Update Thu Oct 5 11:02:49 UTC 2023

llx1113 · Oct 5, 2023 · c72a7ee · c72a7ee
1 parent 56f58fd
commit c72a7ee
Show file tree

Hide file tree

Showing 108 changed files with 1,240 additions and 5 deletions.
diff --git a/2003/CVE-2003-0127.md b/2003/CVE-2003-0127.md
@@ -37,6 +37,7 @@ No PoCs from references.
 - https://github.com/cyberheartmi9/EQGRP
 - https://github.com/hackcrypto/EQGRP
 - https://github.com/happysmack/x0rzEQGRP
+- https://github.com/kicku6/Opensource88888
 - https://github.com/kongjiexi/leaked2
 - https://github.com/maxcvnd/bdhglopoj
 - https://github.com/namangangwar/EQGRP

diff --git a/2010/CVE-2010-0232.md b/2010/CVE-2010-0232.md
@@ -23,6 +23,7 @@ No PoCs from references.
 - https://github.com/azorfus/CVE-2010-0232
 - https://github.com/cpardue/OSCP-PWK-Notes-Public
 - https://github.com/fei9747/WindowsElevation
+- https://github.com/kicku6/Opensource88888
 - https://github.com/nitishbadole/oscp-note-2
 - https://github.com/rmsbpro/rmsbpro
 - https://github.com/sphinxs329/OSCP-PWK-Notes-Public

diff --git a/2011/CVE-2011-2005.md b/2011/CVE-2011-2005.md
@@ -21,6 +21,7 @@ No PoCs from references.
 - https://github.com/alizain51/OSCP-Notes-ALL-CREDITS-TO-OPTIXAL-
 - https://github.com/cpardue/OSCP-PWK-Notes-Public
 - https://github.com/fei9747/WindowsElevation
+- https://github.com/kicku6/Opensource88888
 - https://github.com/lyshark/Windows-exploits
 - https://github.com/sphinxs329/OSCP-PWK-Notes-Public
 - https://github.com/xcsrf/OSCP-PWK-Notes-Public

diff --git a/2012/CVE-2012-0056.md b/2012/CVE-2012-0056.md
@@ -90,6 +90,7 @@ No PoCs from references.
 - https://github.com/khanhhdz/linux-kernel-exploitation
 - https://github.com/khanhhdz06/linux-kernel-exploitation
 - https://github.com/khanhnd123/linux-kernel-exploitation
+- https://github.com/kicku6/Opensource88888
 - https://github.com/kumardineshwar/linux-kernel-exploits
 - https://github.com/m0mkris/linux-kernel-exploits
 - https://github.com/make0day/pentest

diff --git a/2016/CVE-2016-5195.md b/2016/CVE-2016-5195.md
@@ -234,6 +234,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo
 - https://github.com/khanhhdz/linux-kernel-exploitation
 - https://github.com/khanhhdz06/linux-kernel-exploitation
 - https://github.com/khanhnd123/linux-kernel-exploitation
+- https://github.com/kicku6/Opensource88888
 - https://github.com/kkamagui/linux-kernel-exploits
 - https://github.com/kmeaw/cowcleaner
 - https://github.com/kumardineshwar/linux-kernel-exploits

diff --git a/2017/CVE-2017-5689.md b/2017/CVE-2017-5689.md
@@ -65,6 +65,7 @@ An unprivileged network attacker could gain system privileges to provisioned Int
 - https://github.com/scriptzteam/Shodan-Dorks
 - https://github.com/thecatdidit/HPEliteBookTools
 - https://github.com/tristisranae/shodan_queries
+- https://github.com/vikipetrov96/HUANANZHI-X99-TF
 - https://github.com/webshell1414/honey
 - https://github.com/wisoez/Awesome-honeypots
 - https://github.com/x1sec/amthoneypot

diff --git a/2018/CVE-2018-3616.md b/2018/CVE-2018-3616.md
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/BIOS-iEngineer/HUANANZHI-X99-F8
 - https://github.com/BIOS-iEngineer/HUANANZHI-X99-TF
+- https://github.com/vikipetrov96/HUANANZHI-X99-TF
 
