mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/08/03 00:28:48

Browse source
This commit is contained in:
motikan2010-bot 2024-08-03 09:28:48 +09:00
parent 5ba6d6d75e
commit fa0d582927
31 changed files with 356 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
2011/CVE-2011-3389.json
View file

@ -18,7 +18,7 @@
"stargazers_count": 68,
"watchers_count": 68,
"has_discussions": false,
"forks_count": 31,
"forks_count": 30,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
@ -30,7 +30,7 @@
"tls"
],
"visibility": "public",
"forks": 31,
"forks": 30,
"watchers": 68,
"score": 0,
"subscribers_count": 7

4
2018/CVE-2018-14847.json
View file

@ -263,13 +263,13 @@
"stargazers_count": 40,
"watchers_count": 40,
"has_discussions": false,
"forks_count": 16,
"forks_count": 17,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 16,
"forks": 17,
"watchers": 40,
"score": 0,
"subscribers_count": 3

2
2019/CVE-2019-8805.json
View file

@ -27,6 +27,6 @@
"forks": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 3
"subscribers_count": 2
}
]

30
2021/CVE-2021-21551.json
View file

@ -261,5 +261,35 @@
"watchers": 25,
"score": 0,
"subscribers_count": 2
},
{
"id": 837371307,
"name": "CVE-2021-21551",
"full_name": "Eap2468\/CVE-2021-21551",
"owner": {
"login": "Eap2468",
"id": 68890963,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/68890963?v=4",
"html_url": "https:\/\/github.com\/Eap2468"
},
"html_url": "https:\/\/github.com\/Eap2468\/CVE-2021-21551",
"description": "Proof of concept exploit for CVE-2021-21551",
"fork": false,
"created_at": "2024-08-02T20:14:27Z",
"updated_at": "2024-08-02T20:23:02Z",
"pushed_at": "2024-08-02T20:22:59Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2021/CVE-2021-31728.json
View file

@ -13,10 +13,10 @@
"description": "vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.",
"fork": false,
"created_at": "2021-05-04T17:15:58Z",
"updated_at": "2024-07-25T03:16:06Z",
"updated_at": "2024-08-02T21:21:41Z",
"pushed_at": "2021-05-10T20:42:33Z",
"stargazers_count": 88,
"watchers_count": 88,
"stargazers_count": 89,
"watchers_count": 89,
"has_discussions": false,
"forks_count": 24,
"allow_forking": true,
@ -29,7 +29,7 @@
],
"visibility": "public",
"forks": 24,
"watchers": 88,
"watchers": 89,
"score": 0,
"subscribers_count": 5
}

8
2021/CVE-2021-4034.json
View file

@ -2847,10 +2847,10 @@
"description": "pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)",
"fork": false,
"created_at": "2022-01-30T10:34:28Z",
"updated_at": "2024-06-28T04:43:54Z",
"updated_at": "2024-08-02T19:33:51Z",
"pushed_at": "2022-01-30T10:44:34Z",
"stargazers_count": 20,
"watchers_count": 20,
"stargazers_count": 21,
"watchers_count": 21,
"has_discussions": false,
"forks_count": 11,
"allow_forking": true,
@ -2859,7 +2859,7 @@
"topics": [],
"visibility": "public",
"forks": 11,
"watchers": 20,
"watchers": 21,
"score": 0,
"subscribers_count": 2
},

8
2021/CVE-2021-4045.json
View file

@ -13,10 +13,10 @@
"description": "Exploit for command injection vulnerability found in uhttpd binary from TP-Link Tapo c200 IP camera",
"fork": false,
"created_at": "2021-11-15T14:48:14Z",
"updated_at": "2024-07-30T16:14:37Z",
"updated_at": "2024-08-02T22:10:23Z",
"pushed_at": "2023-01-01T21:12:20Z",
"stargazers_count": 66,
"watchers_count": 66,
"stargazers_count": 67,
"watchers_count": 67,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -31,7 +31,7 @@
],
"visibility": "public",
"forks": 10,
"watchers": 66,
"watchers": 67,
"score": 0,
"subscribers_count": 2
},

