From d28bebe13fe4c5f6a6a2e459212ba79bd3b85abf Mon Sep 17 00:00:00 2001 From: motikan2010-bot <k.agena1993@gmail.com> Date: Fri, 4 Jun 2021 18:13:31 +0900 Subject: [PATCH] Auto Update 2021/06/04 18:13:31 --- 2017/CVE-2017-3881.json | 8 ++++---- 2017/CVE-2017-7494.json | 4 ++-- 2018/CVE-2018-10933.json | 4 ++-- 2018/CVE-2018-2628.json | 8 ++++---- 2018/CVE-2018-5955.json | 8 ++++---- 2018/CVE-2018-8120.json | 8 ++++---- 2019/CVE-2019-1821.json | 8 ++++---- 2019/CVE-2019-19781.json | 4 ++-- 2019/CVE-2019-2725.json | 8 ++++---- 2019/CVE-2019-9193.json | 8 ++++---- 2020/CVE-2020-0688.json | 16 ++++++++-------- 2020/CVE-2020-0796.json | 8 ++++---- 2020/CVE-2020-2883.json | 12 ++++++------ 2020/CVE-2020-9484.json | 32 ++++++++++++++++---------------- 2021/CVE-2021-2173.json | 25 +++++++++++++++++++++++++ 2021/CVE-2021-21985.json | 20 ++++++++++---------- 2021/CVE-2021-22204.json | 8 ++++---- 2021/CVE-2021-28476.json | 8 ++++---- 2021/CVE-2021-31166.json | 8 ++++---- README.md | 14 +++++++++++--- 20 files changed, 126 insertions(+), 93 deletions(-) create mode 100644 2021/CVE-2021-2173.json diff --git a/2017/CVE-2017-3881.json b/2017/CVE-2017-3881.json index b600d6d0cd..ecc51bd16b 100644 --- a/2017/CVE-2017-3881.json +++ b/2017/CVE-2017-3881.json @@ -13,13 +13,13 @@ "description": "CVE-2017-3881 Cisco Catalyst Remote Code Execution PoC", "fork": false, "created_at": "2017-04-10T03:44:04Z", - "updated_at": "2021-03-21T09:51:44Z", + "updated_at": "2021-06-04T06:25:28Z", "pushed_at": "2017-04-12T09:17:27Z", - "stargazers_count": 186, - "watchers_count": 186, + "stargazers_count": 187, + "watchers_count": 187, "forks_count": 82, "forks": 82, - "watchers": 186, + "watchers": 187, "score": 0 }, { diff --git a/2017/CVE-2017-7494.json b/2017/CVE-2017-7494.json index b7815421f6..53a3c7146a 100644 --- a/2017/CVE-2017-7494.json +++ b/2017/CVE-2017-7494.json @@ -132,8 +132,8 @@ "pushed_at": "2021-03-09T09:12:55Z", "stargazers_count": 233, "watchers_count": 233, - "forks_count": 80, - "forks": 80, + "forks_count": 81, + "forks": 81, "watchers": 233, "score": 0 }, diff --git a/2018/CVE-2018-10933.json b/2018/CVE-2018-10933.json index 37dc0ee92c..57eb0a3907 100644 --- a/2018/CVE-2018-10933.json +++ b/2018/CVE-2018-10933.json @@ -40,8 +40,8 @@ "pushed_at": "2021-03-14T10:52:28Z", "stargazers_count": 470, "watchers_count": 470, - "forks_count": 116, - "forks": 116, + "forks_count": 115, + "forks": 115, "watchers": 470, "score": 0 }, diff --git a/2018/CVE-2018-2628.json b/2018/CVE-2018-2628.json index 21c38e738d..38b3ee1d4e 100644 --- a/2018/CVE-2018-2628.json +++ b/2018/CVE-2018-2628.json @@ -312,13 +312,13 @@ "description": "Weblogic 反序列化漏洞(CVE-2018-2628)", "fork": false, "created_at": "2018-06-05T11:00:40Z", - "updated_at": "2020-11-18T08:11:14Z", + "updated_at": "2021-06-04T07:49:43Z", "pushed_at": "2019-09-30T01:18:02Z", - "stargazers_count": 79, - "watchers_count": 79, + "stargazers_count": 80, + "watchers_count": 80, "forks_count": 37, "forks": 37, - "watchers": 79, + "watchers": 80, "score": 0 }, { diff --git a/2018/CVE-2018-5955.json b/2018/CVE-2018-5955.json index c578531054..5be0fe3c58 100644 --- a/2018/CVE-2018-5955.json +++ b/2018/CVE-2018-5955.json @@ -36,13 +36,13 @@ "description": "一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能", "fork": false, "created_at": "2019-12-21T22:45:55Z", - "updated_at": "2021-06-03T12:29:14Z", + "updated_at": "2021-06-04T09:11:57Z", "pushed_at": "2020-01-05T21:46:25Z", - "stargazers_count": 427, - "watchers_count": 427, + "stargazers_count": 429, + "watchers_count": 429, "forks_count": 100, "forks": 100, - "watchers": 427, + "watchers": 429, "score": 0 } ] \ No newline at end of file diff --git a/2018/CVE-2018-8120.json b/2018/CVE-2018-8120.json index d495cf919f..82bff47c9a 100644 --- a/2018/CVE-2018-8120.json +++ b/2018/CVE-2018-8120.json @@ -82,13 +82,13 @@ "description": "CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7 ", "fork": false, "created_at": "2018-06-07T08:30:07Z", - "updated_at": "2021-05-05T15:36:34Z", + "updated_at": "2021-06-04T07:46:31Z", "pushed_at": "2018-08-08T05:48:24Z", - "stargazers_count": 281, - "watchers_count": 281, + "stargazers_count": 282, + "watchers_count": 282, "forks_count": 121, "forks": 121, - "watchers": 281, + "watchers": 282, "score": 0 }, { diff --git a/2019/CVE-2019-1821.json b/2019/CVE-2019-1821.json index e555ec0cb8..8887c2644c 100644 --- a/2019/CVE-2019-1821.json +++ b/2019/CVE-2019-1821.json @@ -13,13 +13,13 @@ "description": "Cisco Exploit (CVE-2019-1821 Cisco Prime Infrastructure Remote Code Execution\/CVE-2019-1653\/Cisco SNMP RCE\/Dump Cisco RV320 Password)", "fork": false, "created_at": "2019-05-21T12:42:54Z", - "updated_at": "2021-05-01T16:29:37Z", + "updated_at": "2021-06-04T06:24:58Z", "pushed_at": "2019-05-21T14:52:36Z", - "stargazers_count": 78, - "watchers_count": 78, + "stargazers_count": 79, + "watchers_count": 79, "forks_count": 48, "forks": 48, - "watchers": 78, + "watchers": 79, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-19781.json b/2019/CVE-2019-19781.json index 95e93d7ef8..d0094dbcba 100644 --- a/2019/CVE-2019-19781.json +++ b/2019/CVE-2019-19781.json @@ -684,8 +684,8 @@ "pushed_at": "2020-03-25T05:07:43Z", "stargazers_count": 84, "watchers_count": 84, - "forks_count": 23, - "forks": 23, + "forks_count": 24, + "forks": 24, "watchers": 84, "score": 0 }, diff --git a/2019/CVE-2019-2725.json b/2019/CVE-2019-2725.json index a27f558057..d2898092cc 100644 --- a/2019/CVE-2019-2725.json +++ b/2019/CVE-2019-2725.json @@ -220,13 +220,13 @@ "description": "CVE-2019-2725命令回显+webshell上传+最新绕过", "fork": false, "created_at": "2019-06-10T05:12:44Z", - "updated_at": "2021-04-04T03:50:05Z", + "updated_at": "2021-06-04T07:07:34Z", "pushed_at": "2019-06-21T03:33:05Z", - "stargazers_count": 146, - "watchers_count": 146, + "stargazers_count": 147, + "watchers_count": 147, "forks_count": 61, "forks": 61, - "watchers": 146, + "watchers": 147, "score": 0 }, { diff --git a/2019/CVE-2019-9193.json b/2019/CVE-2019-9193.json index 89f0c4ecda..3953feea8a 100644 --- a/2019/CVE-2019-9193.json +++ b/2019/CVE-2019-9193.json @@ -25,14 +25,14 @@ { "id": 329084039, "name": "CVE-2019-9193", - "full_name": "X-x-X-0\/CVE-2019-9193", + "full_name": "DarkRabbit-0\/CVE-2019-9193", "owner": { - "login": "X-x-X-0", + "login": "DarkRabbit-0", "id": 68131578, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/68131578?v=4", - "html_url": "https:\/\/github.com\/X-x-X-0" + "html_url": "https:\/\/github.com\/DarkRabbit-0" }, - "html_url": "https:\/\/github.com\/X-x-X-0\/CVE-2019-9193", + "html_url": "https:\/\/github.com\/DarkRabbit-0\/CVE-2019-9193", "description": "CVE-2019-9193 