From f687cf902db64672604c3236aabda851d9fe2140 Mon Sep 17 00:00:00 2001 From: motikan2010-bot Date: Tue, 24 Dec 2024 09:31:38 +0900 Subject: [PATCH] Auto Update 2024/12/24 00:31:38 --- 2014/CVE-2014-0160.json | 8 ++++---- 2019/CVE-2019-9810.json | 8 ++++---- 2021/CVE-2021-31630.json | 8 ++++---- 2021/CVE-2021-44228.json | 16 ++++++++-------- 2022/CVE-2022-1015.json | 8 ++++---- 2022/CVE-2022-39275.json | 2 +- 2022/CVE-2022-45354.json | 39 --------------------------------------- 2023/CVE-2023-27532.json | 8 ++++---- 2023/CVE-2023-46604.json | 4 ++-- 2024/CVE-2024-20017.json | 8 ++++---- 2024/CVE-2024-21762.json | 4 ++-- 2024/CVE-2024-27130.json | 8 ++++---- 2024/CVE-2024-28987.json | 10 +++++----- 2024/CVE-2024-38200.json | 12 ++++++------ 2024/CVE-2024-50379.json | 4 ++-- 2024/CVE-2024-50623.json | 8 ++++---- 2024/CVE-2024-52002.json | 33 +++++++++++++++++++++++++++++++++ 2024/CVE-2024-53677.json | 8 ++++---- 2024/CVE-2024-8504.json | 8 ++++---- 2024/CVE-2024-9290.json | 40 ++++++++++++++++++++++++++++++++++++++++ README.md | 11 +++++++++-- 21 files changed, 148 insertions(+), 107 deletions(-) create mode 100644 2024/CVE-2024-52002.json diff --git a/2014/CVE-2014-0160.json b/2014/CVE-2014-0160.json index d30cb52dc4..4a689f83fe 100644 --- a/2014/CVE-2014-0160.json +++ b/2014/CVE-2014-0160.json @@ -1108,10 +1108,10 @@ "description": ":broken_heart: Hearbleed exploit to retrieve sensitive information CVE-2014-0160 :broken_heart:", "fork": false, "created_at": "2015-03-08T19:54:33Z", - "updated_at": "2024-11-14T20:34:27Z", + "updated_at": "2024-12-23T18:21:57Z", "pushed_at": "2021-02-20T19:41:03Z", - "stargazers_count": 80, - "watchers_count": 80, + "stargazers_count": 81, + "watchers_count": 81, "has_discussions": false, "forks_count": 42, "allow_forking": true, @@ -1120,7 +1120,7 @@ "topics": [], "visibility": "public", "forks": 42, - "watchers": 80, + "watchers": 81, "score": 0, "subscribers_count": 6 }, diff --git a/2019/CVE-2019-9810.json b/2019/CVE-2019-9810.json index 6cd0dd4c0f..a2e549ac70 100644 --- a/2019/CVE-2019-9810.json +++ b/2019/CVE-2019-9810.json @@ -14,10 +14,10 @@ "description": "Array.prototype.slice wrong alias information.", "fork": false, "created_at": "2019-03-25T02:33:18Z", - "updated_at": "2024-08-12T19:47:12Z", + "updated_at": "2024-12-23T19:57:22Z", "pushed_at": "2019-03-25T02:41:43Z", - "stargazers_count": 67, - "watchers_count": 67, + "stargazers_count": 68, + "watchers_count": 68, "has_discussions": false, "forks_count": 13, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 13, - "watchers": 67, + "watchers": 68, "score": 0, "subscribers_count": 4 }, diff --git a/2021/CVE-2021-31630.json b/2021/CVE-2021-31630.json index f27a70c07a..d6a676dc81 100644 --- a/2021/CVE-2021-31630.json +++ b/2021/CVE-2021-31630.json @@ -224,15 +224,15 @@ { "id": 818448931, "name": "cve-2021-31630", - "full_name": "adibabdala123\/cve-2021-31630", + "full_name": "ttps-byte\/cve-2021-31630", "owner": { - "login": "adibabdala123", + "login": "ttps-byte", "id": 76139191, "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76139191?v=4", - "html_url": "https:\/\/github.com\/adibabdala123", + "html_url": "https:\/\/github.com\/ttps-byte", "user_view_type": "public" }, - "html_url": "https:\/\/github.com\/adibabdala123\/cve-2021-31630", + "html_url": "https:\/\/github.com\/ttps-byte\/cve-2021-31630", "description": "This is a automation of cve-2021-31630 