diff --git a/2019/CVE-2019-0367.md b/2019/CVE-2019-0367.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0367)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20NetWeaver%20Process%20Integration%20(B2B%20Toolkit)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C1.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authorization%20Check&color=brighgreen)
+
+### Description
+
+SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0368.md b/2019/CVE-2019-0368.md
@@ -0,0 +1,19 @@
+### [CVE-2019-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0368)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Customer%20Relationship%20Management%20(Email%20Management%20-%20BBPCRM)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Customer%20Relationship%20Management%20(Email%20Management%20-%20S4CRM)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C1.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3C7.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0369.md b/2019/CVE-2019-0369.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0369)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Financial%20Consolidation&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C10.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0370.md b/2019/CVE-2019-0370.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0370)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Financial%20Consolidation&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C10.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Others&color=brighgreen)
+
+### Description
+
+Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0374.md b/2019/CVE-2019-0374.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0374)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Business%20Intelligence%20Platform%20(Web%20Intelligence%20HTML%20interface)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C4.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0375.md b/2019/CVE-2019-0375.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0375)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Business%20Intelligence%20Platform%20(Web%20Intelligence%20HTML%20interface)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C4.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0376.md b/2019/CVE-2019-0376.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0376)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Business%20Intelligence%20Platform%20(Web%20Intelligence%20HTML%20interface)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C4.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0377.md b/2019/CVE-2019-0377.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0377)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Business%20Intelligence%20Platform%20(Web%20Intelligence%20HTML%20interface)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C4.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0378.md b/2019/CVE-2019-0378.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0378](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0378)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20BusinessObjects%20Business%20Intelligence%20Platform%20(Web%20Intelligence%20HTML%20interface)&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C4.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-Site%20Scripting&color=brighgreen)
+
+### Description
+
+SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0379.md b/2019/CVE-2019-0379.md
@@ -11,6 +11,7 @@ SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does no
 
 #### Reference
 - https://launchpad.support.sap.com/#/notes/2826015
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2019/CVE-2019-0380.md b/2019/CVE-2019-0380.md
@@ -0,0 +1,17 @@
+### [CVE-2019-0380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0380)
+![](https://img.shields.io/static/v1?label=Product&message=SAP%20Landscape%20Management%20enterprise%20edition&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C3.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=%20Information%20Disclosure&color=brighgreen)
+
+### Description
+
+Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
+
+### POC
+
+#### Reference
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2019/CVE-2019-0381.md b/2019/CVE-2019-0381.md
@@ -15,6 +15,7 @@ A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before versi
 
 #### Reference
 - https://launchpad.support.sap.com/#/notes/2792430
+- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050
 
 #### Github
 No PoCs found on GitHub currently.

diff --git a/2019/CVE-2019-19781.md b/2019/CVE-2019-19781.md
@@ -102,6 +102,7 @@ An issue was discovered in Citrix Application Delivery Controller (ADC) and Gate
 - https://github.com/hack-parthsharma/Pentest-Tools
 - https://github.com/hackingyseguridad/nmap
 - https://github.com/hasee2018/Penetration_Testing_POC
+- https://github.com/haxrob/citrix-honeypot
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/hktalent/TOP
 - https://github.com/hollerith/CVE-2019-19781

diff --git a/2019/CVE-2019-2618.md b/2019/CVE-2019-2618.md
@@ -43,6 +43,7 @@ No PoCs from references.
 - https://github.com/r0eXpeR/redteam_vul
 - https://github.com/reph0r/poc-exp
 - https://github.com/reph0r/poc-exp-tools
+- https://github.com/tanjiti/sec_profile
 - https://github.com/trganda/starrlist
 - https://github.com/weeka10/-hktalent-TOP
 - https://github.com/wr0x00/Lizard

diff --git a/2019/CVE-2019-8985.md b/2019/CVE-2019-8985.md
@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/IamAlch3mist/Awesome-Embedded-Systems-Vulnerability-Research
 
diff --git a/2020/CVE-2020-0668.md b/2020/CVE-2020-0668.md
@@ -46,6 +46,7 @@ An elevation of privilege vulnerability exists in the way that the Windows Kerne
 - https://github.com/itm4n/SysTracingPoc
 - https://github.com/lnick2023/nicenice
 - https://github.com/lyshark/Windows-exploits
+- https://github.com/modulexcite/SysTracingPoc
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/nu11secur1ty/CVE-mitre
 - https://github.com/nu11secur1ty/CVE-nu11secur1ty

diff --git a/2020/CVE-2020-0787.md b/2020/CVE-2020-0787.md
@@ -81,6 +81,7 @@ An elevation of privilege vulnerability exists when the Windows Background Intel
 - https://github.com/soosmile/POC
 - https://github.com/taielab/awesome-hacking-lists
 - https://github.com/trganda/starrlist
+- https://github.com/ttxx9999/BitsArbitraryFileMove
 - https://github.com/weeka10/-hktalent-TOP
 - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
 - https://github.com/xbl2022/awesome-hacking-lists

diff --git a/2020/CVE-2020-0796.md b/2020/CVE-2020-0796.md
@@ -198,6 +198,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve
 - https://github.com/ioncodes/SMBGhost
 - https://github.com/jamf/CVE-2020-0796-LPE-POC
 - https://github.com/jamf/CVE-2020-0796-RCE-POC
+- https://github.com/jamf/SMBGhost-SMBleed-scanner
 - https://github.com/jeansgit/Pentest
 - https://github.com/jiansiting/CVE-2020-0796
 - https://github.com/jiansiting/CVE-2020-0796-Scanner

diff --git a/2020/CVE-2020-0863.md b/2020/CVE-2020-0863.md
@@ -21,6 +21,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/ASkyeye/DiagTrackAribtraryFileRead
 - https://github.com/itm4n/CVEs
 - https://github.com/itm4n/DiagTrackAribtraryFileRead
 - https://github.com/lnick2023/nicenice

diff --git a/2020/CVE-2020-1048.md b/2020/CVE-2020-1048.md
@@ -61,6 +61,7 @@ An elevation of privilege vulnerability exists when the Windows Print Spooler se
 - https://github.com/thalpius/Microsoft-PrintDemon-Vulnerability
 - https://github.com/wh0Nsq/Invoke-PrintDemon
 - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
+- https://github.com/xnxr/PrinterDemon
 - https://github.com/xuetusummer/Penetration_Testing_POC
 - https://github.com/ycdxsb/WindowsPrivilegeEscalation
 - https://github.com/yedada-wei/-

diff --git a/2020/CVE-2020-11651.md b/2020/CVE-2020-11651.md
@@ -70,6 +70,7 @@ An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2
 - https://github.com/retr0-13/Goby
 - https://github.com/rossengeorgiev/salt-security-backports
 - https://github.com/soosmile/POC
+- https://github.com/ssrsec/CVE-2020-11651-CVE-2020-11652-EXP
 - https://github.com/tdtc7/qps
 - https://github.com/trganda/dockerv
 - https://github.com/trganda/starrlist

diff --git a/2020/CVE-2020-11652.md b/2020/CVE-2020-11652.md
@@ -52,6 +52,7 @@ An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2
 - https://github.com/rapyuta-robotics/clean-script
 - https://github.com/rossengeorgiev/salt-security-backports
 - https://github.com/soosmile/POC
+- https://github.com/ssrsec/CVE-2020-11651-CVE-2020-11652-EXP
 - https://github.com/tdtc7/qps
 - https://github.com/trganda/dockerv
 - https://github.com/trganda/starrlist

diff --git a/2020/CVE-2020-1206.md b/2020/CVE-2020-1206.md
@@ -39,6 +39,7 @@ An information disclosure vulnerability exists in the way that the Microsoft Ser
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/jamf/CVE-2020-0796-RCE-POC
 - https://github.com/jamf/CVE-2020-1206-POC
+- https://github.com/jamf/SMBGhost-SMBleed-scanner
 - https://github.com/lnick2023/nicenice
 - https://github.com/manoz00/mm
 - https://github.com/msuiche/smbaloo

diff --git a/2020/CVE-2020-13933.md b/2020/CVE-2020-13933.md
@@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/0xkami/cve-2020-13933
 - https://github.com/360quake/papers
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/EXP-Docs/CVE-2020-13933
 - https://github.com/HackJava/HackShiro
 - https://github.com/HackJava/Shiro
 - https://github.com/SexyBeast233/SecBooks

diff --git a/2020/CVE-2020-1472.md b/2020/CVE-2020-1472.md
@@ -217,6 +217,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
 - https://github.com/itssmikefm/CVE-2020-1472
 - https://github.com/izj007/wechat
 - https://github.com/jenriquezv/OSCP-Cheat-Sheets-AD
+- https://github.com/jiushill/CVE-2020-1472
 - https://github.com/johnpathe/zerologon-cve-2020-1472-notes
 - https://github.com/k0imet/CVE-POCs
 - https://github.com/k8gege/CVE-2020-1472-EXP
@@ -264,6 +265,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
 - https://github.com/rfrost777/tools
 - https://github.com/rhymeswithmogul/Set-ZerologonMitigation
 - https://github.com/risksense/zerologon
+- https://github.com/rtandr01d/zerologon
 - https://github.com/rth0pper/zerologon
 - https://github.com/sabrinalupsan/pentesting-active-directory
 - https://github.com/safe6Sec/command

diff --git a/2020/CVE-2020-15416.md b/2020/CVE-2020-15416.md
@@ -0,0 +1,17 @@
+### [CVE-2020-15416](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15416)
+![](https://img.shields.io/static/v1?label=Product&message=R6700&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen)
+
+### Description
+
+This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/k3vinlusec/R7000_httpd_BOF_CVE-2020-15416
+
diff --git a/2020/CVE-2020-1938.md b/2020/CVE-2020-1938.md
@@ -24,6 +24,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc
 - https://github.com/20142995/Goby
 - https://github.com/20142995/pocsuite3
 - https://github.com/20142995/sectool
+- https://github.com/5altNaCl/Backend-vulnerable-free-market-site
 - https://github.com/5altNaCl/Vulnerable-flea-market-site
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates

diff --git a/2020/CVE-2020-19692.md b/2020/CVE-2020-19692.md
@@ -13,5 +13,5 @@ Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attack
 - https://github.com/nginx/njs/issues/187
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/l0kihardt/l0kihardt
Original file line number	Diff line number	Diff line change
Expand Up		@@ -14,4 +14,5 @@ No PoCs from references.

		#### Github
		- https://github.com/ARPSyndicate/cvemon
		- https://github.com/IamAlch3mist/Awesome-Embedded-Systems-Vulnerability-Research