, "forks_count": 187, "forks": 187, - "watchers": 776, + "watchers": 777, "score": 0 }, { diff --git a/2020/CVE-2020-27955.json b/2020/CVE-2020-27955.json index 85888dafbb..7c1b11e619 100644 --- a/2020/CVE-2020-27955.json +++ b/2020/CVE-2020-27955.json @@ -17,8 +17,8 @@ "pushed_at": "2020-11-04T19:09:14Z", "stargazers_count": 19, "watchers_count": 19, - "forks_count": 5, - "forks": 5, + "forks_count": 6, + "forks": 6, "watchers": 19, "score": 0 }, diff --git a/2020/CVE-2020-5902.json b/2020/CVE-2020-5902.json index dadd69c9f7..21e9ce8d99 100644 --- a/2020/CVE-2020-5902.json +++ b/2020/CVE-2020-5902.json @@ -197,13 +197,13 @@ "description": "exploit code for F5-Big-IP (CVE-2020-5902)", "fork": false, "created_at": "2020-07-06T01:12:23Z", - "updated_at": "2020-10-21T16:02:49Z", + "updated_at": "2020-11-22T08:29:01Z", "pushed_at": "2020-07-06T01:36:32Z", - "stargazers_count": 18, - "watchers_count": 18, + "stargazers_count": 19, + "watchers_count": 19, "forks_count": 10, "forks": 10, - "watchers": 18, + "watchers": 19, "score": 0 }, { diff --git a/README.md b/README.md index e5a483eb48..789d533015 100644 --- a/README.md +++ b/README.md @@ -2186,6 +2186,14 @@ The payload length in a WebSocket frame was not correctly validated in Apache To - [shifa123/CVE-2020-13942-POC-](https://github.com/shifa123/CVE-2020-13942-POC-) - [blackmarketer/CVE-2020-13942](https://github.com/blackmarketer/CVE-2020-13942) +### CVE-2020-13957 (2020-10-13) + + +Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. + + +- [MagicPiperSec/xray-poc-cve-2020-13957](https://github.com/MagicPiperSec/xray-poc-cve-2020-13957) + ### CVE-2020-13996 (2020-06-09) @@ -15478,6 +15486,7 @@ mpack 1.6 has information disclosure via eavesdropping on mails sent by other us sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. +- [t0kx/privesc-CVE-2010-0426](https://github.com/t0kx/privesc-CVE-2010-0426) - [cved-sources/cve-2010-0426](https://github.com/cved-sources/cve-2010-0426) ### CVE-2010-0738 (2010-04-28) @@ -15486,8 +15495,17 @@ sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is en The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. +- [ChristianPapathanasiou/jboss-autopwn](https://github.com/ChristianPapathanasiou/jboss-autopwn) - [gitcollect/jboss-autopwn](https://github.com/gitcollect/jboss-autopwn) +### CVE-2010-1205 (2010-06-30) + + +Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. + + +- [mk219533/CVE-2010-1205](https://github.com/mk219533/CVE-2010-1205) + ### CVE-2010-1411 (2010-06-17) @@ -15496,6 +15514,22 @@ Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the F - [MAVProxyUser/httpfuzz-robomiller](https://github.com/MAVProxyUser/httpfuzz-robomiller) +### CVE-2010-2075 (2010-06-14) + + +UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands. + + +- [M4LV0/UnrealIRCd-3.2.8.1-RCE](https://github.com/M4LV0/UnrealIRCd-3.2.8.1-RCE) + +### CVE-2010-3332 (2010-09-22) + + +Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability." + + +- [bongbongco/MS10-070](https://github.com/bongbongco/MS10-070) + ### CVE-2010-3333 (2010-11-09) @@ -15504,6 +15538,22 @@ Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office - [whiteHat001/cve-2010-3333](https://github.com/whiteHat001/cve-2010-3333) +### CVE-2010-3437 (2010-10-04) + + +Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. + + +- [huang-emily/CVE-2010-3437](https://github.com/huang-emily/CVE-2010-3437) + +### CVE-2010-3490 (2010-09-28) + + +Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. + + +- [moayadalmalat/CVE-2010-3490](https://github.com/moayadalmalat/CVE-2010-3490) + ### CVE-2010-3600 (2011-01-19) @@ -15528,6 +15578,30 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke - [redhatkaty/-cve-2010-3904-report](https://github.com/redhatkaty/-cve-2010-3904-report) +### CVE-2010-3971 (2010-12-22) + + +Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability." + + +- [nektra/CVE-2010-3971-hotpatch](https://github.com/nektra/CVE-2010-3971-hotpatch) + +### CVE-2010-4221 (2010-11-09) + + +Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server. + + +- [M31MOTH/cve-2010-4221](https://github.com/M31MOTH/cve-2010-4221) + +### CVE-2010-4258 (2010-12-30) + + +The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call. + + +- [johnreginald/CVE-2010-4258](https://github.com/johnreginald/CVE-2010-4258) + ### CVE-2010-4476 (2011-02-17) @@ -15544,6 +15618,14 @@ The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microso - [quinn-samuel-perry/CVE-2010-4669](https://github.com/quinn-samuel-perry/CVE-2010-4669) +### CVE-2010-4804 (2011-06-09) + + +The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. + + +- [thomascannon/android-cve-2010-4804](https://github.com/thomascannon/android-cve-2010-4804) + ### CVE-2010-5327 (2017-01-13)