mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/11/10 12:32:24

Browse source
This commit is contained in:
motikan2010-bot 2024-11-10 21:32:25 +09:00
parent 2f328e6d4d
commit ec58e9b967
28 changed files with 256 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
2018/CVE-2018-16431.json
View file

@ -11,10 +11,10 @@
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/RHYru9\/CVE-2018-16431",
"description": "Mass scanner , and single for CVE-2018-16431",
"description": "CVE-2018-16431 mass scanner and single target scan.",
"fork": false,
"created_at": "2024-04-04T19:31:57Z",
"updated_at": "2024-11-07T13:42:53Z",
"updated_at": "2024-11-10T08:05:27Z",
"pushed_at": "2024-11-07T13:42:49Z",
"stargazers_count": 1,
"watchers_count": 1,

8
2019/CVE-2019-9599.json
View file

@ -14,10 +14,10 @@
"description": "Programa ideal para robar toda la información de un dispositivo remotamente a través de la aplicación AirDroid. [CVE-2019-9599] (https:\/\/www.exploit-db.com\/exploits\/46337)",
"fork": false,
"created_at": "2019-02-09T02:18:37Z",
"updated_at": "2024-11-09T17:29:38Z",
"updated_at": "2024-11-10T07:09:42Z",
"pushed_at": "2019-11-03T17:29:56Z",
"stargazers_count": 54,
"watchers_count": 54,
"stargazers_count": 55,
"watchers_count": 55,
"has_discussions": false,
"forks_count": 6,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 6,
"watchers": 54,
"watchers": 55,
"score": 0,
"subscribers_count": 2
}

8
2020/CVE-2020-1350.json
View file

@ -62,10 +62,10 @@
"description": "HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.",
"fork": false,
"created_at": "2020-07-14T19:02:25Z",
"updated_at": "2024-08-12T20:03:44Z",
"updated_at": "2024-11-10T12:13:04Z",
"pushed_at": "2021-06-10T02:46:52Z",
"stargazers_count": 280,
"watchers_count": 280,
"stargazers_count": 281,
"watchers_count": 281,
"has_discussions": false,
"forks_count": 72,
"allow_forking": true,
@ -77,7 +77,7 @@
],
"visibility": "public",
"forks": 72,
"watchers": 280,
"watchers": 281,
"score": 0,
"subscribers_count": 11
},

8
2021/CVE-2021-25374.json
View file

@ -14,10 +14,10 @@
"description": "This script can be used to gain access to a victim's Samsung Account if they have a specific version of Samsung Members installed on their Samsung Device, and if the victim's device is from the US or Korea region.",
"fork": false,
"created_at": "2021-04-10T09:23:52Z",
"updated_at": "2024-08-12T20:12:01Z",
"updated_at": "2024-11-10T11:43:59Z",
"pushed_at": "2024-02-25T02:15:22Z",
"stargazers_count": 22,
"watchers_count": 22,
"stargazers_count": 23,
"watchers_count": 23,
"has_discussions": false,
"forks_count": 19,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 19,
"watchers": 22,
"watchers": 23,
"score": 0,
"subscribers_count": 8
}

8
2022/CVE-2022-21882.json
View file

@ -76,10 +76,10 @@
"description": null,
"fork": false,
"created_at": "2022-02-03T11:25:14Z",
"updated_at": "2024-10-29T16:57:35Z",
"updated_at": "2024-11-10T10:54:56Z",
"pushed_at": "2022-02-04T02:20:47Z",
"stargazers_count": 193,
"watchers_count": 193,
"stargazers_count": 194,
"watchers_count": 194,
"has_discussions": false,
"forks_count": 53,
"allow_forking": true,
@ -88,7 +88,7 @@
"topics": [],
"visibility": "public",
"forks": 53,
"watchers": 193,
"watchers": 194,
"score": 0,
"subscribers_count": 5
},

8
2022/CVE-2022-25845.json
View file

@ -107,10 +107,10 @@
"description": "CVE-2022-25845(fastjson1.2.80) exploit in Spring Env!",
"fork": false,
"created_at": "2024-11-07T13:06:44Z",
"updated_at": "2024-11-10T06:14:43Z",
"updated_at": "2024-11-10T12:22:26Z",
"pushed_at": "2024-11-07T13:38:18Z",
"stargazers_count": 34,
"watchers_count": 34,
"stargazers_count": 36,
"watchers_count": 36,
"has_discussions": false,
"forks_count": 7,
"allow_forking": true,
@ -119,7 +119,7 @@
"topics": [],
"visibility": "public",
"forks": 7,
"watchers": 34,
"watchers": 36,
"score": 0,
"subscribers_count": 1
}

