From d37409851e59626f20c0225604fe88dd587fceba Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Sun, 1 Dec 2024 09:31:34 +0900 Subject: [PATCH] Auto Update 2024/12/01 00:31:34 --- 2010/CVE-2010-0738.json | 32 ++++++++++++++++---------------- 2017/CVE-2017-9506.json | 8 ++++---- 2018/CVE-2018-19422.json | 8 ++++---- 2020/CVE-2020-0688.json | 8 ++++---- 2020/CVE-2020-0796.json | 4 ++-- 2021/CVE-2021-3129.json | 4 ++-- 2021/CVE-2021-3560.json | 8 ++++---- 2022/CVE-2022-29464.json | 4 ++-- 2022/CVE-2022-32832.json | 8 ++++---- 2022/CVE-2022-33679.json | 8 ++++---- 2022/CVE-2022-3552.json | 8 ++++---- 2022/CVE-2022-37042.json | 31 +++++++++++++++++++++++++++++++ 2023/CVE-2023-0297.json | 31 +++++++++++++++++++++++++++++++ 2023/CVE-2023-22515.json | 8 ++++---- 2023/CVE-2023-41425.json | 31 +++++++++++++++++++++++++++++++ 2024/CVE-2024-0012.json | 12 ++++++------ 2024/CVE-2024-11477.json | 8 ++++---- 2024/CVE-2024-25600.json | 8 ++++---- 2024/CVE-2024-27198.json | 4 ++-- 2024/CVE-2024-30088.json | 8 ++++---- 2024/CVE-2024-34102.json | 4 ++-- 2024/CVE-2024-36401.json | 6 +++--- 2024/CVE-2024-42327.json | 33 +++++++++++++++++++++++++++++++++ 2024/CVE-2024-6387.json | 31 +++++++++++++++++++++++++++++++ 2024/CVE-2024-8309.json | 2 +- 2024/CVE-2024-9935.json | 8 ++++---- README.md | 13 ++++++++++++- 27 files changed, 253 insertions(+), 85 deletions(-) create mode 100644 2024/CVE-2024-42327.json diff --git a/2010/CVE-2010-0738.json b/2010/CVE-2010-0738.json index 173ced9021..f9cb7e5b0a 100644 --- a/2010/CVE-2010-0738.json +++ b/2010/CVE-2010-0738.json @@ -1,34 +1,34 @@ [ { - "id": 29914821, - "name": "jboss-autopwn", - "full_name": "ChristianPapathanasiou\/jboss-autopwn", + "id": 53392873, + "name": "jboss-autopwn-1", + "full_name": "1872892142\/jboss-autopwn-1", "owner": { - "login": "ChristianPapathanasiou", - "id": 5354349, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/5354349?v=4", - "html_url": "https:\/\/github.com\/ChristianPapathanasiou", + "login": "1872892142", + "id": 10019398, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/10019398?v=4", + "html_url": "https:\/\/github.com\/1872892142", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/ChristianPapathanasiou\/jboss-autopwn", + "html_url": "https:\/\/github.com\/1872892142\/jboss-autopwn-1", "description": "JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security", "fork": false, - "created_at": "2015-01-27T13:16:45Z", - "updated_at": "2023-07-10T13:32:16Z", + "created_at": "2016-03-08T07:43:18Z", + "updated_at": "2016-03-08T07:43:20Z", "pushed_at": "2015-01-27T13:23:18Z", - "stargazers_count": 15, - "watchers_count": 15, + "stargazers_count": 0, + "watchers_count": 0, "has_discussions": false, - "forks_count": 10, + "forks_count": 9, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 10, - "watchers": 15, + "forks": 9, + "watchers": 0, "score": 0, - "subscribers_count": 3 + "subscribers_count": 0 }, { "id": 62456741, diff --git a/2017/CVE-2017-9506.json b/2017/CVE-2017-9506.json index 4ba6024b8c..41c780f326 100644 --- a/2017/CVE-2017-9506.json +++ b/2017/CVE-2017-9506.json @@ -14,10 +14,10 @@ "description": "CVE-2017-9506 - SSRF", "fork": false, "created_at": "2018-04-25T11:25:18Z", - "updated_at": "2024-11-05T04:49:25Z", + "updated_at": "2024-11-30T22:18:17Z", "pushed_at": "2022-02-14T22:00:28Z", - "stargazers_count": 187, - "watchers_count": 187, + "stargazers_count": 188, + "watchers_count": 188, "has_discussions": false, "forks_count": 45, "allow_forking": true, @@ -30,7 +30,7 @@ ], "visibility": "public", "forks": 45, - "watchers": 187, + "watchers": 188, "score": 0, "subscribers_count": 5 }, diff --git a/2018/CVE-2018-19422.json b/2018/CVE-2018-19422.json index 905156e7e8..2968544d4c 100644 --- a/2018/CVE-2018-19422.json +++ b/2018/CVE-2018-19422.json @@ -45,10 +45,10 @@ "description": "This is an edited version of the CVE-2018-19422 exploit to fix an small but annoying issue I had.", "fork": false, "created_at": "2022-04-29T17:23:23Z", - "updated_at": "2024-09-20T23:15:33Z", + "updated_at": "2024-11-30T21:58:15Z", "pushed_at": "2022-04-29T17:27:22Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 3, "score": 0, "subscribers_count": 1 } diff --git a/2020/CVE-2020-0688.json b/2020/CVE-2020-0688.json index 12315a3890..4ad0727e17 100644 --- a/2020/CVE-2020-0688.json +++ b/2020/CVE-2020-0688.json @@ -14,10 +14,10 @@ "description": "cve-2020-0688", "fork": false, "created_at": "2020-02-25T23:44:16Z", - "updated_at": "2024-10-21T23:41:44Z", + "updated_at": "2024-11-30T22:18:26Z", "pushed_at": "2020-02-26T00:58:39Z", - "stargazers_count": 162, - "watchers_count": 162, + "stargazers_count": 163, + "watchers_count": 163, "has_discussions": false, "forks_count": 52, "allow_forking": true, @@ -28,7 +28,7 @@ ], "visibility": "public", "forks": 52, - "watchers": 162, + "watchers": 163, "score": 0, "subscribers_count": 6 }, diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index 4388201169..c8b4a66682 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -1657,13 +1657,13 @@ "stargazers_count": 270, "watchers_count": 270, "has_discussions": false, - "forks_count": 52, + "forks_count": 51, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 52, + "forks": 51, "watchers": 270, "score": 0, "subscribers_count": 7 diff --git a/2021/CVE-2021-3129.json b/2021/CVE-2021-3129.json index b9d4017d5a..6bbebe33a4 100644 --- a/2021/CVE-2021-3129.json +++ b/2021/CVE-2021-3129.json @@ -873,10 +873,10 @@ "user_view_type": "public" }, "html_url": "https:\/\/github.com\/0x0d3ad\/CVE-2021-3129", - "description": "CVE-2021-3129 Laravel Ignition RCE Exploit", + "description": "CVE-2021-3129 (Laravel Ignition RCE Exploit)", "fork": false, "created_at": "2024-09-29T05:09:41Z", - "updated_at": "2024-10-05T05:58:32Z", + "updated_at": "2024-11-30T19:25:07Z", "pushed_at": "2024-10-05T05:58:28Z", "stargazers_count": 1, "watchers_count": 1, diff --git a/2021/CVE-2021-3560.json b/2021/CVE-2021-3560.json index 2c155419bf..0e8b786a1f 100644 --- a/2021/CVE-2021-3560.json +++ b/2021/CVE-2021-3560.json @@ -588,10 +588,10 @@ "description": "Exploit for CVE-2021-3560 (Polkit) - Local Privilege Escalation", "fork": false, "created_at": "2022-05-02T23:56:31Z", - "updated_at": "2024-02-19T06:22:46Z", + "updated_at": "2024-11-30T21:29:18Z", "pushed_at": "2022-06-26T16:26:27Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 2, "allow_forking": true, @@ -611,7 +611,7 @@ ], "visibility": "public", "forks": 2, - "watchers": 7, + "watchers": 8, "score": 0, "subscribers_count": 0 }, diff --git a/2022/CVE-2022-29464.json b/2022/CVE-2022-29464.json index e396811be6..fc81e787d8 100644 --- a/2022/CVE-2022-29464.json +++ b/2022/CVE-2022-29464.json @@ -537,7 +537,7 @@ "stargazers_count": 18, "watchers_count": 18, "has_discussions": false, - "forks_count": 8, + "forks_count": 9, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -554,7 +554,7 @@ "shodan" ], "visibility": "public", - "forks": 8, + "forks": 9, "watchers": 18, "score": 0, "subscribers_count": 2 diff --git a/2022/CVE-2022-32832.json b/2022/CVE-2022-32832.json index 819daa1516..844ac30a76 100644 --- a/2022/CVE-2022-32832.json +++ b/2022/CVE-2022-32832.json @@ -14,10 +14,10 @@ "description": "Proof-of-concept and write-up for the CVE-2022-32832 vulnerability patched in iOS 