Update CVE sources 2024-05-28 00:32

2017/CVE-2017-17727.md

@@ -0,0 +1,17 @@
+### [CVE-2017-17727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17727)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-20050
+
+#### Github
+No PoCs found on GitHub currently.
+

2017/CVE-2017-17888.md

@@ -0,0 +1,17 @@
+### [CVE-2017-17888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17888)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-96555
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-2893.md

@@ -47,6 +47,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
 - https://github.com/ZTK-009/RedTeamer
 - https://github.com/aiici/weblogicAllinone
 - https://github.com/angeloqmartin/Vulnerability-Assessment
+- https://github.com/artofwar344/CVE-2018-2893
 - https://github.com/awake1t/Awesome-hacking-tools
 - https://github.com/awsassets/weblogic_exploit
 - https://github.com/bigsizeme/CVE-2018-2893

2019/CVE-2019-0708.md

@@ -393,6 +393,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly
 - https://github.com/victor0013/CVE-2019-0708
 - https://github.com/vincentfer/PENTESTING-BIBLE-
 - https://github.com/viszsec/CyberSecurity-Playground
+- https://github.com/vs4vijay/exploits
 - https://github.com/vulsio/go-msfdb
 - https://github.com/wateroot/poc-exp
 - https://github.com/wdfcc/CVE-2019-0708

2019/CVE-2019-16889.md

@@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/0xT11/CVE-POC
 - https://github.com/developer3000S/PoC-in-GitHub
+- https://github.com/grampae/CVE-2019-16889-poc
 - https://github.com/grampae/meep
 - https://github.com/grampae/meep2
 - https://github.com/hectorgie/PoC-in-GitHub

2020/CVE-2020-0796.md

@@ -335,6 +335,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve
 - https://github.com/tripledd/cve-2020-0796-vuln
 - https://github.com/txuswashere/OSCP
 - https://github.com/uhub/awesome-c
+- https://github.com/vs4vijay/exploits
 - https://github.com/vsai94/ECE9069_SMBGhost_Exploit_CVE-2020-0796-
 - https://github.com/vysecurity/CVE-2020-0796
 - https://github.com/w1ld3r/SMBGhost_Scanner

2020/CVE-2020-1472.md

@@ -357,6 +357,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
 - https://github.com/vecnathewhisperd/ZeroLogin
 - https://github.com/victim10wq3/CVE-2020-1472
 - https://github.com/voker2311/Infra-Security-101
+- https://github.com/vs4vijay/exploits
 - https://github.com/weeka10/-hktalent-TOP
 - https://github.com/whitfieldsdad/epss
 - https://github.com/whoami-chmod777/ZeroLogon-Testing-Script

2020/CVE-2020-16898.md

@@ -83,6 +83,7 @@ No PoCs from references.
 - https://github.com/todb-r7/dwflist
 - https://github.com/tzwlhack/Vulnerability
 - https://github.com/uhub/awesome-lua
+- https://github.com/vs4vijay/exploits
 - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
 - https://github.com/xuetusummer/Penetration_Testing_POC
 - https://github.com/ycdxsb/WindowsPrivilegeEscalation

2020/CVE-2020-17382.md

@@ -29,6 +29,7 @@ The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x8
 - https://github.com/soosmile/POC
 - https://github.com/taielab/awesome-hacking-lists
 - https://github.com/uf0o/CVE-2020-17382
+- https://github.com/vs4vijay/exploits
 - https://github.com/xbl2022/awesome-hacking-lists
 - https://github.com/zeze-zeze/2023iThome
 

2020/CVE-2020-7915.md

@@ -0,0 +1,17 @@
+### [CVE-2020-7915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7915)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator.
+
+### POC
+
+#### Reference
+- https://sku11army.blogspot.com/2020/01/eaton-authenticated-stored-cross-site.html
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-9206.md