8
2021/CVE-2021-43798.json
View file

@ -201,10 +201,10 @@
"description": "A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins \/ extract secret_key \/ decrypt data_source info automatic.",
"fork": false,
"created_at": "2021-12-07T15:11:34Z",
"updated_at": "2024-07-12T14:14:15Z",
"updated_at": "2024-08-02T23:48:03Z",
"pushed_at": "2024-07-12T14:17:27Z",
"stargazers_count": 241,
"watchers_count": 241,
"stargazers_count": 242,
"watchers_count": 242,
"has_discussions": false,
"forks_count": 36,
"allow_forking": true,
@ -217,7 +217,7 @@
],
"visibility": "public",
"forks": 36,
"watchers": 241,
"watchers": 242,
"score": 0,
"subscribers_count": 6
},

8
2022/CVE-2022-0847.json
View file

@ -1155,10 +1155,10 @@
"description": "A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.",
"fork": false,
"created_at": "2022-03-12T20:57:24Z",
"updated_at": "2024-07-18T11:28:00Z",
"updated_at": "2024-08-02T23:09:41Z",
"pushed_at": "2023-05-20T05:55:45Z",
"stargazers_count": 522,
"watchers_count": 522,
"stargazers_count": 523,
"watchers_count": 523,
"has_discussions": false,
"forks_count": 140,
"allow_forking": true,
@ -1167,7 +1167,7 @@
"topics": [],
"visibility": "public",
"forks": 140,
"watchers": 522,
"watchers": 523,
"score": 0,
"subscribers_count": 15
},

4
2022/CVE-2022-22954.json
View file

@ -501,13 +501,13 @@
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"forks": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 0

8
2023/CVE-2023-21839.json
View file

@ -43,10 +43,10 @@
"description": "Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)",
"fork": false,
"created_at": "2023-02-24T13:54:42Z",
"updated_at": "2024-07-30T00:32:09Z",
"updated_at": "2024-08-02T21:52:21Z",
"pushed_at": "2023-02-24T13:29:38Z",
"stargazers_count": 42,
"watchers_count": 42,
"stargazers_count": 43,
"watchers_count": 43,
"has_discussions": false,
"forks_count": 108,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 108,
"watchers": 42,
"watchers": 43,
"score": 0,
"subscribers_count": 1
},

8
2023/CVE-2023-36424.json
View file

@ -13,10 +13,10 @@
"description": "Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation",
"fork": false,
"created_at": "2024-03-21T21:39:24Z",
"updated_at": "2024-07-19T10:46:43Z",
"updated_at": "2024-08-02T21:50:55Z",
"pushed_at": "2024-03-22T06:45:43Z",
"stargazers_count": 120,
"watchers_count": 120,
"stargazers_count": 121,
"watchers_count": 121,
"has_discussions": false,
"forks_count": 23,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 23,
"watchers": 120,
"watchers": 121,
"score": 0,
"subscribers_count": 2
}

8
2023/CVE-2023-49105.json
View file

@ -13,10 +13,10 @@
"description": "ownCloud exploits for CVE-2023-49105",
"fork": false,
"created_at": "2023-12-05T11:35:12Z",
"updated_at": "2024-06-24T13:27:08Z",
"updated_at": "2024-08-02T23:08:41Z",
"pushed_at": "2023-12-05T11:35:19Z",
"stargazers_count": 30,
"watchers_count": 30,
"stargazers_count": 31,
"watchers_count": 31,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 30,
"watchers": 31,
"score": 0,
"subscribers_count": 2
}

