Update Thu Jul 28 11:33:13 UTC 2022

daydayoneday · Jul 28, 2022 · 10efab3 · 10efab3
1 parent f26d4a2
commit 10efab3
Showing 6 changed files with 26 additions and 0 deletions.
diff --git a/2018/CVE-2018-19320.md b/2018/CVE-2018-19320.md
@@ -11,6 +11,7 @@ The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRA
 
 #### Reference
 - http://seclists.org/fulldisclosure/2018/Dec/39
+- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 
 #### Github
 - https://github.com/0xT11/CVE-POC

diff --git a/2018/CVE-2018-19321.md b/2018/CVE-2018-19321.md
@@ -11,6 +11,7 @@ The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earli
 
 #### Reference
 - http://seclists.org/fulldisclosure/2018/Dec/39
+- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2018/CVE-2018-19322.md b/2018/CVE-2018-19322.md
@@ -11,6 +11,7 @@ The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earli
 
 #### Reference
 - http://seclists.org/fulldisclosure/2018/Dec/39
+- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2018/CVE-2018-19323.md b/2018/CVE-2018-19323.md
@@ -11,6 +11,7 @@ The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRA
 
 #### Reference
 - http://seclists.org/fulldisclosure/2018/Dec/39
+- https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2021/CVE-2021-33371.md b/2021/CVE-2021-33371.md
@@ -0,0 +1,17 @@
+### [CVE-2021-33371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33371)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.
+
+### POC
+
+#### Reference
+- https://www.exploit-db.com/exploits/49865
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -39972,9 +39972,13 @@ CVE-2018-19290 - http://seclists.org/fulldisclosure/2018/Nov/44
 CVE-2018-19291 - https://github.com/chekun/DiliCMS/issues/60
 CVE-2018-19300 - https://community.greenbone.net/t/cve-2018-19300-remote-command-execution-vulnerability-in-d-link-dwr-and-dap-routers/1772
 CVE-2018-19320 - http://seclists.org/fulldisclosure/2018/Dec/39
+CVE-2018-19320 - https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 CVE-2018-19321 - http://seclists.org/fulldisclosure/2018/Dec/39
+CVE-2018-19321 - https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 CVE-2018-19322 - http://seclists.org/fulldisclosure/2018/Dec/39
+CVE-2018-19322 - https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 CVE-2018-19323 - http://seclists.org/fulldisclosure/2018/Dec/39
+CVE-2018-19323 - https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
 CVE-2018-19328 - https://github.com/onkyoworm/poc/blob/master/laobancms/poc.md
 CVE-2018-19331 - https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmssql-injection.html
 CVE-2018-19332 - https://kingflyme.blogspot.com/2018/11/the-poc-of-s-cmscsrf.html
@@ -56985,6 +56989,7 @@ CVE-2021-33221 - http://seclists.org/fulldisclosure/2021/May/72
 CVE-2021-33256 - https://docs.unsafe-inline.com/0day/manageengine-adselfservice-plus-6.1-csv-injection
 CVE-2021-3328 - https://jankopecky.net/index.php/2021/04/08/cve-2021-3328-abyss-web-server-remote-dos/
 CVE-2021-3337 - http://packetstormsecurity.com/files/161185/MyBB-Hide-Thread-Content-1.0-Information-Disclosure.html
+CVE-2021-33371 - https://www.exploit-db.com/exploits/49865
 CVE-2021-3339 - https://appsource.microsoft.com/en-us/product/web-apps/acctech-systems-pty-ltd.modernflow-saas?tab=overview
 CVE-2021-33393 - http://packetstormsecurity.com/files/163158/IPFire-2.25-Remote-Code-Execution.html
 CVE-2021-33408 - https://www.abinitio.com/en/security-advisories/ab-2021-001/