15.6", "fork": false, "created_at": "2022-07-21T13:09:50Z", - "updated_at": "2024-10-21T10:38:25Z", + "updated_at": "2024-11-30T19:16:15Z", "pushed_at": "2022-07-21T13:44:32Z", - "stargazers_count": 96, - "watchers_count": 96, + "stargazers_count": 95, + "watchers_count": 95, "has_discussions": false, "forks_count": 11, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 11, - "watchers": 96, + "watchers": 95, "score": 0, "subscribers_count": 5 }, diff --git a/2022/CVE-2022-33679.json b/2022/CVE-2022-33679.json index 888c21f6c6..836160c98e 100644 --- a/2022/CVE-2022-33679.json +++ b/2022/CVE-2022-33679.json @@ -14,10 +14,10 @@ "description": "One day based on https:\/\/googleprojectzero.blogspot.com\/2022\/10\/rc4-is-still-considered-harmful.html", "fork": false, "created_at": "2022-11-02T18:38:01Z", - "updated_at": "2024-11-23T23:33:47Z", + "updated_at": "2024-11-30T19:15:36Z", "pushed_at": "2024-11-10T17:21:28Z", - "stargazers_count": 395, - "watchers_count": 395, + "stargazers_count": 394, + "watchers_count": 394, "has_discussions": false, "forks_count": 69, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 69, - "watchers": 395, + "watchers": 394, "score": 0, "subscribers_count": 8 }, diff --git a/2022/CVE-2022-3552.json b/2022/CVE-2022-3552.json index c5bfb745c4..d6b8b275d5 100644 --- a/2022/CVE-2022-3552.json +++ b/2022/CVE-2022-3552.json @@ -14,10 +14,10 @@ "description": "BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)", "fork": false, "created_at": "2023-04-01T11:53:14Z", - "updated_at": "2023-12-05T02:10:47Z", + "updated_at": "2024-11-30T21:39:36Z", "pushed_at": "2023-04-01T15:45:53Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 1 } diff --git a/2022/CVE-2022-37042.json b/2022/CVE-2022-37042.json index 5e5ec0957f..4bbeff4bf8 100644 --- a/2022/CVE-2022-37042.json +++ b/2022/CVE-2022-37042.json @@ -91,5 +91,36 @@ "watchers": 30, "score": 0, "subscribers_count": 2 + }, + { + "id": 896632413, + "name": "zimbra8_lab", + "full_name": "romero-javi\/zimbra8_lab", + "owner": { + "login": "romero-javi", + "id": 95502860, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/95502860?v=4", + "html_url": "https:\/\/github.com\/romero-javi", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/romero-javi\/zimbra8_lab", + "description": "Zimbra Lab de CVE-2022-37042 y CVE-2022-37393 ", + "fork": false, + "created_at": "2024-11-30T22:06:12Z", + "updated_at": "2024-11-30T22:26:20Z", + "pushed_at": "2024-11-30T22:26:16Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-0297.json b/2023/CVE-2023-0297.json index b4a445a233..c59e6516a4 100644 --- a/2023/CVE-2023-0297.json +++ b/2023/CVE-2023-0297.json @@ -184,5 +184,36 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 896616091, + "name": "CVE-2023-0297", + "full_name": "oxapavan\/CVE-2023-0297", + "owner": { + "login": "oxapavan", + "id": 106510266, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/106510266?v=4", + "html_url": "https:\/\/github.com\/oxapavan", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/oxapavan\/CVE-2023-0297", + "description": "CVE-2023-0297 is a critical pre-authentication remote code execution (RCE) vulnerability in pyLoad versions before 0.5.0b3.dev31.", + "fork": false, + "created_at": "2024-11-30T20:53:40Z", + "updated_at": "2024-11-30T20:58:41Z", + "pushed_at": "2024-11-30T20:57:07Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2023/CVE-2023-22515.json b/2023/CVE-2023-22515.json index 2256ec01c5..09d7f30333 100644 --- a/2023/CVE-2023-22515.json +++ b/2023/CVE-2023-22515.json @@ -76,10 +76,10 @@ "description": "CVE-2023-22515: Confluence Broken Access Control Exploit", "fork": false, "created_at": "2023-10-10T21:40:09Z", - "updated_at": "2024-11-06T23:54:09Z", + "updated_at": "2024-11-30T20:03:53Z", "pushed_at": "2023-10-17T22:04:13Z", - "stargazers_count": 