👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34970
Github: https://github.com/0xhebi/CVE-2022-34970
Describe:
Crow before v1.0+4 was discovered to contain a buffer overflow via the function qs_parse at query_string.h. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Mumber: CVE-2022-34970
Github: https://github.com/0xhebi/CVE-2022-34970
Describe:
Crow before v1.0+4 was discovered to contain a buffer overflow via the function qs_parse at query_string.h. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
GitHub
GitHub - 0xhebi/CVE-2022-34970: Vulnerability in Crow prior v1.0+4
Vulnerability in Crow prior v1.0+4. Contribute to 0xhebi/CVE-2022-34970 development by creating an account on GitHub.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
** nps ** 🔧Tool update
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
GitHub
Merge pull request #866 from freeoa/master · ehang-io/nps@ab648d6
add build to apple silicon(M1)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32224
Github: https://github.com/ooooooo-q/cve-2022-32224-rails
Describe:
**
Mumber: CVE-2022-32224
Github: https://github.com/ooooooo-q/cve-2022-32224-rails
Describe:
**
GitHub
GitHub - ooooooo-q/cve-2022-32224-rails
Contribute to ooooooo-q/cve-2022-32224-rails development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24086
Github: https://github.com/oK0mo/CVE-2022-24086-RCE-PoC
Describe:
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Mumber: CVE-2022-24086
Github: https://github.com/oK0mo/CVE-2022-24086-RCE-PoC
Describe:
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
GitHub
GitHub - oK0mo/CVE-2022-24086-RCE-PoC: Verifed Proof of Concept on CVE-2022-24086
Verifed Proof of Concept on CVE-2022-24086. Contribute to oK0mo/CVE-2022-24086-RCE-PoC development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31061
Github: https://github.com/Vu0r1/CVE-2022-31061
Describe:
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Mumber: CVE-2022-31061
Github: https://github.com/Vu0r1/CVE-2022-31061
Describe:
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
GitHub
GitHub - Vu0r1-sec/CVE-2022-31061: PoC for GLPI CVE-2022-31061
PoC for GLPI CVE-2022-31061. Contribute to Vu0r1-sec/CVE-2022-31061 development by creating an account on GitHub.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22620
Github: https://github.com/springsec/CVE-2022-22620
Describe:
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Mumber: CVE-2022-22620
Github: https://github.com/springsec/CVE-2022-22620
Describe:
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
GitHub
GitHub - springsec/CVE-2022-22620: Webkit (Safari) - Exploit
Webkit (Safari) - Exploit. Contribute to springsec/CVE-2022-22620 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1857
Github: https://github.com/frostb1ten/CVE-2022-1857
Describe:
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.
Mumber: CVE-2022-1857
Github: https://github.com/frostb1ten/CVE-2022-1857
Describe:
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31101
Github: https://github.com/karthikuj/CVE-2022-31101
Describe:
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
Mumber: CVE-2022-31101
Github: https://github.com/karthikuj/CVE-2022-31101
Describe:
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
GitHub
GitHub - karthikuj/CVE-2022-31101: Exploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101)
Exploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101) - karthikuj/CVE-2022-31101
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21881
Github: https://github.com/theabysslabs/CVE-2022-21881
Describe:
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879.
Mumber: CVE-2022-21881
Github: https://github.com/theabysslabs/CVE-2022-21881
Describe:
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879.
GitHub
GitHub - theabysslabs/CVE-2022-21881: POC of CVE-2022-21881 exploited at TianfuCup 2021 to escape Chrome Sandbox
POC of CVE-2022-21881 exploited at TianfuCup 2021 to escape Chrome Sandbox - theabysslabs/CVE-2022-21881
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29968
Github: https://github.com/jprx/CVE-2022-29968
Describe:
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
Mumber: CVE-2022-29968
Github: https://github.com/jprx/CVE-2022-29968
Describe:
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
GitHub
GitHub - jprx/CVE-2022-29968: Exploit PoC for CVE-2022-29968 by Joseph Ravichandran and Michael Wang
Exploit PoC for CVE-2022-29968 by Joseph Ravichandran and Michael Wang - jprx/CVE-2022-29968
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33980
Github: https://github.com/HKirito/CVE-2022-33980
Describe:
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
Mumber: CVE-2022-33980
Github: https://github.com/HKirito/CVE-2022-33980
Describe:
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
GitHub
GitHub - HKirito/CVE-2022-33980: CVE
CVE. Contribute to HKirito/CVE-2022-33980 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1421
Github: https://github.com/nb1b3k/CVE-2022-1421
Describe:
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack
Mumber: CVE-2022-1421
Github: https://github.com/nb1b3k/CVE-2022-1421
Describe:
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack
GitHub
GitHub - nb1b3k/CVE-2022-1421
Contribute to nb1b3k/CVE-2022-1421 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1040
Github: https://github.com/APTIRAN/CVE-2022-1040
Describe:
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Mumber: CVE-2022-1040
Github: https://github.com/APTIRAN/CVE-2022-1040
Describe:
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
GitHub
GitHub - APTIRAN/CVE-2022-1040: This vulnerability allows an attacker to gain unauthorized access to the firewall management space…
This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication - GitHub - APTIRAN/CVE-2022-1040: This vulnerability allows an attacke...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20866
Github: https://github.com/CiscoPSIRT/CVE-2022-20866
Describe:
**
Mumber: CVE-2022-20866
Github: https://github.com/CiscoPSIRT/CVE-2022-20866
Describe:
**
GitHub
GitHub - CiscoPSIRT/CVE-2022-20866: RSA Key Checker for CVE-2022-20866
RSA Key Checker for CVE-2022-20866. Contribute to CiscoPSIRT/CVE-2022-20866 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21894
Github: https://github.com/Wack0/CVE-2022-21894
Describe:
Secure Boot Security Feature Bypass Vulnerability.
Mumber: CVE-2022-21894
Github: https://github.com/Wack0/CVE-2022-21894
Describe:
Secure Boot Security Feature Bypass Vulnerability.
GitHub
GitHub - Wack0/CVE-2022-21894: baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability - Wack0/CVE-2022-21894