English Rewrite", "fork": false, "created_at": "2021-01-12T19:00:25Z", diff --git a/2020/CVE-2020-0688.json b/2020/CVE-2020-0688.json index 6cad6d9185..1c3493df3a 100644 --- a/2020/CVE-2020-0688.json +++ b/2020/CVE-2020-0688.json @@ -36,13 +36,13 @@ "description": "CVE-2020-0688 - Exchange", "fork": false, "created_at": "2020-02-26T12:28:11Z", - "updated_at": "2021-03-17T16:00:04Z", + "updated_at": "2021-06-04T03:31:58Z", "pushed_at": "2020-02-27T03:50:07Z", - "stargazers_count": 56, - "watchers_count": 56, + "stargazers_count": 57, + "watchers_count": 57, "forks_count": 23, "forks": 23, - "watchers": 56, + "watchers": 57, "score": 0 }, { @@ -82,13 +82,13 @@ "description": "CVE-2020-0688_EXP Auto trigger payload & encrypt method", "fork": false, "created_at": "2020-02-27T13:53:46Z", - "updated_at": "2021-06-01T12:26:49Z", + "updated_at": "2021-06-04T08:13:51Z", "pushed_at": "2020-02-27T15:57:53Z", - "stargazers_count": 136, - "watchers_count": 136, + "stargazers_count": 137, + "watchers_count": 137, "forks_count": 60, "forks": 60, - "watchers": 136, + "watchers": 137, "score": 0 }, { diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index 327e5182ed..5d6a6ac943 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -1324,13 +1324,13 @@ "description": "SMBGhost (CVE-2020-0796) Automate Exploitation and Detection", "fork": false, "created_at": "2020-06-10T16:44:39Z", - "updated_at": "2021-06-01T02:21:55Z", + "updated_at": "2021-06-04T05:37:08Z", "pushed_at": "2021-01-15T19:21:25Z", - "stargazers_count": 116, - "watchers_count": 116, + "stargazers_count": 117, + "watchers_count": 117, "forks_count": 35, "forks": 35, - "watchers": 116, + "watchers": 117, "score": 0 }, { diff --git a/2020/CVE-2020-2883.json b/2020/CVE-2020-2883.json index e1e674500a..0a78d3d71f 100644 --- a/2020/CVE-2020-2883.json +++ b/2020/CVE-2020-2883.json @@ -82,13 +82,13 @@ "description": "WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册蚁剑filter内存shell", "fork": false, "created_at": "2020-08-19T03:34:06Z", - "updated_at": "2021-06-04T01:32:21Z", + "updated_at": "2021-06-04T04:23:18Z", "pushed_at": "2020-08-25T03:17:32Z", - "stargazers_count": 246, - "watchers_count": 246, - "forks_count": 39, - "forks": 39, - "watchers": 246, + "stargazers_count": 247, + "watchers_count": 247, + "forks_count": 40, + "forks": 40, + "watchers": 247, "score": 0 }, { diff --git a/2020/CVE-2020-9484.json b/2020/CVE-2020-9484.json index cc846ff590..ebeba7c30e 100644 --- a/2020/CVE-2020-9484.json +++ b/2020/CVE-2020-9484.json @@ -17,8 +17,8 @@ "pushed_at": "2020-05-19T05:13:19Z", "stargazers_count": 199, "watchers_count": 199, - "forks_count": 35, - "forks": 35, + "forks_count": 36, + "forks": 36, "watchers": 199, "score": 0 }, @@ -174,26 +174,26 @@ "description": null, "fork": false, "created_at": "2020-12-31T21:54:50Z", - "updated_at": "2021-05-14T05:31:29Z", + "updated_at": "2021-06-04T03:26:09Z", "pushed_at": "2020-12-31T23:45:38Z", - "stargazers_count": 1, - "watchers_count": 1, - "forks_count": 2, - "forks": 2, - "watchers": 1, + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 3, + "forks": 3, + "watchers": 2, "score": 0 }, { "id": 