exploitation", "fork": false, "created_at": "2024-06-21T22:10:49Z", diff --git a/2021/CVE-2021-44228.json b/2021/CVE-2021-44228.json index d17b7e6e68..c5ef211f9f 100644 --- a/2021/CVE-2021-44228.json +++ b/2021/CVE-2021-44228.json @@ -14,10 +14,10 @@ "description": "Apache Log4j 远程代码执行", "fork": false, "created_at": "2021-12-09T15:27:38Z", - "updated_at": "2024-11-02T09:32:11Z", + "updated_at": "2024-12-23T21:14:37Z", "pushed_at": "2023-05-14T04:54:32Z", - "stargazers_count": 75, - "watchers_count": 75, + "stargazers_count": 76, + "watchers_count": 76, "has_discussions": false, "forks_count": 27, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 27, - "watchers": 75, + "watchers": 76, "score": 0, "subscribers_count": 2 }, @@ -935,10 +935,10 @@ "description": "A Proof-Of-Concept for the CVE-2021-44228 vulnerability. ", "fork": false, "created_at": "2021-12-10T23:19:28Z", - "updated_at": "2024-12-23T05:30:44Z", + "updated_at": "2024-12-23T21:14:48Z", "pushed_at": "2024-02-12T22:37:25Z", - "stargazers_count": 1811, - "watchers_count": 1811, + "stargazers_count": 1812, + "watchers_count": 1812, "has_discussions": false, "forks_count": 529, "allow_forking": true, @@ -952,7 +952,7 @@ ], "visibility": "public", "forks": 529, - "watchers": 1811, + "watchers": 1812, "score": 0, "subscribers_count": 26 }, diff --git a/2022/CVE-2022-1015.json b/2022/CVE-2022-1015.json index 0642ccda8e..c25244e79f 100644 --- a/2022/CVE-2022-1015.json +++ b/2022/CVE-2022-1015.json @@ -14,10 +14,10 @@ "description": "Local privilege escalation PoC for Linux kernel CVE-2022-1015", "fork": false, "created_at": "2022-04-02T03:27:11Z", - "updated_at": "2024-11-23T19:24:29Z", + "updated_at": "2024-12-23T23:38:25Z", "pushed_at": "2022-04-03T01:36:45Z", - "stargazers_count": 200, - "watchers_count": 200, + "stargazers_count": 202, + "watchers_count": 202, "has_discussions": false, "forks_count": 32, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 32, - "watchers": 200, + "watchers": 202, "score": 0, "subscribers_count": 7 }, diff --git a/2022/CVE-2022-39275.json b/2022/CVE-2022-39275.json index b8cb8eddc6..993699f2e0 100644 --- a/2022/CVE-2022-39275.json +++ b/2022/CVE-2022-39275.json @@ -15,7 +15,7 @@ "fork": false, "created_at": "2024-11-15T22:21:16Z", "updated_at": "2024-11-15T22:24:28Z", - "pushed_at": "2024-12-12T21:02:01Z", + "pushed_at": "2024-12-23T23:40:49Z", "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, diff --git a/2022/CVE-2022-45354.json b/2022/CVE-2022-45354.json index 62bace801d..89dd46e83a 100644 --- a/2022/CVE-2022-45354.json +++ b/2022/CVE-2022-45354.json @@ -29,44 +29,5 @@ "watchers": 0, "score": 0, "subscribers_count": 2 - }, - { - "id": 893013183, - "name": "CVE-2022-45354", - "full_name": "NekomataCode\/CVE-2022-45354", - "owner": { - "login": "NekomataCode", - "id": 173536806, - "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/173536806?v=4", - "html_url": "https:\/\/github.com\/NekomataCode", - "user_view_type": "public" - }, - "html_url": "https:\/\/github.com\/NekomataCode\/CVE-2022-45354", - "description": "CVE-2022-45354 Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API", - "fork": false, - "created_at": "2024-11-23T09:56:19Z", - "updated_at": "2024-11-24T00:04:48Z", - "pushed_at": "2024-11-24T00:04:45Z", - "stargazers_count": 0, - "watchers_count": 0, - "has_discussions": false, - "forks_count": 0, - "allow_forking": true, - "is_template": false, - "web_commit_signoff_required": false, - "topics": [ - "cve-2022-45354", - "wordpress-bugs", - "wordpress-hack", - "wordpress-hacking", - "wordpress-vuln", - "wordpress-vulnerability", - "wordpress-vulnerable" - ], - "visibility": "public", - "forks": 0, - "watchers": 0, - "score": 0, - "subscribers_count": 1 } ] \ No newline at end of file diff --git a/2023/CVE-2023-27532.json b/2023/CVE-2023-27532.json index 7f6ad1bbf8..5ad3858a52 100644 --- a/2023/CVE-2023-27532.json +++ b/2023/CVE-2023-27532.json @@ -45,10 +45,10 @@ "description": "Exploit for CVE-2023-27532 against Veeam Backup & Replication", "fork": false, "created_at": "2023-03-23T16:08:43Z", - "updated_at": "2024-12-23T12:47:32Z", + "updated_at": "2024-12-23T19:54:11Z", "pushed_at": "2023-03-23T18:03:27Z", - "stargazers_count": 103, - "watchers_count": 103, + "stargazers_count": 104, + "watchers_count": 104, "has_discussions": false, "forks_count": 21, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 21, - "watchers": 103, + "watchers": 104, "score": 0, "subscribers_count": 5 }, diff --git a/2023/CVE-2023-46604.json b/2023/CVE-2023-46604.json index f596f172f5..250f44517f 100644 --- a/2023/CVE-2023-46604.json +++ b/2023/CVE-2023-46604.json @@ -641,13 +641,13 @@ "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 1, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-20017.json b/2024/CVE-2024-20017.json index 799a4f6ce5..4a89552044 100644 --- a/2024/CVE-2024-20017.json +++ b/2024/CVE-2024-20017.json @@ -14,10 +14,10 @@ "description": "exploits for CVE-2024-20017", "fork": false, "created_at": "2024-08-30T05:54:36Z", - "updated_at": "2024-12-03T14:32:42Z", + "updated_at": "2024-12-24T00:01:39Z", "pushed_at": "2024-09-07T10:11:22Z", - "stargazers_count": 136, - "watchers_count": 136, + "stargazers_count": 137, + "watchers_count": 137, "has_discussions": false, "forks_count": 32, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 32, - "watchers": 136, + "watchers": 137, "score": 0, "subscribers_count": 3 } diff --git a/2024/CVE-2024-21762.json b/2024/CVE-2024-21762.json index f395a1493a..2fa1b40957 100644 --- a/2024/CVE-2024-21762.json +++ b/2024/CVE-2024-21762.json @@ -19,13 +19,13 @@ "stargazers_count": 95, "watchers_count": 95, "has_discussions": false, - "forks_count": 13, + "forks_count": 14, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 13, + "forks": 14, "watchers": 95, "score": 0, "subscribers_count": 6 diff --git a/2024/CVE-2024-27130.json b/2024/CVE-2024-27130.json index 8f4534e03b..bb9c5c3de4 100644 --- a/2024/CVE-2024-27130.json +++ b/2024/CVE-2024-27130.json @@ -50,13 +50,13 @@ "stargazers_count": 1, "watchers_count": 1, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 1, "score": 0, "subscribers_count": 2 @@ -81,13 +81,13 @@ "stargazers_count": 3, "watchers_count": 3, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 3, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-28987.json b/2024/CVE-2024-28987.json index 3b80d41903..cc199e0d63 100644 --- a/2024/CVE-2024-28987.json +++ b/2024/CVE-2024-28987.json @@ -76,10 +76,10 @@ "description": "CVE-2024-28987 Scanner & Exploiter - SolarWinds Web Help Desk", "fork": false, "created_at": "2024-09-30T16:12:14Z", - "updated_at": "2024-11-20T16:31:06Z", - "pushed_at": "2024-10-02T20:28:28Z", - "stargazers_count": 2, - "watchers_count": 2, + "updated_at": "2024-12-23T19:58:15Z", + "pushed_at": "2024-12-23T19:58:11Z", + "stargazers_count": 