-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4d58dec
commit 4317997
Showing
16 changed files
with
272 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2013-3321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3321) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://www.securityfocus.com/archive/1/526552 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2013-3322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3322) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://www.securityfocus.com/archive/1/526552 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2019-18932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18932) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://bugzilla.suse.com/show_bug.cgi?id=1150554 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2021-28857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28857) | ||
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) | ||
|
||
### Description | ||
|
||
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://yunus-shn.medium.com/tp-links-tl-wpa4220-v4-0-cleartext-credentials-in-cookie-7516a2649394 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-24439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24439) | ||
![](https://img.shields.io/static/v1?label=Product&message=GitPython&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen) | ||
|
||
### Description | ||
|
||
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
### [CVE-2022-25912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25912) | ||
![](https://img.shields.io/static/v1?label=Product&message=simple-git&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%203.15.0%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution%20(RCE)&color=brighgreen) | ||
|
||
### Description | ||
|
||
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3153532 | ||
- https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-3486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3486) | ||
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=Url%20redirection%20to%20untrusted%20site%20('open%20redirect')%20in%20GitLab&color=brighgreen) | ||
|
||
### Description | ||
|
||
An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://gitlab.com/gitlab-org/gitlab/-/issues/377810 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-3491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3491) | ||
![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0742%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen) | ||
|
||
### Description | ||
|
||
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-3520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3520) | ||
![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0765%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%20Heap-based%20Buffer%20Overflow&color=brighgreen) | ||
|
||
### Description | ||
|
||
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-3591](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3591) | ||
![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0789%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) | ||
|
||
### Description | ||
|
||
Use After Free in GitHub repository vim/vim prior to 9.0.0789. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-3751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3751) | ||
![](https://img.shields.io/static/v1?label=Product&message=owncast%2Fowncast&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%200.0.13%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command&color=brighgreen) | ||
|
||
### Description | ||
|
||
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://huntr.dev/bounties/a04cff99-5d53-45e5-a882-771b0fad62c9 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-4173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4173) | ||
![](https://img.shields.io/static/v1?label=Product&message=Avast%20and%20AVG%20Antivirus&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3D%2020.5%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269%20Improper%20Privilege%20Management&color=brighgreen) | ||
|
||
### Description | ||
|
||
A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://support.norton.com/sp/static/external/tools/security-advisories.html | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-4271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4271) | ||
![](https://img.shields.io/static/v1?label=Product&message=osticket%2Fosticket&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%201.16.4%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) | ||
|
||
### Description | ||
|
||
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-4292](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4292) | ||
![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0882%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416%20Use%20After%20Free&color=brighgreen) | ||
|
||
### Description | ||
|
||
Use After Free in GitHub repository vim/vim prior to 9.0.0882. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
### [CVE-2022-4293](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4293) | ||
![](https://img.shields.io/static/v1?label=Product&message=vim%2Fvim&color=blue) | ||
![](https://img.shields.io/static/v1?label=Version&message=%3C%209.0.0804%20&color=brighgreen) | ||
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1077%20Floating%20Point%20Comparison%20with%20Incorrect%20Operator&color=brighgreen) | ||
|
||
### Description | ||
|
||
Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | ||
|
||
### POC | ||
|
||
#### Reference | ||
- https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143 | ||
|
||
#### Github | ||
No PoCs found on GitHub currently. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters