diff --git a/2014/CVE-2014-0160.json b/2014/CVE-2014-0160.json index e84d21e623..b9464edf5a 100644 --- a/2014/CVE-2014-0160.json +++ b/2014/CVE-2014-0160.json @@ -14,10 +14,10 @@ "description": "A checker (site and tool) for CVE-2014-0160", "fork": false, "created_at": "2014-04-07T23:03:09Z", - "updated_at": "2024-12-01T10:53:20Z", + "updated_at": "2024-12-05T23:37:16Z", "pushed_at": "2021-02-24T09:17:24Z", - "stargazers_count": 2305, - "watchers_count": 2305, + "stargazers_count": 2306, + "watchers_count": 2306, "has_discussions": false, "forks_count": 461, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 461, - "watchers": 2305, + "watchers": 2306, "score": 0, "subscribers_count": 117 }, diff --git a/2017/CVE-2017-11882.json b/2017/CVE-2017-11882.json index 2ed852805c..2b0e9f5a39 100644 --- a/2017/CVE-2017-11882.json +++ b/2017/CVE-2017-11882.json @@ -45,10 +45,10 @@ "description": "Proof-of-Concept exploits for CVE-2017-11882", "fork": false, "created_at": "2017-11-20T16:35:30Z", - "updated_at": "2024-09-10T06:16:46Z", + "updated_at": "2024-12-05T23:22:30Z", "pushed_at": "2017-11-29T16:13:23Z", - "stargazers_count": 493, - "watchers_count": 493, + "stargazers_count": 494, + "watchers_count": 494, "has_discussions": false, "forks_count": 183, "allow_forking": true, @@ -57,7 +57,7 @@ "topics": [], "visibility": "public", "forks": 183, - "watchers": 493, + "watchers": 494, "score": 0, "subscribers_count": 39 }, diff --git a/2018/CVE-2018-19320.json b/2018/CVE-2018-19320.json index d49302fba1..9de57aa752 100644 --- a/2018/CVE-2018-19320.json +++ b/2018/CVE-2018-19320.json @@ -76,10 +76,10 @@ "description": "Unsigned driver loader using CVE-2018-19320", "fork": false, "created_at": "2022-11-12T05:48:13Z", - "updated_at": "2024-12-05T15:33:22Z", + "updated_at": "2024-12-05T22:20:59Z", "pushed_at": "2023-04-09T13:50:29Z", - "stargazers_count": 209, - "watchers_count": 209, + "stargazers_count": 210, + "watchers_count": 210, "has_discussions": false, "forks_count": 57, "allow_forking": true, @@ -88,7 +88,7 @@ "topics": [], "visibility": "public", "forks": 57, - "watchers": 209, + "watchers": 210, "score": 0, "subscribers_count": 9 } diff --git a/2020/CVE-2020-15368.json b/2020/CVE-2020-15368.json index e9b11aabc2..db693e31b3 100644 --- a/2020/CVE-2020-15368.json +++ b/2020/CVE-2020-15368.json @@ -14,10 +14,10 @@ "description": "CVE-2020-15368, aka \"How to exploit a vulnerable driver\"", "fork": false, "created_at": "2021-06-29T04:38:24Z", - "updated_at": "2024-11-15T12:23:01Z", + "updated_at": "2024-12-05T22:15:01Z", "pushed_at": "2022-04-14T03:17:44Z", - "stargazers_count": 440, - "watchers_count": 440, + "stargazers_count": 441, + "watchers_count": 441, "has_discussions": false, "forks_count": 45, "allow_forking": true, @@ -31,7 +31,7 @@ ], "visibility": "public", "forks": 45, - "watchers": 440, + "watchers": 441, "score": 0, "subscribers_count": 6 }, diff --git a/2021/CVE-2021-27965.json b/2021/CVE-2021-27965.json index b20c63b984..43ac5e662c 100644 --- a/2021/CVE-2021-27965.json +++ b/2021/CVE-2021-27965.json @@ -14,10 +14,10 @@ "description": "stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority\/system", "fork": false, "created_at": "2021-06-03T12:39:11Z", - "updated_at": "2024-02-24T11:42:32Z", + "updated_at": "2024-12-05T18:30:11Z", "pushed_at": "2021-06-07T13:46:21Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 11, + "watchers_count": 11, "has_discussions": false, "forks_count": 4, "allow_forking": true, @@ -41,7 +41,7 @@ ], "visibility": "public", "forks": 4, - "watchers": 10, + "watchers": 11, "score": 0, "subscribers_count": 1 }, diff --git a/2021/CVE-2021-3156.json b/2021/CVE-2021-3156.json index 4b5ba86f07..8af3a56a6e 100644 --- a/2021/CVE-2021-3156.json +++ b/2021/CVE-2021-3156.json @@ -1265,10 +1265,10 @@ "description": "CVE-2021-3156 - Sudo Baron Samedit", "fork": false, "created_at": "2021-04-29T06:29:26Z", - "updated_at": "2024-11-27T06:27:28Z", + "updated_at": "2024-12-05T20:01:29Z", "pushed_at": "2022-02-12T19:33:07Z", - "stargazers_count": 220, - "watchers_count": 220, + "stargazers_count": 221, + "watchers_count": 221, "has_discussions": false, "forks_count": 35, "allow_forking": true, @@ -1277,7 +1277,7 @@ "topics": [], "visibility": "public", "forks": 35, - "watchers": 220, + "watchers": 221, "score": 0, "subscribers_count": 8 }, diff --git a/2021/CVE-2021-42278.json b/2021/CVE-2021-42278.json index 07881155ad..cb6fcbb764 100644 --- a/2021/CVE-2021-42278.json +++ b/2021/CVE-2021-42278.json @@ -50,10 +50,10 @@ "description": "Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ", "fork": false, "created_at": "2021-12-13T10:28:12Z", - "updated_at": "2024-12-04T19:54:55Z", + "updated_at": "2024-12-05T19:15:23Z", "pushed_at": "2023-01-29T03:31:27Z", - "stargazers_count": 814, - "watchers_count": 814, + "stargazers_count": 815, + "watchers_count": 815, "has_discussions": false, "forks_count": 124, "allow_forking": true, @@ -62,7 +62,7 @@ "topics": [], "visibility": "public", "forks": 124, - "watchers": 814, + "watchers": 815, "score": 0, "subscribers_count": 13 }, diff --git a/2022/CVE-2022-38694.json b/2022/CVE-2022-38694.json index 6691ed2884..93bcb81f47 100644 --- a/2022/CVE-2022-38694.json +++ b/2022/CVE-2022-38694.json @@ -14,10 +14,10 @@ "description": "This is a one-time signature verification bypass. For persistent signature verification bypass, check https:\/\/github.com\/TomKing062\/CVE-2022-38691_38692", "fork": false, "created_at": "2023-06-10T08:31:26Z", - "updated_at": "2024-12-03T16:24:58Z", + "updated_at": "2024-12-05T18:43:26Z", "pushed_at": "2024-08-01T15:09:15Z", - "stargazers_count": 304, - "watchers_count": 304, + "stargazers_count": 305, + "watchers_count": 305, "has_discussions": true, "forks_count": 44, "allow_forking": true, @@ -29,7 +29,7 @@ ], "visibility": "public", "forks": 44, - "watchers": 304, + "watchers": 305, "score": 0, "subscribers_count": 8 }, diff --git a/2023/CVE-2023-24871.json b/2023/CVE-2023-24871.json index 0f164ae347..e22021bfe2 100644 --- a/2023/CVE-2023-24871.json +++ b/2023/CVE-2023-24871.json @@ -19,13 +19,13 @@ "stargazers_count": 44, "watchers_count": 44, "has_discussions": false, - "forks_count": 13, + "forks_count": 14, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 13, + "forks": 14, "watchers": 44, "score": 0, "subscribers_count": 2 diff --git a/2024/CVE-2024-0012.json b/2024/CVE-2024-0012.json index ab9d3072c9..23a67d6b2f 100644 --- a/2024/CVE-2024-0012.json +++ b/2024/CVE-2024-0012.json @@ -14,10 +14,10 @@ "description": null, "fork": false, "created_at": "2024-11-19T08:29:32Z", - "updated_at": "2024-11-29T04:19:05Z", + "updated_at": "2024-12-05T20:22:20Z", "pushed_at": "2024-11-19T09:28:42Z", - "stargazers_count": 21, - "watchers_count": 21, + "stargazers_count": 22, + "watchers_count": 22, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 21, + "watchers": 22, "score": 0, "subscribers_count": 0 }, diff --git a/2024/CVE-2024-11680.json b/2024/CVE-2024-11680.json index 6a40e4471a..24612fd4dc 100644 --- a/2024/CVE-2024-11680.json +++ b/2024/CVE-2024-11680.json @@ -14,10 +14,10 @@ "description": "This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration issues.", "fork": false, "created_at": "2024-12-04T18:42:43Z", - "updated_at": "2024-12-05T10:13:09Z", + "updated_at": "2024-12-05T23:11:36Z", "pushed_at": "2024-12-04T19:25:34Z", - "stargazers_count": 7, - "watchers_count": 7, + "stargazers_count": 8, + "watchers_count": 8, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 7, + "watchers": 8, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-30088.json b/2024/CVE-2024-30088.json index ccc09c19b3..e328ef49eb 100644 --- a/2024/CVE-2024-30088.json +++ b/2024/CVE-2024-30088.json @@ -107,10 +107,10 @@ "description": "Kernel exploit for Xbox SystemOS using CVE-2024-30088", "fork": false, "created_at": "2024-07-15T08:07:05Z", - "updated_at": "2024-12-04T03:18:10Z", + "updated_at": "2024-12-06T00:18:27Z", "pushed_at": "2024-09-08T21:23:34Z", - "stargazers_count": 424, - "watchers_count": 424, + "stargazers_count": 425, + "watchers_count": 425, "has_discussions": false, "forks_count": 31, "allow_forking": true, @@ -119,7 +119,7 @@ "topics": [], "visibility": "public", "forks": 31, - "watchers": 424, + "watchers": 425, "score": 0, "subscribers_count": 19 }, diff --git a/2024/CVE-2024-38063.json b/2024/CVE-2024-38063.json index 20ac49f8d5..1c94efedb8 100644 --- a/2024/CVE-2024-38063.json +++ b/2024/CVE-2024-38063.json @@ -270,13 +270,13 @@ "stargazers_count": 632, "watchers_count": 632, "has_discussions": false, - "forks_count": 115, + "forks_count": 116, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 115, + "forks": 116, "watchers": 632, "score": 0, "subscribers_count": 4 diff --git a/2024/CVE-2024-44285.json b/2024/CVE-2024-44285.json index ed0b77fa9e..caaa31a6cd 100644 --- a/2024/CVE-2024-44285.json +++ b/2024/CVE-2024-44285.json @@ -19,13 +19,13 @@ "stargazers_count": 0, "watchers_count": 0, "has_discussions": false, - "forks_count": 0, + "forks_count": 1, "allow_forking": true, "is_template": false, "web_commit_signoff_required": false, "topics": [], "visibility": "public", - "forks": 0, + "forks": 1, "watchers": 0, "score": 0, "subscribers_count": 1 diff --git a/2024/CVE-2024-47575.json b/2024/CVE-2024-47575.json index f0e0b94452..22e4122a17 100644 --- a/2024/CVE-2024-47575.json +++ b/2024/CVE-2024-47575.json @@ -14,10 +14,10 @@ "description": "Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575", "fork": false, "created_at": "2024-11-07T21:03:30Z", - "updated_at": "2024-12-04T22:33:44Z", + "updated_at": "2024-12-05T20:21:58Z", "pushed_at": "2024-11-14T16:25:52Z", - "stargazers_count": 71, - "watchers_count": 71, + "stargazers_count": 72, + "watchers_count": 72, "has_discussions": false, "forks_count": 22, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 22, - "watchers": 71, + "watchers": 72, "score": 0, "subscribers_count": 0 }, diff --git a/2024/CVE-2024-48705.json b/2024/CVE-2024-48705.json new file mode 100644 index 0000000000..56ec254018 --- /dev/null +++ b/2024/CVE-2024-48705.json @@ -0,0 +1,33 @@ +[ + { + "id": 899256024, + "name": "CVE-2024-48705", + "full_name": "L41KAA\/CVE-2024-48705", + "owner": { + "login": "L41KAA", + "id": 54420351, + "avatar_url": "https:\/\/avatars.githubusercontent.com\/u\/54420351?v=4", + "html_url": "https:\/\/github.com\/L41KAA", + "user_view_type": "public" + }, + "html_url": "https:\/\/github.com\/L41KAA\/CVE-2024-48705", + "description": "Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the \"set_sys_adm\" function of the \"adm.cgi\" binary, and is due to improper santization of the user provided \"newpass\" field.", + "fork": false, + "created_at": "2024-12-05T22:45:58Z", + "updated_at": "2024-12-05T23:01:09Z", + "pushed_at": "2024-12-05T23:01:06Z", + "stargazers_count": 0, + "watchers_count": 0, + "has_discussions": false, + "forks_count": 0, + "allow_forking": true, + "is_template": false, + "web_commit_signoff_required": false, + "topics": [], + "visibility": "public", + "forks": 0, + "watchers": 0, + "score": 0, + "subscribers_count": 0 + } +] \ No newline at end of file diff --git a/2024/CVE-2024-48990.json b/2024/CVE-2024-48990.json index 394b87bccd..af6dcc7fca 100644 --- a/2024/CVE-2024-48990.json +++ b/2024/CVE-2024-48990.json @@ -14,10 +14,10 @@ "description": "PoC for CVE-2024-48990", "fork": false, "created_at": "2024-11-20T18:41:25Z", - "updated_at": "2024-12-01T05:53:34Z", + "updated_at": "2024-12-06T00:28:40Z", "pushed_at": "2024-11-20T18:49:33Z", - "stargazers_count": 84, - "watchers_count": 84, + "stargazers_count": 85, + "watchers_count": 85, "has_discussions": false, "forks_count": 14, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 14, - "watchers": 84, + "watchers": 85, "score": 0, "subscribers_count": 1 }, diff --git a/2024/CVE-2024-49039.json b/2024/CVE-2024-49039.json index 49ff89ffca..6e6d616a51 100644 --- a/2024/CVE-2024-49039.json +++ b/2024/CVE-2024-49039.json @@ -14,10 +14,10 @@ "description": "WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler", "fork": false, "created_at": "2024-11-19T08:57:18Z", - "updated_at": "2024-12-05T17:57:06Z", + "updated_at": "2024-12-06T00:01:26Z", "pushed_at": "2024-11-19T09:15:26Z", - "stargazers_count": 68, - "watchers_count": 68, + "stargazers_count": 67, + "watchers_count": 67, "has_discussions": false, "forks_count": 15, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 15, - "watchers": 68, + "watchers": 67, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-51378.json b/2024/CVE-2024-51378.json index fa38634bc2..6ae261db57 100644 --- a/2024/CVE-2024-51378.json +++ b/2024/CVE-2024-51378.json @@ -14,10 +14,10 @@ "description": "Exploit for CyberPanel Pre-Auth RCE via Command Injection", "fork": false, "created_at": "2024-10-29T23:34:27Z", - "updated_at": "2024-12-05T10:12:09Z", + "updated_at": "2024-12-05T22:11:22Z", "pushed_at": "2024-11-01T10:12:49Z", - "stargazers_count": 11, - "watchers_count": 11, + "stargazers_count": 12, + "watchers_count": 12, "has_discussions": false, "forks_count": 3, "allow_forking": true, @@ -26,7 +26,7 @@ "topics": [], "visibility": "public", "forks": 3, - "watchers": 11, + "watchers": 12, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-51567.json b/2024/CVE-2024-51567.json index 3386bc534e..d6a9de7fdb 100644 --- a/2024/CVE-2024-51567.json +++ b/2024/CVE-2024-51567.json @@ -79,10 +79,10 @@ "description": "CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections.", "fork": false, "created_at": "2024-11-26T02:18:24Z", - "updated_at": "2024-12-04T06:54:51Z", + "updated_at": "2024-12-05T20:50:45Z", "pushed_at": "2024-11-26T02:21:21Z", - "stargazers_count": 4, - "watchers_count": 4, + "stargazers_count": 5, + "watchers_count": 5, "has_discussions": false, "forks_count": 0, "allow_forking": true, @@ -91,7 +91,7 @@ "topics": [], "visibility": "public", "forks": 0, - "watchers": 4, + "watchers": 5, "score": 0, "subscribers_count": 1 } diff --git a/2024/CVE-2024-6387.json b/2024/CVE-2024-6387.json index aaf836ec91..4296676c02 100644 --- a/2024/CVE-2024-6387.json +++ b/2024/CVE-2024-6387.json @@ -1589,10 +1589,10 @@ "description": "Targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems.", "fork": false, "created_at": "2024-07-03T06:08:32Z", - "updated_at": "2024-11-21T06:28:18Z", + "updated_at": "2024-12-05T20:11:29Z", "pushed_at": "2024-07-03T06:47:46Z", - "stargazers_count": 10, - "watchers_count": 10, + "stargazers_count": 11, + "watchers_count": 11, "has_discussions": false, "forks_count": 5, "allow_forking": true, @@ -1603,7 +1603,7 @@ ], "visibility": "public", "forks": 5, - "watchers": 10, + "watchers": 11, "score": 0, "subscribers_count": 1 }, diff --git a/README.md b/README.md index 91a36c3718..41925e7ddf 100644 --- a/README.md +++ b/README.md @@ -6755,6 +6755,9 @@ - [paragbagul111/CVE-2024-48652](https://github.com/paragbagul111/CVE-2024-48652) +### CVE-2024-48705 +- [L41KAA/CVE-2024-48705](https://github.com/L41KAA/CVE-2024-48705) + ### CVE-2024-48914 (2024-10-15) Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing `/../`.