@@ -0,0 +1,17 @@
+### [CVE-2020-9206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9206)
+![](https://img.shields.io/static/v1?label=Product&message=eUDC660&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Resource%20Management&color=brighgreen)
+
+### Description
+
+The eUDC660 product has a resource management vulnerability. An attacker with high privilege needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the device, as a result, the key file can be obtained and data can be decrypted, affecting confidentiality, integrity, and availability of the device.
+
+### POC
+
+#### Reference
+- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-resourcemanagement-en
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-22716.md

@@ -0,0 +1,17 @@
+### [CVE-2021-22716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22716)
+![](https://img.shields.io/static/v1?label=Product&message=C-Bus%20Toolkit&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=V%3C%201.15.9%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen)
+
+### Description
+
+A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior)
+
+### POC
+
+#### Reference
+- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-103-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-103-01_C-Bus_Toolkit_C-Gate_Server_Security_Notification.pdf
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-41320.md

@@ -0,0 +1,17 @@
+### [CVE-2021-41320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41320)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+** DISPUTED ** A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is not hardcoded (it can be changed during installation or at any later time).
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2021/CVE-2021-44228.md

@@ -1464,6 +1464,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/voditelnloo/jmeterjustb4
 - https://github.com/vorburger/Learning-Log4j2
 - https://github.com/vorburger/Log4j_CVE-2021-44228
+- https://github.com/vs4vijay/exploits
 - https://github.com/vsdeng/java-gradle-demo-app
 - https://github.com/vsegdacocacola/Log4jExploitPayloadExtractor
 - https://github.com/vulcan-apptest2/log4shell-vulnerable-app

2022/CVE-2022-22947.md

@@ -38,6 +38,7 @@ In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v
 - https://github.com/Awrrays/FrameVul
 - https://github.com/Axx8/CVE-2022-22947_Rce_Exp
 - https://github.com/B0rn2d/Spring-Cloud-Gateway-Nacos
+- https://github.com/BBD-YZZ/GUI-TOOLS
 - https://github.com/BerMalBerIst/CVE-2022-22947
 - https://github.com/CLincat/vulcat
 - https://github.com/CVEDB/PoC-List

2022/CVE-2022-22963.md

@@ -34,6 +34,7 @@ In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w
 - https://github.com/AabyssZG/SpringBoot-Scan
 - https://github.com/AayushmanThapaMagar/CVE-2022-22963
 - https://github.com/Anogota/Inject
+- https://github.com/BBD-YZZ/GUI-TOOLS
 - https://github.com/BearClaw96/CVE-2022-22963-Poc-Bearcules
 - https://github.com/CLincat/vulcat
 - https://github.com/CVEDB/PoC-List

2022/CVE-2022-22965.md

@@ -34,6 +34,7 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/AabyssZG/SpringBoot-Scan
 - https://github.com/Axx8/SpringFramework_CVE-2022-22965_RCE
+- https://github.com/BBD-YZZ/GUI-TOOLS
 - https://github.com/BC-SECURITY/Moriarty
 - https://github.com/BKLockly/CVE-2022-22965
 - https://github.com/Bl0omZ/JAVAExploitStudy

2024/CVE-2024-0220.md

@@ -10,7 +10,7 @@
 
 ### Description
 
-B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0.
+B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
 
 ### POC
 

2024/CVE-2024-0323.md

@@ -5,7 +5,7 @@
 
 ### Description
 
-Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules).The FTP server used on the B&RAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conductman-in-the-middle attacks or to decrypt communications between the affected productclients.  This issue affects Automation Runtime: from 14.0 before 14.93.
+The FTP server used on the B&RAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conductman-in-the-middle attacks or to decrypt communications between the affected productclients.
 