329985612, "name": "-CVE-2020-9484-", - "full_name": "X-x-X-0\/-CVE-2020-9484-", + "full_name": "DarkRabbit-0\/-CVE-2020-9484-", "owner": { - "login": "X-x-X-0", + "login": "DarkRabbit-0", "id": 68131578, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/68131578?v=4", - "html_url": "https:\/\/github.com\/X-x-X-0" + "html_url": "https:\/\/github.com\/DarkRabbit-0" }, - "html_url": "https:\/\/github.com\/X-x-X-0\/-CVE-2020-9484-", + "html_url": "https:\/\/github.com\/DarkRabbit-0\/-CVE-2020-9484-", "description": "Apache Tomcat RCE (CVE-2020-9484)", "fork": false, "created_at": "2021-01-15T17:59:25Z", @@ -209,14 +209,14 @@ { "id": 329985708, "name": "-CVE-2020-9484", - "full_name": "X-x-X-0\/-CVE-2020-9484", + "full_name": "DarkRabbit-0\/-CVE-2020-9484", "owner": { - "login": "X-x-X-0", + "login": "DarkRabbit-0", "id": 68131578, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/68131578?v=4", - "html_url": "https:\/\/github.com\/X-x-X-0" + "html_url": "https:\/\/github.com\/DarkRabbit-0" }, - "html_url": "https:\/\/github.com\/X-x-X-0\/-CVE-2020-9484", + "html_url": "https:\/\/github.com\/DarkRabbit-0\/-CVE-2020-9484", "description": "Apache Tomcat RCE (CVE-2020-9484)", "fork": false, "created_at": "2021-01-15T17:59:50Z", diff --git a/2021/CVE-2021-2173.json b/2021/CVE-2021-2173.json new file mode 100644 index 0000000000..bb85cef818 --- /dev/null +++ b/2021/CVE-2021-2173.json @@ -0,0 +1,25 @@ +[ + { + "id": 373735692, + "name": "CVE-2021-2173", + "full_name": "emad-almousa\/CVE-2021-2173", + "owner": { + "login": "emad-almousa", + "id": 48997609, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/48997609?v=4", + "html_url": "https:\/\/github.com\/emad-almousa" + }, + "html_url": "https:\/\/github.com\/emad-almousa\/CVE-2021-2173", + "description": "CVE-2021-2173", + "fork": false, + "created_at": "2021-06-04T05:56:01Z", + "updated_at": "2021-06-04T05:57:15Z", + "pushed_at": "2021-06-04T05:57:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + } +] \ No newline at end of file diff --git a/2021/CVE-2021-21985.json b/2021/CVE-2021-21985.json index f539750c5b..163407c3ce 100644 --- a/2021/CVE-2021-21985.json +++ b/2021/CVE-2021-21985.json @@ -36,13 +36,13 @@ "description": null, "fork": false, "created_at": "2021-05-29T13:07:14Z", - "updated_at": "2021-06-04T02:11:42Z", + "updated_at": "2021-06-04T09:10:36Z", "pushed_at": "2021-06-03T21:29:39Z", - "stargazers_count": 86, - "watchers_count": 86, + "stargazers_count": 89, + "watchers_count": 89, "forks_count": 17, "forks": 17, - "watchers": 86, + "watchers": 89, "score": 0 }, { @@ -105,13 +105,13 @@ "description": "CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP", "fork": false, "created_at": "2021-06-03T09:59:21Z", - "updated_at": "2021-06-04T03:15:58Z", + "updated_at": "2021-06-04T08:27:22Z", "pushed_at": "2021-06-03T11:07:53Z", - "stargazers_count": 18, - "watchers_count": 18, - "forks_count": 4, - "forks": 4, - "watchers": 18, + "stargazers_count": 39, + "watchers_count": 39, + "forks_count": 5, + "forks": 5, + "watchers": 39, "score": 0 }, { diff --git a/2021/CVE-2021-22204.json b/2021/CVE-2021-22204.json index 6dac0b0470..de43400a93 100644 --- a/2021/CVE-2021-22204.json +++ b/2021/CVE-2021-22204.json @@ -13,13 +13,13 @@ "description": "Python exploit for the CVE-2021-22204 vulnerability in Exiftool", "fork": false, "created_at": "2021-05-11T18:45:07Z", - "updated_at": "2021-05-31T17:44:21Z", + "updated_at": "2021-06-04T04:39:26Z", "pushed_at": "2021-05-20T21:42:43Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 11, + "watchers_count": 11, "forks_count": 3, "forks": 3, - "watchers": 10, + "watchers": 11, "score": 0 }, { diff --git a/2021/CVE-2021-28476.json b/2021/CVE-2021-28476.json index 5c7063cad3..685f96fbcd 100644 --- a/2021/CVE-2021-28476.json +++ b/2021/CVE-2021-28476.json @@ -13,13 +13,13 @@ "description": "PoC for CVE-2021-28476 a guest-to-host \"Hyper-V Remote Code Execution Vulnerability\" in vmswitch.sys.", "fork": false, "created_at": "2021-05-31T18:02:39Z", - "updated_at": "2021-06-04T01:05:20Z", + "updated_at": "2021-06-04T08:55:44Z", "pushed_at": "2021-06-01T15:08:23Z", - "stargazers_count": 145, - "watchers_count": 145, + "stargazers_count": 147, + "watchers_count": 147, "forks_count": 25, "forks": 25, - "watchers": 145, + "watchers": 147, "score": 0 }, { diff --git a/2021/CVE-2021-31166.json b/2021/CVE-2021-31166.json index 8eec7dd34e..cb39c8fd6e 100644 --- a/2021/CVE-2021-31166.json +++ b/2021/CVE-2021-31166.json @@ -13,13 +13,13 @@ "description": "Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.", "fork": false, "created_at": "2021-05-16T16:15:56Z", - "updated_at": "2021-06-03T18:26:53Z", + "updated_at": "2021-06-04T08:50:42Z", "pushed_at": "2021-05-21T23:58:50Z", - "stargazers_count": 720, - "watchers_count": 720, + "stargazers_count": 721, + "watchers_count": 721, "forks_count": 117, "forks": 117, - "watchers": 720, + "watchers": 721, "score": 0 }, { diff --git a/README.md b/README.md index f27544810f..0642499101 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,14 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - [rabbitsafe/CVE-2021-2109](https://github.com/rabbitsafe/CVE-2021-2109) - [yuaneuro/CVE-2021-2109_poc](https://github.com/yuaneuro/CVE-2021-2109_poc) +### CVE-2021-2173 (2021-04-22) + +<code> +Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). +</code> + +- [emad-almousa/CVE-2021-2173](https://github.com/emad-almousa/CVE-2021-2173) + ### CVE-2021-3007 (2021-01-03) <code> @@ -3048,8 +3056,8 @@ When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8. - [DeviantSec/CVE-2020-9484-Scanner](https://github.com/DeviantSec/CVE-2020-9484-Scanner) - [anjai94/CVE-2020-9484-exploit](https://github.com/anjai94/CVE-2020-9484-exploit) - [PenTestical/CVE-2020-9484](https://github.com/PenTestical/CVE-2020-9484) -- [X-x-X-0/-CVE-2020-9484-](https://github.com/X-x-X-0/-CVE-2020-9484-) -- [X-x-X-0/-CVE-2020-9484](https://github.com/X-x-X-0/-CVE-2020-9484) +- [DarkRabbit-0/-CVE-2020-9484-](https://github.com/DarkRabbit-0/-CVE-2020-9484-) +- [DarkRabbit-0/-CVE-2020-9484](https://github.com/DarkRabbit-0/-CVE-2020-9484) - [AssassinUKG/CVE-2020-9484](https://github.com/AssassinUKG/CVE-2020-9484) - [VICXOR/CVE-2020-9484](https://github.com/VICXOR/CVE-2020-9484) - [DXY0411/CVE-2020-9484](https://github.com/DXY0411/CVE-2020-9484) @@ -7040,7 +7048,7 @@ SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! a </code> - [wkjung0624/CVE-2019-9193](https://github.com/wkjung0624/CVE-2019-9193) -- [X-x-X-0/CVE-2019-9193](https://github.com/X-x-X-0/CVE-2019-9193) +- [DarkRabbit-0/CVE-2019-9193](https://github.com/DarkRabbit-0/CVE-2019-9193) ### CVE-2019-9194 (2019-02-26)