mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/09/09 00:29:39

Browse source
This commit is contained in:
motikan2010-bot 2024-09-09 09:29:39 +09:00
parent a3e9f26fb4
commit d3d4206a44
20 changed files with 174 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2017/CVE-2017-16778.json
View file

@ -13,10 +13,10 @@
"description": "A coordinated disclosure and security advisory on Fermax Intercom DTML Injection vulneraiblity. Special thanks to Fermax International for prompt responses and allowing details to be publicized.",
"fork": false,
"created_at": "2019-12-20T07:20:50Z",
"updated_at": "2024-09-08T05:23:11Z",
"updated_at": "2024-09-08T21:31:20Z",
"pushed_at": "2020-07-30T19:15:08Z",
"stargazers_count": 7,
"watchers_count": 7,
"stargazers_count": 8,
"watchers_count": 8,
"has_discussions": false,
"forks_count": 1,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 1,
"watchers": 7,
"watchers": 8,
"score": 0,
"subscribers_count": 1
}

4
2017/CVE-2017-5638.json
View file

@ -2137,8 +2137,8 @@
"description": "This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2, exploitable via a crafted Content-Type HTTP header.",
"fork": false,
"created_at": "2024-09-04T19:59:29Z",
"updated_at": "2024-09-06T01:18:00Z",
"pushed_at": "2024-09-06T01:17:58Z",
"updated_at": "2024-09-09T00:08:48Z",
"pushed_at": "2024-09-09T00:08:45Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2020/CVE-2020-0796.json
View file

@ -1395,13 +1395,13 @@
"stargazers_count": 11,
"watchers_count": 11,
"has_discussions": false,
"forks_count": 17,
"forks_count": 18,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 17,
"forks": 18,
"watchers": 11,
"score": 0,
"subscribers_count": 1
@ -1605,13 +1605,13 @@
"stargazers_count": 256,
"watchers_count": 256,
"has_discussions": false,
"forks_count": 50,
"forks_count": 51,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 50,
"forks": 51,
"watchers": 256,
"score": 0,
"subscribers_count": 7

8
2020/CVE-2020-1472.json
View file

@ -43,10 +43,10 @@
"description": "Test tool for CVE-2020-1472",
"fork": false,
"created_at": "2020-09-08T08:58:37Z",
"updated_at": "2024-09-04T06:52:00Z",
"updated_at": "2024-09-08T22:19:26Z",
"pushed_at": "2023-07-20T10:51:42Z",
"stargazers_count": 1719,
"watchers_count": 1719,
"stargazers_count": 1720,
"watchers_count": 1720,
"has_discussions": false,
"forks_count": 357,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 357,
"watchers": 1719,
"watchers": 1720,
"score": 0,
"subscribers_count": 87
},

32
2022/CVE-2022-0944.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 854311848,
"name": "CVE-2022-0944",
"full_name": "shhrew\/CVE-2022-0944",
"owner": {
"login": "shhrew",
"id": 179271961,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/179271961?v=4",
"html_url": "https:\/\/github.com\/shhrew"
},
"html_url": "https:\/\/github.com\/shhrew\/CVE-2022-0944",
"description": "A proof of concept exploit for SQLPad RCE (CVE-2022-0944).",
"fork": false,
"created_at": "2024-09-08T23:39:24Z",
"updated_at": "2024-09-08T23:57:31Z",
"pushed_at": "2024-09-08T23:57:27Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2022/CVE-2022-22972.json
View file

@ -13,10 +13,10 @@
"description": null,
"fork": false,
"created_at": "2022-05-24T20:19:55Z",
"updated_at": "2024-08-12T20:23:32Z",
"updated_at": "2024-09-08T19:54:27Z",
"pushed_at": "2022-05-26T16:07:18Z",
"stargazers_count": 154,
"watchers_count": 154,
"stargazers_count": 155,
"watchers_count": 155,
"has_discussions": false,
"forks_count": 31,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 31,
"watchers": 154,
"watchers": 155,
"score": 0,
"subscribers_count": 5
},

12
2023/CVE-2023-38831.json
View file

@ -43,10 +43,10 @@
"description": "CVE-2023-38831 winrar exploit generator",
"fork": false,
"created_at": "2023-08-25T09:44:08Z",
"updated_at": "2024-08-22T22:49:47Z",
"updated_at": "2024-09-08T18:51:40Z",
"pushed_at": "2023-11-26T06:46:44Z",
"stargazers_count": 781,
"watchers_count": 781,
"stargazers_count": 782,
"watchers_count": 782,
"has_discussions": false,
"forks_count": 138,
"allow_forking": true,
@ -59,7 +59,7 @@
],
"visibility": "public",
"forks": 138,
"watchers": 781,
"watchers": 782,
"score": 0,
"subscribers_count": 9
},
@ -142,7 +142,7 @@
"stargazers_count": 116,
"watchers_count": 116,
"has_discussions": false,
"forks_count": 19,
"forks_count": 17,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -155,7 +155,7 @@
"winrar"
],
"visibility": "public",
"forks": 19,
"forks": 17,
"watchers": 116,
"score": 0,
"subscribers_count": 2

8
2023/CVE-2023-44976.json
View file

@ -13,10 +13,10 @@
"description": "A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering them ineffective, working for both x32 and x64(CVE-2023-44976).",
"fork": false,
"created_at": "2023-10-01T18:24:38Z",
"updated_at": "2024-09-03T17:17:26Z",
"updated_at": "2024-09-08T23:11:31Z",
"pushed_at": "2024-07-06T23:35:51Z",
"stargazers_count": 79,
"watchers_count": 79,
"stargazers_count": 80,
"watchers_count": 80,
"has_discussions": false,
"forks_count": 12,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 12,
"watchers": 79,
"watchers": 80,
"score": 0,
"subscribers_count": 2
}

8
2023/CVE-2023-45866.json
View file

@ -13,10 +13,10 @@
"description": "🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard)",
"fork": false,
"created_at": "2024-01-16T06:52:02Z",
"updated_at": "2024-09-08T03:16:52Z",
"updated_at": "2024-09-08T22:14:25Z",
"pushed_at": "2024-08-18T08:26:46Z",
"stargazers_count": 1131,
"watchers_count": 1131,
"stargazers_count": 1132,
"watchers_count": 1132,
"has_discussions": false,
"forks_count": 194,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 194,
"watchers": 1131,
"watchers": 1132,
"score": 0,
"subscribers_count": 22
},

2
2024/CVE-2024-23692.json
View file

@ -223,7 +223,7 @@
"description": "CVE-2024-23692 Exploit",
"fork": false,
"created_at": "2024-06-18T03:27:47Z",
"updated_at": "2024-08-30T08:08:28Z",
"updated_at": "2024-09-08T23:11:14Z",
"pushed_at": "2024-06-18T04:06:25Z",
"stargazers_count": 10,
"watchers_count": 10,

8
2024/CVE-2024-23897.json
View file

@ -13,10 +13,10 @@
"description": "Workaround for disabling the CLI to mitigate SECURITY-3314\/CVE-2024-23897 and SECURITY-3315\/CVE-2024-23898",
"fork": false,
"created_at": "2024-01-23T19:19:04Z",
"updated_at": "2024-08-22T05:33:22Z",
"updated_at": "2024-09-08T23:05:41Z",
"pushed_at": "2024-02-20T14:13:25Z",
"stargazers_count": 7,
"watchers_count": 7,
"stargazers_count": 8,
"watchers_count": 8,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 2,
"watchers": 7,
"watchers": 8,
"score": 0,
"subscribers_count": 6
},

8
2024/CVE-2024-24401.json
View file

@ -13,10 +13,10 @@
"description": "Auto exploitation tool for CVE-2024-24401. ",
"fork": false,
"created_at": "2024-02-18T20:05:46Z",
"updated_at": "2024-09-08T17:12:59Z",
"updated_at": "2024-09-08T22:34:03Z",
"pushed_at": "2024-09-07T03:02:43Z",
"stargazers_count": 19,
"watchers_count": 19,
"stargazers_count": 20,
"watchers_count": 20,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 19,
"watchers": 20,
"score": 0,
"subscribers_count": 1
}