 ### POC
 

2024/CVE-2024-0851.md

@@ -0,0 +1,17 @@
+### [CVE-2024-0851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0851)
+![](https://img.shields.io/static/v1?label=Product&message=Smartpower&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%20V24.05.27%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-21306.md

@@ -27,6 +27,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/NaInSec/CVE-LIST
+- https://github.com/PhucHauDeveloper/BadBlue
 - https://github.com/PhucHauDeveloper/BadbBlue
 - https://github.com/d4rks1d33/C-PoC-for-CVE-2024-21306
 - https://github.com/fkie-cad/nvd-json-data-feeds

2024/CVE-2024-21683.md

@@ -23,6 +23,7 @@ No PoCs from references.
 - https://github.com/jafshare/GithubTrending
 - https://github.com/johe123qwe/github-trending
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/phucrio/CVE-2024-21683-RCE
 - https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server
 - https://github.com/sampsonv/github-trending
 - https://github.com/tanjiti/sec_profile

2024/CVE-2024-23995.md

@@ -0,0 +1,17 @@
+### [CVE-2024-23995](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23995)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.
+
+### POC
+
+#### Reference
+- https://github.com/EQSTLab/PoC/blob/main/2024/RCE/CVE-2024-23995/README.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-27842.md

@@ -0,0 +1,17 @@
+### [CVE-2024-27842](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27842)
+![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2014.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20app%20may%20be%20able%20to%20execute%20arbitrary%20code%20with%20kernel%20privileges&color=brighgreen)
+
+### Description
+
+The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/tanjiti/sec_profile
+

2024/CVE-2024-2961.md

@@ -13,6 +13,7 @@ The iconv() function in the GNU C Library versions 2.39 and older may overflow t
 No PoCs from references.
 
 #### Github
+- https://github.com/ambionics/cnext-exploits
 - https://github.com/mattaperkins/FIX-CVE-2024-2961
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/rvizx/CVE-2024-2961

2024/CVE-2024-30056.md

@@ -13,5 +13,7 @@ Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
 No PoCs from references.
 
 #### Github
+- https://github.com/absholi7ly/Microsoft-Edge-Information-Disclosure
 - https://github.com/fkie-cad/nvd-json-data-feeds
+- https://github.com/nomi-sec/PoC-in-GitHub
 

2024/CVE-2024-3205.md

@@ -13,5 +13,5 @@ A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical
 - https://vuldb.com/?submit.304561
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds
 

2024/CVE-2024-3381.md

@@ -0,0 +1,17 @@
+### [CVE-2024-3381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3381)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)
+
+### Description
+
+** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/stayfesch/Get-PANOS-Advisories
+

2024/CVE-2024-34477.md

@@ -0,0 +1,17 @@
+### [CVE-2024-34477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34477)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-3495.md

@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/nomi-sec/PoC-in-GitHub
+- https://github.com/tanjiti/sec_profile
 - https://github.com/truonghuuphuc/CVE-2024-3495-Poc
 

2024/CVE-2024-3939.md

@@ -0,0 +1,17 @@
+### [CVE-2024-3939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3939)
+![](https://img.shields.io/static/v1?label=Product&message=Ditty%20&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.36%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)
+
+### Description
+
+The Ditty  WordPress plugin before 3.1.36 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/80a9eb3a-2cb1-4844-9004-ba2554b2d46c/
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-4367.md

@@ -18,6 +18,7 @@ No PoCs from references.
 #### Github
 - https://github.com/LOURC0D3/CVE-2024-4367-PoC
 - https://github.com/Threekiii/Awesome-POC
+- https://github.com/avalahEE/pdfjs_disable_eval
 - https://github.com/google/fishy-pdf
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/s4vvysec/CVE-2024-4367-POC

2024/CVE-2024-4529.md

@@ -0,0 +1,17 @@
+### [CVE-2024-4529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4529)
+![](https://img.shields.io/static/v1?label=Product&message=Business%20Card&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks
+
+### POC
+
+#### Reference
+- https://wpscan.com/vulnerability/082ff0b8-2ecd-4292-832d-0a79e1ba8cb3/
+
+#### Github
+No PoCs found on GitHub currently.
+