Update Sun Sep 24 10:57:58 UTC 2023

2013/CVE-2013-1474.md

@@ -11,6 +11,7 @@ Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4
 
 #### Reference
 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
+- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16378
 
 #### Github
 No PoCs found on GitHub currently.

2017/CVE-2017-18754.md

@@ -0,0 +1,17 @@
+### [CVE-2017-18754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18754)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-2663.md

@@ -10,7 +10,7 @@ An issue was found in the Linux kernel in nf_conntrack_irc where the message han
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://www.youtube.com/watch?v=WIq-YgQuYCA
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-33690.md

@@ -11,6 +11,7 @@ SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal
 
 #### Reference
 - https://github.com/lane711/sonicjs/pull/183
+- https://youtu.be/6ZuwA9CkQLg
 
 #### Github
 No PoCs found on GitHub currently.

2023/CVE-2023-4504.md

@@ -7,7 +7,7 @@
 
 ### Description
 
-Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
+Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
 
 ### POC
 

references.txt

@@ -21070,6 +21070,7 @@ CVE-2013-1471 - http://www.youtube.com/watch?v=5d7cIaM80oY
 CVE-2013-1472 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
 CVE-2013-1473 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
 CVE-2013-1474 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
+CVE-2013-1474 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16378
 CVE-2013-1475 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
 CVE-2013-1476 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
 CVE-2013-1477 - http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
@@ -41522,6 +41523,7 @@ CVE-2017-18730 - https://kb.netgear.com/000051525/Security-Advisory-for-Pre-Auth
 CVE-2017-18732 - https://kb.netgear.com/000051523/Security-Advisory-for-Authentication-Bypass-on-R6300v2-PLW1000v2-and-PLW1010v2-PSV-2016-0069
 CVE-2017-18738 - https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706
 CVE-2017-18751 - https://kb.netgear.com/000051503/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2017-2517
+CVE-2017-18754 - https://kb.netgear.com/000051494/Security-Advisory-for-Post-Authentication-Command-Injection-on-Routers-PSV-2017-0329
 CVE-2017-18757 - https://kb.netgear.com/000051491/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-PSV-2016-0120
 CVE-2017-18758 - https://kb.netgear.com/000051487/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2157
 CVE-2017-18761 - https://kb.netgear.com/000051484/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-R8000-PSV-2017-2229
@@ -74404,6 +74406,7 @@ CVE-2022-26613 - https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-20
 CVE-2022-26624 - https://drive.google.com/file/d/1Dp0dD9PNcwamjRi0ldD0hUOEivu48SR6/view?usp=sharing
 CVE-2022-26628 - https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/vetbossel.in/2022/Matrimony
 CVE-2022-26629 - https://github.com/sysenter-eip/CVE-2022-26629
+CVE-2022-2663 - https://www.youtube.com/watch?v=WIq-YgQuYCA
 CVE-2022-26632 - https://www.exploit-db.com/exploits/50739
 CVE-2022-26633 - https://www.exploit-db.com/exploits/50740
 CVE-2022-26634 - https://www.exploit-db.com/exploits/50765
@@ -81384,6 +81387,7 @@ CVE-2023-33675 - https://github.com/DDizzzy79/Tenda-CVE/blob/main/AC8V4.0/N5/REA
 CVE-2023-33675 - https://github.com/DDizzzy79/Tenda-CVE/tree/main/AC8V4.0/N5
 CVE-2023-33684 - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5771.php
 CVE-2023-33690 - https://github.com/lane711/sonicjs/pull/183
+CVE-2023-33690 - https://youtu.be/6ZuwA9CkQLg
 CVE-2023-33716 - https://github.com/enzo1982/mp4v2/issues/36
 CVE-2023-33720 - https://github.com/enzo1982/mp4v2/issues/36
 CVE-2023-33733 - https://github.com/c53elyas/CVE-2023-33733