129, - "watchers_count": 129, + "stargazers_count": 130, + "watchers_count": 130, "has_discussions": false, "forks_count": 29, "allow_forking": true, @@ -97,7 +97,7 @@ ], "visibility": "public", "forks": 29, - "watchers": 129, + "watchers": 130, "score": 0, "subscribers_count": 4 }, diff --git a/2023/CVE-2023-41425.json b/2023/CVE-2023-41425.json index ae1b54f3d0..097d3c3e85 100644 --- a/2023/CVE-2023-41425.json +++ b/2023/CVE-2023-41425.json @@ -321,5 +321,36 @@ "watchers": 1, "score": 0, "subscribers_count": 1 + }, + { + "id": 896579626, + "name": "CVE-2023-41425", + "full_name": "0x0d3ad\/CVE-2023-41425", + "owner": { + "login": "0x0d3ad", + "id": 18898977, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/18898977?v=4", + "html_url": "https:\/\/github.com\/0x0d3ad", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/0x0d3ad\/CVE-2023-41425", + "description": "CVE-2023-41425 (XSS to RCE, Wonder CMS 3.2.0 <= 3.4.2)", + "fork": false, + "created_at": "2024-11-30T18:34:05Z", + "updated_at": "2024-11-30T19:28:45Z", + "pushed_at": "2024-11-30T18:43:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2024/CVE-2024-0012.json b/2024/CVE-2024-0012.json index 660c2289a8..e85f44315a 100644 --- a/2024/CVE-2024-0012.json +++ b/2024/CVE-2024-0012.json @@ -45,10 +45,10 @@ "description": "CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) RCE POC", "fork": false, "created_at": "2024-11-19T11:30:25Z", - "updated_at": "2024-11-26T02:13:08Z", + "updated_at": "2024-12-01T00:06:22Z", "pushed_at": "2024-11-19T11:37:09Z", - "stargazers_count": 12, - "watchers_count": 12, + "stargazers_count": 13, + "watchers_count": 13, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 4, - "watchers": 12, + "watchers": 13, "score": 0, "subscribers_count": 1 }, @@ -236,7 +236,7 @@ "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -247,7 +247,7 @@ "paloaltonetworks" ], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 0, "score": 0, "subscribers_count": 0 diff --git a/2024/CVE-2024-11477.json b/2024/CVE-2024-11477.json index 4ac298f5fb..eee3a528f3 100644 --- a/2024/CVE-2024-11477.json +++ b/2024/CVE-2024-11477.json @@ -14,10 +14,10 @@ "description": "CVE-2024-11477 7Zip Code Execution Writeup and Analysis", "fork": false, "created_at": "2024-11-29T06:13:36Z", - "updated_at": "2024-11-30T14:03:16Z", + "updated_at": "2024-11-30T23:16:16Z", "pushed_at": "2024-11-29T21:02:56Z", - "stargazers_count": 12, - "watchers_count": 12, + "stargazers_count": 14, + "watchers_count": 14, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 5, - "watchers": 12, + "watchers": 14, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-25600.json b/2024/CVE-2024-25600.json index b6395cf4b1..1be8a3565b 100644 --- a/2024/CVE-2024-25600.json +++ b/2024/CVE-2024-25600.json @@ -76,10 +76,10 @@ "description": "This tool is designed to exploit the CVE-2024-25600 vulnerability found in the Bricks Builder plugin for WordPress. The vulnerability allows for unauthenticated remote code execution on affected websites. The tool automates the exploitation process by retrieving nonces and sending specially crafted requests to execute arbitrary commands.", "fork": false, "created_at": "2024-02-22T10:53:45Z", - "updated_at": "2024-08-26T06:01:17Z", + "updated_at": "2024-12-01T00:14:42Z", "pushed_at": "2024-02-22T10:54:26Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -88,7 +88,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 2 }, diff --git a/2024/CVE-2024-27198.json b/2024/CVE-2024-27198.json index b36c05e3d2..bc1de91807 100644 --- a/2024/CVE-2024-27198.json +++ b/2024/CVE-2024-27198.json @@ -293,7 +293,7 @@ "stargazers_count": 26, "watchers_count": 26, "has_discussions": false, - "forks_count": 3, + "forks_count": 2, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -310,7 +310,7 @@ "teamcity" ], "visibility": "public", - "forks": 3, + "forks": 2, "watchers": 26, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-30088.json b/2024/CVE-2024-30088.json index c7b37bc828..771d7c9341 100644 --- a/2024/CVE-2024-30088.json +++ b/2024/CVE-2024-30088.json @@ -107,10 +107,10 @@ "description": "Kernel exploit for Xbox SystemOS using CVE-2024-30088", "fork": false, "created_at": "2024-07-15T08:07:05Z", - "updated_at": "2024-11-28T03:05:52Z", + "updated_at": "2024-11-30T19:19:14Z", "pushed_at": "2024-09-08T21:23:34Z", - "stargazers_count": 418, - "watchers_count": 418, + "stargazers_count": 419, + "watchers_count": 419, "has_discussions": false, "forks_count": 31, "allow_forking": true, @@ -119,7 +119,7 @@ "topics": [], "visibility": "public", "forks": 31, - "watchers": 418, + "watchers": 419, "score": 0, "subscribers_count": 18 }, diff --git a/2024/CVE-2024-34102.json b/2024/CVE-2024-34102.json index bf28e54799..3846cd2567 100644 --- a/2024/CVE-2024-34102.json +++ b/2024/CVE-2024-34102.json @@ -197,10 +197,10 @@ "user_view_type": "public" }, "html_url": "https:\/\/github.com\/0x0d3ad\/CVE-2024-34102", - "description": "Magento XXE (CVE-2024-34102)", + "description": "CVE-2024-34102 (Magento XXE)", "fork": false, "created_at": "2024-06-30T16:49:26Z", - "updated_at": "2024-07-07T16:06:06Z", + "updated_at": "2024-11-30T19:29:05Z", "pushed_at": "2024-07-01T17:42:30Z", "stargazers_count": 2, "watchers_count": 2, diff --git a/2024/CVE-2024-36401.json b/2024/CVE-2024-36401.json index b51a363a23..c412bd2cd0 100644 --- a/2024/CVE-2024-36401.json +++ b/2024/CVE-2024-36401.json @@ -483,11 +483,11 @@ "user_view_type": "public" }, "html_url": "https:\/\/github.com\/0x0d3ad\/CVE-2024-36401", - "description": "CVE-2024-36401 GeoServer Remote Code Execution", + "description": "CVE-2024-36401 (GeoServer Remote Code Execution)", "fork": false, "created_at": "2024-11-27T19:13:49Z", - "updated_at": "2024-11-28T01:53:47Z", - "pushed_at": "2024-11-27T19:20:14Z", + "updated_at": "2024-11-30T19:28:17Z", + "pushed_at": "2024-11-30T19:28:14Z", "stargazers_count": 2, "watchers_count": 2, "has_discussions": false, diff --git a/2024/CVE-2024-42327.json b/2024/CVE-2024-42327.json new file mode 100644 index 0000000000..980fa18102 --- /dev/null +++ b/2024/CVE-2024-42327.json @@ -0,0 +1,33 @@ +[ + { + "id": 896657083, + "name": "cve-2024-42327", + "full_name": "aramosf\/cve-2024-42327", + "owner": { + "login": "aramosf", + "id": 3511842, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/3511842?v=4", + "html_url": "https:\/\/github.com\/aramosf", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/aramosf\/cve-2024-42327", + "description": "cve-2024-42327 ZBX-25623", + "fork": false, + "created_at": "2024-12-01T00:15:27Z", + "updated_at": "2024-12-01T00:23:17Z", + "pushed_at": "2024-12-01T00:23:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-6387.json b/2024/CVE-2024-6387.json index 3cddb6933a..6a840205d4 100644 --- a/2024/CVE-2024-6387.json +++ b/2024/CVE-2024-6387.json @@ -2884,5 +2884,36 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 896590705, + "name": "CVE-2024-6387", + "full_name": "oxapavan\/CVE-2024-6387", + "owner": { + "login": "oxapavan", + "id": 106510266, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/106510266?v=4", + "html_url": "https:\/\/github.com\/oxapavan", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/oxapavan\/CVE-2024-6387", + "description": "Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)", + "fork": false, + "created_at": "2024-11-30T19:14:05Z", + "updated_at": "2024-11-30T19:41:03Z", + "pushed_at": "2024-11-30T19:40:59Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/2024/CVE-2024-8309.json b/2024/CVE-2024-8309.json index d1136b91af..4d036ac277 100644 --- a/2024/CVE-2024-8309.json +++ b/2024/CVE-2024-8309.json @@ -14,7 +14,7 @@ "description": "A PoC for CVE-2024–8309", "fork": false, "created_at": "2024-09-28T17:11:52Z", - "updated_at": "2024-11-28T08:05:10Z", + "updated_at": "2024-11-30T19:40:18Z", "pushed_at": "2024-10-05T20:40:16Z", "stargazers_count": 2, "watchers_count": 2, diff --git a/2024/CVE-2024-9935.json b/2024/CVE-2024-9935.json index 22d8cd599b..366e35188b 100644 --- a/2024/CVE-2024-9935.json +++ b/2024/CVE-2024-9935.json @@ -14,10 +14,10 @@ "description": "PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download", "fork": false, "created_at": "2024-11-18T10:14:45Z", - "updated_at": "2024-11-19T09:28:54Z", + "updated_at": "2024-11-30T21:26:29Z", "pushed_at": "2024-11-18T10:15:49Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 2, + "watchers_count": 2, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 1, + "watchers": 2, "score": 0, "subscribers_count": 1 } diff --git a/README.md b/README.md index c1cdc7c419..9368cf929b 100644 --- a/README.md +++ b/README.md @@ -1426,6 +1426,7 @@ - [identity-threat-labs/CVE-2024-6387-Vulnerability-Checker](https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker) - [identity-threat-labs/Article-RegreSSHion-CVE-2024-6387](https://github.com/identity-threat-labs/Article-RegreSSHion-CVE-2024-6387) - [YassDEV221608/CVE-2024-6387](https://github.com/YassDEV221608/CVE-2024-6387) +- [oxapavan/CVE-2024-6387](https://github.com/oxapavan/CVE-2024-6387) ### CVE-2024-6473 (2024-09-03) @@ -5987,6 +5988,13 @@ - [fj016/CVE-2024-41992-PoC](https://github.com/fj016/CVE-2024-41992-PoC) +### CVE-2024-42327 (2024-11-27) + +A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. + + +- [aramosf/cve-2024-42327](https://github.com/aramosf/cve-2024-42327) + ### CVE-2024-42346 (2024-09-20) Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability. @@ -7257,6 +7265,7 @@ - [overgrowncarrot1/CVE-2023-0297](https://github.com/overgrowncarrot1/CVE-2023-0297) - [btar1gan/exploit_CVE-2023-0297](https://github.com/btar1gan/exploit_CVE-2023-0297) - [S4MY9/CVE-2023-0297](https://github.com/S4MY9/CVE-2023-0297) +- [oxapavan/CVE-2023-0297](https://github.com/oxapavan/CVE-2023-0297) ### CVE-2023-0315 (2023-01-16) @@ -13276,6 +13285,7 @@ - [0xDTC/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425](https://github.com/0xDTC/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425) - [h3athen/CVE-2023-41425](https://github.com/h3athen/CVE-2023-41425) - [Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE](https://github.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE) +- [0x0d3ad/CVE-2023-41425](https://github.com/0x0d3ad/CVE-2023-41425) ### CVE-2023-41436 (2023-09-15) @@ -20564,6 +20574,7 @@ - [GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925](https://github.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925) - [aels/CVE-2022-37042](https://github.com/aels/CVE-2022-37042) - [0xf4n9x/CVE-2022-37042](https://github.com/0xf4n9x/CVE-2022-37042) +- [romero-javi/zimbra8_lab](https://github.com/romero-javi/zimbra8_lab) ### CVE-2022-37177 (2022-08-29) @@ -48396,7 +48407,7 @@ The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. -- [ChristianPapathanasiou/jboss-autopwn](https://github.com/ChristianPapathanasiou/jboss-autopwn) +- [1872892142/jboss-autopwn-1](https://github.com/1872892142/jboss-autopwn-1) - [gitcollect/jboss-autopwn](https://github.com/gitcollect/jboss-autopwn) ### CVE-2010-1205 (2010-06-30)