8
2022/CVE-2022-26134.json
View file

@ -14,10 +14,10 @@
"description": "【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。",
"fork": false,
"created_at": "2022-05-31T07:44:01Z",
"updated_at": "2024-11-06T09:39:02Z",
"updated_at": "2024-11-10T08:41:35Z",
"pushed_at": "2023-02-26T14:06:05Z",
"stargazers_count": 1165,
"watchers_count": 1165,
"stargazers_count": 1166,
"watchers_count": 1166,
"has_discussions": true,
"forks_count": 190,
"allow_forking": true,
@ -46,7 +46,7 @@
],
"visibility": "public",
"forks": 190,
"watchers": 1165,
"watchers": 1166,
"score": 0,
"subscribers_count": 19
},

4
2023/CVE-2023-21768.json
View file

@ -81,7 +81,7 @@
"stargazers_count": 175,
"watchers_count": 175,
"has_discussions": false,
"forks_count": 36,
"forks_count": 35,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -95,7 +95,7 @@
"windows"
],
"visibility": "public",
"forks": 36,
"forks": 35,
"watchers": 175,
"score": 0,
"subscribers_count": 3

8
2023/CVE-2023-32784.json
View file

@ -203,10 +203,10 @@
"description": "Retrieve the master password of a keepass database <= 2.53.1",
"fork": false,
"created_at": "2023-08-30T16:42:19Z",
"updated_at": "2024-11-08T16:03:11Z",
"updated_at": "2024-11-10T12:00:01Z",
"pushed_at": "2023-08-30T16:46:07Z",
"stargazers_count": 1,
"watchers_count": 1,
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -215,7 +215,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 1
},

4
2023/CVE-2023-45866.json
View file

@ -19,13 +19,13 @@
"stargazers_count": 1259,
"watchers_count": 1259,
"has_discussions": false,
"forks_count": 211,
"forks_count": 212,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 211,
"forks": 212,
"watchers": 1259,
"score": 0,
"subscribers_count": 20

8
2023/CVE-2023-6553.json
View file

@ -14,10 +14,10 @@
"description": "Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution",
"fork": false,
"created_at": "2023-12-13T20:26:59Z",
"updated_at": "2024-10-22T07:08:39Z",
"updated_at": "2024-11-10T09:46:48Z",
"pushed_at": "2024-02-06T23:22:31Z",
"stargazers_count": 71,
"watchers_count": 71,
"stargazers_count": 72,
"watchers_count": 72,
"has_discussions": false,
"forks_count": 23,
"allow_forking": true,
@ -40,7 +40,7 @@
],
"visibility": "public",
"forks": 23,
"watchers": 71,
"watchers": 72,
"score": 0,
"subscribers_count": 2
},

8
2024/CVE-2024-0044.json
View file

@ -45,10 +45,10 @@
"description": "CVE-2024-0044: a \"run-as any app\" high-severity vulnerability affecting Android versions 12 and 13",
"fork": false,
"created_at": "2024-06-18T12:30:53Z",
"updated_at": "2024-11-07T12:10:07Z",
"updated_at": "2024-11-10T09:45:40Z",
"pushed_at": "2024-07-25T18:12:57Z",
"stargazers_count": 253,
"watchers_count": 253,
"stargazers_count": 254,
"watchers_count": 254,
"has_discussions": false,
"forks_count": 58,
"allow_forking": true,
@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 58,
"watchers": 253,
"watchers": 254,
"score": 0,
"subscribers_count": 6
},

18
2024/CVE-2024-10008.json → 2024/CVE-2024-10586.json
View file

@ -1,8 +1,8 @@
[
{
"id": 885886831,
"name": "CVE-2024-10008",
"full_name": "RandomRobbieBF\/CVE-2024-10008",
"id": 886165127,
"name": "CVE-2024-10586",
"full_name": "RandomRobbieBF\/CVE-2024-10586",
"owner": {
"login": "RandomRobbieBF",
"id": 51722811,
@ -10,12 +10,12 @@
"html_url": "https:\/\/github.com\/RandomRobbieBF",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/RandomRobbieBF\/CVE-2024-10008",
"description": "Masteriyo LMS eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege Escalation",
"html_url": "https:\/\/github.com\/RandomRobbieBF\/CVE-2024-10586",
"description": "Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation",
"fork": false,
"created_at": "2024-11-09T16:48:32Z",
"updated_at": "2024-11-09T16:48:36Z",
"pushed_at": "2024-11-09T16:48:33Z",
"created_at": "2024-11-10T11:30:05Z",
"updated_at": "2024-11-10T11:30:49Z",
"pushed_at": "2024-11-10T11:30:46Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
@ -28,6 +28,6 @@
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 1
"subscribers_count": 0
}
]