8
2024/CVE-2024-0044.json
View file

@ -43,10 +43,10 @@
"description": "CVE-2024-0044: a \"run-as any app\" high-severity vulnerability affecting Android versions 12 and 13",
"fork": false,
"created_at": "2024-06-18T12:30:53Z",
"updated_at": "2024-08-02T11:18:41Z",
"updated_at": "2024-08-02T21:51:06Z",
"pushed_at": "2024-07-25T18:12:57Z",
"stargazers_count": 170,
"watchers_count": 170,
"stargazers_count": 171,
"watchers_count": 171,
"has_discussions": false,
"forks_count": 36,
"allow_forking": true,
@ -55,7 +55,7 @@
"topics": [],
"visibility": "public",
"forks": 36,
"watchers": 170,
"watchers": 171,
"score": 0,
"subscribers_count": 5
},

8
2024/CVE-2024-21338.json
View file

@ -163,10 +163,10 @@
"description": "Windows AppLocker Driver (appid.sys) LPE",
"fork": false,
"created_at": "2024-07-29T13:18:06Z",
"updated_at": "2024-08-02T16:38:22Z",
"updated_at": "2024-08-02T21:06:02Z",
"pushed_at": "2024-07-29T13:29:59Z",
"stargazers_count": 9,
"watchers_count": 9,
"stargazers_count": 11,
"watchers_count": 11,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -180,7 +180,7 @@
],
"visibility": "public",
"forks": 4,
"watchers": 9,
"watchers": 11,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-23897.json
View file

@ -103,10 +103,10 @@
"description": "CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner. ",
"fork": false,
"created_at": "2024-01-26T19:00:03Z",
"updated_at": "2024-08-02T09:24:15Z",
"updated_at": "2024-08-02T22:11:55Z",
"pushed_at": "2024-02-29T12:13:21Z",
"stargazers_count": 60,
"watchers_count": 60,
"stargazers_count": 61,
"watchers_count": 61,
"has_discussions": false,
"forks_count": 20,
"allow_forking": true,
@ -115,7 +115,7 @@
"topics": [],
"visibility": "public",
"forks": 20,
"watchers": 60,
"watchers": 61,
"score": 0,
"subscribers_count": 3
},

32
2024/CVE-2024-24549.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 837384219,
"name": "CVE-2024-24549",
"full_name": "Abdurahmon3236\/CVE-2024-24549",
"owner": {
"login": "Abdurahmon3236",
"id": 76862934,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76862934?v=4",
"html_url": "https:\/\/github.com\/Abdurahmon3236"
},
"html_url": "https:\/\/github.com\/Abdurahmon3236\/CVE-2024-24549",
"description": null,
"fork": false,
"created_at": "2024-08-02T21:05:34Z",
"updated_at": "2024-08-02T21:06:05Z",
"pushed_at": "2024-08-02T21:06:02Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

16
2024/CVE-2024-24576.json
View file

@ -13,10 +13,10 @@
"description": "Example of CVE-2024-24576 use case.",
"fork": false,
"created_at": "2024-04-09T21:17:15Z",
"updated_at": "2024-07-31T16:13:30Z",
"updated_at": "2024-08-02T21:09:51Z",
"pushed_at": "2024-04-10T14:46:42Z",
"stargazers_count": 53,
"watchers_count": 53,
"stargazers_count": 54,
"watchers_count": 54,
"has_discussions": false,
"forks_count": 10,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 10,
"watchers": 53,
"watchers": 54,
"score": 0,
"subscribers_count": 2
},
@ -108,10 +108,10 @@
"description": "CVE-2024-24576 PoC for Nim Lang",
"fork": false,
"created_at": "2024-04-11T10:22:10Z",
"updated_at": "2024-04-11T10:39:04Z",
"updated_at": "2024-08-02T21:50:14Z",
"pushed_at": "2024-04-11T11:27:28Z",
"stargazers_count": 0,
"watchers_count": 0,
"stargazers_count": 1,
"watchers_count": 1,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -120,7 +120,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"watchers": 1,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-24590.json
View file

@ -2,14 +2,14 @@
{
"id": 813761890,
"name": "ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"full_name": "HexDoesRandomShit\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"full_name": "h3xm4n\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"owner": {
"login": "HexDoesRandomShit",
"login": "h3xm4n",
"id": 172425960,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/172425960?v=4",
"html_url": "https:\/\/github.com\/HexDoesRandomShit"
"html_url": "https:\/\/github.com\/h3xm4n"
},
"html_url": "https:\/\/github.com\/HexDoesRandomShit\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"html_url": "https:\/\/github.com\/h3xm4n\/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-",
"description": "Here is an exploit in python to exploit the CVE-2024-24590, which is an upload pickle in a ClearML, which leads to arbitrary code execution... Enjoy :D",
"fork": false,
"created_at": "2024-06-11T17:33:36Z",

8
2024/CVE-2024-29849.json
View file

@ -13,10 +13,10 @@
"description": "Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)",
"fork": false,
"created_at": "2024-06-10T06:12:20Z",
"updated_at": "2024-08-02T08:09:58Z",
"updated_at": "2024-08-02T20:31:49Z",
"pushed_at": "2024-06-13T08:40:57Z",
"stargazers_count": 83,
"watchers_count": 83,
"stargazers_count": 84,
"watchers_count": 84,
"has_discussions": false,
"forks_count": 13,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 13,
"watchers": 83,
"watchers": 84,
"score": 0,
"subscribers_count": 2
}

18
2024/CVE-2024-32002.json
View file

@ -1618,14 +1618,14 @@
{
"id": 835009812,
"name": "CVE-2024-32002",
"full_name": "HexDoesRandomShit\/CVE-2024-32002",
"full_name": "h3xm4n\/CVE-2024-32002",
"owner": {
"login": "HexDoesRandomShit",
"login": "h3xm4n",
"id": 172425960,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/172425960?v=4",
"html_url": "https:\/\/github.com\/HexDoesRandomShit"
"html_url": "https:\/\/github.com\/h3xm4n"
},
"html_url": "https:\/\/github.com\/HexDoesRandomShit\/CVE-2024-32002",
"html_url": "https:\/\/github.com\/h3xm4n\/CVE-2024-32002",
"description": "RCE through git recursive cloning. ",
"fork": false,
"created_at": "2024-07-29T01:06:19Z",
@ -1743,7 +1743,7 @@
"subscribers_count": 1
},
{
"id": 837339196,
"id": 837343866,
"name": "CVE-2024-32002",
"full_name": "chrisWalker11\/CVE-2024-32002",
"owner": {
@ -1753,11 +1753,11 @@
"html_url": "https:\/\/github.com\/chrisWalker11"
},
"html_url": "https:\/\/github.com\/chrisWalker11\/CVE-2024-32002",
"description": null,
"description": "adapting CVE-2024-32002 for running offline and locally",
"fork": false,
"created_at": "2024-08-02T18:30:01Z",
"updated_at": "2024-08-02T18:33:39Z",
"pushed_at": "2024-08-02T18:33:36Z",
"created_at": "2024-08-02T18:44:00Z",
"updated_at": "2024-08-02T19:06:28Z",
"pushed_at": "2024-08-02T19:06:24Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,

8
2024/CVE-2024-34102.json
View file

@ -73,10 +73,10 @@
"description": "POC for CVE-2024-34102. A pre-authentication XML entity injection issue in Magento \/ Adobe Commerce. ",
"fork": false,
"created_at": "2024-06-27T21:57:24Z",
"updated_at": "2024-07-19T04:22:08Z",
"updated_at": "2024-08-02T21:48:16Z",
"pushed_at": "2024-06-29T08:13:05Z",
"stargazers_count": 23,
"watchers_count": 23,
"stargazers_count": 24,
"watchers_count": 24,
"has_discussions": false,
"forks_count": 9,
"allow_forking": true,
@ -85,7 +85,7 @@
"topics": [],
"visibility": "public",
"forks": 9,
"watchers": 23,
"watchers": 24,
"score": 0,
"subscribers_count": 2
},