1, + "watchers_count": 1, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -88,7 +88,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 2, + "watchers": 1, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-38200.json b/2024/CVE-2024-38200.json index 363917b51e..5da14f0579 100644 --- a/2024/CVE-2024-38200.json +++ b/2024/CVE-2024-38200.json @@ -14,19 +14,19 @@ "description": "CVE-2024-38200 & CVE-2024-43609 - Microsoft Office NTLMv2 Disclosure Vulnerability", "fork": false, "created_at": "2024-09-24T19:24:55Z", - "updated_at": "2024-12-23T17:25:40Z", + "updated_at": "2024-12-23T20:53:47Z", "pushed_at": "2024-12-09T22:58:22Z", - "stargazers_count": 132, - "watchers_count": 132, + "stargazers_count": 133, + "watchers_count": 133, "has_discussions": false, - "forks_count": 26, + "forks_count": 27, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 26, - "watchers": 132, + "forks": 27, + "watchers": 133, "score": 0, "subscribers_count": 2 } diff --git a/2024/CVE-2024-50379.json b/2024/CVE-2024-50379.json index dce1921e19..34a1e6d1a7 100644 --- a/2024/CVE-2024-50379.json +++ b/2024/CVE-2024-50379.json @@ -112,13 +112,13 @@ "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 0, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-50623.json b/2024/CVE-2024-50623.json index 76943e0fcd..e407f68a10 100644 --- a/2024/CVE-2024-50623.json +++ b/2024/CVE-2024-50623.json @@ -19,13 +19,13 @@ "stargazers_count": 19, "watchers_count": 19, "has_discussions": false, - "forks_count": 5, + "forks_count": 6, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 5, + "forks": 6, "watchers": 19, "score": 0, "subscribers_count": 0 @@ -50,7 +50,7 @@ "stargazers_count": 3, "watchers_count": 3, "has_discussions": false, - "forks_count": 2, + "forks_count": 3, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, @@ -62,7 +62,7 @@ "rce-exploit" ], "visibility": "public", - "forks": 2, + "forks": 3, "watchers": 3, "score": 0, "subscribers_count": 0 diff --git a/2024/CVE-2024-52002.json b/2024/CVE-2024-52002.json new file mode 100644 index 0000000000..eb5f7c8c77 --- /dev/null +++ b/2024/CVE-2024-52002.json @@ -0,0 +1,33 @@ +[ + { + "id": 907531691, + "name": "iTop-CVEs-exploit", + "full_name": "Harshit-Mashru\/iTop-CVEs-exploit", + "owner": { + "login": "Harshit-Mashru", + "id": 31271975, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/31271975?v=4", + "html_url": "https:\/\/github.com\/Harshit-Mashru", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Harshit-Mashru\/iTop-CVEs-exploit", + "description": "This repository contains exploits for iTOP CVE-2024-52002, 52000, 31998, 31448 that involve CSRF+XSS chaining to get RCE", + "fork": false, + "created_at": "2024-12-23T19:56:56Z", + "updated_at": "2024-12-23T20:38:40Z", + "pushed_at": "2024-12-23T20:38:37Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-53677.json b/2024/CVE-2024-53677.json index 72cf6d8b10..33312be4e0 100644 --- a/2024/CVE-2024-53677.json +++ b/2024/CVE-2024-53677.json @@ -138,10 +138,10 @@ "description": "A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises from flaws in the file upload logic, which can be exploited to perform path traversal and malicious file uploads.", "fork": false, "created_at": "2024-12-18T02:03:56Z", - "updated_at": "2024-12-23T10:25:33Z", + "updated_at": "2024-12-23T20:07:47Z", "pushed_at": "2024-12-18T02:08:09Z", - "stargazers_count": 3, - "watchers_count": 3, + "stargazers_count": 