mirror/PoC-in-GitHub
1
0
Fork 0
mirror of https://github.com/nomi-sec/PoC-in-GitHub.git synced 2025-01-15 20:32:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Auto Update 2024/12/06 00:32:04

Browse source
This commit is contained in:
motikan2010-bot 2024-12-06 09:32:04 +09:00
parent 63b87f8f6b
commit fff89fd907
22 changed files with 110 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
2014/CVE-2014-0160.json
View file

@ -14,10 +14,10 @@
"description": "A checker (site and tool) for CVE-2014-0160",
"fork": false,
"created_at": "2014-04-07T23:03:09Z",
"updated_at": "2024-12-01T10:53:20Z",
"updated_at": "2024-12-05T23:37:16Z",
"pushed_at": "2021-02-24T09:17:24Z",
"stargazers_count": 2305,
"watchers_count": 2305,
"stargazers_count": 2306,
"watchers_count": 2306,
"has_discussions": false,
"forks_count": 461,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 461,
"watchers": 2305,
"watchers": 2306,
"score": 0,
"subscribers_count": 117
},

8
2017/CVE-2017-11882.json
View file

@ -45,10 +45,10 @@
"description": "Proof-of-Concept exploits for CVE-2017-11882",
"fork": false,
"created_at": "2017-11-20T16:35:30Z",
"updated_at": "2024-09-10T06:16:46Z",
"updated_at": "2024-12-05T23:22:30Z",
"pushed_at": "2017-11-29T16:13:23Z",
"stargazers_count": 493,
"watchers_count": 493,
"stargazers_count": 494,
"watchers_count": 494,
"has_discussions": false,
"forks_count": 183,
"allow_forking": true,
@ -57,7 +57,7 @@
"topics": [],
"visibility": "public",
"forks": 183,
"watchers": 493,
"watchers": 494,
"score": 0,
"subscribers_count": 39
},

8
2018/CVE-2018-19320.json
View file

@ -76,10 +76,10 @@
"description": "Unsigned driver loader using CVE-2018-19320",
"fork": false,
"created_at": "2022-11-12T05:48:13Z",
"updated_at": "2024-12-05T15:33:22Z",
"updated_at": "2024-12-05T22:20:59Z",
"pushed_at": "2023-04-09T13:50:29Z",
"stargazers_count": 209,
"watchers_count": 209,
"stargazers_count": 210,
"watchers_count": 210,
"has_discussions": false,
"forks_count": 57,
"allow_forking": true,
@ -88,7 +88,7 @@
"topics": [],
"visibility": "public",
"forks": 57,
"watchers": 209,
"watchers": 210,
"score": 0,
"subscribers_count": 9
}

8
2020/CVE-2020-15368.json
View file

@ -14,10 +14,10 @@
"description": "CVE-2020-15368, aka \"How to exploit a vulnerable driver\"",
"fork": false,
"created_at": "2021-06-29T04:38:24Z",
"updated_at": "2024-11-15T12:23:01Z",
"updated_at": "2024-12-05T22:15:01Z",
"pushed_at": "2022-04-14T03:17:44Z",
"stargazers_count": 440,
"watchers_count": 440,
"stargazers_count": 441,
"watchers_count": 441,
"has_discussions": false,
"forks_count": 45,
"allow_forking": true,
@ -31,7 +31,7 @@
],
"visibility": "public",
"forks": 45,
"watchers": 440,
"watchers": 441,
"score": 0,
"subscribers_count": 6
},

8
2021/CVE-2021-27965.json
View file

@ -14,10 +14,10 @@
"description": "stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority\/system",
"fork": false,
"created_at": "2021-06-03T12:39:11Z",
"updated_at": "2024-02-24T11:42:32Z",
"updated_at": "2024-12-05T18:30:11Z",
"pushed_at": "2021-06-07T13:46:21Z",
"stargazers_count": 10,
"watchers_count": 10,
"stargazers_count": 11,
"watchers_count": 11,
"has_discussions": false,
"forks_count": 4,
"allow_forking": true,
@ -41,7 +41,7 @@
],
"visibility": "public",
"forks": 4,
"watchers": 10,
"watchers": 11,
"score": 0,
"subscribers_count": 1
},

8
2021/CVE-2021-3156.json
View file

@ -1265,10 +1265,10 @@
"description": "CVE-2021-3156 - Sudo Baron Samedit",
"fork": false,
"created_at": "2021-04-29T06:29:26Z",
"updated_at": "2024-11-27T06:27:28Z",
"updated_at": "2024-12-05T20:01:29Z",
"pushed_at": "2022-02-12T19:33:07Z",
"stargazers_count": 220,
"watchers_count": 220,
"stargazers_count": 221,
"watchers_count": 221,
"has_discussions": false,
"forks_count": 35,
"allow_forking": true,
@ -1277,7 +1277,7 @@
"topics": [],
"visibility": "public",
"forks": 35,
"watchers": 220,
"watchers": 221,
"score": 0,
"subscribers_count": 8
},

8
2021/CVE-2021-42278.json
View file

@ -50,10 +50,10 @@
"description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ",
"fork": false,
"created_at": "2021-12-13T10:28:12Z",
"updated_at": "2024-12-04T19:54:55Z",
"updated_at": "2024-12-05T19:15:23Z",
"pushed_at": "2023-01-29T03:31:27Z",
"stargazers_count": 814,
"watchers_count": 814,
"stargazers_count": 815,
"watchers_count": 815,
"has_discussions": false,
"forks_count": 124,
"allow_forking": true,
@ -62,7 +62,7 @@
"topics": [],
"visibility": "public",
"forks": 124,
"watchers": 814,
"watchers": 815,
"score": 0,
"subscribers_count": 13
},

8
2022/CVE-2022-38694.json
View file

@ -14,10 +14,10 @@
"description": "This is a one-time signature verification bypass. For persistent signature verification bypass, check https:\/\/github.com\/TomKing062\/CVE-2022-38691_38692",
"fork": false,
"created_at": "2023-06-10T08:31:26Z",
"updated_at": "2024-12-03T16:24:58Z",
"updated_at": "2024-12-05T18:43:26Z",
"pushed_at": "2024-08-01T15:09:15Z",
"stargazers_count": 304,
"watchers_count": 304,
"stargazers_count": 305,
"watchers_count": 305,
"has_discussions": true,
"forks_count": 44,
"allow_forking": true,
@ -29,7 +29,7 @@
],
"visibility": "public",
"forks": 44,
"watchers": 304,
"watchers": 305,
"score": 0,
"subscribers_count": 8
},

4
2023/CVE-2023-24871.json
View file

@ -19,13 +19,13 @@
"stargazers_count": 44,
"watchers_count": 44,
"has_discussions": false,
"forks_count": 13,
"forks_count": 14,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 13,
"forks": 14,
"watchers": 44,
"score": 0,
"subscribers_count": 2

8
2024/CVE-2024-0012.json
View file

@ -14,10 +14,10 @@
"description": null,
"fork": false,
"created_at": "2024-11-19T08:29:32Z",
"updated_at": "2024-11-29T04:19:05Z",
"updated_at": "2024-12-05T20:22:20Z",
"pushed_at": "2024-11-19T09:28:42Z",
"stargazers_count": 21,
"watchers_count": 21,
"stargazers_count": 22,
"watchers_count": 22,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 21,
"watchers": 22,
"score": 0,
"subscribers_count": 0
},

8
2024/CVE-2024-11680.json
View file

@ -14,10 +14,10 @@
"description": "This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.",
"fork": false,
"created_at": "2024-12-04T18:42:43Z",
"updated_at": "2024-12-05T10:13:09Z",
"updated_at": "2024-12-05T23:11:36Z",
"pushed_at": "2024-12-04T19:25:34Z",
"stargazers_count": 7,
"watchers_count": 7,
"stargazers_count": 8,
"watchers_count": 8,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 7,
"watchers": 8,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-30088.json
View file

@ -107,10 +107,10 @@
"description": "Kernel exploit for Xbox SystemOS using CVE-2024-30088",
"fork": false,
"created_at": "2024-07-15T08:07:05Z",
"updated_at": "2024-12-04T03:18:10Z",
"updated_at": "2024-12-06T00:18:27Z",
"pushed_at": "2024-09-08T21:23:34Z",
"stargazers_count": 424,
"watchers_count": 424,
"stargazers_count": 425,
"watchers_count": 425,
"has_discussions": false,
"forks_count": 31,
"allow_forking": true,
@ -119,7 +119,7 @@
"topics": [],
"visibility": "public",
"forks": 31,
"watchers": 424,
"watchers": 425,
"score": 0,
"subscribers_count": 19
},

4
2024/CVE-2024-38063.json
View file

@ -270,13 +270,13 @@
"stargazers_count": 632,
"watchers_count": 632,
"has_discussions": false,
"forks_count": 115,
"forks_count": 116,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 115,
"forks": 116,
"watchers": 632,
"score": 0,
"subscribers_count": 4

4
2024/CVE-2024-44285.json
View file

@ -19,13 +19,13 @@
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"forks_count": 1,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"forks": 1,
"watchers": 0,
"score": 0,
"subscribers_count": 1

8
2024/CVE-2024-47575.json
View file

@ -14,10 +14,10 @@
"description": "Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575",
"fork": false,
"created_at": "2024-11-07T21:03:30Z",
"updated_at": "2024-12-04T22:33:44Z",
"updated_at": "2024-12-05T20:21:58Z",
"pushed_at": "2024-11-14T16:25:52Z",
"stargazers_count": 71,
"watchers_count": 71,
"stargazers_count": 72,
"watchers_count": 72,
"has_discussions": false,
"forks_count": 22,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 22,
"watchers": 71,
"watchers": 72,
"score": 0,
"subscribers_count": 0
},

33
2024/CVE-2024-48705.json Normal file
View file

@ -0,0 +1,33 @@
[
{
"id": 899256024,
"name": "CVE-2024-48705",
"full_name": "L41KAA\/CVE-2024-48705",
"owner": {
"login": "L41KAA",
"id": 54420351,
"avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/54420351?v=4",
"html_url": "https:\/\/github.com\/L41KAA",
"user_view_type": "public"
},
"html_url": "https:\/\/github.com\/L41KAA\/CVE-2024-48705",
"description": "Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the \"set_sys_adm\" function of the \"adm.cgi\" binary, and is due to improper santization of the user provided \"newpass\" field.",
"fork": false,
"created_at": "2024-12-05T22:45:58Z",
"updated_at": "2024-12-05T23:01:09Z",
"pushed_at": "2024-12-05T23:01:06Z",
"stargazers_count": 0,
"watchers_count": 0,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
"is_template": false,
"web_commit_signoff_required": false,
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 0,
"score": 0,
"subscribers_count": 0
}
]

8
2024/CVE-2024-48990.json
View file

@ -14,10 +14,10 @@
"description": "PoC for CVE-2024-48990",
"fork": false,
"created_at": "2024-11-20T18:41:25Z",
"updated_at": "2024-12-01T05:53:34Z",
"updated_at": "2024-12-06T00:28:40Z",
"pushed_at": "2024-11-20T18:49:33Z",
"stargazers_count": 84,
"watchers_count": 84,
"stargazers_count": 85,
"watchers_count": 85,
"has_discussions": false,
"forks_count": 14,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 14,
"watchers": 84,
"watchers": 85,
"score": 0,
"subscribers_count": 1
},

8
2024/CVE-2024-49039.json
View file

@ -14,10 +14,10 @@
"description": "WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler",
"fork": false,
"created_at": "2024-11-19T08:57:18Z",
"updated_at": "2024-12-05T17:57:06Z",
"updated_at": "2024-12-06T00:01:26Z",
"pushed_at": "2024-11-19T09:15:26Z",
"stargazers_count": 68,
"watchers_count": 68,
"stargazers_count": 67,
"watchers_count": 67,
"has_discussions": false,
"forks_count": 15,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 15,
"watchers": 68,
"watchers": 67,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-51378.json
View file

@ -14,10 +14,10 @@
"description": "Exploit for CyberPanel Pre-Auth RCE via Command Injection",
"fork": false,
"created_at": "2024-10-29T23:34:27Z",
"updated_at": "2024-12-05T10:12:09Z",
"updated_at": "2024-12-05T22:11:22Z",
"pushed_at": "2024-11-01T10:12:49Z",
"stargazers_count": 11,
"watchers_count": 11,
"stargazers_count": 12,
"watchers_count": 12,
"has_discussions": false,
"forks_count": 3,
"allow_forking": true,
@ -26,7 +26,7 @@
"topics": [],
"visibility": "public",
"forks": 3,
"watchers": 11,
"watchers": 12,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-51567.json
View file

@ -79,10 +79,10 @@
"description": "CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6s upgrademysqlstatus endpoint, bypassing CSRF protections.",
"fork": false,
"created_at": "2024-11-26T02:18:24Z",
"updated_at": "2024-12-04T06:54:51Z",
"updated_at": "2024-12-05T20:50:45Z",
"pushed_at": "2024-11-26T02:21:21Z",
"stargazers_count": 4,
"watchers_count": 4,
"stargazers_count": 5,
"watchers_count": 5,
"has_discussions": false,
"forks_count": 0,
"allow_forking": true,
@ -91,7 +91,7 @@
"topics": [],
"visibility": "public",
"forks": 0,
"watchers": 4,
"watchers": 5,
"score": 0,
"subscribers_count": 1
}

8
2024/CVE-2024-6387.json
View file

@ -1589,10 +1589,10 @@
"description": "Targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems.",
"fork": false,
"created_at": "2024-07-03T06:08:32Z",
"updated_at": "2024-11-21T06:28:18Z",
"updated_at": "2024-12-05T20:11:29Z",
"pushed_at": "2024-07-03T06:47:46Z",
"stargazers_count": 10,
"watchers_count": 10,
"stargazers_count": 11,
"watchers_count": 11,
"has_discussions": false,
"forks_count": 5,
"allow_forking": true,
@ -1603,7 +1603,7 @@
],
"visibility": "public",
"forks": 5,
"watchers": 10,
"watchers": 11,
"score": 0,
"subscribers_count": 1
},

3
README.md
View file

@ -6755,6 +6755,9 @@
- [paragbagul111/CVE-2024-48652](https://github.com/paragbagul111/CVE-2024-48652)
### CVE-2024-48705
- [L41KAA/CVE-2024-48705](https://github.com/L41KAA/CVE-2024-48705)
### CVE-2024-48914 (2024-10-15)
<code>Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`.