4
2024/CVE-2024-30088.json
View file

@ -103,8 +103,8 @@
"description": "Kernel exploit for Xbox SystemOS using CVE-2024-30088",
"fork": false,
"created_at": "2024-07-15T08:07:05Z",
"updated_at": "2024-09-08T11:44:33Z",
"pushed_at": "2024-08-19T15:29:58Z",
"updated_at": "2024-09-08T21:23:38Z",
"pushed_at": "2024-09-08T21:23:34Z",
"stargazers_count": 343,
"watchers_count": 343,
"has_discussions": false,

8
2024/CVE-2024-3094.json
View file

@ -982,10 +982,10 @@
"description": "notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)",
"fork": false,
"created_at": "2024-04-01T14:28:09Z",
"updated_at": "2024-09-08T18:00:35Z",
"updated_at": "2024-09-08T19:43:07Z",
"pushed_at": "2024-04-03T04:58:50Z",
"stargazers_count": 3484,
"watchers_count": 3484,
"stargazers_count": 3485,
"watchers_count": 3485,
"has_discussions": false,
"forks_count": 233,
"allow_forking": true,
@ -994,7 +994,7 @@
"topics": [],
"visibility": "public",
"forks": 233,
"watchers": 3484,
"watchers": 3485,
"score": 0,
"subscribers_count": 39
},

32
2024/CVE-2024-34831.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 854315476,
"name": "CVE-2024-34831",
"full_name": "enzored\/CVE-2024-34831",
"owner": {
"login": "enzored",
"id": 4228172,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/4228172?v=4",
"html_url": "https:\/\/github.com\/enzored"
},
"html_url": "https:\/\/github.com\/enzored\/CVE-2024-34831",
"description": "Disclosure of CVE-2024-34831",
"fork": false,
"created_at": "2024-09-08T23:58:09Z",
"updated_at": "2024-09-09T00:11:21Z",
"pushed_at": "2024-09-09T00:11:18Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

16
2024/CVE-2024-38063.json
View file

@ -256,10 +256,10 @@
"description": "poc for CVE-2024-38063 (RCE in tcpip.sys)",
"fork": false,
"created_at": "2024-08-24T18:25:46Z",
"updated_at": "2024-09-08T17:40:00Z",
"updated_at": "2024-09-08T23:18:29Z",
"pushed_at": "2024-08-27T12:22:39Z",
"stargazers_count": 545,
"watchers_count": 545,
"stargazers_count": 547,
"watchers_count": 547,
"has_discussions": false,
"forks_count": 100,
"allow_forking": true,
@ -268,7 +268,7 @@
"topics": [],
"visibility": "public",
"forks": 100,
"watchers": 545,
"watchers": 547,
"score": 0,
"subscribers_count": 4
},
@ -351,13 +351,13 @@
"stargazers_count": 4,
"watchers_count": 4,
"has_discussions": false,
"forks_count": 3,
"forks_count": 4,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 3,
"forks": 4,
"watchers": 4,
"score": 0,
"subscribers_count": 1
@ -501,13 +501,13 @@
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 1,
"forks_count": 2,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 1,
"forks": 2,
"watchers": 0,
"score": 0,
"subscribers_count": 1

32
2024/CVE-2024-45058.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 850037289,
"name": "CVE-2024-45058",
"full_name": "0xbhsu\/CVE-2024-45058",
"owner": {
"login": "0xbhsu",
"id": 152667761,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/152667761?v=4",
"html_url": "https:\/\/github.com\/0xbhsu"
},
"html_url": "https:\/\/github.com\/0xbhsu\/CVE-2024-45058",
"description": "PoC for CVE-2024-45058 Broken Access Control, allowing any user with view permission in the user configuration section to become an administrator changing their own user type.",
"fork": false,
"created_at": "2024-08-30T18:44:05Z",
"updated_at": "2024-09-08T20:02:26Z",
"pushed_at": "2024-09-08T20:01:54Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2024/CVE-2024-5932.json
View file