8
2024/CVE-2024-36401.json
View file

@ -230,10 +230,10 @@
"description": "GeoServer Remote Code Execution",
"fork": false,
"created_at": "2024-07-30T18:43:40Z",
"updated_at": "2024-08-02T17:05:54Z",
"updated_at": "2024-08-02T21:16:46Z",
"pushed_at": "2024-08-02T14:57:26Z",
"stargazers_count": 51,
"watchers_count": 51,
"stargazers_count": 52,
"watchers_count": 52,
"has_discussions": false,
"forks_count": 12,
"allow_forking": true,
@ -242,7 +242,7 @@
"topics": [],
"visibility": "public",
"forks": 12,
"watchers": 51,
"watchers": 52,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-36991.json
View file

@ -13,10 +13,10 @@
"description": "POC for CVE-2024-36991: This exploit will attempt to read Splunk \/etc\/passwd file.",
"fork": false,
"created_at": "2024-07-06T00:49:40Z",
"updated_at": "2024-07-28T21:33:01Z",
"updated_at": "2024-08-02T21:53:53Z",
"pushed_at": "2024-07-12T00:41:36Z",
"stargazers_count": 99,
"watchers_count": 99,
"stargazers_count": 100,
"watchers_count": 100,
"has_discussions": false,
"forks_count": 17,
"allow_forking": true,
@ -25,7 +25,7 @@
"topics": [],
"visibility": "public",
"forks": 17,
"watchers": 99,
"watchers": 100,
"score": 0,
"subscribers_count": 2
},

32
2024/CVE-2024-38473.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 837366074,
"name": "CVE-2024-38473",
"full_name": "Abdurahmon3236\/CVE-2024-38473",
"owner": {
"login": "Abdurahmon3236",
"id": 76862934,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76862934?v=4",
"html_url": "https:\/\/github.com\/Abdurahmon3236"
},
"html_url": "https:\/\/github.com\/Abdurahmon3236\/CVE-2024-38473",
"description": null,
"fork": false,
"created_at": "2024-08-02T19:57:52Z",
"updated_at": "2024-08-02T20:01:18Z",
"pushed_at": "2024-08-02T20:01:15Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

32
2024/CVE-2024-39614.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 837370546,
"name": "-CVE-2024-39614",
"full_name": "Abdurahmon3236\/-CVE-2024-39614",
"owner": {
"login": "Abdurahmon3236",
"id": 76862934,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76862934?v=4",
"html_url": "https:\/\/github.com\/Abdurahmon3236"
},
"html_url": "https:\/\/github.com\/Abdurahmon3236\/-CVE-2024-39614",
"description": null,
"fork": false,
"created_at": "2024-08-02T20:11:29Z",
"updated_at": "2024-08-02T20:15:42Z",
"pushed_at": "2024-08-02T20:15:39Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

32
2024/CVE-2024-40110.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 837372055,
"name": "CVE-2024-40110",
"full_name": "Abdurahmon3236\/CVE-2024-40110",
"owner": {
"login": "Abdurahmon3236",
"id": 76862934,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76862934?v=4",
"html_url": "https:\/\/github.com\/Abdurahmon3236"
},
"html_url": "https:\/\/github.com\/Abdurahmon3236\/CVE-2024-40110",
"description": null,
"fork": false,
"created_at": "2024-08-02T20:17:25Z",
"updated_at": "2024-08-02T20:20:27Z",
"pushed_at": "2024-08-02T20:20:24Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

32
2024/CVE-2024-5246.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 837382117,
"name": "CVE-2024-5246",
"full_name": "Abdurahmon3236\/CVE-2024-5246",
"owner": {
"login": "Abdurahmon3236",
"id": 76862934,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76862934?v=4",
"html_url": "https:\/\/github.com\/Abdurahmon3236"
},
"html_url": "https:\/\/github.com\/Abdurahmon3236\/CVE-2024-5246",
"description": null,
"fork": false,
"created_at": "2024-08-02T20:56:39Z",
"updated_at": "2024-08-02T20:57:05Z",
"pushed_at": "2024-08-02T20:57:02Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

2
2024/CVE-2024-6387.json
View file

@ -1433,7 +1433,7 @@
"description": "PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit) ",
"fork": false,
"created_at": "2024-07-02T18:32:46Z",
"updated_at": "2024-08-01T12:29:27Z",
"updated_at": "2024-08-02T18:46:57Z",
"pushed_at": "2024-07-05T15:19:28Z",
"stargazers_count": 43,
"watchers_count": 43,

32
2024/CVE-2024-6529.json Normal file
View file

@ -0,0 +1,32 @@
[
{
"id": 837367811,
"name": "CVE-2024-6529",
"full_name": "Abdurahmon3236\/CVE-2024-6529",
"owner": {
"login": "Abdurahmon3236",
"id": 76862934,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/76862934?v=4",
"html_url": "https:\/\/github.com\/Abdurahmon3236"
},
"html_url": "https:\/\/github.com\/Abdurahmon3236\/CVE-2024-6529",
"description": null,
"fork": false,
"created_at": "2024-08-02T20:02:39Z",
"updated_at": "2024-08-02T20:03:11Z",
"pushed_at": "2024-08-02T20:03:07Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

47
README.md
View file

@ -877,6 +877,13 @@
- [k3lpi3b4nsh33/CVE-2024-5084](https://github.com/k3lpi3b4nsh33/CVE-2024-5084)
- [WOOOOONG/CVE-2024-5084](https://github.com/WOOOOONG/CVE-2024-5084)
### CVE-2024-5246 (2024-05-23)
<code>NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.
</code>
- [Abdurahmon3236/CVE-2024-5246](https://github.com/Abdurahmon3236/CVE-2024-5246)
### CVE-2024-5274 (2024-05-28)
<code>Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
@ -1063,6 +1070,13 @@
- [l-urk/CVE-2024-6387](https://github.com/l-urk/CVE-2024-6387)
- [alex14324/ssh_poc2024](https://github.com/alex14324/ssh_poc2024)
### CVE-2024-6529 (2024-08-01)
<code>The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
</code>
- [Abdurahmon3236/CVE-2024-6529](https://github.com/Abdurahmon3236/CVE-2024-6529)
### CVE-2024-6536 (2024-07-30)
<code>The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
@ -1928,6 +1942,13 @@
- [xF-9979/CVE-2024-24520](https://github.com/xF-9979/CVE-2024-24520)
### CVE-2024-24549 (2024-03-13)
<code>Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.\n\nUsers are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.\n\n
</code>
- [Abdurahmon3236/CVE-2024-24549](https://github.com/Abdurahmon3236/CVE-2024-24549)
### CVE-2024-24576 (2024-04-09)
<code>Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.\n\nThe `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.\n\nOn Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.\n\nOne exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.\n\nDue to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process.\n\nThe fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.
@ -1948,7 +1969,7 @@
<code>Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AIs ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end users system when interacted with.\n
</code>
- [HexDoesRandomShit/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-](https://github.com/HexDoesRandomShit/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-)
- [h3xm4n/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-](https://github.com/h3xm4n/ClearML-vulnerability-exploit-RCE-2024-CVE-2024-24590-)
- [OxyDeV2/ClearML-CVE-2024-24590](https://github.com/OxyDeV2/ClearML-CVE-2024-24590)
- [xffsec/CVE-2024-24590-ClearML-RCE-Exploit](https://github.com/xffsec/CVE-2024-24590-ClearML-RCE-Exploit)
- [diegogarciayala/CVE-2024-24590-ClearML-RCE-CMD-POC](https://github.com/diegogarciayala/CVE-2024-24590-ClearML-RCE-CMD-POC)
@ -2940,7 +2961,7 @@
- [TSY244/CVE-2024-32002-git-rce](https://github.com/TSY244/CVE-2024-32002-git-rce)
- [blackninja23/CVE-2024-32002](https://github.com/blackninja23/CVE-2024-32002)
- [daemon-reconfig/CVE-2024-32002](https://github.com/daemon-reconfig/CVE-2024-32002)
- [HexDoesRandomShit/CVE-2024-32002](https://github.com/HexDoesRandomShit/CVE-2024-32002)
- [h3xm4n/CVE-2024-32002](https://github.com/h3xm4n/CVE-2024-32002)
- [charlesgargasson/CVE-2024-32002](https://github.com/charlesgargasson/CVE-2024-32002)
- [NishanthAnand21/CVE-2024-32002-PoC](https://github.com/NishanthAnand21/CVE-2024-32002-PoC)
- [tiyeume25112004/CVE-2024-32002](https://github.com/tiyeume25112004/CVE-2024-32002)
@ -3606,6 +3627,13 @@
- [vin01/poc-cve-2024-38396](https://github.com/vin01/poc-cve-2024-38396)
### CVE-2024-38473 (2024-07-01)
<code>Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.
</code>
- [Abdurahmon3236/CVE-2024-38473](https://github.com/Abdurahmon3236/CVE-2024-38473)
### CVE-2024-38537 (2024-07-02)
<code>Fides is an open-source privacy engineering platform. `fides.js`, a client-side script used to interact with the consent management features of Fides, used the `polyfill.io` domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard. Therefore it was possible for users of legacy, pre-2017 browsers who navigate to a page serving `fides.js` to download and execute malicious scripts from the `polyfill.io` domain when the domain was compromised and serving malware. No exploitation of `fides.js` via `polyfill.io` has been identified as of time of publication.\n\nThe vulnerability has been patched in Fides version `2.39.1`. Users are advised to upgrade to this version or later to secure their systems against this threat. On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure `polyfill.io` and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. Prior to the domain level intervention, there were no server-side workarounds and the confidentiality, integrity, and availability impacts of this vulnerability were high. Clients could ensure they were not affected by using a modern browser that supported the fetch standard.
@ -3682,6 +3710,13 @@
### CVE-2024-39306
- [apena-ba/CVE-2024-39306](https://github.com/apena-ba/CVE-2024-39306)
### CVE-2024-39614 (2024-07-10)
<code>An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters.
</code>
- [Abdurahmon3236/-CVE-2024-39614](https://github.com/Abdurahmon3236/-CVE-2024-39614)
### CVE-2024-39689 (2024-07-05)
<code>Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified &quot;long-running and unresolved compliance issues.&quot;
@ -3719,6 +3754,13 @@
- [truonghuuphuc/CVE-2024-39943-Poc](https://github.com/truonghuuphuc/CVE-2024-39943-Poc)
- [A-little-dragon/CVE-2024-39943-Exploit](https://github.com/A-little-dragon/CVE-2024-39943-Exploit)
### CVE-2024-40110 (2024-07-12)
<code>Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.
</code>
- [Abdurahmon3236/CVE-2024-40110](https://github.com/Abdurahmon3236/CVE-2024-40110)
### CVE-2024-40119 (2024-07-17)
<code>Nepstech Wifi Router xpon (terminal) model NTPL-Xpon1GFEVN v.1.0 Firmware V2.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability in the password change function, which allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover.
@ -20158,6 +20200,7 @@
- [ihack4falafel/Dell-Driver-EoP-CVE-2021-21551](https://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551)
- [tijme/kernel-mii](https://github.com/tijme/kernel-mii)
- [nanabingies/CVE-2021-21551](https://github.com/nanabingies/CVE-2021-21551)
- [Eap2468/CVE-2021-21551](https://github.com/Eap2468/CVE-2021-21551)
### CVE-2021-21716
- [MojithaR/CVE-2023-21716-EXPLOIT.py](https://github.com/MojithaR/CVE-2023-21716-EXPLOIT.py)