Update Wed Oct 4 11:02:10 UTC 2023

2014/CVE-2014-0160.md

@@ -72,6 +72,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/Dor1s/libfuzzer-workshop
 - https://github.com/El-Palomo/VULNIX
 - https://github.com/Elnatty/tryhackme_labs
+- https://github.com/EvanLi/Github-Ranking
 - https://github.com/EvilHat/awesome-hacking
 - https://github.com/EvilHat/awesome-security
 - https://github.com/EvilHat/pentest-resource

2014/CVE-2014-3482.md

@@ -10,6 +10,7 @@ SQL injection vulnerability in activerecord/lib/active_record/connection_adapter
 ### POC
 
 #### Reference
+- https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
 - https://hackerone.com/reports/28449
 
 #### Github

2014/CVE-2014-3483.md

@@ -10,6 +10,7 @@ SQL injection vulnerability in activerecord/lib/active_record/connection_adapter
 ### POC
 
 #### Reference
+- https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
 - https://hackerone.com/reports/28450
 
 #### Github

2017/CVE-2017-12635.md

@@ -44,6 +44,7 @@ Due to differences in the Erlang-based JSON parser and JavaScript-based JSON par
 - https://github.com/openx-org/BLEN
 - https://github.com/security211/icrus_vulnerabilty_research
 - https://github.com/t0m4too/t0m4to
+- https://github.com/tanjiti/sec_profile
 - https://github.com/tranmanhdat/couchdb_cve-2017-12635
 - https://github.com/zhaoolee/garss
 

2017/CVE-2017-20152.md

@@ -0,0 +1,17 @@
+### [CVE-2017-20152](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20152)
+![](https://img.shields.io/static/v1?label=Product&message=imageserve&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Path%20Traversal&color=brighgreen)
+
+### Description
+
+A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056.
+
+### POC
+
+#### Reference
+- https://github.com/aerouk/imageserve/pull/27
+
+#### Github
+No PoCs found on GitHub currently.
+

2017/CVE-2017-20153.md

@@ -0,0 +1,17 @@
+### [CVE-2017-20153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20153)
+![](https://img.shields.io/static/v1?label=Product&message=imageserve&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/aerouk/imageserve/pull/27
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-19726.md

@@ -13,6 +13,7 @@ OpenBSD through 6.6 allows local users to escalate to root because a check for L
 - http://packetstormsecurity.com/files/155658/Qualys-Security-Advisory-OpenBSD-Dynamic-Loader-Privilege-Escalation.html
 - http://packetstormsecurity.com/files/155764/OpenBSD-Dynamic-Loader-chpass-Privilege-Escalation.html
 - http://seclists.org/fulldisclosure/2019/Dec/31
+- http://www.openwall.com/lists/oss-security/2023/10/03/2
 - https://seclists.org/bugtraq/2019/Dec/25
 - https://www.openwall.com/lists/oss-security/2019/12/11/9
 

2019/CVE-2019-2729.md

@@ -66,6 +66,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
 - https://github.com/ruthlezs/CVE-2019-2729-Exploit
 - https://github.com/safe6Sec/wlsEnv
 - https://github.com/superfish9/pt
+- https://github.com/tanjiti/sec_profile
 - https://github.com/trganda/starrlist
 - https://github.com/veo/vscan
 - https://github.com/waffl3ss/CVE-2019-2729

2019/CVE-2019-9193.md

@@ -24,6 +24,7 @@
 - https://github.com/Yang8miao/prov_navigator
 - https://github.com/alphaSeclab/sec-daily-2019
 - https://github.com/b4keSn4ke/CVE-2019-9193
+- https://github.com/bryanqb07/oscp_notes
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/dial25sd/arf-vulnerable-vm
 - https://github.com/duckstroms/Web-CTF-Cheatsheet

2020/CVE-2020-13936.md

@@ -20,6 +20,7 @@ An attacker that is able to modify Velocity templates may execute arbitrary Java
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/jimbethancourt/RefactorFirst
+- https://github.com/refactorfirst/RefactorFirst
 - https://github.com/tzwlhack/Vulnerability
 - https://github.com/whyjustin/RefactorFirst
 

2021/CVE-2021-41773.md

@@ -132,6 +132,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2.
 - https://github.com/binganao/vulns-2022
 - https://github.com/blackn0te/Apache-HTTP-Server-2.4.49-2.4.50-Path-Traversal-Remote-Code-Execution
 - https://github.com/blasty/CVE-2021-41773
+- https://github.com/bryanqb07/oscp_notes
 - https://github.com/byteofandri/CVE-2021-41773
 - https://github.com/byteofjoshua/CVE-2021-41773
 - https://github.com/capdegarde/apache_path_traversal