@ -13,10 +13,10 @@
"description": "Proof-of-Concept for CVE-2024-5932",
"fork": false,
"created_at": "2024-08-25T11:51:36Z",
"updated_at": "2024-09-08T09:54:57Z",
"updated_at": "2024-09-08T22:04:44Z",
"pushed_at": "2024-08-29T02:13:12Z",
"stargazers_count": 38,
"watchers_count": 38,
"stargazers_count": 39,
"watchers_count": 39,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
@ -36,7 +36,7 @@
],
"visibility": "public",
"forks": 7,
"watchers": 38,
"watchers": 39,
"score": 0,
"subscribers_count": 1
}

51
2024/CVE-2024-6386.json
View file

@ -1,51 +1,4 @@
[
{
"id": 850041245,
"name": "CVE-2024-6386",
"full_name": "realbotnet\/CVE-2024-6386",
"owner": {
"login": "realbotnet",
"id": 178095526,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/178095526?v=4",
"html_url": "https:\/\/github.com\/realbotnet"
},
"html_url": "https:\/\/github.com\/realbotnet\/CVE-2024-6386",
"description": "CVE-2024-6386 - Wordpress WPML (WordPress Multilingual Plugin) ≤ 4.6.12. RCE Exploit 0Day (300K Sites Vulnerability) -- Telegram: @bl4ckhatx",
"fork": false,
"created_at": "2024-08-30T18:54:01Z",
"updated_at": "2024-09-06T16:03:52Z",
"pushed_at": "2024-09-06T16:02:27Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"0day",
"code",
"cve",
"cve-2024",
"exploit",
"hack",
"injection",
"rce",
"remote",
"shell",
"tool",
"unauth",
"vuln",
"vulnaribility",
"wordpress",
"wp"
],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
},
{
"id": 852855160,
"name": "CVE-2024-6386",
@ -60,8 +13,8 @@
"description": "Research and PoC for CVE-2024-6386",
"fork": false,
"created_at": "2024-09-05T14:44:36Z",
"updated_at": "2024-09-06T16:49:27Z",
"pushed_at": "2024-09-06T16:36:51Z",
"updated_at": "2024-09-08T19:09:39Z",
"pushed_at": "2024-09-08T19:09:36Z",
"stargazers_count": 2,
"watchers_count": 2,
"has_discussions": false,

18
README.md
View file

@ -1121,7 +1121,6 @@
<code>The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
</code>
- [realbotnet/CVE-2024-6386](https://github.com/realbotnet/CVE-2024-6386)
- [Argendo/CVE-2024-6386](https://github.com/Argendo/CVE-2024-6386)
### CVE-2024-6387 (2024-07-01)
@ -3851,6 +3850,9 @@
- [aelmokhtar/CVE-2024-34716_PoC](https://github.com/aelmokhtar/CVE-2024-34716_PoC)
### CVE-2024-34831
- [enzored/CVE-2024-34831](https://github.com/enzored/CVE-2024-34831)
### CVE-2024-34832 (-)
<code>Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
@ -4717,6 +4719,13 @@
- [Abdurahmon3236/CVE-2024-44947](https://github.com/Abdurahmon3236/CVE-2024-44947)
### CVE-2024-45058 (2024-08-28)
<code>i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue.
</code>
- [0xbhsu/CVE-2024-45058](https://github.com/0xbhsu/CVE-2024-45058)
### CVE-2024-45163 (2024-08-22)
<code>The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.
@ -13240,6 +13249,13 @@
- [NathanMulbrook/CVE-2022-0918](https://github.com/NathanMulbrook/CVE-2022-0918)
### CVE-2022-0944 (2022-03-15)
<code>Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
</code>
- [shhrew/CVE-2022-0944](https://github.com/shhrew/CVE-2022-0944)
### CVE-2022-0952 (2022-05-02)
<code>The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog.