Update CVE sources 2024-08-09 18:54

2004/CVE-2004-2687.md

@@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/H3xL00m/distccd_rce_CVE-2004-2687
 - https://github.com/Kr1tz3x3/HTB-Writeups
+- https://github.com/N3rdyN3xus/distccd_rce_CVE-2004-2687
 - https://github.com/Patrick122333/4240project
 - https://github.com/SecGen/SecGen
 - https://github.com/Sp3c73rSh4d0w/distccd_rce_CVE-2004-2687

2006/CVE-2006-6417.md

@@ -0,0 +1,17 @@
+### [CVE-2006-6417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6417)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
+
+### POC
+
+#### Reference
+- http://securityreason.com/securityalert/2006
+
+#### Github
+No PoCs found on GitHub currently.
+

2007/CVE-2007-2447.md

@@ -41,6 +41,7 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote
 - https://github.com/Ki11i0n4ir3/Sambaster
 - https://github.com/Kr1tz3x3/HTB-Writeups
 - https://github.com/MikeRega7/CVE-2007-2447-RCE
+- https://github.com/N3rdyN3xus/CVE-2007-2447
 - https://github.com/Nosferatuvjr/Samba-Usermap-exploit
 - https://github.com/Patrick122333/4240project
 - https://github.com/SamHackingArticles/CVE-2007-2447

2008/CVE-2008-4250.md

@@ -32,6 +32,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP
 - https://github.com/H3xL00m/MS08-067
 - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
 - https://github.com/Kuromesi/Py4CSKG
+- https://github.com/N3rdyN3xus/MS08-067
 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/Sp3c73rSh4d0w/MS08-067

2009/CVE-2009-2265.md

@@ -25,6 +25,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/H3xL00m/CVE-2009-2265
+- https://github.com/N3rdyN3xus/CVE-2009-2265
 - https://github.com/Sp3c73rSh4d0w/CVE-2009-2265
 - https://github.com/c0d3cr4f73r/CVE-2009-2265
 - https://github.com/crypticdante/CVE-2009-2265

2010/CVE-2010-1028.md

@@ -12,6 +12,7 @@ Integer overflow in the decompression functionality in the Web Open Fonts Format
 #### Reference
 - http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608/
 - http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608/
+- http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html
 - https://bugzilla.mozilla.org/show_bug.cgi?id=552216
 
 #### Github

2011/CVE-2011-1249.md

@@ -22,6 +22,7 @@ The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and S
 - https://github.com/Cruxer8Mech/Idk
 - https://github.com/H3xL00m/CVE-2011-1249
 - https://github.com/Madusanka99/OHTS
+- https://github.com/N3rdyN3xus/CVE-2011-1249
 - https://github.com/Sp3c73rSh4d0w/CVE-2011-1249
 - https://github.com/c0d3cr4f73r/CVE-2011-1249
 - https://github.com/crypticdante/CVE-2011-1249

2017/CVE-2017-20103.md

@@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in Kama Click Counter Plug
 
 #### Reference
 - http://seclists.org/fulldisclosure/2017/Feb/67
+- https://vuldb.com/?id.97335
 
 #### Github
 No PoCs found on GitHub currently.

2017/CVE-2017-7615.md

@@ -15,6 +15,7 @@ MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin
 - https://www.exploit-db.com/exploits/41890/
 
 #### Github
+- https://github.com/20142995/nuclei-templates
 - https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates

2018/CVE-2018-17463.md

@@ -17,6 +17,7 @@ Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 al
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/Uniguri/CVE-1day
+- https://github.com/Uniguri/CVE-nday
 - https://github.com/changelog2020/JSEChalls
 - https://github.com/ernestang98/win-exploits
 - https://github.com/hwiwonl/dayone

2019/CVE-2019-11358.md

@@ -2490,6 +2490,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/William-f-12/FTCTest
 - https://github.com/WindsorHSRobotics/team-20514_2021-2022
 - https://github.com/WinstonCrosby/CooperCode2023
+- https://github.com/WishingWell13-Forks/FtcRobotController-Freight-Frenzy-Lessons
 - https://github.com/WishingWell13/FtcRobotController-Freight-Frenzy-Lessons
 - https://github.com/WlhsRobotics/FtcRobotController-master
 - https://github.com/WoEN239/CENTERSTAGE-WoEN
@@ -2860,6 +2861,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/demotivate/rizzlords-robotics
 - https://github.com/demotivate/swagbots
 - https://github.com/denwan20/FTC-programming
+- https://github.com/derekriter08/technohuskies10309_2022
 - https://github.com/derryfieldftc/FightingCougarsRobotController
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/devsamuelv/Offseason-Code-Dualshock

2019/CVE-2019-16353.md

@@ -0,0 +1,17 @@
+### [CVE-2019-16353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16353)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/boofish/ICS3Fuzzer
+

2019/CVE-2019-2025.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/Clock-Skew/EndPointX
 - https://github.com/Sec20-Paper310/Paper310
 - https://github.com/jltxgcy/CVE_2019_2025_EXP
 - https://github.com/kdn111/linux-kernel-exploitation

2019/CVE-2019-2215.md

@@ -20,6 +20,7 @@ A use-after-free in binder.c allows an elevation of privilege from an applicatio
 - https://github.com/ATorNinja/CVE-2019-2215
 - https://github.com/Al1ex/LinuxEelvation
 - https://github.com/Byte-Master-101/CVE-2019-2215
+- https://github.com/Clock-Skew/EndPointX
 - https://github.com/CrackerCat/Rootsmart-v2.0
 - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
 - https://github.com/DimitriFourny/cve-2019-2215

2020/CVE-2020-0423.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/Clock-Skew/EndPointX
 - https://github.com/Swordfish-Security/awesome-android-security
 - https://github.com/TinyNiko/android_bulletin_notes
 - https://github.com/alphaSeclab/sec-daily-2020

2020/CVE-2020-0796.md

@@ -102,6 +102,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve
 - https://github.com/HernanRodriguez1/Dorks-Shodan-2023
 - https://github.com/IAreKyleW00t/SMBGhosts
 - https://github.com/IFccTeR/1_UP_files
+- https://github.com/IFunFox/1_UP_files
 - https://github.com/IvanVoronov/0day
 - https://github.com/JERRY123S/all-poc
 - https://github.com/Jacob10s/SMBGHOST_EXPLOIT

2020/CVE-2020-17530.md

@@ -76,6 +76,7 @@ Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may
 - https://github.com/pctF/vulnerable-app
 - https://github.com/phil-fly/CVE-2020-17530
 - https://github.com/readloud/Awesome-Stars
+- https://github.com/secpool2000/CVE-2020-17530
 - https://github.com/sobinge/nuclei-templates
 - https://github.com/superlink996/chunqiuyunjingbachang
 - https://github.com/trganda/starrlist

2020/CVE-2020-36646.md

@@ -13,5 +13,6 @@ A vulnerability classified as problematic has been found in MediaArea ZenLib up
 No PoCs from references.
 
 #### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
 - https://github.com/Live-Hack-CVE/CVE-2020-36646
 

2020/CVE-2020-8617.md

@@ -26,6 +26,7 @@ Using a specially-crafted message, an attacker may potentially cause a BIND serv
 - https://github.com/Zhivarev/13-01-hw
 - https://github.com/balabit-deps/balabit-os-9-bind9-libs
 - https://github.com/developer3000S/PoC-in-GitHub
+- https://github.com/gothburz/cve-2020-8617
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/knqyf263/CVE-2020-8617
 - https://github.com/nomi-sec/PoC-in-GitHub

2021/CVE-2021-20587.md

@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2021-20587
+- https://github.com/boofish/ICS3Fuzzer
 

2021/CVE-2021-20588.md

@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2021-20588
+- https://github.com/boofish/ICS3Fuzzer
 

2021/CVE-2021-26084.md

@@ -43,6 +43,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/CVEDB/top
+- https://github.com/CrackerCat/CVE-2021-26084
 - https://github.com/FDlucifer/firece-fish
 - https://github.com/GhostTroops/TOP
 - https://github.com/GlennPegden2/cve-2021-26084-confluence

2021/CVE-2021-29297.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29297)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/boofish/ICS3Fuzzer
+

2021/CVE-2021-29298.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29298)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/boofish/ICS3Fuzzer
+

2021/CVE-2021-3156.md

@@ -113,6 +113,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/SirElmard/ethical_hacking
 - https://github.com/Spektrainfiniti/MP
+- https://github.com/Technetium1/stars
 - https://github.com/TheFlash2k/CVE-2021-3156
 - https://github.com/TheSerialiZator/CTF-2021
 - https://github.com/Threekiii/Awesome-POC

2021/CVE-2021-34527.md

@@ -67,6 +67,7 @@
 - https://github.com/AdamAmicro/CAHard
 - https://github.com/AdamPumphrey/PowerShell
 - https://github.com/AleHelp/Windows-Pentesting-cheatsheet
+- https://github.com/Alfesito/windows_hardening
 - https://github.com/Alssi-consulting/HardeningKitty
 - https://github.com/Amaranese/CVE-2021-34527
 - https://github.com/Ascotbe/Kernelhub

2021/CVE-2021-36260.md

@@ -30,6 +30,7 @@ A command injection vulnerability in the web server of some Hikvision product. D
 - https://github.com/Aiminsun/CVE-2021-36260
 - https://github.com/ArrestX/--POC
 - https://github.com/Awrrays/FrameVul
+- https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Cuerz/CVE-2021-36260
 - https://github.com/Fans0n-Fan/Awesome-IoT-exp
 - https://github.com/Haoke98/NetEye

2021/CVE-2021-3929.md

@@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/NaInSec/CVE-PoC-in-GitHub
 - https://github.com/QiuhaoLi/CVE-2021-3929-3947
 - https://github.com/SYRTI/POC_to_review
+- https://github.com/Technetium1/stars
 - https://github.com/WhooAmii/POC_to_review
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/lemon-mint/stars

2021/CVE-2021-4034.md

@@ -161,6 +161,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
 - https://github.com/Taillan/TryHackMe
 - https://github.com/Tanmay-N/CVE-2021-4034
 - https://github.com/TanmoyG1800/CVE-2021-4034
+- https://github.com/Technetium1/stars
 - https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034
 - https://github.com/TheSermux/CVE-2021-4034
 - https://github.com/Threekiii/Awesome-POC

2021/CVE-2021-40444.md

@@ -93,6 +93,7 @@
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/Panopticon-Project/panopticon-WizardSpider
+- https://github.com/Phuong39/CVE-2021-40444-CAB
 - https://github.com/S3N4T0R-0X0/APT28-Adversary-Simulation
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/SirElmard/ethical_hacking

2021/CVE-2021-46901.md

@@ -0,0 +1,17 @@
+### [CVE-2021-46901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46901)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
+

2022/CVE-2022-0847.md

@@ -124,6 +124,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE
 - https://github.com/T4t4ru/CVE-2022-0847
 - https://github.com/Tanq16/link-hub
+- https://github.com/Technetium1/stars
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Trickhish/automated_privilege_escalation
 - https://github.com/Turzum/ps-lab-cve-2022-0847

2022/CVE-2022-1015.md

@@ -27,6 +27,7 @@ A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of t
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/TurtleARM/CVE-2023-0179-PoC
 - https://github.com/Uniguri/CVE-1day
+- https://github.com/Uniguri/CVE-nday
 - https://github.com/WhooAmii/POC_to_review
 - https://github.com/XiaozaYa/CVE-Recording
 - https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits

2022/CVE-2022-20421.md

@@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/0xkol/badspin
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/Clock-Skew/EndPointX
 - https://github.com/johe123qwe/github-trending
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/xairy/linux-kernel-exploitation

2022/CVE-2022-32947.md

@@ -16,6 +16,7 @@ The issue was addressed with improved memory handling. This issue is fixed in iO
 No PoCs from references.
 
 #### Github
+- https://github.com/Technetium1/stars
 - https://github.com/asahilina/agx-exploit
 - https://github.com/nomi-sec/PoC-in-GitHub
 

2022/CVE-2022-46449.md

@@ -0,0 +1,17 @@
+### [CVE-2022-46449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46449)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DiRaltvein/memory-corruption-examples
+

2022/CVE-2022-46689.md

@@ -45,6 +45,7 @@ A race condition was addressed with additional validation. This issue is fixed i
 - https://github.com/PureKFD/PureKFD
 - https://github.com/PureKFD/PureKFDRepo
 - https://github.com/Smile1024me/Cowabunga
+- https://github.com/Technetium1/stars
 - https://github.com/Thyssenkrupp234/ra1nm8
 - https://github.com/ZZY3312/KFDFontOverwrite-M1
 - https://github.com/ahkecha/McDirty

2023/CVE-2023-0210.md

@@ -15,5 +15,5 @@ A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to c
 - https://www.openwall.com/lists/oss-security/2023/01/04/1
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
 

2023/CVE-2023-20938.md

@@ -13,6 +13,7 @@ In binder_transaction_buffer_release of binder.c, there is a possible use after
 No PoCs from references.
 
 #### Github
+- https://github.com/Clock-Skew/EndPointX
 - https://github.com/IamAlch3mist/Awesome-Android-Vulnerability-Research
 - https://github.com/xairy/linux-kernel-exploitation
 

2023/CVE-2023-3079.md

@@ -20,6 +20,7 @@ Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote a
 - https://github.com/RENANZG/My-Forensics
 - https://github.com/Threekiii/CVE
 - https://github.com/Uniguri/CVE-1day
+- https://github.com/Uniguri/CVE-nday
 - https://github.com/ZonghaoLi777/githubTrending
 - https://github.com/aneasystone/github-trending
 - https://github.com/johe123qwe/github-trending

2023/CVE-2023-47470.md

@@ -14,5 +14,5 @@ Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210
 - https://patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DiRaltvein/memory-corruption-examples
 

2023/CVE-2023-4762.md

@@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/Ostorlab/KEV
 - https://github.com/Uniguri/CVE-1day
+- https://github.com/Uniguri/CVE-nday
 - https://github.com/buptsb/CVE-2023-4762
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/sherlocksecurity/CVE-2023-4762-Code-Review