2022/CVE-2022-46689.md

@@ -54,6 +54,7 @@ A race condition was addressed with additional validation. This issue is fixed i
 - https://github.com/neon443/mdcsource
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/puffycheezball8/MacDirtyCow-AltSource
+- https://github.com/ryanfortner/starred
 - https://github.com/serdykee/serdykee.github.io
 - https://github.com/spinfal/CVE-2022-46689
 - https://github.com/staturnzz/sw1tch

2022/CVE-2022-46841.md

@@ -0,0 +1,17 @@
+### [CVE-2022-46841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46841)
+![](https://img.shields.io/static/v1?label=Product&message=Oxygen%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2022/CVE-2022-47891.md

@@ -0,0 +1,17 @@
+### [CVE-2022-47891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47891)
+![](https://img.shields.io/static/v1?label=Product&message=Netman-204&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20all%20versions%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen)
+
+### Description
+
+All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/JoelGMSec/Thunderstorm
+

2022/CVE-2022-47892.md

@@ -0,0 +1,17 @@
+### [CVE-2022-47892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47892)
+![](https://img.shields.io/static/v1?label=Product&message=Netman-204&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20all%20versions%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen)
+
+### Description
+
+All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/JoelGMSec/Thunderstorm
+

2022/CVE-2022-47893.md

@@ -0,0 +1,17 @@
+### [CVE-2022-47893](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47893)
+![](https://img.shields.io/static/v1?label=Product&message=Netman-204&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20all%20versions%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen)
+
+### Description
+
+There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/JoelGMSec/Thunderstorm
+

2023/CVE-2023-0828.md

@@ -0,0 +1,17 @@
+### [CVE-2023-0828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0828)
+![](https://img.shields.io/static/v1?label=Product&message=Pandora%20FMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=v0%3C%3D%20v767%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2023/CVE-2023-20115.md

@@ -0,0 +1,17 @@
+### [CVE-2023-20115](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20115)
+![](https://img.shields.io/static/v1?label=Product&message=Cisco%20NX-OS%20Software&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%209.2(1)%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device.  This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user.   There are workarounds that address this vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2023/CVE-2023-20918.md

@@ -0,0 +1,17 @@
+### [CVE-2023-20918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20918)
+![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2013%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)
+
+### Description
+
+In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2023/CVE-2023-21281.md

@@ -0,0 +1,17 @@
+### [CVE-2023-21281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21281)
+![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2013%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)
+
+### Description
+
+In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2023/CVE-2023-21286.md

@@ -0,0 +1,17 @@
+### [CVE-2023-21286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21286)
+![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2013%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen)
+
+### Description
+
+In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2023/CVE-2023-22374.md

@@ -1,11 +1,11 @@
 ### [CVE-2023-22374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22374)
 ![](https://img.shields.io/static/v1?label=Product&message=BIG-IP&color=blue)
-![](https://img.shields.io/static/v1?label=Version&message=%3D%2017.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
 ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-134%20Use%20of%20Externally-Controlled%20Format%20String&color=brighgreen)
 
 ### Description
 
-In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
+A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 
 ### POC
 

2023/CVE-2023-24518.md

@@ -0,0 +1,17 @@
+### [CVE-2023-24518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24518)
+![](https://img.shields.io/static/v1?label=Product&message=Pandora%20FMS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=v0%3C%3D%20v767%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2023/CVE-2023-25463.md

@@ -0,0 +1,17 @@
+### [CVE-2023-25463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25463)
+![](https://img.shields.io/static/v1?label=Product&message=WP%20tell%20a%20friend%20popup%20form&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%207.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2023/CVE-2023-26150.md

@@ -13,5 +13,5 @@ Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authent
 - https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2023/CVE-2023-26151.md

@@ -13,5 +13,5 @@ Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Servic
 - https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2023/CVE-2023-26152.md

@@ -13,5 +13,5 @@ All versions of the package static-server are vulnerable to Directory Traversal
 - https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2023/CVE-2023-2624.md

@@ -0,0 +1,17 @@
+### [CVE-2023-2624](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2624)
+![](https://img.shields.io/static/v1?label=Product&message=KiviCare&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/174895/WordPress-KiviCare-3.2.0-Cross-Site-Scripting.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-2681.md

@@ -0,0 +1,17 @@
+### [CVE-2023-2681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2681)
+![](https://img.shields.io/static/v1?label=Product&message=Jorani&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2023/CVE-2023-27396.md

@@ -10,6 +10,7 @@ FINS (Factory Interface Network Service) is a message communication protocol, wh
 ### POC
 
 #### Reference
+- https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf
 - https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf
 
 #### Github

2023/CVE-2023-31584.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/rootd4ddy/CVE-2023-31584
+- https://github.com/rootd4ddy/CVE-2023-43838