mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-29 02:54:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2021/01/07 00:10:05

Browse source
This commit is contained in:
motikan2010-bot 2021-01-07 00:10:05 +09:00
parent 5e3d0d9481
commit cc49ccebb6
23 changed files with 287 additions and 98 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
2016/CVE-2016-4468.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 327306394,
"name": "cloudfoundry_uaa",
"full_name": "shanika04\/cloudfoundry_uaa",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/cloudfoundry_uaa",
"description": "CVE-2016-4468",
"fork": false,
"created_at": "2021-01-06T12:34:36Z",
"updated_at": "2021-01-06T12:47:42Z",
"pushed_at": "2021-01-06T12:47:34Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

25
2016/CVE-2016-4999.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 327313296,
"name": "dashbuilder",
"full_name": "shanika04\/dashbuilder",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/dashbuilder",
"description": "CVE-2016-4999",
"fork": false,
"created_at": "2021-01-06T13:02:50Z",
"updated_at": "2021-01-06T13:04:49Z",
"pushed_at": "2021-01-06T13:04:41Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

12
2017/CVE-2017-0199.json
View file

@ -59,13 +59,13 @@
"description": "Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF\/PPSX file and deliver metasploit \/ meterpreter \/ other payload to victim without any complex configuration.",
"fork": false,
"created_at": "2017-04-17T08:10:07Z",
"updated_at": "2020-12-30T20:45:13Z",
"updated_at": "2021-01-06T14:27:48Z",
"pushed_at": "2017-11-19T11:01:16Z",
"stargazers_count": 637,
"watchers_count": 637,
"forks_count": 283,
"forks": 283,
"watchers": 637,
"stargazers_count": 638,
"watchers_count": 638,
"forks_count": 284,
"forks": 284,
"watchers": 638,
"score": 0
},
{

2
2017/CVE-2017-7921.json
View file

@ -60,7 +60,7 @@
"fork": false,
"created_at": "2020-11-13T04:15:31Z",
"updated_at": "2021-01-01T18:56:15Z",
"pushed_at": "2021-01-02T12:47:51Z",
"pushed_at": "2021-01-06T10:33:32Z",
"stargazers_count": 2,
"watchers_count": 2,
"forks_count": 0,

4
2018/CVE-2018-16460.json
View file

@ -13,8 +13,8 @@
"description": null,
"fork": false,
"created_at": "2021-01-05T19:36:44Z",
"updated_at": "2021-01-05T22:28:17Z",
"pushed_at": "2021-01-05T22:40:05Z",
"updated_at": "2021-01-06T12:30:10Z",
"pushed_at": "2021-01-06T12:30:20Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,

12
2019/CVE-2019-11358.json
View file

@ -59,13 +59,13 @@
"description": "patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428",
"fork": false,
"created_at": "2020-04-14T19:12:01Z",
"updated_at": "2020-12-10T03:29:15Z",
"updated_at": "2021-01-06T12:10:25Z",
"pushed_at": "2020-05-05T23:34:04Z",
"stargazers_count": 8,
"watchers_count": 8,
"forks_count": 4,
"forks": 4,
"watchers": 8,
"stargazers_count": 9,
"watchers_count": 9,
"forks_count": 5,
"forks": 5,
"watchers": 9,
"score": 0
}
]

25
2019/CVE-2019-14900.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 327314262,
"name": "hibernate-orm",
"full_name": "shanika04\/hibernate-orm",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/hibernate-orm",
"description": "CVE-2019-14900",
"fork": false,
"created_at": "2021-01-06T13:06:45Z",
"updated_at": "2021-01-06T13:21:13Z",
"pushed_at": "2021-01-06T13:20:46Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

8
2019/CVE-2019-17558.json
View file

@ -36,13 +36,13 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2021-01-06T07:03:19Z",
"updated_at": "2021-01-06T13:17:04Z",
"pushed_at": "2020-11-07T05:55:00Z",
"stargazers_count": 2232,
"watchers_count": 2232,
"stargazers_count": 2234,
"watchers_count": 2234,
"forks_count": 633,
"forks": 633,
"watchers": 2232,
"watchers": 2234,
"score": 0
},
{

8
2019/CVE-2019-2618.json
View file

@ -82,13 +82,13 @@
"description": "增强版WeblogicScan、检测结果更精确、插件化、添加CVE-2019-2618CVE-2019-2729检测Python3支持",
"fork": false,
"created_at": "2019-06-21T09:22:43Z",
"updated_at": "2021-01-06T06:55:34Z",
"updated_at": "2021-01-06T12:56:20Z",
"pushed_at": "2020-04-26T10:49:25Z",
"stargazers_count": 696,
"watchers_count": 696,
"stargazers_count": 698,
"watchers_count": 698,
"forks_count": 143,
"forks": 143,
"watchers": 696,
"watchers": 698,
"score": 0
},
{

8
2019/CVE-2019-5736.json
View file

@ -36,13 +36,13 @@
"description": "PoC for CVE-2019-5736",
"fork": false,
"created_at": "2019-02-13T05:26:32Z",
"updated_at": "2021-01-05T06:19:40Z",
"updated_at": "2021-01-06T09:20:21Z",
"pushed_at": "2019-02-19T11:45:13Z",
"stargazers_count": 446,
"watchers_count": 446,
"stargazers_count": 447,
"watchers_count": 447,
"forks_count": 111,
"forks": 111,
"watchers": 446,
"watchers": 447,
"score": 0
},
{

25
2019/CVE-2019-6487.json
View file

@ -1,25 +0,0 @@
[
{
"id": 166241615,
"name": "TP-Link-WDR-Router-Command-injection_POC",
"full_name": "afang5472\/TP-Link-WDR-Router-Command-injection_POC",
"owner": {
"login": "afang5472",
"id": 18503100,
"avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/18503100?v=4",
"html_url": "https:\/\/github.com\/afang5472"
},
"html_url": "https:\/\/github.com\/afang5472\/TP-Link-WDR-Router-Command-injection_POC",
"description": "CVE-2019-6487. A command injection vulnerability in TP-Link WDR5620 Series up to verion 3.",
"fork": false,
"created_at": "2019-01-17T14:44:12Z",
"updated_at": "2021-01-03T15:06:26Z",
"pushed_at": "2019-01-19T10:49:21Z",
"stargazers_count": 26,
"watchers_count": 26,
"forks_count": 14,
"forks": 14,
"watchers": 26,
"score": 0
}
]

12
2020/CVE-2020-1102.json
View file

@ -13,13 +13,13 @@
"description": "patches for SNYK-JS-JQUERY-565129, SNYK-JS-JQUERY-567880, CVE-2020-1102, CVE-2020-11023, includes the patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428",
"fork": false,
"created_at": "2020-04-14T19:12:01Z",
"updated_at": "2020-12-10T03:29:15Z",
"updated_at": "2021-01-06T12:10:25Z",
"pushed_at": "2020-05-05T23:34:04Z",
"stargazers_count": 8,
"watchers_count": 8,
"forks_count": 4,
"forks": 4,
"watchers": 8,
"stargazers_count": 9,
"watchers_count": 9,
"forks_count": 5,
"forks": 5,
"watchers": 9,
"score": 0
}
]

8
2020/CVE-2020-1472.json
View file

@ -36,13 +36,13 @@
"description": "Test tool for CVE-2020-1472",
"fork": false,
"created_at": "2020-09-08T08:58:37Z",
"updated_at": "2021-01-05T12:03:03Z",
"updated_at": "2021-01-06T13:23:24Z",
"pushed_at": "2020-10-21T12:10:28Z",
"stargazers_count": 1218,
"watchers_count": 1218,
"stargazers_count": 1219,
"watchers_count": 1219,
"forks_count": 282,
"forks": 282,
"watchers": 1218,
"watchers": 1219,
"score": 0
},
{

8
2020/CVE-2020-14882.json
View file

@ -13,13 +13,13 @@
"description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340",
"fork": false,
"created_at": "2020-04-01T09:33:35Z",
"updated_at": "2021-01-06T07:03:19Z",
"updated_at": "2021-01-06T13:17:04Z",
"pushed_at": "2020-11-07T05:55:00Z",
"stargazers_count": 2232,
"watchers_count": 2232,
"stargazers_count": 2234,
"watchers_count": 2234,
"forks_count": 633,
"forks": 633,
"watchers": 2232,
"watchers": 2234,
"score": 0
},
{

8
2020/CVE-2020-14883.json
View file

@ -36,13 +36,13 @@
"description": "Weblogic 身份认证绕过漏洞批量检测脚本",
"fork": false,
"created_at": "2020-11-11T08:52:28Z",
"updated_at": "2021-01-06T08:28:52Z",
"updated_at": "2021-01-06T13:58:47Z",
"pushed_at": "2020-11-11T09:12:20Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"forks_count": 0,
"forks": 0,
"watchers": 4,
"watchers": 5,
"score": 0
}
]

25
2020/CVE-2020-17518.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 327323010,
"name": "CVE-2020-17518",
"full_name": "QmF0c3UK\/CVE-2020-17518",
"owner": {
"login": "QmF0c3UK",
"id": 29447678,
"avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/29447678?v=4",
"html_url": "https:\/\/github.com\/QmF0c3UK"
},
"html_url": "https:\/\/github.com\/QmF0c3UK\/CVE-2020-17518",
"description": null,
"fork": false,
"created_at": "2021-01-06T13:40:06Z",
"updated_at": "2021-01-06T14:01:08Z",
"pushed_at": "2021-01-06T13:41:04Z",
"stargazers_count": 1,
"watchers_count": 1,
"forks_count": 1,
"forks": 1,
"watchers": 1,
"score": 0
}
]

35
2020/CVE-2020-17519.json
View file

@ -13,13 +13,36 @@
"description": "Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)",
"fork": false,
"created_at": "2021-01-06T02:15:39Z",
"updated_at": "2021-01-06T08:32:08Z",
"updated_at": "2021-01-06T14:43:05Z",
"pushed_at": "2021-01-06T08:15:10Z",
"stargazers_count": 3,
"watchers_count": 3,
"forks_count": 2,
"forks": 2,
"watchers": 3,
"stargazers_count": 11,
"watchers_count": 11,
"forks_count": 3,
"forks": 3,
"watchers": 11,
"score": 0
},
{
"id": 327323355,
"name": "CVE-2020-17519",
"full_name": "QmF0c3UK\/CVE-2020-17519",
"owner": {
"login": "QmF0c3UK",
"id": 29447678,
"avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/29447678?v=4",
"html_url": "https:\/\/github.com\/QmF0c3UK"
},
"html_url": "https:\/\/github.com\/QmF0c3UK\/CVE-2020-17519",
"description": null,
"fork": false,
"created_at": "2021-01-06T13:41:24Z",
"updated_at": "2021-01-06T13:42:00Z",
"pushed_at": "2021-01-06T13:41:58Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 1,
"forks": 1,
"watchers": 0,
"score": 0
}
]

25
2020/CVE-2020-1937.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 327320676,
"name": "apache_kylin",
"full_name": "shanika04\/apache_kylin",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/apache_kylin",
"description": "CVE-2020-1937",
"fork": false,
"created_at": "2021-01-06T13:31:20Z",
"updated_at": "2021-01-06T13:41:05Z",
"pushed_at": "2021-01-06T13:40:54Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

8
2020/CVE-2020-27950.json
View file

@ -13,13 +13,13 @@
"description": "CVE-2020-27950 exploit",
"fork": false,
"created_at": "2020-12-01T15:49:07Z",
"updated_at": "2020-12-22T23:29:20Z",
"updated_at": "2021-01-06T13:04:43Z",
"pushed_at": "2020-12-01T15:50:45Z",
"stargazers_count": 22,
"watchers_count": 22,
"stargazers_count": 23,
"watchers_count": 23,
"forks_count": 6,
"forks": 6,
"watchers": 22,
"watchers": 23,
"score": 0
}
]

12
2020/CVE-2020-3452.json
View file

@ -312,13 +312,13 @@
"description": "CISCO CVE-2020-3452 Scanner & Exploiter",
"fork": false,
"created_at": "2021-01-05T14:41:13Z",
"updated_at": "2021-01-06T08:35:06Z",
"updated_at": "2021-01-06T14:48:29Z",
"pushed_at": "2021-01-06T06:03:47Z",
"stargazers_count": 28,
"watchers_count": 28,
"forks_count": 4,
"forks": 4,
"watchers": 28,
"stargazers_count": 36,
"watchers_count": 36,
"forks_count": 5,
"forks": 5,
"watchers": 36,
"score": 0
}
]

8
2020/CVE-2020-8209.json
View file

@ -13,13 +13,13 @@
"description": "该脚本为Citrix XenMobile 目录遍历漏洞CVE-2020-8209批量检测脚本。",
"fork": false,
"created_at": "2020-11-17T07:20:46Z",
"updated_at": "2021-01-05T14:24:23Z",
"updated_at": "2021-01-06T13:59:29Z",
"pushed_at": "2020-12-07T07:46:06Z",
"stargazers_count": 25,
"watchers_count": 25,
"stargazers_count": 26,
"watchers_count": 26,
"forks_count": 8,
"forks": 8,
"watchers": 25,
"watchers": 26,
"score": 0
}
]

25
2020/CVE-2020-9483.json Normal file
View file

@ -0,0 +1,25 @@
[
{
"id": 327318338,
"name": "apache_skywalking",
"full_name": "shanika04\/apache_skywalking",
"owner": {
"login": "shanika04",
"id": 73774345,
"avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/73774345?v=4",
"html_url": "https:\/\/github.com\/shanika04"
},
"html_url": "https:\/\/github.com\/shanika04\/apache_skywalking",
"description": "CVE-2020-9483 OR CVE-2020-13921",
"fork": false,
"created_at": "2021-01-06T13:22:32Z",
"updated_at": "2021-01-06T13:54:42Z",
"pushed_at": "2021-01-06T13:52:44Z",
"stargazers_count": 0,
"watchers_count": 0,
"forks_count": 0,
"forks": 0,
"watchers": 0,
"score": 0
}
]

57
README.md
View file

@ -596,6 +596,14 @@ A hard-coded cryptographic key vulnerability in the default configuration file w
- [jpts/cve-2020-1764-poc](https://github.com/jpts/cve-2020-1764-poc)
### CVE-2020-1937 (2020-02-24)
<code>
Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.
</code>
- [shanika04/apache_kylin](https://github.com/shanika04/apache_kylin)
### CVE-2020-1938 (2020-02-24)
<code>
@ -1619,6 +1627,14 @@ An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to in
- [Al1ex/CVE-2020-9470](https://github.com/Al1ex/CVE-2020-9470)
### CVE-2020-9483 (2020-06-30)
<code>
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
</code>
- [shanika04/apache_skywalking](https://github.com/shanika04/apache_skywalking)
### CVE-2020-9484 (2020-05-20)
<code>
@ -2817,6 +2833,14 @@ vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWid
- [ctlyz123/CVE-2020-17496](https://github.com/ctlyz123/CVE-2020-17496)
- [ludy-dev/vBulletin_5.x-tab_panel-RCE](https://github.com/ludy-dev/vBulletin_5.x-tab_panel-RCE)
### CVE-2020-17518 (2021-01-05)
<code>
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master.
</code>
- [QmF0c3UK/CVE-2020-17518](https://github.com/QmF0c3UK/CVE-2020-17518)
### CVE-2020-17519 (2021-01-05)
<code>
@ -2824,6 +2848,7 @@ A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as
</code>
- [B1anda0/CVE-2020-17519](https://github.com/B1anda0/CVE-2020-17519)
- [QmF0c3UK/CVE-2020-17519](https://github.com/QmF0c3UK/CVE-2020-17519)
### CVE-2020-17530 (2020-12-10)
@ -4679,14 +4704,6 @@ A programming error in the nxdomain-redirect feature can cause an assertion fail
- [knqyf263/CVE-2019-6467](https://github.com/knqyf263/CVE-2019-6467)
### CVE-2019-6487 (2019-01-18)
<code>
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
</code>
- [afang5472/TP-Link-WDR-Router-Command-injection_POC](https://github.com/afang5472/TP-Link-WDR-Router-Command-injection_POC)
### CVE-2019-6690 (2019-03-17)
<code>
@ -6220,6 +6237,14 @@ A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Andro
- [stryngs/hysteria](https://github.com/stryngs/hysteria)
### CVE-2019-14900 (2020-07-06)
<code>
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
</code>
- [shanika04/hibernate-orm](https://github.com/shanika04/hibernate-orm)
### CVE-2019-14912 (2019-09-20)
<code>
@ -13257,6 +13282,14 @@ Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dep
- [arntsonl/CVE-2016-4463](https://github.com/arntsonl/CVE-2016-4463)
### CVE-2016-4468 (2017-04-11)
<code>
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
</code>
- [shanika04/cloudfoundry_uaa](https://github.com/shanika04/cloudfoundry_uaa)
### CVE-2016-4622 (2016-07-21)
<code>
@ -13337,6 +13370,14 @@ When processing authorization requests using the whitelabel views in Spring Secu
- [N0b1e6/CVE-2016-4977-POC](https://github.com/N0b1e6/CVE-2016-4977-POC)
### CVE-2016-4999 (2016-08-05)
<code>
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
</code>
- [shanika04/dashbuilder](https://github.com/shanika04/dashbuilder)
### CVE-2016-5195 (2016-11-10)
<code>