39
2024/CVE-2024-10914.json
View file

@ -29,5 +29,44 @@
"watchers": 0,
"score": 0,
"subscribers_count": 1
},
{
"id": 886174538,
"name": "CVE-2024-10914",
"full_name": "verylazytech\/CVE-2024-10914",
"owner": {
"login": "verylazytech",
"id": 172168670,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/172168670?v=4",
"html_url": "https:\/\/github.com\/verylazytech",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/verylazytech\/CVE-2024-10914",
"description": "POC - CVE-202410914- Command Injection Vulnerability in `name` parameter for D-Link NAS",
"fork": false,
"created_at": "2024-11-10T12:01:21Z",
"updated_at": "2024-11-10T12:27:49Z",
"pushed_at": "2024-11-10T12:13:16Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [
"cve-2024-10914",
"d-link-nas",
"lfi",
"lfi-exploitation",
"poc",
"rce-exploit",
"unauthenticated-rce"
],
"visibility": "public",
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 0
}
]

4
2024/CVE-2024-23692.json
View file

@ -293,8 +293,8 @@
"description": "POC - Unauthenticated RCE Flaw in Rejetto HTTP File Server - CVE-2024-23692 ",
"fork": false,
"created_at": "2024-09-15T12:15:35Z",
"updated_at": "2024-11-07T15:27:52Z",
"pushed_at": "2024-09-19T09:23:59Z",
"updated_at": "2024-11-10T12:08:49Z",
"pushed_at": "2024-11-10T12:08:45Z",
"stargazers_count": 28,
"watchers_count": 28,
"has_discussions": false,

8
2024/CVE-2024-25600.json
View file

@ -14,10 +14,10 @@
"description": "Unauthenticated Remote Code Execution Bricks <= 1.9.6",
"fork": false,
"created_at": "2024-02-20T20:16:09Z",
"updated_at": "2024-11-09T10:18:33Z",
"updated_at": "2024-11-10T09:37:02Z",
"pushed_at": "2024-02-25T21:50:09Z",
"stargazers_count": 147,
"watchers_count": 147,
"stargazers_count": 148,
"watchers_count": 148,
"has_discussions": false,
"forks_count": 32,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 32,
"watchers": 147,
"watchers": 148,
"score": 0,
"subscribers_count": 3
},

8
2024/CVE-2024-32002.json
View file

@ -81,7 +81,7 @@
"stargazers_count": 511,
"watchers_count": 511,
"has_discussions": false,
"forks_count": 144,
"forks_count": 145,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -92,7 +92,7 @@
"rce"
],
"visibility": "public",
"forks": 144,
"forks": 145,
"watchers": 511,
"score": 0,
"subscribers_count": 3
@ -117,13 +117,13 @@
"stargazers_count": 15,
"watchers_count": 15,
"has_discussions": false,
"forks_count": 27,
"forks_count": 28,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 27,
"forks": 28,
"watchers": 15,
"score": 0,
"subscribers_count": 1

8
2024/CVE-2024-38063.json
View file

@ -265,10 +265,10 @@
"description": "poc for CVE-2024-38063 (RCE in tcpip.sys)",
"fork": false,
"created_at": "2024-08-24T18:25:46Z",
"updated_at": "2024-11-06T20:21:23Z",
"updated_at": "2024-11-10T12:30:06Z",
"pushed_at": "2024-08-27T12:22:39Z",
"stargazers_count": 616,
"watchers_count": 616,
"stargazers_count": 617,
"watchers_count": 617,
"has_discussions": false,
"forks_count": 112,
"allow_forking": true,
@ -277,7 +277,7 @@
"topics": [],
"visibility": "public",
"forks": 112,
"watchers": 616,
"watchers": 617,
"score": 0,
"subscribers_count": 4
},