4, + "watchers_count": 4, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -150,7 +150,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 3, + "watchers": 4, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-8504.json b/2024/CVE-2024-8504.json index 4309662bb8..53f0113399 100644 --- a/2024/CVE-2024-8504.json +++ b/2024/CVE-2024-8504.json @@ -45,10 +45,10 @@ "description": "CVE-2024-8504", "fork": false, "created_at": "2024-09-22T20:17:10Z", - "updated_at": "2024-12-01T19:54:33Z", + "updated_at": "2024-12-23T19:59:21Z", "pushed_at": "2024-10-04T00:43:08Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 3, + "watchers_count": 3, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 4, + "watchers": 3, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-9290.json b/2024/CVE-2024-9290.json index e35cb8de3b..f0fbd7ad42 100644 --- a/2024/CVE-2024-9290.json +++ b/2024/CVE-2024-9290.json @@ -32,5 +32,45 @@ "watchers": 0, "score": 0, "subscribers_count": 1 + }, + { + "id": 907588481, + "name": "CVE-2024-9290", + "full_name": "Jenderal92\/CVE-2024-9290", + "owner": { + "login": "Jenderal92", + "id": 59664965, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/59664965?v=4", + "html_url": "https:\/\/github.com\/Jenderal92", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/Jenderal92\/CVE-2024-9290", + "description": "The tool targets WordPress websites that use the Super Backup & Clone plugin and are vulnerable to arbitrary file upload.", + "fork": false, + "created_at": "2024-12-24T00:04:17Z", + "updated_at": "2024-12-24T00:07:21Z", + "pushed_at": "2024-12-24T00:05:56Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [ + "cve-2024-9290", + "ethical-hacking", + "exploit-script", + "penetration-testing", + "vulnerability", + "vulnerability-detection", + "wordpress-exploit", + "wordpress-vulnerability" + ], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 } ] \ No newline at end of file diff --git a/README.md b/README.md index 685cc991de..161f153efb 100644 --- a/README.md +++ b/README.md @@ -1859,6 +1859,7 @@ - [RandomRobbieBF/CVE-2024-9290](https://github.com/RandomRobbieBF/CVE-2024-9290) +- [Jenderal92/CVE-2024-9290](https://github.com/Jenderal92/CVE-2024-9290) ### CVE-2024-9326 (2024-09-29) @@ -7444,6 +7445,13 @@ - [l20170217b/CVE-2024-51747](https://github.com/l20170217b/CVE-2024-51747) +### CVE-2024-52002 (2024-11-08) + +Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + + +- [Harshit-Mashru/iTop-CVEs-exploit](https://github.com/Harshit-Mashru/iTop-CVEs-exploit) + ### CVE-2024-52301 (2024-11-12) Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs. @@ -22402,7 +22410,6 @@ - [RandomRobbieBF/CVE-2022-45354](https://github.com/RandomRobbieBF/CVE-2022-45354) -- [NekomataCode/CVE-2022-45354](https://github.com/NekomataCode/CVE-2022-45354) ### CVE-2022-45436 (2023-02-15) @@ -26181,7 +26188,7 @@ - [mind2hex/CVE-2021-31630](https://github.com/mind2hex/CVE-2021-31630) - [sealldeveloper/CVE-2021-31630-PoC](https://github.com/sealldeveloper/CVE-2021-31630-PoC) - [junnythemarksman/CVE-2021-31630](https://github.com/junnythemarksman/CVE-2021-31630) -- [adibabdala123/cve-2021-31630](https://github.com/adibabdala123/cve-2021-31630) +- [ttps-byte/cve-2021-31630](https://github.com/ttps-byte/cve-2021-31630) - [manuelsantosiglesias/CVE-2021-31630](https://github.com/manuelsantosiglesias/CVE-2021-31630) - [FlojBoj/CVE-2021-31630](https://github.com/FlojBoj/CVE-2021-31630)