From e6540371cd10cde2356d883226c91e978e090ee3 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Thu, 16 Apr 2020 12:08:05 +0900 Subject: [PATCH] Auto Update 2020/04/16 12:08:05 --- 2003/CVE-2003-0264.json | 46 +++ 2014/CVE-2014-4210.json | 12 +- 2016/CVE-2016-0638.json | 12 +- 2017/CVE-2017-0144.json | 4 +- 2017/CVE-2017-0199.json | 230 ++++++++++++++ 2017/CVE-2017-0213.json | 23 ++ 2017/CVE-2017-0478.json | 23 ++ 2017/CVE-2017-0541.json | 23 ++ 2017/CVE-2017-15303.json | 8 +- 2017/CVE-2017-2370.json | 69 ++++ 2017/CVE-2017-3248.json | 12 +- 2017/CVE-2017-3730.json | 23 ++ 2017/CVE-2017-3881.json | 92 ++++++ 2017/CVE-2017-5638.json | 667 +++++++++++++++++++++++++++++++++++++++ 2017/CVE-2017-5689.json | 69 ++++ 2017/CVE-2017-6971.json | 23 ++ 2017/CVE-2017-7269.json | 253 +++++++++++++++ 2017/CVE-2017-7494.json | 69 ++++ 2017/CVE-2017-8295.json | 46 +++ 2017/CVE-2017-8917.json | 23 ++ 2017/CVE-2017-9430.json | 23 ++ 2017/CVE-2017-9805.json | 8 +- 2018/CVE-2018-14847.json | 4 +- 2018/CVE-2018-2628.json | 12 +- 2019/CVE-2019-0708.json | 16 +- 2019/CVE-2019-14040.json | 8 +- 2019/CVE-2019-15126.json | 8 +- 2019/CVE-2019-2618.json | 24 +- 2020/CVE-2020-0683.json | 8 +- 2020/CVE-2020-0753.json | 8 +- 2020/CVE-2020-0796.json | 20 +- 2020/CVE-2020-0905.json | 8 +- 2020/CVE-2020-10239.json | 12 +- 2020/CVE-2020-1938.json | 20 +- 2020/CVE-2020-2546.json | 12 +- 2020/CVE-2020-2551.json | 20 +- 2020/CVE-2020-3952.json | 22 +- 2020/CVE-2020-4276.json | 8 +- 2020/CVE-2020-5260.json | 12 +- 2020/CVE-2020-7931.json | 4 +- 2020/CVE-2020-8515.json | 16 +- 2020/CVE-2020-8840.json | 4 +- README.md | 255 +++++++++++++++ 43 files changed, 2108 insertions(+), 151 deletions(-) diff --git a/2003/CVE-2003-0264.json b/2003/CVE-2003-0264.json index 06b1b3f7c8..f23c214f97 100644 --- a/2003/CVE-2003-0264.json +++ b/2003/CVE-2003-0264.json @@ -22,6 +22,29 @@ "watchers": 0, "score": 0 }, + { + "id": 149023804, + "name": "slmail-exploit", + "full_name": "fyoderxx\/slmail-exploit", + "owner": { + "login": "fyoderxx", + "id": 31161670, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/31161670?v=4", + "html_url": "https:\/\/github.com\/fyoderxx" + }, + "html_url": "https:\/\/github.com\/fyoderxx\/slmail-exploit", + "description": "Exploit SLmail Buffer Overflow CVE-2003-0264", + "fork": false, + "created_at": "2018-09-16T18:27:16Z", + "updated_at": "2018-10-02T13:56:19Z", + "pushed_at": "2018-10-01T18:03:48Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 162499093, "name": "CVE-2003-0264", @@ -44,5 +67,28 @@ "forks": 0, "watchers": 0, "score": 0 + }, + { + "id": 247077498, + "name": "CVE-2003-0264-SLmail-5.5", + "full_name": "pwncone\/CVE-2003-0264-SLmail-5.5", + "owner": { + "login": "pwncone", + "id": 57570315, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/57570315?v=4", + "html_url": "https:\/\/github.com\/pwncone" + }, + "html_url": "https:\/\/github.com\/pwncone\/CVE-2003-0264-SLmail-5.5", + "description": "A POC remote buffer overflow for CVE-2003-0264 - SLMail 5.5", + "fork": false, + "created_at": "2020-03-13T13:27:56Z", + "updated_at": "2020-03-13T13:31:38Z", + "pushed_at": "2020-03-13T13:31:36Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 } ] \ No newline at end of file diff --git a/2014/CVE-2014-4210.json b/2014/CVE-2014-4210.json index 7445bec879..ebdf926e9e 100644 --- a/2014/CVE-2014-4210.json +++ b/2014/CVE-2014-4210.json @@ -36,13 +36,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-04-15T14:08:16Z", + "updated_at": "2020-04-16T01:09:09Z", "pushed_at": "2020-03-27T09:16:40Z", - "stargazers_count": 369, - "watchers_count": 369, - "forks_count": 75, - "forks": 75, - "watchers": 369, + "stargazers_count": 370, + "watchers_count": 370, + "forks_count": 76, + "forks": 76, + "watchers": 370, "score": 0 } ] \ No newline at end of file diff --git a/2016/CVE-2016-0638.json b/2016/CVE-2016-0638.json index c70156bc93..47eb5586fb 100644 --- a/2016/CVE-2016-0638.json +++ b/2016/CVE-2016-0638.json @@ -13,13 +13,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-04-15T14:08:16Z", + "updated_at": "2020-04-16T01:09:09Z", "pushed_at": "2020-03-27T09:16:40Z", - "stargazers_count": 369, - "watchers_count": 369, - "forks_count": 75, - "forks": 75, - "watchers": 369, + "stargazers_count": 370, + "watchers_count": 370, + "forks_count": 76, + "forks": 76, + "watchers": 370, "score": 0 } ] \ No newline at end of file diff --git a/2017/CVE-2017-0144.json b/2017/CVE-2017-0144.json index b91b44306d..a58bd5ea1a 100644 --- a/2017/CVE-2017-0144.json +++ b/2017/CVE-2017-0144.json @@ -17,8 +17,8 @@ "pushed_at": "2019-07-23T19:24:01Z", "stargazers_count": 259, "watchers_count": 259, - "forks_count": 103, - "forks": 103, + "forks_count": 102, + "forks": 102, "watchers": 259, "score": 0 }, diff --git a/2017/CVE-2017-0199.json b/2017/CVE-2017-0199.json index a50dc3c2e1..6b0acef6eb 100644 --- a/2017/CVE-2017-0199.json +++ b/2017/CVE-2017-0199.json @@ -1,4 +1,50 @@ [ + { + "id": 88117490, + "name": "CVE-2017-0199", + "full_name": "ryhanson\/CVE-2017-0199", + "owner": { + "login": "ryhanson", + "id": 3486433, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/3486433?v=4", + "html_url": "https:\/\/github.com\/ryhanson" + }, + "html_url": "https:\/\/github.com\/ryhanson\/CVE-2017-0199", + "description": null, + "fork": false, + "created_at": "2017-04-13T02:41:36Z", + "updated_at": "2017-04-13T02:41:36Z", + "pushed_at": "2017-04-13T02:41:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 88185964, + "name": "cve-2017-0199", + "full_name": "SyFi\/cve-2017-0199", + "owner": { + "login": "SyFi", + "id": 26314806, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/26314806?v=4", + "html_url": "https:\/\/github.com\/SyFi" + }, + "html_url": "https:\/\/github.com\/SyFi\/cve-2017-0199", + "description": null, + "fork": false, + "created_at": "2017-04-13T16:40:27Z", + "updated_at": "2019-12-06T00:55:16Z", + "pushed_at": "2017-04-13T16:45:10Z", + "stargazers_count": 12, + "watchers_count": 12, + "forks_count": 7, + "forks": 7, + "watchers": 12, + "score": 0 + }, { "id": 88486475, "name": "CVE-2017-0199", @@ -22,6 +68,190 @@ "watchers": 621, "score": 0 }, + { + "id": 88590374, + "name": "CVE-2017-0199-Fix", + "full_name": "NotAwful\/CVE-2017-0199-Fix", + "owner": { + "login": "NotAwful", + "id": 25178947, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/25178947?v=4", + "html_url": "https:\/\/github.com\/NotAwful" + }, + "html_url": "https:\/\/github.com\/NotAwful\/CVE-2017-0199-Fix", + "description": "Quick and dirty fix to OLE2 executing code via .hta", + "fork": false, + "created_at": "2017-04-18T06:33:45Z", + "updated_at": "2018-03-18T10:23:47Z", + "pushed_at": "2017-04-24T20:48:36Z", + "stargazers_count": 14, + "watchers_count": 14, + "forks_count": 1, + "forks": 1, + "watchers": 14, + "score": 0 + }, + { + "id": 88700030, + "name": "CVE-2017-0199-master", + "full_name": "haibara3839\/CVE-2017-0199-master", + "owner": { + "login": "haibara3839", + "id": 17246565, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/17246565?v=4", + "html_url": "https:\/\/github.com\/haibara3839" + }, + "html_url": "https:\/\/github.com\/haibara3839\/CVE-2017-0199-master", + "description": "CVE-2017-0199", + "fork": false, + "created_at": "2017-04-19T04:15:54Z", + "updated_at": "2018-11-12T16:42:51Z", + "pushed_at": "2017-04-19T04:25:47Z", + "stargazers_count": 15, + "watchers_count": 15, + "forks_count": 9, + "forks": 9, + "watchers": 15, + "score": 0 + }, + { + "id": 89043209, + "name": "CVE-2017-0199", + "full_name": "Exploit-install\/CVE-2017-0199", + "owner": { + "login": "Exploit-install", + "id": 13824191, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/13824191?v=4", + "html_url": "https:\/\/github.com\/Exploit-install" + }, + "html_url": "https:\/\/github.com\/Exploit-install\/CVE-2017-0199", + "description": "Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit \/ meterpreter \/ any other payload to victim without any complex configuration.", + "fork": false, + "created_at": "2017-04-22T04:01:38Z", + "updated_at": "2020-04-07T06:30:43Z", + "pushed_at": "2017-04-22T04:01:54Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 11, + "forks": 11, + "watchers": 7, + "score": 0 + }, + { + "id": 89065031, + "name": "PoC-CVE-2017-0199", + "full_name": "zakybstrd21215\/PoC-CVE-2017-0199", + "owner": { + "login": "zakybstrd21215", + "id": 22362343, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/22362343?v=4", + "html_url": "https:\/\/github.com\/zakybstrd21215" + }, + "html_url": "https:\/\/github.com\/zakybstrd21215\/PoC-CVE-2017-0199", + "description": "Exploit toolkit for vulnerability RCE Microsoft RTF", + "fork": false, + "created_at": "2017-04-22T11:32:39Z", + "updated_at": "2019-02-02T15:31:28Z", + "pushed_at": "2017-04-22T11:35:38Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 89145802, + "name": "CVE-2017-0199", + "full_name": "n1shant-sinha\/CVE-2017-0199", + "owner": { + "login": "n1shant-sinha", + "id": 8848453, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/8848453?v=4", + "html_url": "https:\/\/github.com\/n1shant-sinha" + }, + "html_url": "https:\/\/github.com\/n1shant-sinha\/CVE-2017-0199", + "description": "Exploit toolkit CVE-2017-0199 - v2.0 is a handy python script which provides a quick and effective way to exploit Microsoft RTF RCE. It could generate a malicious RTF file and deliver metasploit \/ meterpreter payload to victim without any complex configuration.", + "fork": false, + "created_at": "2017-04-23T13:58:30Z", + "updated_at": "2018-10-18T14:32:17Z", + "pushed_at": "2017-04-23T14:05:24Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 89296859, + "name": "htattack", + "full_name": "kn0wm4d\/htattack", + "owner": { + "login": "kn0wm4d", + "id": 15344287, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/15344287?v=4", + "html_url": "https:\/\/github.com\/kn0wm4d" + }, + "html_url": "https:\/\/github.com\/kn0wm4d\/htattack", + "description": "An exploit implementation for RCE in RTF & DOCs (CVE-2017-0199)", + "fork": false, + "created_at": "2017-04-24T23:44:31Z", + "updated_at": "2020-04-07T06:30:15Z", + "pushed_at": "2017-04-24T23:45:18Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 3, + "forks": 3, + "watchers": 3, + "score": 0 + }, + { + "id": 89314149, + "name": "Cve-2017-0199", + "full_name": "joke998\/Cve-2017-0199", + "owner": { + "login": "joke998", + "id": 25948923, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/25948923?v=4", + "html_url": "https:\/\/github.com\/joke998" + }, + "html_url": "https:\/\/github.com\/joke998\/Cve-2017-0199", + "description": null, + "fork": false, + "created_at": "2017-04-25T03:38:15Z", + "updated_at": "2017-04-25T03:38:15Z", + "pushed_at": "2017-04-25T03:38:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 89314954, + "name": "Cve-2017-0199-", + "full_name": "joke998\/Cve-2017-0199-", + "owner": { + "login": "joke998", + "id": 25948923, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/25948923?v=4", + "html_url": "https:\/\/github.com\/joke998" + }, + "html_url": "https:\/\/github.com\/joke998\/Cve-2017-0199-", + "description": "Cve-2017-0199", + "fork": false, + "created_at": "2017-04-25T03:48:53Z", + "updated_at": "2017-04-25T03:48:53Z", + "pushed_at": "2017-04-25T03:48:53Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 95870771, "name": "Microsoft-Word-CVE-2017-0199-", diff --git a/2017/CVE-2017-0213.json b/2017/CVE-2017-0213.json index d757dfa783..7ad3e745fd 100644 --- a/2017/CVE-2017-0213.json +++ b/2017/CVE-2017-0213.json @@ -1,4 +1,27 @@ [ + { + "id": 95809289, + "name": "CVE-2017-0213-", + "full_name": "shaheemirza\/CVE-2017-0213-", + "owner": { + "login": "shaheemirza", + "id": 4853436, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/4853436?v=4", + "html_url": "https:\/\/github.com\/shaheemirza" + }, + "html_url": "https:\/\/github.com\/shaheemirza\/CVE-2017-0213-", + "description": null, + "fork": false, + "created_at": "2017-06-29T18:49:44Z", + "updated_at": "2020-03-29T00:05:56Z", + "pushed_at": "2017-06-07T17:09:19Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 95974378, "name": "CVE-2017-0213", diff --git a/2017/CVE-2017-0478.json b/2017/CVE-2017-0478.json index 2c27a0a3a0..bd2b633750 100644 --- a/2017/CVE-2017-0478.json +++ b/2017/CVE-2017-0478.json @@ -1,4 +1,27 @@ [ + { + "id": 85445247, + "name": "CVE-2017-0478", + "full_name": "JiounDai\/CVE-2017-0478", + "owner": { + "login": "JiounDai", + "id": 4220640, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/4220640?v=4", + "html_url": "https:\/\/github.com\/JiounDai" + }, + "html_url": "https:\/\/github.com\/JiounDai\/CVE-2017-0478", + "description": "poc of CVE-2017-0478", + "fork": false, + "created_at": "2017-03-19T02:18:37Z", + "updated_at": "2018-08-02T19:14:29Z", + "pushed_at": "2017-03-19T02:43:19Z", + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 5, + "forks": 5, + "watchers": 8, + "score": 0 + }, { "id": 141312944, "name": "CVE-2017-0478", diff --git a/2017/CVE-2017-0541.json b/2017/CVE-2017-0541.json index adc3990671..59d8d21cb5 100644 --- a/2017/CVE-2017-0541.json +++ b/2017/CVE-2017-0541.json @@ -1,4 +1,27 @@ [ + { + "id": 87639690, + "name": "CVE-2017-0541", + "full_name": "JiounDai\/CVE-2017-0541", + "owner": { + "login": "JiounDai", + "id": 4220640, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/4220640?v=4", + "html_url": "https:\/\/github.com\/JiounDai" + }, + "html_url": "https:\/\/github.com\/JiounDai\/CVE-2017-0541", + "description": "poc and vulnerability analysis of CVE-2017-0541", + "fork": false, + "created_at": "2017-04-08T14:28:22Z", + "updated_at": "2018-11-26T08:18:04Z", + "pushed_at": "2017-04-08T14:45:44Z", + "stargazers_count": 19, + "watchers_count": 19, + "forks_count": 11, + "forks": 11, + "watchers": 19, + "score": 0 + }, { "id": 141312906, "name": "CVE-2017-0541", diff --git a/2017/CVE-2017-15303.json b/2017/CVE-2017-15303.json index 6abe67c1e5..892034421e 100644 --- a/2017/CVE-2017-15303.json +++ b/2017/CVE-2017-15303.json @@ -13,13 +13,13 @@ "description": "Multi-purpose proof-of-concept tool based on CPU-Z CVE-2017-15303", "fork": false, "created_at": "2018-02-22T05:31:13Z", - "updated_at": "2020-04-07T04:39:08Z", + "updated_at": "2020-04-15T21:22:07Z", "pushed_at": "2018-02-25T08:49:07Z", - "stargazers_count": 76, - "watchers_count": 76, + "stargazers_count": 77, + "watchers_count": 77, "forks_count": 38, "forks": 38, - "watchers": 76, + "watchers": 77, "score": 0 } ] \ No newline at end of file diff --git a/2017/CVE-2017-2370.json b/2017/CVE-2017-2370.json index 2792fc01bd..c4fc564cf5 100644 --- a/2017/CVE-2017-2370.json +++ b/2017/CVE-2017-2370.json @@ -1,4 +1,73 @@ [ + { + "id": 80148945, + "name": "extra_recipe", + "full_name": "maximehip\/extra_recipe", + "owner": { + "login": "maximehip", + "id": 6273425, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/6273425?v=4", + "html_url": "https:\/\/github.com\/maximehip" + }, + "html_url": "https:\/\/github.com\/maximehip\/extra_recipe", + "description": "Ian Beer's exploit for CVE-2017-2370 (kernel memory r\/w on iOS 10.2) https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1004", + "fork": false, + "created_at": "2017-01-26T19:47:43Z", + "updated_at": "2017-01-26T19:48:19Z", + "pushed_at": "2017-01-26T19:48:18Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 80717942, + "name": "extra_recipe", + "full_name": "JackBro\/extra_recipe", + "owner": { + "login": "JackBro", + "id": 21210712, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/21210712?v=4", + "html_url": "https:\/\/github.com\/JackBro" + }, + "html_url": "https:\/\/github.com\/JackBro\/extra_recipe", + "description": "Ian Beer's exploit for CVE-2017-2370 (kernel memory r\/w on iOS 10.2)", + "fork": false, + "created_at": "2017-02-02T11:16:38Z", + "updated_at": "2017-10-14T08:34:32Z", + "pushed_at": "2017-01-27T17:44:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 81874110, + "name": "extra_recipe-iOS-10.2", + "full_name": "Rootkitsmm\/extra_recipe-iOS-10.2", + "owner": { + "login": "Rootkitsmm", + "id": 5567904, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/5567904?v=4", + "html_url": "https:\/\/github.com\/Rootkitsmm" + }, + "html_url": "https:\/\/github.com\/Rootkitsmm\/extra_recipe-iOS-10.2", + "description": "CVE-2017-2370", + "fork": false, + "created_at": "2017-02-13T21:32:40Z", + "updated_at": "2019-01-03T05:45:15Z", + "pushed_at": "2017-02-01T11:36:26Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 3, + "forks": 3, + "watchers": 1, + "score": 0 + }, { "id": 142854846, "name": "CVE-2017-2370", diff --git a/2017/CVE-2017-3248.json b/2017/CVE-2017-3248.json index 54f90a9069..2d94be39d4 100644 --- a/2017/CVE-2017-3248.json +++ b/2017/CVE-2017-3248.json @@ -36,13 +36,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-04-15T14:08:16Z", + "updated_at": "2020-04-16T01:09:09Z", "pushed_at": "2020-03-27T09:16:40Z", - "stargazers_count": 369, - "watchers_count": 369, - "forks_count": 75, - "forks": 75, - "watchers": 369, + "stargazers_count": 370, + "watchers_count": 370, + "forks_count": 76, + "forks": 76, + "watchers": 370, "score": 0 } ] \ No newline at end of file diff --git a/2017/CVE-2017-3730.json b/2017/CVE-2017-3730.json index 23fa2045df..d160053a9d 100644 --- a/2017/CVE-2017-3730.json +++ b/2017/CVE-2017-3730.json @@ -1,4 +1,27 @@ [ + { + "id": 79682713, + "name": "CVE-2017-3730", + "full_name": "guidovranken\/CVE-2017-3730", + "owner": { + "login": "guidovranken", + "id": 6846644, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/6846644?v=4", + "html_url": "https:\/\/github.com\/guidovranken" + }, + "html_url": "https:\/\/github.com\/guidovranken\/CVE-2017-3730", + "description": "OpenSSL CVE-2017-3730 proof-of-concept", + "fork": false, + "created_at": "2017-01-22T00:40:34Z", + "updated_at": "2018-12-04T20:01:55Z", + "pushed_at": "2017-01-26T01:30:54Z", + "stargazers_count": 11, + "watchers_count": 11, + "forks_count": 5, + "forks": 5, + "watchers": 11, + "score": 0 + }, { "id": 97466064, "name": "OpenSSL-CVE-2017-3730", diff --git a/2017/CVE-2017-3881.json b/2017/CVE-2017-3881.json index 3df52c1892..29bd7cac6a 100644 --- a/2017/CVE-2017-3881.json +++ b/2017/CVE-2017-3881.json @@ -1,4 +1,96 @@ [ + { + "id": 87763747, + "name": "cisco-rce", + "full_name": "artkond\/cisco-rce", + "owner": { + "login": "artkond", + "id": 4436674, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/4436674?v=4", + "html_url": "https:\/\/github.com\/artkond" + }, + "html_url": "https:\/\/github.com\/artkond\/cisco-rce", + "description": "CVE-2017-3881 Cisco Catalyst Remote Code Execution PoC", + "fork": false, + "created_at": "2017-04-10T03:44:04Z", + "updated_at": "2020-04-14T01:08:07Z", + "pushed_at": "2017-04-12T09:17:27Z", + "stargazers_count": 166, + "watchers_count": 166, + "forks_count": 80, + "forks": 80, + "watchers": 166, + "score": 0 + }, + { + "id": 88804675, + "name": "CVE-2017-3881-exploit-cisco-", + "full_name": "homjxi0e\/CVE-2017-3881-exploit-cisco-", + "owner": { + "login": "homjxi0e", + "id": 25440152, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/25440152?v=4", + "html_url": "https:\/\/github.com\/homjxi0e" + }, + "html_url": "https:\/\/github.com\/homjxi0e\/CVE-2017-3881-exploit-cisco-", + "description": null, + "fork": false, + "created_at": "2017-04-20T00:52:10Z", + "updated_at": "2020-04-07T06:31:35Z", + "pushed_at": "2017-04-20T00:52:56Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 4, + "forks": 4, + "watchers": 2, + "score": 0 + }, + { + "id": 90087111, + "name": "CVE-2017-3881-Cisco", + "full_name": "homjxi0e\/CVE-2017-3881-Cisco", + "owner": { + "login": "homjxi0e", + "id": 25440152, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/25440152?v=4", + "html_url": "https:\/\/github.com\/homjxi0e" + }, + "html_url": "https:\/\/github.com\/homjxi0e\/CVE-2017-3881-Cisco", + "description": null, + "fork": false, + "created_at": "2017-05-02T23:21:53Z", + "updated_at": "2017-05-02T23:28:05Z", + "pushed_at": "2017-05-02T23:28:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 90975256, + "name": "PoC-CVE-2017-3881", + "full_name": "zakybstrd21215\/PoC-CVE-2017-3881", + "owner": { + "login": "zakybstrd21215", + "id": 22362343, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/22362343?v=4", + "html_url": "https:\/\/github.com\/zakybstrd21215" + }, + "html_url": "https:\/\/github.com\/zakybstrd21215\/PoC-CVE-2017-3881", + "description": "Cisco Catalyst Remote Code Execution PoC", + "fork": false, + "created_at": "2017-05-11T12:11:51Z", + "updated_at": "2017-05-11T12:16:43Z", + "pushed_at": "2017-05-11T13:52:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, { "id": 115962692, "name": "CVE-2017-3881", diff --git a/2017/CVE-2017-5638.json b/2017/CVE-2017-5638.json index 5726ff3f93..be6e3d0867 100644 --- a/2017/CVE-2017-5638.json +++ b/2017/CVE-2017-5638.json @@ -1,4 +1,280 @@ [ + { + "id": 84158718, + "name": "S2-045", + "full_name": "PolarisLab\/S2-045", + "owner": { + "login": "PolarisLab", + "id": 25890110, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/25890110?v=4", + "html_url": "https:\/\/github.com\/PolarisLab" + }, + "html_url": "https:\/\/github.com\/PolarisLab\/S2-045", + "description": "Struts2 S2-045(CVE-2017-5638)Vulnerability environment - http:\/\/www.mottoin.com\/97954.html", + "fork": false, + "created_at": "2017-03-07T05:30:30Z", + "updated_at": "2019-06-29T02:30:57Z", + "pushed_at": "2017-03-07T05:37:55Z", + "stargazers_count": 24, + "watchers_count": 24, + "forks_count": 12, + "forks": 12, + "watchers": 24, + "score": 0 + }, + { + "id": 84186490, + "name": "Struts2-045-Exp", + "full_name": "Flyteas\/Struts2-045-Exp", + "owner": { + "login": "Flyteas", + "id": 15673913, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/15673913?v=4", + "html_url": "https:\/\/github.com\/Flyteas" + }, + "html_url": "https:\/\/github.com\/Flyteas\/Struts2-045-Exp", + "description": "Struts2 S2-045(CVE-2017-5638)Exp with GUI", + "fork": false, + "created_at": "2017-03-07T10:30:20Z", + "updated_at": "2020-04-10T02:04:59Z", + "pushed_at": "2017-03-13T06:30:41Z", + "stargazers_count": 61, + "watchers_count": 61, + "forks_count": 28, + "forks": 28, + "watchers": 61, + "score": 0 + }, + { + "id": 84277596, + "name": "cve-2017-5638", + "full_name": "bongbongco\/cve-2017-5638", + "owner": { + "login": "bongbongco", + "id": 3170006, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/3170006?v=4", + "html_url": "https:\/\/github.com\/bongbongco" + }, + "html_url": "https:\/\/github.com\/bongbongco\/cve-2017-5638", + "description": null, + "fork": false, + "created_at": "2017-03-08T04:17:33Z", + "updated_at": "2017-03-08T04:31:28Z", + "pushed_at": "2017-03-08T04:31:26Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 84481525, + "name": "S2-045-EXP-POC-TOOLS", + "full_name": "jas502n\/S2-045-EXP-POC-TOOLS", + "owner": { + "login": "jas502n", + "id": 16593068, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/16593068?v=4", + "html_url": "https:\/\/github.com\/jas502n" + }, + "html_url": "https:\/\/github.com\/jas502n\/S2-045-EXP-POC-TOOLS", + "description": "S2-045 漏洞 POC-TOOLS CVE-2017-5638", + "fork": false, + "created_at": "2017-03-09T19:40:47Z", + "updated_at": "2020-03-23T08:38:13Z", + "pushed_at": "2017-03-09T19:50:50Z", + "stargazers_count": 19, + "watchers_count": 19, + "forks_count": 19, + "forks": 19, + "watchers": 19, + "score": 0 + }, + { + "id": 84518902, + "name": "strutszeiro", + "full_name": "mthbernardes\/strutszeiro", + "owner": { + "login": "mthbernardes", + "id": 12648924, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/12648924?v=4", + "html_url": "https:\/\/github.com\/mthbernardes" + }, + "html_url": "https:\/\/github.com\/mthbernardes\/strutszeiro", + "description": "Telegram Bot to manage botnets created with struts vulnerability(CVE-2017-5638)", + "fork": false, + "created_at": "2017-03-10T04:23:41Z", + "updated_at": "2020-03-22T03:28:16Z", + "pushed_at": "2017-03-11T04:11:39Z", + "stargazers_count": 39, + "watchers_count": 39, + "forks_count": 25, + "forks": 25, + "watchers": 39, + "score": 0 + }, + { + "id": 84581800, + "name": "cve-2017-5638", + "full_name": "xsscx\/cve-2017-5638", + "owner": { + "login": "xsscx", + "id": 10790582, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/10790582?v=4", + "html_url": "https:\/\/github.com\/xsscx" + }, + "html_url": "https:\/\/github.com\/xsscx\/cve-2017-5638", + "description": "Example PoC Code for CVE-2017-5638 | Apache Struts Exploit ", + "fork": false, + "created_at": "2017-03-10T16:56:14Z", + "updated_at": "2020-04-07T06:39:48Z", + "pushed_at": "2017-03-12T15:43:27Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 19, + "forks": 19, + "watchers": 10, + "score": 0 + }, + { + "id": 84602394, + "name": "apache-struts2-CVE-2017-5638", + "full_name": "immunio\/apache-struts2-CVE-2017-5638", + "owner": { + "login": "immunio", + "id": 6700387, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/6700387?v=4", + "html_url": "https:\/\/github.com\/immunio" + }, + "html_url": "https:\/\/github.com\/immunio\/apache-struts2-CVE-2017-5638", + "description": "Demo Application and Exploit", + "fork": false, + "created_at": "2017-03-10T21:33:25Z", + "updated_at": "2019-12-24T22:16:07Z", + "pushed_at": "2017-03-13T15:03:32Z", + "stargazers_count": 36, + "watchers_count": 36, + "forks_count": 36, + "forks": 36, + "watchers": 36, + "score": 0 + }, + { + "id": 84620334, + "name": "OgnlContentTypeRejectorValve", + "full_name": "Masahiro-Yamada\/OgnlContentTypeRejectorValve", + "owner": { + "login": "Masahiro-Yamada", + "id": 479387, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/479387?v=4", + "html_url": "https:\/\/github.com\/Masahiro-Yamada" + }, + "html_url": "https:\/\/github.com\/Masahiro-Yamada\/OgnlContentTypeRejectorValve", + "description": "This is Valve for Tomcat7 to block Struts 2 Remote Code Execution vulnerability (CVE-2017-5638)", + "fork": false, + "created_at": "2017-03-11T03:18:12Z", + "updated_at": "2017-04-11T00:06:36Z", + "pushed_at": "2017-03-13T14:49:25Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 84639178, + "name": "CVE-2017-5638-Apache-Struts2", + "full_name": "aljazceru\/CVE-2017-5638-Apache-Struts2", + "owner": { + "login": "aljazceru", + "id": 4439523, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/4439523?v=4", + "html_url": "https:\/\/github.com\/aljazceru" + }, + "html_url": "https:\/\/github.com\/aljazceru\/CVE-2017-5638-Apache-Struts2", + "description": "Tweaking original PoC (https:\/\/github.com\/rapid7\/metasploit-framework\/issues\/8064) to work on self-signed certificates ", + "fork": false, + "created_at": "2017-03-11T09:39:09Z", + "updated_at": "2019-07-15T22:02:37Z", + "pushed_at": "2017-03-11T09:41:27Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 0, + "forks": 0, + "watchers": 2, + "score": 0 + }, + { + "id": 84640546, + "name": "test_struts2_vulnerability_CVE-2017-5638", + "full_name": "sjitech\/test_struts2_vulnerability_CVE-2017-5638", + "owner": { + "login": "sjitech", + "id": 5180638, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/5180638?v=4", + "html_url": "https:\/\/github.com\/sjitech" + }, + "html_url": "https:\/\/github.com\/sjitech\/test_struts2_vulnerability_CVE-2017-5638", + "description": "test struts2 vulnerability CVE-2017-5638 in Mac OS X", + "fork": false, + "created_at": "2017-03-11T10:03:54Z", + "updated_at": "2017-03-13T11:14:00Z", + "pushed_at": "2017-03-13T07:38:25Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 84642680, + "name": "CVE-2017-5638", + "full_name": "jrrombaldo\/CVE-2017-5638", + "owner": { + "login": "jrrombaldo", + "id": 121948, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/121948?v=4", + "html_url": "https:\/\/github.com\/jrrombaldo" + }, + "html_url": "https:\/\/github.com\/jrrombaldo\/CVE-2017-5638", + "description": null, + "fork": false, + "created_at": "2017-03-11T10:43:16Z", + "updated_at": "2017-03-11T13:07:57Z", + "pushed_at": "2017-03-24T19:12:10Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 84644857, + "name": "CVE-2017-5638", + "full_name": "random-robbie\/CVE-2017-5638", + "owner": { + "login": "random-robbie", + "id": 4902869, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/4902869?v=4", + "html_url": "https:\/\/github.com\/random-robbie" + }, + "html_url": "https:\/\/github.com\/random-robbie\/CVE-2017-5638", + "description": "CVE: 2017-5638 in different formats", + "fork": false, + "created_at": "2017-03-11T11:22:44Z", + "updated_at": "2017-03-11T11:28:58Z", + "pushed_at": "2017-03-16T11:26:04Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, { "id": 84655941, "name": "CVE-2017-5638_struts", @@ -45,6 +321,167 @@ "watchers": 368, "score": 0 }, + { + "id": 84705148, + "name": "Struts-Apache-ExploitPack", + "full_name": "ret2jazzy\/Struts-Apache-ExploitPack", + "owner": { + "login": "ret2jazzy", + "id": 20831187, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/20831187?v=4", + "html_url": "https:\/\/github.com\/ret2jazzy" + }, + "html_url": "https:\/\/github.com\/ret2jazzy\/Struts-Apache-ExploitPack", + "description": "These are just some script which you can use to detect and exploit the Apache Struts Vulnerability (CVE-2017-5638)", + "fork": false, + "created_at": "2017-03-12T06:28:51Z", + "updated_at": "2020-04-07T06:39:58Z", + "pushed_at": "2017-03-12T07:26:03Z", + "stargazers_count": 17, + "watchers_count": 17, + "forks_count": 13, + "forks": 13, + "watchers": 17, + "score": 0 + }, + { + "id": 84725982, + "name": "ExpStruts", + "full_name": "lolwaleet\/ExpStruts", + "owner": { + "login": "lolwaleet", + "id": 20018319, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/20018319?v=4", + "html_url": "https:\/\/github.com\/lolwaleet" + }, + "html_url": "https:\/\/github.com\/lolwaleet\/ExpStruts", + "description": "A php based exploiter for CVE-2017-5638.", + "fork": false, + "created_at": "2017-03-12T13:03:52Z", + "updated_at": "2020-03-15T16:58:21Z", + "pushed_at": "2017-03-12T13:04:33Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 2, + "forks": 2, + "watchers": 2, + "score": 0 + }, + { + "id": 84819853, + "name": "CVE-2017-5638-Apache-Struts2", + "full_name": "oktavianto\/CVE-2017-5638-Apache-Struts2", + "owner": { + "login": "oktavianto", + "id": 8210275, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/8210275?v=4", + "html_url": "https:\/\/github.com\/oktavianto" + }, + "html_url": "https:\/\/github.com\/oktavianto\/CVE-2017-5638-Apache-Struts2", + "description": "Example PHP Exploiter for CVE-2017-5638", + "fork": false, + "created_at": "2017-03-13T11:39:55Z", + "updated_at": "2020-04-07T06:38:46Z", + "pushed_at": "2017-03-20T19:40:16Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 4, + "forks": 4, + "watchers": 2, + "score": 0 + }, + { + "id": 85010282, + "name": "cve-2017-5638", + "full_name": "jrrdev\/cve-2017-5638", + "owner": { + "login": "jrrdev", + "id": 17674081, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/17674081?v=4", + "html_url": "https:\/\/github.com\/jrrdev" + }, + "html_url": "https:\/\/github.com\/jrrdev\/cve-2017-5638", + "description": "cve-2017-5638 Vulnerable site sample", + "fork": false, + "created_at": "2017-03-15T00:19:33Z", + "updated_at": "2019-10-16T09:42:24Z", + "pushed_at": "2017-04-04T19:57:38Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 10, + "forks": 10, + "watchers": 10, + "score": 0 + }, + { + "id": 85145901, + "name": "Strutshock", + "full_name": "opt9\/Strutshock", + "owner": { + "login": "opt9", + "id": 192655, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/192655?v=4", + "html_url": "https:\/\/github.com\/opt9" + }, + "html_url": "https:\/\/github.com\/opt9\/Strutshock", + "description": "Struts2 RCE CVE-2017-5638 non-intrusive check shell script", + "fork": false, + "created_at": "2017-03-16T02:59:22Z", + "updated_at": "2017-05-04T20:58:47Z", + "pushed_at": "2017-03-16T04:02:40Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 1, + "forks": 1, + "watchers": 3, + "score": 0 + }, + { + "id": 85341283, + "name": "StrutsShell", + "full_name": "falcon-lnhg\/StrutsShell", + "owner": { + "login": "falcon-lnhg", + "id": 5199658, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/5199658?v=4", + "html_url": "https:\/\/github.com\/falcon-lnhg" + }, + "html_url": "https:\/\/github.com\/falcon-lnhg\/StrutsShell", + "description": "Apache Struts (CVE-2017-5638) Shell", + "fork": false, + "created_at": "2017-03-17T18:05:55Z", + "updated_at": "2017-08-31T21:27:12Z", + "pushed_at": "2017-04-04T16:11:25Z", + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 1, + "forks": 1, + "watchers": 3, + "score": 0 + }, + { + "id": 85390529, + "name": "CVE-2017-5638", + "full_name": "bhagdave\/CVE-2017-5638", + "owner": { + "login": "bhagdave", + "id": 3230037, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/3230037?v=4", + "html_url": "https:\/\/github.com\/bhagdave" + }, + "html_url": "https:\/\/github.com\/bhagdave\/CVE-2017-5638", + "description": null, + "fork": false, + "created_at": "2017-03-18T09:39:59Z", + "updated_at": "2017-03-19T01:25:24Z", + "pushed_at": "2017-03-21T21:53:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 85664016, "name": "st2-046-poc", @@ -68,6 +505,98 @@ "watchers": 22, "score": 0 }, + { + "id": 85733752, + "name": "S2-046_S2-045_POC", + "full_name": "KarzsGHR\/S2-046_S2-045_POC", + "owner": { + "login": "KarzsGHR", + "id": 12841587, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/12841587?v=4", + "html_url": "https:\/\/github.com\/KarzsGHR" + }, + "html_url": "https:\/\/github.com\/KarzsGHR\/S2-046_S2-045_POC", + "description": "S2-046|S2-045: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)", + "fork": false, + "created_at": "2017-03-21T17:36:40Z", + "updated_at": "2019-11-20T02:42:35Z", + "pushed_at": "2017-04-26T09:12:33Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, + { + "id": 85926594, + "name": "S2-Reaper", + "full_name": "gsfish\/S2-Reaper", + "owner": { + "login": "gsfish", + "id": 15968154, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/15968154?v=4", + "html_url": "https:\/\/github.com\/gsfish" + }, + "html_url": "https:\/\/github.com\/gsfish\/S2-Reaper", + "description": "CVE-2017-5638", + "fork": false, + "created_at": "2017-03-23T08:44:10Z", + "updated_at": "2017-03-30T09:51:23Z", + "pushed_at": "2017-03-30T10:06:38Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 2, + "forks": 2, + "watchers": 0, + "score": 0 + }, + { + "id": 86200933, + "name": "cve-2017-5638", + "full_name": "mcassano\/cve-2017-5638", + "owner": { + "login": "mcassano", + "id": 2073030, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/2073030?v=4", + "html_url": "https:\/\/github.com\/mcassano" + }, + "html_url": "https:\/\/github.com\/mcassano\/cve-2017-5638", + "description": null, + "fork": false, + "created_at": "2017-03-26T01:58:52Z", + "updated_at": "2017-03-26T02:00:58Z", + "pushed_at": "2017-04-01T04:20:15Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 86415022, + "name": "Strutscli", + "full_name": "opt9\/Strutscli", + "owner": { + "login": "opt9", + "id": 192655, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/192655?v=4", + "html_url": "https:\/\/github.com\/opt9" + }, + "html_url": "https:\/\/github.com\/opt9\/Strutscli", + "description": "Struts2 RCE CVE-2017-5638 CLI shell", + "fork": false, + "created_at": "2017-03-28T04:31:44Z", + "updated_at": "2017-04-14T08:03:48Z", + "pushed_at": "2017-03-28T04:36:11Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 0, + "forks": 0, + "watchers": 2, + "score": 0 + }, { "id": 87695524, "name": "strutsy", @@ -91,6 +620,52 @@ "watchers": 11, "score": 0 }, + { + "id": 90377429, + "name": "CVE-2017-5638", + "full_name": "payatu\/CVE-2017-5638", + "owner": { + "login": "payatu", + "id": 16715624, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/16715624?v=4", + "html_url": "https:\/\/github.com\/payatu" + }, + "html_url": "https:\/\/github.com\/payatu\/CVE-2017-5638", + "description": "Apache Struts 2.0 RCE vulnerability - Allows an attacker to inject OS commands into a web application through the content-type header ", + "fork": false, + "created_at": "2017-05-05T13:17:37Z", + "updated_at": "2020-03-27T02:45:32Z", + "pushed_at": "2017-05-05T13:55:53Z", + "stargazers_count": 7, + "watchers_count": 7, + "forks_count": 4, + "forks": 4, + "watchers": 7, + "score": 0 + }, + { + "id": 92562840, + "name": "Struts2-045-Exp", + "full_name": "Aasron\/Struts2-045-Exp", + "owner": { + "login": "Aasron", + "id": 17878407, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/17878407?v=4", + "html_url": "https:\/\/github.com\/Aasron" + }, + "html_url": "https:\/\/github.com\/Aasron\/Struts2-045-Exp", + "description": "CVE-2017-5638", + "fork": false, + "created_at": "2017-05-27T02:03:28Z", + "updated_at": "2017-05-27T02:33:31Z", + "pushed_at": "2017-06-01T09:53:09Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 92638419, "name": "Stutsfi", @@ -114,6 +689,98 @@ "watchers": 1, "score": 0 }, + { + "id": 92644725, + "name": "Struts2Shell", + "full_name": "jpacora\/Struts2Shell", + "owner": { + "login": "jpacora", + "id": 2137673, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/2137673?v=4", + "html_url": "https:\/\/github.com\/jpacora" + }, + "html_url": "https:\/\/github.com\/jpacora\/Struts2Shell", + "description": "An exploit (and library) for CVE-2017-5638 - Apache Struts2 S2-045 bug.", + "fork": false, + "created_at": "2017-05-28T06:44:13Z", + "updated_at": "2017-05-28T06:44:27Z", + "pushed_at": "2017-06-03T06:33:51Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 92664422, + "name": "Apache-Struts", + "full_name": "Reslient\/Apache-Struts", + "owner": { + "login": "Reslient", + "id": 28331671, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/28331671?v=4", + "html_url": "https:\/\/github.com\/Reslient" + }, + "html_url": "https:\/\/github.com\/Reslient\/Apache-Struts", + "description": " An exploit for Apache Struts CVE-2017-5638", + "fork": false, + "created_at": "2017-05-28T13:56:59Z", + "updated_at": "2017-05-28T14:03:06Z", + "pushed_at": "2017-05-28T14:03:05Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 3, + "forks": 3, + "watchers": 0, + "score": 0 + }, + { + "id": 93442387, + "name": "CVE-2017-5638", + "full_name": "AndreasKl\/CVE-2017-5638", + "owner": { + "login": "AndreasKl", + "id": 1105899, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/1105899?v=4", + "html_url": "https:\/\/github.com\/AndreasKl" + }, + "html_url": "https:\/\/github.com\/AndreasKl\/CVE-2017-5638", + "description": null, + "fork": false, + "created_at": "2017-06-05T20:11:06Z", + "updated_at": "2017-06-05T20:22:20Z", + "pushed_at": "2017-06-05T21:43:40Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 1, + "forks": 1, + "watchers": 0, + "score": 0 + }, + { + "id": 93710291, + "name": "struts-rce-cve-2017-5638", + "full_name": "riyazwalikar\/struts-rce-cve-2017-5638", + "owner": { + "login": "riyazwalikar", + "id": 1900486, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/1900486?v=4", + "html_url": "https:\/\/github.com\/riyazwalikar" + }, + "html_url": "https:\/\/github.com\/riyazwalikar\/struts-rce-cve-2017-5638", + "description": "Struts-RCE CVE-2017-5638", + "fork": false, + "created_at": "2017-06-08T05:22:31Z", + "updated_at": "2017-06-08T08:18:51Z", + "pushed_at": "2017-06-08T05:25:42Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 2, + "forks": 2, + "watchers": 1, + "score": 0 + }, { "id": 93794473, "name": "CVE-2017-5638", diff --git a/2017/CVE-2017-5689.json b/2017/CVE-2017-5689.json index 8c1beb39a7..bdf520598c 100644 --- a/2017/CVE-2017-5689.json +++ b/2017/CVE-2017-5689.json @@ -1,4 +1,27 @@ [ + { + "id": 90210170, + "name": "CVE-2017-5689", + "full_name": "CerberusSecurity\/CVE-2017-5689", + "owner": { + "login": "CerberusSecurity", + "id": 21088337, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/21088337?v=4", + "html_url": "https:\/\/github.com\/CerberusSecurity" + }, + "html_url": "https:\/\/github.com\/CerberusSecurity\/CVE-2017-5689", + "description": null, + "fork": false, + "created_at": "2017-05-04T01:51:26Z", + "updated_at": "2020-01-01T00:38:18Z", + "pushed_at": "2017-05-04T03:06:32Z", + "stargazers_count": 39, + "watchers_count": 39, + "forks_count": 9, + "forks": 9, + "watchers": 39, + "score": 0 + }, { "id": 90472957, "name": "amthoneypot", @@ -22,6 +45,52 @@ "watchers": 12, "score": 0 }, + { + "id": 90724328, + "name": "intel_amt_bypass", + "full_name": "Bijaye\/intel_amt_bypass", + "owner": { + "login": "Bijaye", + "id": 4318412, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/4318412?v=4", + "html_url": "https:\/\/github.com\/Bijaye" + }, + "html_url": "https:\/\/github.com\/Bijaye\/intel_amt_bypass", + "description": "simple python poc for CVE-2017-5689", + "fork": false, + "created_at": "2017-05-09T08:55:39Z", + "updated_at": "2019-06-28T19:35:09Z", + "pushed_at": "2017-05-09T00:42:12Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 7, + "forks": 7, + "watchers": 2, + "score": 0 + }, + { + "id": 91235068, + "name": "amt-bypass-test", + "full_name": "prototux\/amt-bypass-test", + "owner": { + "login": "prototux", + "id": 1549232, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/1549232?v=4", + "html_url": "https:\/\/github.com\/prototux" + }, + "html_url": "https:\/\/github.com\/prototux\/amt-bypass-test", + "description": "Small script to test if a machine is vulnerable to intel AMT auth bypass (CVE-2017-5689)", + "fork": false, + "created_at": "2017-05-14T10:09:59Z", + "updated_at": "2018-07-21T18:32:38Z", + "pushed_at": "2017-05-14T10:12:15Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 0, + "forks": 0, + "watchers": 1, + "score": 0 + }, { "id": 98579784, "name": "amt_auth_bypass_poc", diff --git a/2017/CVE-2017-6971.json b/2017/CVE-2017-6971.json index cb167b413c..e67e0b616d 100644 --- a/2017/CVE-2017-6971.json +++ b/2017/CVE-2017-6971.json @@ -1,4 +1,27 @@ [ + { + "id": 87749039, + "name": "nfsen-exploit", + "full_name": "patrickfreed\/nfsen-exploit", + "owner": { + "login": "patrickfreed", + "id": 936020, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/936020?v=4", + "html_url": "https:\/\/github.com\/patrickfreed" + }, + "html_url": "https:\/\/github.com\/patrickfreed\/nfsen-exploit", + "description": "Exploit for CVE-2017-6971 remote command execution in nfsen 1.3.7.", + "fork": false, + "created_at": "2017-04-10T00:13:24Z", + "updated_at": "2020-04-07T06:36:25Z", + "pushed_at": "2017-04-10T16:06:56Z", + "stargazers_count": 4, + "watchers_count": 4, + "forks_count": 6, + "forks": 6, + "watchers": 4, + "score": 0 + }, { "id": 183134145, "name": "nfsen_1.3.7_CVE-2017-6971", diff --git a/2017/CVE-2017-7269.json b/2017/CVE-2017-7269.json index 6293b9ac09..46b7b17e34 100644 --- a/2017/CVE-2017-7269.json +++ b/2017/CVE-2017-7269.json @@ -1,4 +1,27 @@ [ + { + "id": 86543900, + "name": "webdav_exploit", + "full_name": "eliuha\/webdav_exploit", + "owner": { + "login": "eliuha", + "id": 2240516, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/2240516?v=4", + "html_url": "https:\/\/github.com\/eliuha" + }, + "html_url": "https:\/\/github.com\/eliuha\/webdav_exploit", + "description": "An exploit for Microsoft IIS 6.0 CVE-2017-7269", + "fork": false, + "created_at": "2017-03-29T05:59:30Z", + "updated_at": "2020-04-07T21:44:43Z", + "pushed_at": "2017-03-29T07:26:41Z", + "stargazers_count": 17, + "watchers_count": 17, + "forks_count": 16, + "forks": 16, + "watchers": 17, + "score": 0 + }, { "id": 86573461, "name": "CVE-2017-7269-Echo-PoC", @@ -22,6 +45,236 @@ "watchers": 83, "score": 0 }, + { + "id": 86581754, + "name": "CVE-2017-7269-exploit", + "full_name": "caicai1355\/CVE-2017-7269-exploit", + "owner": { + "login": "caicai1355", + "id": 24385053, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/24385053?v=4", + "html_url": "https:\/\/github.com\/caicai1355" + }, + "html_url": "https:\/\/github.com\/caicai1355\/CVE-2017-7269-exploit", + "description": "exec 8 bytes command", + "fork": false, + "created_at": "2017-03-29T12:52:54Z", + "updated_at": "2020-04-07T06:37:12Z", + "pushed_at": "2017-03-29T13:08:44Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 7, + "forks": 7, + "watchers": 2, + "score": 0 + }, + { + "id": 86659284, + "name": "CVE-2017-7269", + "full_name": "M1a0rz\/CVE-2017-7269", + "owner": { + "login": "M1a0rz", + "id": 25101765, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/25101765?v=4", + "html_url": "https:\/\/github.com\/M1a0rz" + }, + "html_url": "https:\/\/github.com\/M1a0rz\/CVE-2017-7269", + "description": "Poc for iis6.0", + "fork": false, + "created_at": "2017-03-30T04:35:13Z", + "updated_at": "2017-03-30T04:35:13Z", + "pushed_at": "2017-03-30T04:35:13Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 86697845, + "name": "cve-2017-7269picture", + "full_name": "whiteHat001\/cve-2017-7269picture", + "owner": { + "login": "whiteHat001", + "id": 18191034, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/18191034?v=4", + "html_url": "https:\/\/github.com\/whiteHat001" + }, + "html_url": "https:\/\/github.com\/whiteHat001\/cve-2017-7269picture", + "description": null, + "fork": false, + "created_at": "2017-03-30T12:03:05Z", + "updated_at": "2017-03-30T12:03:05Z", + "pushed_at": "2017-03-30T12:11:42Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 86754251, + "name": "cve-2017-7269", + "full_name": "zcgonvh\/cve-2017-7269", + "owner": { + "login": "zcgonvh", + "id": 25787677, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/25787677?v=4", + "html_url": "https:\/\/github.com\/zcgonvh" + }, + "html_url": "https:\/\/github.com\/zcgonvh\/cve-2017-7269", + "description": "fixed msf module for cve-2017-7269", + "fork": false, + "created_at": "2017-03-30T22:20:36Z", + "updated_at": "2020-03-03T01:59:54Z", + "pushed_at": "2017-03-30T22:20:51Z", + "stargazers_count": 104, + "watchers_count": 104, + "forks_count": 54, + "forks": 54, + "watchers": 104, + "score": 0 + }, + { + "id": 87165305, + "name": "CVE-2017-7269", + "full_name": "jrrombaldo\/CVE-2017-7269", + "owner": { + "login": "jrrombaldo", + "id": 121948, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/121948?v=4", + "html_url": "https:\/\/github.com\/jrrombaldo" + }, + "html_url": "https:\/\/github.com\/jrrombaldo\/CVE-2017-7269", + "description": null, + "fork": false, + "created_at": "2017-04-04T08:47:22Z", + "updated_at": "2018-01-08T16:52:30Z", + "pushed_at": "2017-04-04T17:20:50Z", + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, + "score": 0 + }, + { + "id": 87365181, + "name": "iis6-exploit-2017-CVE-2017-7269", + "full_name": "g0rx\/iis6-exploit-2017-CVE-2017-7269", + "owner": { + "login": "g0rx", + "id": 10961397, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/10961397?v=4", + "html_url": "https:\/\/github.com\/g0rx" + }, + "html_url": "https:\/\/github.com\/g0rx\/iis6-exploit-2017-CVE-2017-7269", + "description": "iis6 exploit 2017 CVE-2017-7269", + "fork": false, + "created_at": "2017-04-05T23:21:12Z", + "updated_at": "2020-04-10T07:29:00Z", + "pushed_at": "2017-04-05T23:29:03Z", + "stargazers_count": 10, + "watchers_count": 10, + "forks_count": 18, + "forks": 18, + "watchers": 10, + "score": 0 + }, + { + "id": 87432387, + "name": "IIS_6.0_WebDAV_Ruby", + "full_name": "slimpagey\/IIS_6.0_WebDAV_Ruby", + "owner": { + "login": "slimpagey", + "id": 10183644, + "avatar_url": "https:\/\/avatars2.githubusercontent.com\/u\/10183644?v=4", + "html_url": "https:\/\/github.com\/slimpagey" + }, + "html_url": "https:\/\/github.com\/slimpagey\/IIS_6.0_WebDAV_Ruby", + "description": "Ruby Exploit for IIS 6.0 Buffer Overflow (CVE-2017-7269)", + "fork": false, + "created_at": "2017-04-06T13:27:20Z", + "updated_at": "2019-02-27T06:05:06Z", + "pushed_at": "2017-04-06T13:47:49Z", + "stargazers_count": 6, + "watchers_count": 6, + "forks_count": 2, + "forks": 2, + "watchers": 6, + "score": 0 + }, + { + "id": 88148249, + "name": "cve-2017-7269", + "full_name": "homjxi0e\/cve-2017-7269", + "owner": { + "login": "homjxi0e", + "id": 25440152, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/25440152?v=4", + "html_url": "https:\/\/github.com\/homjxi0e" + }, + "html_url": "https:\/\/github.com\/homjxi0e\/cve-2017-7269", + "description": null, + "fork": false, + "created_at": "2017-04-13T09:27:01Z", + "updated_at": "2017-04-13T09:27:01Z", + "pushed_at": "2017-04-13T12:33:43Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 89217126, + "name": "CVE-2017-7269", + "full_name": "xiaovpn\/CVE-2017-7269", + "owner": { + "login": "xiaovpn", + "id": 22736797, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/22736797?v=4", + "html_url": "https:\/\/github.com\/xiaovpn" + }, + "html_url": "https:\/\/github.com\/xiaovpn\/CVE-2017-7269", + "description": "CVE-2017-7269", + "fork": false, + "created_at": "2017-04-24T08:42:59Z", + "updated_at": "2017-04-24T08:42:59Z", + "pushed_at": "2017-04-24T08:43:00Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 91493002, + "name": "cve-2017-7269-tool", + "full_name": "zcgonvh\/cve-2017-7269-tool", + "owner": { + "login": "zcgonvh", + "id": 25787677, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/25787677?v=4", + "html_url": "https:\/\/github.com\/zcgonvh" + }, + "html_url": "https:\/\/github.com\/zcgonvh\/cve-2017-7269-tool", + "description": "CVE-2017-7269 to webshell or shellcode loader", + "fork": false, + "created_at": "2017-05-16T18:47:45Z", + "updated_at": "2020-03-29T06:02:21Z", + "pushed_at": "2017-05-16T18:48:15Z", + "stargazers_count": 81, + "watchers_count": 81, + "forks_count": 29, + "forks": 29, + "watchers": 81, + "score": 0 + }, { "id": 118708741, "name": "CVE-2017-7269", diff --git a/2017/CVE-2017-7494.json b/2017/CVE-2017-7494.json index ccbc4003ec..90763d1931 100644 --- a/2017/CVE-2017-7494.json +++ b/2017/CVE-2017-7494.json @@ -22,6 +22,29 @@ "watchers": 172, "score": 0 }, + { + "id": 92410132, + "name": "CVE-2017-7494", + "full_name": "homjxi0e\/CVE-2017-7494", + "owner": { + "login": "homjxi0e", + "id": 25440152, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/25440152?v=4", + "html_url": "https:\/\/github.com\/homjxi0e" + }, + "html_url": "https:\/\/github.com\/homjxi0e\/CVE-2017-7494", + "description": null, + "fork": false, + "created_at": "2017-05-25T14:13:10Z", + "updated_at": "2017-05-26T08:46:45Z", + "pushed_at": "2017-05-26T08:46:44Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 2, + "forks": 2, + "watchers": 0, + "score": 0 + }, { "id": 92457464, "name": "exploit-CVE-2017-7494", @@ -45,6 +68,52 @@ "watchers": 234, "score": 0 }, + { + "id": 92484269, + "name": "SambaCry", + "full_name": "Waffles-2\/SambaCry", + "owner": { + "login": "Waffles-2", + "id": 21175535, + "avatar_url": "https:\/\/avatars1.githubusercontent.com\/u\/21175535?v=4", + "html_url": "https:\/\/github.com\/Waffles-2" + }, + "html_url": "https:\/\/github.com\/Waffles-2\/SambaCry", + "description": "CVE-2017-7494 - Detection Scripts", + "fork": false, + "created_at": "2017-05-26T07:28:26Z", + "updated_at": "2020-04-06T12:15:02Z", + "pushed_at": "2017-05-26T07:43:02Z", + "stargazers_count": 62, + "watchers_count": 62, + "forks_count": 24, + "forks": 24, + "watchers": 62, + "score": 0 + }, + { + "id": 92845566, + "name": "SambaHunter", + "full_name": "brianwrf\/SambaHunter", + "owner": { + "login": "brianwrf", + "id": 8141813, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/8141813?v=4", + "html_url": "https:\/\/github.com\/brianwrf" + }, + "html_url": "https:\/\/github.com\/brianwrf\/SambaHunter", + "description": "It is a simple script to exploit RCE for Samba (CVE-2017-7494 ).", + "fork": false, + "created_at": "2017-05-30T15:08:32Z", + "updated_at": "2020-04-07T06:25:10Z", + "pushed_at": "2017-05-30T16:13:24Z", + "stargazers_count": 40, + "watchers_count": 40, + "forks_count": 22, + "forks": 22, + "watchers": 40, + "score": 0 + }, { "id": 93424064, "name": "CVE-2017-7494", diff --git a/2017/CVE-2017-8295.json b/2017/CVE-2017-8295.json index b3f46821f8..c2e19aabcc 100644 --- a/2017/CVE-2017-8295.json +++ b/2017/CVE-2017-8295.json @@ -1,4 +1,50 @@ [ + { + "id": 90299927, + "name": "CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset", + "full_name": "homjxi0e\/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset", + "owner": { + "login": "homjxi0e", + "id": 25440152, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/25440152?v=4", + "html_url": "https:\/\/github.com\/homjxi0e" + }, + "html_url": "https:\/\/github.com\/homjxi0e\/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset", + "description": null, + "fork": false, + "created_at": "2017-05-04T19:05:12Z", + "updated_at": "2017-05-04T19:05:12Z", + "pushed_at": "2017-05-04T19:13:41Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, + { + "id": 90396412, + "name": "wp-allowed-hosts", + "full_name": "alash3al\/wp-allowed-hosts", + "owner": { + "login": "alash3al", + "id": 3078292, + "avatar_url": "https:\/\/avatars3.githubusercontent.com\/u\/3078292?v=4", + "html_url": "https:\/\/github.com\/alash3al" + }, + "html_url": "https:\/\/github.com\/alash3al\/wp-allowed-hosts", + "description": "a plugin that protects your wp site from the CVE-2017-8295 vulnerability", + "fork": false, + "created_at": "2017-05-05T16:34:17Z", + "updated_at": "2017-05-06T06:41:07Z", + "pushed_at": "2017-05-05T17:05:15Z", + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, + "score": 0 + }, { "id": 90453472, "name": "CVE-2017-8295", diff --git a/2017/CVE-2017-8917.json b/2017/CVE-2017-8917.json index b62592937b..5d3da80ada 100644 --- a/2017/CVE-2017-8917.json +++ b/2017/CVE-2017-8917.json @@ -1,4 +1,27 @@ [ + { + "id": 91819199, + "name": "Joomla3.7-SQLi-CVE-2017-8917", + "full_name": "brianwrf\/Joomla3.7-SQLi-CVE-2017-8917", + "owner": { + "login": "brianwrf", + "id": 8141813, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/8141813?v=4", + "html_url": "https:\/\/github.com\/brianwrf" + }, + "html_url": "https:\/\/github.com\/brianwrf\/Joomla3.7-SQLi-CVE-2017-8917", + "description": "Joomla 3.7 SQL injection (CVE-2017-8917)", + "fork": false, + "created_at": "2017-05-19T15:21:46Z", + "updated_at": "2018-07-02T22:31:07Z", + "pushed_at": "2017-05-19T15:30:18Z", + "stargazers_count": 5, + "watchers_count": 5, + "forks_count": 2, + "forks": 2, + "watchers": 5, + "score": 0 + }, { "id": 111313970, "name": "Exploit-Joomla", diff --git a/2017/CVE-2017-9430.json b/2017/CVE-2017-9430.json index fc1d44b978..da1ad4f932 100644 --- a/2017/CVE-2017-9430.json +++ b/2017/CVE-2017-9430.json @@ -1,4 +1,27 @@ [ + { + "id": 93714446, + "name": "CVE-2017-9430", + "full_name": "homjxi0e\/CVE-2017-9430", + "owner": { + "login": "homjxi0e", + "id": 25440152, + "avatar_url": "https:\/\/avatars0.githubusercontent.com\/u\/25440152?v=4", + "html_url": "https:\/\/github.com\/homjxi0e" + }, + "html_url": "https:\/\/github.com\/homjxi0e\/CVE-2017-9430", + "description": null, + "fork": false, + "created_at": "2017-06-08T06:22:37Z", + "updated_at": "2017-06-08T06:30:44Z", + "pushed_at": "2017-06-08T06:30:12Z", + "stargazers_count": 0, + "watchers_count": 0, + "forks_count": 0, + "forks": 0, + "watchers": 0, + "score": 0 + }, { "id": 111662357, "name": "Dnstracer-1.9-Fix", diff --git a/2017/CVE-2017-9805.json b/2017/CVE-2017-9805.json index 2c779bd570..486626e123 100644 --- a/2017/CVE-2017-9805.json +++ b/2017/CVE-2017-9805.json @@ -59,13 +59,13 @@ "description": "An exploit for Apache Struts CVE-2017-9805", "fork": false, "created_at": "2017-09-09T01:32:57Z", - "updated_at": "2020-04-06T12:06:51Z", + "updated_at": "2020-04-16T02:54:40Z", "pushed_at": "2017-11-07T19:24:00Z", - "stargazers_count": 232, - "watchers_count": 232, + "stargazers_count": 233, + "watchers_count": 233, "forks_count": 78, "forks": 78, - "watchers": 232, + "watchers": 233, "score": 0 }, { diff --git a/2018/CVE-2018-14847.json b/2018/CVE-2018-14847.json index 25a636509b..2dcde78719 100644 --- a/2018/CVE-2018-14847.json +++ b/2018/CVE-2018-14847.json @@ -17,8 +17,8 @@ "pushed_at": "2020-03-08T00:08:20Z", "stargazers_count": 327, "watchers_count": 327, - "forks_count": 301, - "forks": 301, + "forks_count": 302, + "forks": 302, "watchers": 327, "score": 0 }, diff --git a/2018/CVE-2018-2628.json b/2018/CVE-2018-2628.json index 71d298ac4c..7650f92e02 100644 --- a/2018/CVE-2018-2628.json +++ b/2018/CVE-2018-2628.json @@ -450,13 +450,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-04-15T14:08:16Z", + "updated_at": "2020-04-16T01:09:09Z", "pushed_at": "2020-03-27T09:16:40Z", - "stargazers_count": 369, - "watchers_count": 369, - "forks_count": 75, - "forks": 75, - "watchers": 369, + "stargazers_count": 370, + "watchers_count": 370, + "forks_count": 76, + "forks": 76, + "watchers": 370, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-0708.json b/2019/CVE-2019-0708.json index e7a5ab9307..9c8879b99f 100644 --- a/2019/CVE-2019-0708.json +++ b/2019/CVE-2019-0708.json @@ -82,13 +82,13 @@ "description": "CVE-2019-0708-exploit", "fork": false, "created_at": "2019-05-15T02:24:21Z", - "updated_at": "2020-04-08T15:49:19Z", + "updated_at": "2020-04-15T23:02:14Z", "pushed_at": "2019-05-15T02:26:46Z", - "stargazers_count": 110, - "watchers_count": 110, + "stargazers_count": 109, + "watchers_count": 109, "forks_count": 23, "forks": 23, - "watchers": 110, + "watchers": 109, "score": 0 }, { @@ -1347,13 +1347,13 @@ "description": "A quick scanner for the CVE-2019-0708 \"BlueKeep\" vulnerability.", "fork": false, "created_at": "2019-05-23T22:50:12Z", - "updated_at": "2020-04-12T19:55:05Z", + "updated_at": "2020-04-16T01:48:53Z", "pushed_at": "2019-06-22T21:48:45Z", - "stargazers_count": 706, - "watchers_count": 706, + "stargazers_count": 707, + "watchers_count": 707, "forks_count": 166, "forks": 166, - "watchers": 706, + "watchers": 707, "score": 0 }, { diff --git a/2019/CVE-2019-14040.json b/2019/CVE-2019-14040.json index 03e6a17853..de08a90cab 100644 --- a/2019/CVE-2019-14040.json +++ b/2019/CVE-2019-14040.json @@ -13,13 +13,13 @@ "description": "PoC code for CVE-2019-14040", "fork": false, "created_at": "2020-02-03T23:04:49Z", - "updated_at": "2020-04-15T14:27:52Z", + "updated_at": "2020-04-16T02:28:16Z", "pushed_at": "2020-04-15T14:27:49Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "forks_count": 0, "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2019/CVE-2019-15126.json b/2019/CVE-2019-15126.json index 9b3f7f1016..1ef34230ee 100644 --- a/2019/CVE-2019-15126.json +++ b/2019/CVE-2019-15126.json @@ -36,13 +36,13 @@ "description": "PoC exploit for the CVE-2019-15126 kr00k vulnerability", "fork": false, "created_at": "2020-03-13T14:53:54Z", - "updated_at": "2020-04-14T07:21:38Z", + "updated_at": "2020-04-15T23:33:27Z", "pushed_at": "2020-03-22T19:46:04Z", - "stargazers_count": 137, - "watchers_count": 137, + "stargazers_count": 138, + "watchers_count": 138, "forks_count": 41, "forks": 41, - "watchers": 137, + "watchers": 138, "score": 0 }, { diff --git a/2019/CVE-2019-2618.json b/2019/CVE-2019-2618.json index 1a026b7d26..19bb039d42 100644 --- a/2019/CVE-2019-2618.json +++ b/2019/CVE-2019-2618.json @@ -151,13 +151,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-04-15T14:08:16Z", + "updated_at": "2020-04-16T01:09:09Z", "pushed_at": "2020-03-27T09:16:40Z", - "stargazers_count": 369, - "watchers_count": 369, - "forks_count": 75, - "forks": 75, - "watchers": 369, + "stargazers_count": 370, + "watchers_count": 370, + "forks_count": 76, + "forks": 76, + "watchers": 370, "score": 0 }, { @@ -174,13 +174,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat的漏洞利用脚本,均为亲测可用的脚本文件,优先更新高危且易利用的漏洞利用脚本,最近添加CVE-2020-1938、CVE-2020-2551、CVE-2019-2618、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-04-15T15:55:03Z", + "updated_at": "2020-04-16T02:28:07Z", "pushed_at": "2020-04-14T09:55:38Z", - "stargazers_count": 515, - "watchers_count": 515, - "forks_count": 100, - "forks": 100, - "watchers": 515, + "stargazers_count": 517, + "watchers_count": 517, + "forks_count": 102, + "forks": 102, + "watchers": 517, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-0683.json b/2020/CVE-2020-0683.json index 2245e79cd0..4cad159d59 100644 --- a/2020/CVE-2020-0683.json +++ b/2020/CVE-2020-0683.json @@ -13,13 +13,13 @@ "description": "CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege", "fork": false, "created_at": "2020-02-11T16:42:34Z", - "updated_at": "2020-04-15T13:10:41Z", + "updated_at": "2020-04-15T22:41:43Z", "pushed_at": "2020-02-11T21:34:28Z", - "stargazers_count": 192, - "watchers_count": 192, + "stargazers_count": 193, + "watchers_count": 193, "forks_count": 40, "forks": 40, - "watchers": 192, + "watchers": 193, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-0753.json b/2020/CVE-2020-0753.json index 4a847e3e1e..a60a43a63a 100644 --- a/2020/CVE-2020-0753.json +++ b/2020/CVE-2020-0753.json @@ -13,13 +13,13 @@ "description": "Writeup and POC for CVE-2020-0753, CVE-2020-0754 and six fixed Window DOS Vulnerabilities.", "fork": false, "created_at": "2020-02-22T13:53:22Z", - "updated_at": "2020-04-15T17:41:47Z", + "updated_at": "2020-04-16T01:19:17Z", "pushed_at": "2020-04-15T17:41:44Z", - "stargazers_count": 2, - "watchers_count": 2, + "stargazers_count": 3, + "watchers_count": 3, "forks_count": 2, "forks": 2, - "watchers": 2, + "watchers": 3, "score": 0 }, { diff --git a/2020/CVE-2020-0796.json b/2020/CVE-2020-0796.json index bbec026ec8..9bcd0420b9 100644 --- a/2020/CVE-2020-0796.json +++ b/2020/CVE-2020-0796.json @@ -59,13 +59,13 @@ "description": "CVE-2020-0796 - a wormable SMBv3 vulnerability. How to work.", "fork": false, "created_at": "2020-03-11T06:51:58Z", - "updated_at": "2020-04-15T09:57:55Z", + "updated_at": "2020-04-16T00:17:18Z", "pushed_at": "2020-03-24T00:17:37Z", - "stargazers_count": 160, - "watchers_count": 160, + "stargazers_count": 161, + "watchers_count": 161, "forks_count": 51, "forks": 51, - "watchers": 160, + "watchers": 161, "score": 0 }, { @@ -979,13 +979,13 @@ "description": "CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost", "fork": false, "created_at": "2020-03-30T11:42:56Z", - "updated_at": "2020-04-15T17:22:02Z", + "updated_at": "2020-04-16T02:23:53Z", "pushed_at": "2020-04-08T19:27:07Z", - "stargazers_count": 818, - "watchers_count": 818, - "forks_count": 229, - "forks": 229, - "watchers": 818, + "stargazers_count": 822, + "watchers_count": 822, + "forks_count": 230, + "forks": 230, + "watchers": 822, "score": 0 }, { diff --git a/2020/CVE-2020-0905.json b/2020/CVE-2020-0905.json index 8ef7964d01..6d764bacb7 100644 --- a/2020/CVE-2020-0905.json +++ b/2020/CVE-2020-0905.json @@ -13,13 +13,13 @@ "description": "PoC RCE Reverse Shell for CVE-2020-0905", "fork": false, "created_at": "2020-04-14T19:17:02Z", - "updated_at": "2020-04-14T19:17:48Z", + "updated_at": "2020-04-16T02:35:37Z", "pushed_at": "2020-04-14T19:17:17Z", - "stargazers_count": 0, - "watchers_count": 0, + "stargazers_count": 1, + "watchers_count": 1, "forks_count": 0, "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-10239.json b/2020/CVE-2020-10239.json index 189718743d..76320164a4 100644 --- a/2020/CVE-2020-10239.json +++ b/2020/CVE-2020-10239.json @@ -13,13 +13,13 @@ "description": "CVE-2020-10239: Incorrect Access Control in com_fields SQL field-RCE- PoC", "fork": false, "created_at": "2020-03-21T08:40:40Z", - "updated_at": "2020-04-13T00:04:32Z", + "updated_at": "2020-04-16T01:10:38Z", "pushed_at": "2020-04-10T01:24:02Z", - "stargazers_count": 1, - "watchers_count": 1, - "forks_count": 0, - "forks": 0, - "watchers": 1, + "stargazers_count": 2, + "watchers_count": 2, + "forks_count": 1, + "forks": 1, + "watchers": 2, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-1938.json b/2020/CVE-2020-1938.json index 5f255b2c78..63ee7ed32f 100644 --- a/2020/CVE-2020-1938.json +++ b/2020/CVE-2020-1938.json @@ -82,13 +82,13 @@ "description": "CNVD-2020-10487\/CVE-2020-1938,批量扫描工具", "fork": false, "created_at": "2020-02-20T21:00:15Z", - "updated_at": "2020-04-10T04:44:11Z", + "updated_at": "2020-04-16T01:10:40Z", "pushed_at": "2020-02-24T12:06:08Z", - "stargazers_count": 155, - "watchers_count": 155, + "stargazers_count": 158, + "watchers_count": 158, "forks_count": 73, "forks": 73, - "watchers": 155, + "watchers": 158, "score": 0 }, { @@ -450,13 +450,13 @@ "description": "Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat的漏洞利用脚本,均为亲测可用的脚本文件,优先更新高危且易利用的漏洞利用脚本,最近添加CVE-2020-1938、CVE-2020-2551、CVE-2019-2618、CVE-2019-6340", "fork": false, "created_at": "2020-04-01T09:33:35Z", - "updated_at": "2020-04-15T15:55:03Z", + "updated_at": "2020-04-16T02:28:07Z", "pushed_at": "2020-04-14T09:55:38Z", - "stargazers_count": 515, - "watchers_count": 515, - "forks_count": 100, - "forks": 100, - "watchers": 515, + "stargazers_count": 517, + "watchers_count": 517, + "forks_count": 102, + "forks": 102, + "watchers": 517, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-2546.json b/2020/CVE-2020-2546.json index d0c338fd62..dfe8b715c7 100644 --- a/2020/CVE-2020-2546.json +++ b/2020/CVE-2020-2546.json @@ -13,13 +13,13 @@ "description": "CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc python3", "fork": false, "created_at": "2020-03-02T15:54:46Z", - "updated_at": "2020-04-15T13:40:18Z", + "updated_at": "2020-04-16T02:56:35Z", "pushed_at": "2020-04-15T12:56:00Z", - "stargazers_count": 4, - "watchers_count": 4, - "forks_count": 3, - "forks": 3, - "watchers": 4, + "stargazers_count": 9, + "watchers_count": 9, + "forks_count": 4, + "forks": 4, + "watchers": 9, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-2551.json b/2020/CVE-2020-2551.json index 51361f70fb..104054bf5f 100644 --- a/2020/CVE-2020-2551.json +++ b/2020/CVE-2020-2551.json @@ -13,13 +13,13 @@ "description": "weblogic 漏洞扫描工具。目前包含 CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551", "fork": false, "created_at": "2020-01-15T04:26:29Z", - "updated_at": "2020-04-15T14:08:16Z", + "updated_at": "2020-04-16T01:09:09Z", "pushed_at": "2020-03-27T09:16:40Z", - "stargazers_count": 369, - "watchers_count": 369, - "forks_count": 75, - "forks": 75, - "watchers": 369, + "stargazers_count": 370, + "watchers_count": 370, + "forks_count": 76, + "forks": 76, + "watchers": 370, "score": 0 }, { @@ -105,13 +105,13 @@ "description": "Weblogic IIOP CVE-2020-2551", "fork": false, "created_at": "2020-02-28T08:46:21Z", - "updated_at": "2020-04-15T16:17:14Z", + "updated_at": "2020-04-16T01:20:30Z", "pushed_at": "2020-04-07T03:32:24Z", - "stargazers_count": 167, - "watchers_count": 167, + "stargazers_count": 168, + "watchers_count": 168, "forks_count": 41, "forks": 41, - "watchers": 167, + "watchers": 168, "score": 0 }, { diff --git a/2020/CVE-2020-3952.json b/2020/CVE-2020-3952.json index 7ecc596055..00a9c3bbc7 100644 --- a/2020/CVE-2020-3952.json +++ b/2020/CVE-2020-3952.json @@ -13,13 +13,13 @@ "description": "Working Exploit PoC for VMWare vCenter Server (CVE-2020-3952) - Reverse Bind Shell", "fork": false, "created_at": "2020-04-15T00:13:35Z", - "updated_at": "2020-04-15T00:14:02Z", + "updated_at": "2020-04-16T02:35:30Z", "pushed_at": "2020-04-15T00:13:59Z", - "stargazers_count": 0, - "watchers_count": 0, - "forks_count": 0, - "forks": 0, - "watchers": 0, + "stargazers_count": 3, + "watchers_count": 3, + "forks_count": 1, + "forks": 1, + "watchers": 3, "score": 0 }, { @@ -36,13 +36,13 @@ "description": "Vuln Check", "fork": false, "created_at": "2020-04-15T00:51:21Z", - "updated_at": "2020-04-15T16:49:02Z", - "pushed_at": "2020-04-15T16:48:59Z", - "stargazers_count": 0, - "watchers_count": 0, + "updated_at": "2020-04-16T01:41:31Z", + "pushed_at": "2020-04-15T22:23:57Z", + "stargazers_count": 1, + "watchers_count": 1, "forks_count": 0, "forks": 0, - "watchers": 0, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-4276.json b/2020/CVE-2020-4276.json index 37a08f99bb..5a4820630b 100644 --- a/2020/CVE-2020-4276.json +++ b/2020/CVE-2020-4276.json @@ -13,13 +13,13 @@ "description": null, "fork": false, "created_at": "2020-04-15T01:26:55Z", - "updated_at": "2020-04-15T08:38:13Z", + "updated_at": "2020-04-16T02:40:20Z", "pushed_at": "2020-04-15T01:31:16Z", - "stargazers_count": 1, - "watchers_count": 1, + "stargazers_count": 4, + "watchers_count": 4, "forks_count": 0, "forks": 0, - "watchers": 1, + "watchers": 4, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-5260.json b/2020/CVE-2020-5260.json index 288faafc01..3049a23179 100644 --- a/2020/CVE-2020-5260.json +++ b/2020/CVE-2020-5260.json @@ -13,13 +13,13 @@ "description": "A HTTP PoC Endpoint for cve-2020-5260 which can be deployed to Heroku", "fork": false, "created_at": "2020-04-15T10:16:56Z", - "updated_at": "2020-04-15T20:28:46Z", + "updated_at": "2020-04-16T02:35:27Z", "pushed_at": "2020-04-15T15:25:44Z", - "stargazers_count": 5, - "watchers_count": 5, - "forks_count": 3, - "forks": 3, - "watchers": 5, + "stargazers_count": 8, + "watchers_count": 8, + "forks_count": 4, + "forks": 4, + "watchers": 8, "score": 0 }, { diff --git a/2020/CVE-2020-7931.json b/2020/CVE-2020-7931.json index 7fa2063f43..00ac10b1ca 100644 --- a/2020/CVE-2020-7931.json +++ b/2020/CVE-2020-7931.json @@ -17,8 +17,8 @@ "pushed_at": "2020-03-12T06:55:39Z", "stargazers_count": 14, "watchers_count": 14, - "forks_count": 4, - "forks": 4, + "forks_count": 5, + "forks": 5, "watchers": 14, "score": 0 } diff --git a/2020/CVE-2020-8515.json b/2020/CVE-2020-8515.json index cb69ba5dd0..e81de10931 100644 --- a/2020/CVE-2020-8515.json +++ b/2020/CVE-2020-8515.json @@ -17,8 +17,8 @@ "pushed_at": "2020-03-30T03:33:37Z", "stargazers_count": 8, "watchers_count": 8, - "forks_count": 3, - "forks": 3, + "forks_count": 4, + "forks": 4, "watchers": 8, "score": 0 }, @@ -36,13 +36,13 @@ "description": "nmap script to detect CVE-2020-8515 on Draytek Devices", "fork": false, "created_at": "2020-03-31T05:40:11Z", - "updated_at": "2020-04-08T13:37:20Z", + "updated_at": "2020-04-16T01:13:18Z", "pushed_at": "2020-04-08T13:37:18Z", - "stargazers_count": 0, - "watchers_count": 0, - "forks_count": 0, - "forks": 0, - "watchers": 0, + "stargazers_count": 1, + "watchers_count": 1, + "forks_count": 1, + "forks": 1, + "watchers": 1, "score": 0 } ] \ No newline at end of file diff --git a/2020/CVE-2020-8840.json b/2020/CVE-2020-8840.json index 0ce9e991e2..01c78c4e9b 100644 --- a/2020/CVE-2020-8840.json +++ b/2020/CVE-2020-8840.json @@ -40,8 +40,8 @@ "pushed_at": "2020-02-23T03:54:40Z", "stargazers_count": 2, "watchers_count": 2, - "forks_count": 2, - "forks": 2, + "forks_count": 3, + "forks": 3, "watchers": 2, "score": 0 }, diff --git a/README.md b/README.md index 67f2253ab9..0370ba2e12 100644 --- a/README.md +++ b/README.md @@ -7015,6 +7015,22 @@ TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in ## 2017 +### CVE-2017-0038 + + +gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220. + + +- [k0keoyo/CVE-2017-0038-EXP-C-JS](https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS) + +### CVE-2017-0065 + + +Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068. + + +- [Dankirk/cve-2017-0065](https://github.com/Dankirk/cve-2017-0065) + ### CVE-2017-0075 @@ -7023,6 +7039,30 @@ Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows - [4B5F5F4B/HyperV](https://github.com/4B5F5F4B/HyperV) +### CVE-2017-0106 + + +Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." + + +- [ryhanson/CVE-2017-0106](https://github.com/ryhanson/CVE-2017-0106) + +### CVE-2017-0108 + + +The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014. + + +- [homjxi0e/CVE-2017-0108](https://github.com/homjxi0e/CVE-2017-0108) + +### CVE-2017-0143 + + +The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. + + +- [valarauco/wannafind](https://github.com/valarauco/wannafind) + ### CVE-2017-0144 @@ -7032,13 +7072,31 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - [peterpt/eternal_scanner](https://github.com/peterpt/eternal_scanner) - [kimocoder/eternalblue](https://github.com/kimocoder/eternalblue) +### CVE-2017-0145 + + +The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. + + +- [MelonSmasher/chef_tissues](https://github.com/MelonSmasher/chef_tissues) + ### CVE-2017-0199 Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." +- [ryhanson/CVE-2017-0199](https://github.com/ryhanson/CVE-2017-0199) +- [SyFi/cve-2017-0199](https://github.com/SyFi/cve-2017-0199) - [bhdresh/CVE-2017-0199](https://github.com/bhdresh/CVE-2017-0199) +- [NotAwful/CVE-2017-0199-Fix](https://github.com/NotAwful/CVE-2017-0199-Fix) +- [haibara3839/CVE-2017-0199-master](https://github.com/haibara3839/CVE-2017-0199-master) +- [Exploit-install/CVE-2017-0199](https://github.com/Exploit-install/CVE-2017-0199) +- [zakybstrd21215/PoC-CVE-2017-0199](https://github.com/zakybstrd21215/PoC-CVE-2017-0199) +- [n1shant-sinha/CVE-2017-0199](https://github.com/n1shant-sinha/CVE-2017-0199) +- [kn0wm4d/htattack](https://github.com/kn0wm4d/htattack) +- [joke998/Cve-2017-0199](https://github.com/joke998/Cve-2017-0199) +- [joke998/Cve-2017-0199-](https://github.com/joke998/Cve-2017-0199-) - [r0otshell/Microsoft-Word-CVE-2017-0199-](https://github.com/r0otshell/Microsoft-Word-CVE-2017-0199-) - [viethdgit/CVE-2017-0199](https://github.com/viethdgit/CVE-2017-0199) - [nicpenning/RTF-Cleaner](https://github.com/nicpenning/RTF-Cleaner) @@ -7046,12 +7104,21 @@ Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, - [jacobsoo/RTF-Cleaner](https://github.com/jacobsoo/RTF-Cleaner) - [denmilu/CVE-2017-0199](https://github.com/denmilu/CVE-2017-0199) +### CVE-2017-0204 + + +Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." + + +- [ryhanson/CVE-2017-0204](https://github.com/ryhanson/CVE-2017-0204) + ### CVE-2017-0213 Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214. +- [shaheemirza/CVE-2017-0213-](https://github.com/shaheemirza/CVE-2017-0213-) - [zcgonvh/CVE-2017-0213](https://github.com/zcgonvh/CVE-2017-0213) - [billa3283/CVE-2017-0213](https://github.com/billa3283/CVE-2017-0213) - [denmilu/CVE-2017-0213](https://github.com/denmilu/CVE-2017-0213) @@ -7083,6 +7150,14 @@ The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows - [R06otMD5/cve-2017-0263-poc](https://github.com/R06otMD5/cve-2017-0263-poc) +### CVE-2017-0290 + + +The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." + + +- [homjxi0e/CVE-2017-0290-](https://github.com/homjxi0e/CVE-2017-0290-) + ### CVE-2017-0411 @@ -7097,6 +7172,7 @@ An elevation of privilege vulnerability in the Framework APIs could enable a loc A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716. +- [JiounDai/CVE-2017-0478](https://github.com/JiounDai/CVE-2017-0478) - [denmilu/CVE-2017-0478](https://github.com/denmilu/CVE-2017-0478) ### CVE-2017-0541 @@ -7105,6 +7181,7 @@ A remote code execution vulnerability in the Framesequence library could enable A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34031018. +- [JiounDai/CVE-2017-0541](https://github.com/JiounDai/CVE-2017-0541) - [denmilu/CVE-2017-0541](https://github.com/denmilu/CVE-2017-0541) ### CVE-2017-0554 @@ -7172,6 +7249,9 @@ An elevation of privilege vulnerability in the Android framework (ui framework). - [kpatsakis/PoC_CVE-2017-0807](https://github.com/kpatsakis/PoC_CVE-2017-0807) +### CVE-2017-1000000 +- [smythtech/DWF-CVE-2017-1000000](https://github.com/smythtech/DWF-CVE-2017-1000000) + ### CVE-2017-1000083 @@ -7256,6 +7336,16 @@ Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerab - [vulhub/CVE-2017-1000353](https://github.com/vulhub/CVE-2017-1000353) +### CVE-2017-1000367 + + +Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. + + +- [c0d3z3r0/sudo-CVE-2017-1000367](https://github.com/c0d3z3r0/sudo-CVE-2017-1000367) +- [homjxi0e/CVE-2017-1000367](https://github.com/homjxi0e/CVE-2017-1000367) +- [pucerpocok/sudo_exploit](https://github.com/pucerpocok/sudo_exploit) + ### CVE-2017-1000405 @@ -8022,6 +8112,9 @@ An issue was discovered in certain Apple products. iOS before 10.2.1 is affected An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app. +- [maximehip/extra_recipe](https://github.com/maximehip/extra_recipe) +- [JackBro/extra_recipe](https://github.com/JackBro/extra_recipe) +- [Rootkitsmm/extra_recipe-iOS-10.2](https://github.com/Rootkitsmm/extra_recipe-iOS-10.2) - [Peterpan0927/CVE-2017-2370](https://github.com/Peterpan0927/CVE-2017-2370) ### CVE-2017-2388 @@ -8032,6 +8125,14 @@ An issue was discovered in certain Apple products. macOS before 10.12.4 is affec - [bazad/IOFireWireFamily-null-deref](https://github.com/bazad/IOFireWireFamily-null-deref) +### CVE-2017-2636 + + +Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. + + +- [alexzorin/cve-2017-2636-el](https://github.com/alexzorin/cve-2017-2636-el) + ### CVE-2017-2666 @@ -8040,6 +8141,14 @@ It was discovered in Undertow that the code that parsed the HTTP request line pe - [tafamace/CVE-2017-2666](https://github.com/tafamace/CVE-2017-2666) +### CVE-2017-2671 + + +The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call. + + +- [homjxi0e/CVE-2017-2671](https://github.com/homjxi0e/CVE-2017-2671) + ### CVE-2017-2751 @@ -8114,12 +8223,21 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - [ianxtianxt/CVE-2017-3506](https://github.com/ianxtianxt/CVE-2017-3506) +### CVE-2017-3599 + + +Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet. + + +- [SECFORCE/CVE-2017-3599](https://github.com/SECFORCE/CVE-2017-3599) + ### CVE-2017-3730 In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. +- [guidovranken/CVE-2017-3730](https://github.com/guidovranken/CVE-2017-3730) - [ymmah/OpenSSL-CVE-2017-3730](https://github.com/ymmah/OpenSSL-CVE-2017-3730) ### CVE-2017-3881 @@ -8128,6 +8246,10 @@ In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters fo A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893. +- [artkond/cisco-rce](https://github.com/artkond/cisco-rce) +- [homjxi0e/CVE-2017-3881-exploit-cisco-](https://github.com/homjxi0e/CVE-2017-3881-exploit-cisco-) +- [homjxi0e/CVE-2017-3881-Cisco](https://github.com/homjxi0e/CVE-2017-3881-Cisco) +- [zakybstrd21215/PoC-CVE-2017-3881](https://github.com/zakybstrd21215/PoC-CVE-2017-3881) - [1337g/CVE-2017-3881](https://github.com/1337g/CVE-2017-3881) ### CVE-2017-4490 @@ -8145,6 +8267,14 @@ An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications t - [cved-sources/cve-2017-4971](https://github.com/cved-sources/cve-2017-4971) +### CVE-2017-5005 + + +Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation. + + +- [payatu/QuickHeal](https://github.com/payatu/QuickHeal) + ### CVE-2017-5007 @@ -8175,6 +8305,14 @@ An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method a - [cscli/CVE-2017-5223](https://github.com/cscli/CVE-2017-5223) +### CVE-2017-5415 + + +An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52. + + +- [649/CVE-2017-5415](https://github.com/649/CVE-2017-5415) + ### CVE-2017-5487 @@ -8185,17 +8323,54 @@ wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST AP - [R3K1NG/wpUsersScan](https://github.com/R3K1NG/wpUsersScan) - [GeunSam2/CVE-2017-5487](https://github.com/GeunSam2/CVE-2017-5487) +### CVE-2017-5633 + + +Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. + + +- [cardangi/Exploit-CVE-2017-5633](https://github.com/cardangi/Exploit-CVE-2017-5633) + ### CVE-2017-5638 The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. +- [PolarisLab/S2-045](https://github.com/PolarisLab/S2-045) +- [Flyteas/Struts2-045-Exp](https://github.com/Flyteas/Struts2-045-Exp) +- [bongbongco/cve-2017-5638](https://github.com/bongbongco/cve-2017-5638) +- [jas502n/S2-045-EXP-POC-TOOLS](https://github.com/jas502n/S2-045-EXP-POC-TOOLS) +- [mthbernardes/strutszeiro](https://github.com/mthbernardes/strutszeiro) +- [xsscx/cve-2017-5638](https://github.com/xsscx/cve-2017-5638) +- [immunio/apache-struts2-CVE-2017-5638](https://github.com/immunio/apache-struts2-CVE-2017-5638) +- [Masahiro-Yamada/OgnlContentTypeRejectorValve](https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve) +- [aljazceru/CVE-2017-5638-Apache-Struts2](https://github.com/aljazceru/CVE-2017-5638-Apache-Struts2) +- [sjitech/test_struts2_vulnerability_CVE-2017-5638](https://github.com/sjitech/test_struts2_vulnerability_CVE-2017-5638) +- [jrrombaldo/CVE-2017-5638](https://github.com/jrrombaldo/CVE-2017-5638) +- [random-robbie/CVE-2017-5638](https://github.com/random-robbie/CVE-2017-5638) - [initconf/CVE-2017-5638_struts](https://github.com/initconf/CVE-2017-5638_struts) - [mazen160/struts-pwn](https://github.com/mazen160/struts-pwn) +- [ret2jazzy/Struts-Apache-ExploitPack](https://github.com/ret2jazzy/Struts-Apache-ExploitPack) +- [lolwaleet/ExpStruts](https://github.com/lolwaleet/ExpStruts) +- [oktavianto/CVE-2017-5638-Apache-Struts2](https://github.com/oktavianto/CVE-2017-5638-Apache-Struts2) +- [jrrdev/cve-2017-5638](https://github.com/jrrdev/cve-2017-5638) +- [opt9/Strutshock](https://github.com/opt9/Strutshock) +- [falcon-lnhg/StrutsShell](https://github.com/falcon-lnhg/StrutsShell) +- [bhagdave/CVE-2017-5638](https://github.com/bhagdave/CVE-2017-5638) - [jas502n/st2-046-poc](https://github.com/jas502n/st2-046-poc) +- [KarzsGHR/S2-046_S2-045_POC](https://github.com/KarzsGHR/S2-046_S2-045_POC) +- [gsfish/S2-Reaper](https://github.com/gsfish/S2-Reaper) +- [mcassano/cve-2017-5638](https://github.com/mcassano/cve-2017-5638) +- [opt9/Strutscli](https://github.com/opt9/Strutscli) - [tahmed11/strutsy](https://github.com/tahmed11/strutsy) +- [payatu/CVE-2017-5638](https://github.com/payatu/CVE-2017-5638) +- [Aasron/Struts2-045-Exp](https://github.com/Aasron/Struts2-045-Exp) - [SpiderMate/Stutsfi](https://github.com/SpiderMate/Stutsfi) +- [jpacora/Struts2Shell](https://github.com/jpacora/Struts2Shell) +- [Reslient/Apache-Struts](https://github.com/Reslient/Apache-Struts) +- [AndreasKl/CVE-2017-5638](https://github.com/AndreasKl/CVE-2017-5638) +- [riyazwalikar/struts-rce-cve-2017-5638](https://github.com/riyazwalikar/struts-rce-cve-2017-5638) - [homjxi0e/CVE-2017-5638](https://github.com/homjxi0e/CVE-2017-5638) - [eeehit/CVE-2017-5638](https://github.com/eeehit/CVE-2017-5638) - [r0otshell/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner](https://github.com/r0otshell/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner) @@ -8235,7 +8410,10 @@ In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). +- [CerberusSecurity/CVE-2017-5689](https://github.com/CerberusSecurity/CVE-2017-5689) - [x1sec/amthoneypot](https://github.com/x1sec/amthoneypot) +- [Bijaye/intel_amt_bypass](https://github.com/Bijaye/intel_amt_bypass) +- [prototux/amt-bypass-test](https://github.com/prototux/amt-bypass-test) - [embedi/amt_auth_bypass_poc](https://github.com/embedi/amt_auth_bypass_poc) ### CVE-2017-5693 @@ -8339,6 +8517,14 @@ D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DG - [varangamin/CVE-2017-6206](https://github.com/varangamin/CVE-2017-6206) +### CVE-2017-6370 + + +TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. + + +- [faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request](https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request) + ### CVE-2017-6558 @@ -8378,6 +8564,7 @@ Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6. AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. +- [patrickfreed/nfsen-exploit](https://github.com/patrickfreed/nfsen-exploit) - [KeyStrOke95/nfsen_1.3.7_CVE-2017-6971](https://github.com/KeyStrOke95/nfsen_1.3.7_CVE-2017-6971) ### CVE-2017-7038 @@ -8439,13 +8626,32 @@ The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel - [rockl/cve-2017-7184](https://github.com/rockl/cve-2017-7184) - [rockl/cve-2017-7184-bak](https://github.com/rockl/cve-2017-7184-bak) +### CVE-2017-7188 + + +Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. + + +- [faizzaidi/Zurmo-Stable-3.1.1-XSS-By-Provensec-LLC](https://github.com/faizzaidi/Zurmo-Stable-3.1.1-XSS-By-Provensec-LLC) + ### CVE-2017-7269 Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. +- [eliuha/webdav_exploit](https://github.com/eliuha/webdav_exploit) - [lcatro/CVE-2017-7269-Echo-PoC](https://github.com/lcatro/CVE-2017-7269-Echo-PoC) +- [caicai1355/CVE-2017-7269-exploit](https://github.com/caicai1355/CVE-2017-7269-exploit) +- [M1a0rz/CVE-2017-7269](https://github.com/M1a0rz/CVE-2017-7269) +- [whiteHat001/cve-2017-7269picture](https://github.com/whiteHat001/cve-2017-7269picture) +- [zcgonvh/cve-2017-7269](https://github.com/zcgonvh/cve-2017-7269) +- [jrrombaldo/CVE-2017-7269](https://github.com/jrrombaldo/CVE-2017-7269) +- [g0rx/iis6-exploit-2017-CVE-2017-7269](https://github.com/g0rx/iis6-exploit-2017-CVE-2017-7269) +- [slimpagey/IIS_6.0_WebDAV_Ruby](https://github.com/slimpagey/IIS_6.0_WebDAV_Ruby) +- [homjxi0e/cve-2017-7269](https://github.com/homjxi0e/cve-2017-7269) +- [xiaovpn/CVE-2017-7269](https://github.com/xiaovpn/CVE-2017-7269) +- [zcgonvh/cve-2017-7269-tool](https://github.com/zcgonvh/cve-2017-7269-tool) - [mirrorblack/CVE-2017-7269](https://github.com/mirrorblack/CVE-2017-7269) - [Al1ex/CVE-2017-7269](https://github.com/Al1ex/CVE-2017-7269) @@ -8457,6 +8663,14 @@ Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 all - [ww9210/cve-2017-7374](https://github.com/ww9210/cve-2017-7374) +### CVE-2017-7472 + + +The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls. + + +- [homjxi0e/CVE-2017-7472](https://github.com/homjxi0e/CVE-2017-7472) + ### CVE-2017-7494 @@ -8464,7 +8678,10 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r - [betab0t/cve-2017-7494](https://github.com/betab0t/cve-2017-7494) +- [homjxi0e/CVE-2017-7494](https://github.com/homjxi0e/CVE-2017-7494) - [opsxcq/exploit-CVE-2017-7494](https://github.com/opsxcq/exploit-CVE-2017-7494) +- [Waffles-2/SambaCry](https://github.com/Waffles-2/SambaCry) +- [brianwrf/SambaHunter](https://github.com/brianwrf/SambaHunter) - [joxeankoret/CVE-2017-7494](https://github.com/joxeankoret/CVE-2017-7494) - [Zer0d0y/Samba-CVE-2017-7494](https://github.com/Zer0d0y/Samba-CVE-2017-7494) - [incredible1yu/CVE-2017-7494](https://github.com/incredible1yu/CVE-2017-7494) @@ -8496,6 +8713,14 @@ Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer - [mpalonso/ferni](https://github.com/mpalonso/ferni) - [MaxSecurity/CVE-2017-7529-POC](https://github.com/MaxSecurity/CVE-2017-7529-POC) +### CVE-2017-7648 + + +Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. + + +- [notmot/CVE-2017-7648.](https://github.com/notmot/CVE-2017-7648.) + ### CVE-2017-7679 @@ -8542,8 +8767,18 @@ Malicious PATCH requests submitted to servers using Spring Data REST versions pr WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. +- [homjxi0e/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset](https://github.com/homjxi0e/CVE-2017-8295-WordPress-4.7.4---Unauthorized-Password-Reset) +- [alash3al/wp-allowed-hosts](https://github.com/alash3al/wp-allowed-hosts) - [cyberheartmi9/CVE-2017-8295](https://github.com/cyberheartmi9/CVE-2017-8295) +### CVE-2017-8382 + + +admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts. + + +- [faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc](https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc) + ### CVE-2017-8464 @@ -8641,6 +8876,14 @@ An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is X - [Voraka/cve-2017-8760](https://github.com/Voraka/cve-2017-8760) +### CVE-2017-8779 + + +rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. + + +- [drbothen/GO-RPCBOMB](https://github.com/drbothen/GO-RPCBOMB) + ### CVE-2017-8802 @@ -8673,6 +8916,7 @@ The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. +- [brianwrf/Joomla3.7-SQLi-CVE-2017-8917](https://github.com/brianwrf/Joomla3.7-SQLi-CVE-2017-8917) - [stefanlucas/Exploit-Joomla](https://github.com/stefanlucas/Exploit-Joomla) - [cved-sources/cve-2017-8917](https://github.com/cved-sources/cve-2017-8917) @@ -8717,6 +8961,7 @@ Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code vi Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string. +- [homjxi0e/CVE-2017-9430](https://github.com/homjxi0e/CVE-2017-9430) - [j0lama/Dnstracer-1.9-Fix](https://github.com/j0lama/Dnstracer-1.9-Fix) ### CVE-2017-9476 @@ -12772,6 +13017,14 @@ Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote a ## 2003 +### CVE-2003-0222 + + +Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter. + + +- [phamthanhsang280477/CVE-2003-0222](https://github.com/phamthanhsang280477/CVE-2003-0222) + ### CVE-2003-0264 @@ -12779,7 +13032,9 @@ Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execut - [adenkiewicz/CVE-2003-0264](https://github.com/adenkiewicz/CVE-2003-0264) +- [fyoderxx/slmail-exploit](https://github.com/fyoderxx/slmail-exploit) - [war4uthor/CVE-2003-0264](https://github.com/war4uthor/CVE-2003-0264) +- [pwncone/CVE-2003-0264-SLmail-5.5](https://github.com/pwncone/CVE-2003-0264-SLmail-5.5) ## 2002