4
2024/CVE-2024-38821.json
View file

@ -45,8 +45,8 @@
"description": null,
"fork": false,
"created_at": "2024-11-01T15:03:12Z",
"updated_at": "2024-11-04T10:35:46Z",
"pushed_at": "2024-11-01T15:22:54Z",
"updated_at": "2024-11-10T09:55:28Z",
"pushed_at": "2024-11-10T09:55:25Z",
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,

8
2024/CVE-2024-39205.json
View file

@ -14,10 +14,10 @@
"description": "Pyload RCE with js2py sandbox escape ",
"fork": false,
"created_at": "2024-10-26T01:01:35Z",
"updated_at": "2024-11-01T07:00:33Z",
"updated_at": "2024-11-10T12:06:41Z",
"pushed_at": "2024-10-26T01:11:57Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 7,
"watchers_count": 7,
"has_discussions": false,
"forks_count": 2,
"allow_forking": true,
@ -30,7 +30,7 @@
],
"visibility": "public",
"forks": 2,
"watchers": 4,
"watchers": 7,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-44083.json
View file

@ -14,10 +14,10 @@
"description": "Makes IDA (most versions) to crash upon opening it. ",
"fork": false,
"created_at": "2024-08-25T12:33:14Z",
"updated_at": "2024-11-08T11:42:46Z",
"updated_at": "2024-11-10T12:03:30Z",
"pushed_at": "2024-08-30T09:58:12Z",
"stargazers_count": 62,
"watchers_count": 62,
"stargazers_count": 63,
"watchers_count": 63,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 62,
"watchers": 63,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-44902.json
View file

@ -14,10 +14,10 @@
"description": null,
"fork": false,
"created_at": "2024-09-05T15:22:22Z",
"updated_at": "2024-09-12T01:36:55Z",
"updated_at": "2024-11-10T10:53:38Z",
"pushed_at": "2024-09-07T02:15:05Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 1
}

12
2024/CVE-2024-45519.json
View file

@ -45,19 +45,19 @@
"description": "Zimbra - Remote Command Execution (CVE-2024-45519)",
"fork": false,
"created_at": "2024-10-05T00:15:18Z",
"updated_at": "2024-11-09T15:54:57Z",
"updated_at": "2024-11-10T10:41:55Z",
"pushed_at": "2024-11-05T10:10:40Z",
"stargazers_count": 110,
"watchers_count": 110,
"stargazers_count": 111,
"watchers_count": 111,
"has_discussions": false,
"forks_count": 16,
"forks_count": 17,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 16,
"watchers": 110,
"forks": 17,
"watchers": 111,
"score": 0,
"subscribers_count": 3
}

8
2024/CVE-2024-4956.json
View file

@ -138,10 +138,10 @@
"description": "[CVE-2024-4956] Nexus Repository Manager 3 Unauthenticated Path Traversal Bulk Scanner",
"fork": false,
"created_at": "2024-05-26T06:50:48Z",
"updated_at": "2024-09-26T23:28:23Z",
"updated_at": "2024-11-10T07:24:16Z",
"pushed_at": "2024-09-26T23:28:20Z",
"stargazers_count": 12,
"watchers_count": 12,
"stargazers_count": 13,
"watchers_count": 13,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -150,7 +150,7 @@
"topics": [],
"visibility": "public",
"forks": 4,
"watchers": 12,
"watchers": 13,
"score": 0,
"subscribers_count": 1
},

33
2024/CVE-2024-50335.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 884650375,
"name": "CVE-2024-50335",
"full_name": "shellkraft\/CVE-2024-50335",
"owner": {
"login": "shellkraft",
"id": 89618500,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/89618500?v=4",
"html_url": "https:\/\/github.com\/shellkraft",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/shellkraft\/CVE-2024-50335",
"description": null,
"fork": false,
"created_at": "2024-11-07T06:19:49Z",
"updated_at": "2024-11-10T11:15:21Z",
"pushed_at": "2024-11-07T06:51:47Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

33
2024/CVE-2024-50493.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 886111060,
"name": "CVE-2024-50493",
"full_name": "RandomRobbieBF\/CVE-2024-50493",
"owner": {
"login": "RandomRobbieBF",
"id": 51722811,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/51722811?v=4",
"html_url": "https:\/\/github.com\/RandomRobbieBF",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/RandomRobbieBF\/CVE-2024-50493",
"description": "Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload",
"fork": false,
"created_at": "2024-11-10T08:17:41Z",
"updated_at": "2024-11-10T08:18:31Z",
"pushed_at": "2024-11-10T08:18:28Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

33
2024/CVE-2024-51665.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 886174697,
"name": "CVE-2024-51665",
"full_name": "RandomRobbieBF\/CVE-2024-51665",
"owner": {
"login": "RandomRobbieBF",
"id": 51722811,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/51722811?v=4",
"html_url": "https:\/\/github.com\/RandomRobbieBF",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/RandomRobbieBF\/CVE-2024-51665",
"description": "Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery",
"fork": false,
"created_at": "2024-11-10T12:01:52Z",
"updated_at": "2024-11-10T12:02:48Z",
"pushed_at": "2024-11-10T12:02:45Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

36
README.md
View file

@ -1888,13 +1888,6 @@
- [amfg145/CVE-2024-9955-POC](https://github.com/amfg145/CVE-2024-9955-POC)
### CVE-2024-10008 (2024-10-29)
<code>The Masteriyo LMS eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes it possible for authenticated attackers, with student-level access and above, to modify the roles of arbitrary users. As a result, attackers can escalate their privileges to the Administrator and demote existing administrators to students.
</code>
- [RandomRobbieBF/CVE-2024-10008](https://github.com/RandomRobbieBF/CVE-2024-10008)
### CVE-2024-10140 (2024-10-19)
<code>Eine kritische Schwachstelle wurde in code-projects Pharmacy Management System 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /manage_supplier.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
@ -1951,6 +1944,13 @@
- [bevennyamande/CVE-2024-10557](https://github.com/bevennyamande/CVE-2024-10557)
### CVE-2024-10586 (2024-11-09)
<code>The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution.
</code>
- [RandomRobbieBF/CVE-2024-10586](https://github.com/RandomRobbieBF/CVE-2024-10586)
### CVE-2024-10605 (2024-10-31)
<code>Es wurde eine Schwachstelle in code-projects Blood Bank Management System 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /file/request.php. Durch die Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
@ -1971,6 +1971,7 @@
</code>
- [imnotcha0s/CVE-2024-10914](https://github.com/imnotcha0s/CVE-2024-10914)
- [verylazytech/CVE-2024-10914](https://github.com/verylazytech/CVE-2024-10914)
### CVE-2024-12883
- [mhtsec/cve-2024-12883](https://github.com/mhtsec/cve-2024-12883)
@ -6345,6 +6346,13 @@
- [RandomRobbieBF/CVE-2024-49681](https://github.com/RandomRobbieBF/CVE-2024-49681)
### CVE-2024-50335 (2024-11-05)
<code>SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The &quot;Publish Key&quot; field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. This can be exploited to steal CSRF tokens and perform unauthorized actions, such as creating new administrative users without proper authentication. The vulnerability arises due to insufficient input validation and sanitization of the Publish Key field within the SuiteCRM application. When an attacker injects a malicious script, it gets executed within the context of an authenticated user's session. The injected script (o.js) then leverages the captured CSRF token to forge requests that create new administrative users, effectively compromising the integrity and security of the CRM instance. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
</code>
- [shellkraft/CVE-2024-50335](https://github.com/shellkraft/CVE-2024-50335)
### CVE-2024-50340 (2024-11-06)
<code>symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
@ -6436,6 +6444,13 @@
- [RandomRobbieBF/CVE-2024-50490](https://github.com/RandomRobbieBF/CVE-2024-50490)
### CVE-2024-50493 (2024-10-29)
<code>Unrestricted Upload of File with Dangerous Type vulnerability in masterhomepage Automatic Translation allows Upload a Web Shell to a Web Server.This issue affects Automatic Translation: from n/a through 1.0.4.
</code>
- [RandomRobbieBF/CVE-2024-50493](https://github.com/RandomRobbieBF/CVE-2024-50493)
### CVE-2024-50498 (2024-10-28)
<code>Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
@ -6523,6 +6538,13 @@
- [ajayalf/CVE-2024-51567](https://github.com/ajayalf/CVE-2024-51567)
- [thehash007/CVE-2024-51567-RCE-EXPLOIT](https://github.com/thehash007/CVE-2024-51567-RCE-EXPLOIT)
### CVE-2024-51665 (2024-11-04)
<code>Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.
</code>
- [RandomRobbieBF/CVE-2024-51665](https://github.com/RandomRobbieBF/CVE-2024-51665)
### CVE-2024-1642470
- [Symbolexe/CVE-2024-1642470](https://github.com/Symbolexe/CVE-2024-1642470)