👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36446
Github: https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
Describe:
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
Mumber: CVE-2022-36446
Github: https://github.com/p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
Describe:
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
GitHub
GitHub - p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE: A Python script to exploit CVE-2022-36446 Software Package…
A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997. - p0dalirius/CVE-2022-36446-Webmin-Software-Package-Updates-RCE
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24654
Github: https://github.com/leonardobg/CVE-2022-24654
Describe:
**
Mumber: CVE-2022-24654
Github: https://github.com/leonardobg/CVE-2022-24654
Describe:
**
GitHub
GitHub - leonardobg/CVE-2022-24654: PoC for CVE-2022-24654
PoC for CVE-2022-24654. Contribute to leonardobg/CVE-2022-24654 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31262
Github: https://github.com/secure-77/CVE-2022-31262
Describe:
**
Mumber: CVE-2022-31262
Github: https://github.com/secure-77/CVE-2022-31262
Describe:
**
GitHub
GitHub - secure-77/CVE-2022-31262: GOG Galaxy LPE Exploit
GOG Galaxy LPE Exploit. Contribute to secure-77/CVE-2022-31262 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24853
Github: https://github.com/secure-77/CVE-2022-24853
Describe:
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.
Mumber: CVE-2022-24853
Github: https://github.com/secure-77/CVE-2022-24853
Describe:
Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result in file access on windows, which allows enabling an `NTLM relay attack`, potentially allowing an attacker to receive the system password hash. If you use Windows and are on this version of Metabase, please upgrade immediately. The following patches (or greater versions) are available: 0.42.4 and 1.42.4, 0.41.7 and 1.41.7, 0.40.8 and 1.40.8.
GitHub
GitHub - secure-77/CVE-2022-24853: Metabase NTLM Attack
Metabase NTLM Attack . Contribute to secure-77/CVE-2022-24853 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27925
Github: https://github.com/vnhacker1337/CVE-2022-27925-PoC
Describe:
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Mumber: CVE-2022-27925
Github: https://github.com/vnhacker1337/CVE-2022-27925-PoC
Describe:
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
GitHub
GitHub - vnhacker1337/CVE-2022-27925-PoC: Zimbra RCE simple poc
Zimbra RCE simple poc. Contribute to vnhacker1337/CVE-2022-27925-PoC development by creating an account on GitHub.
👍1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27255
Github: https://github.com/infobyte/cve-2022-27255
Describe:
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
Mumber: CVE-2022-27255
Github: https://github.com/infobyte/cve-2022-27255
Describe:
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
GitHub
GitHub - infobyte/cve-2022-27255
Contribute to infobyte/cve-2022-27255 development by creating an account on GitHub.
** antSword ** 🔧Tool update
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/ed79c67eb02a5fe7f00e91f0cd14fd639a2ffaa5
commitUpdate log:
Fix #318
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/ed79c67eb02a5fe7f00e91f0cd14fd639a2ffaa5
commitUpdate log:
Fix #318
GitHub
Fix #318 · AntSwordProject/antSword@ed79c67
中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit. - Fix #318 · AntSwordProject/antSword@ed79c67
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31269
Github: https://github.com/Henry4E36/CVE-2022-31269
Describe:
**
Mumber: CVE-2022-31269
Github: https://github.com/Henry4E36/CVE-2022-31269
Describe:
**
GitHub
GitHub - Henry4E36/CVE-2022-31269: Nortek Control Linear eMerge E3-Series 信息泄露
Nortek Control Linear eMerge E3-Series 信息泄露. Contribute to Henry4E36/CVE-2022-31269 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34169
Github: https://github.com/bor8/CVE-2022-34169
Describe:
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Mumber: CVE-2022-34169
Github: https://github.com/bor8/CVE-2022-34169
Describe:
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
GitHub
GitHub - bor8/CVE-2022-34169: https://nvd.nist.gov/vuln/detail/CVE-2022-34169
https://nvd.nist.gov/vuln/detail/CVE-2022-34169. Contribute to bor8/CVE-2022-34169 development by creating an account on GitHub.
🤩2
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36162
Github: https://github.com/MaherAzzouzi/CVE-2022-36162
Describe:
**
Mumber: CVE-2022-36162
Github: https://github.com/MaherAzzouzi/CVE-2022-36162
Describe:
**
GitHub
GitHub - MaherAzzouzi/CVE-2022-36162
Contribute to MaherAzzouzi/CVE-2022-36162 development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/98569648bb33d5b98783e7bddb9193eb5565d255
commitUpdate log:
增加-dns参数启用dnslog poc
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/98569648bb33d5b98783e7bddb9193eb5565d255
commitUpdate log:
增加-dns参数启用dnslog poc
GitHub
增加-dns参数启用dnslog poc · shadow1ng/fscan@9856964
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。. Contribute to shadow1ng/fscan development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21789
Github: https://github.com/docfate111/CVE-2022-21789
Describe:
In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.
Mumber: CVE-2022-21789
Github: https://github.com/docfate111/CVE-2022-21789
Describe:
In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101.
GitHub
GitHub - docfate111/CVE-2022-21789
Contribute to docfate111/CVE-2022-21789 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20224
Github: https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20224
Describe:
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646
Mumber: CVE-2022-20224
Github: https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20224
Describe:
In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220732646
GitHub
GitHub - ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20224
Contribute to ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20224 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20229
Github: https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20229
Describe:
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184
Mumber: CVE-2022-20229
Github: https://github.com/ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20229
Describe:
In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224536184
GitHub
GitHub - ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20229
Contribute to ShaikUsaf/system_bt_AOSP10_r33_CVE-2022-20229 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20223
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20223
Describe:
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534
Mumber: CVE-2022-20223
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20223
Describe:
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-223578534
GitHub
GitHub - nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20223
Contribute to nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20223 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29247
Github: https://github.com/a1ise/CVE-2022-29247
Describe:
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
Mumber: CVE-2022-29247
Github: https://github.com/a1ise/CVE-2022-29247
Describe:
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
GitHub
GitHub - a1ise/CVE-2022-29247
Contribute to a1ise/CVE-2022-29247 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36271
Github: https://github.com/SaumyajeetDas/POC-of-CVE-2022-36271
Describe:
**
Mumber: CVE-2022-36271
Github: https://github.com/SaumyajeetDas/POC-of-CVE-2022-36271
Describe:
**
GitHub
GitHub - SaumyajeetDas/POC-of-CVE-2022-36271: This is working POC of CVE-2022-36271
This is working POC of CVE-2022-36271 . Contribute to SaumyajeetDas/POC-of-CVE-2022-36271 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26923
Github: https://github.com/lsecqt/CVE-2022-26923-Powershell-POC
Describe:
Active Directory Domain Services Elevation of Privilege Vulnerability.
Mumber: CVE-2022-26923
Github: https://github.com/lsecqt/CVE-2022-26923-Powershell-POC
Describe:
Active Directory Domain Services Elevation of Privilege Vulnerability.
GitHub
GitHub - lsecqt/CVE-2022-26923-Powershell-POC: A powershell poc to load and automatically run Certify and Rubeus from memory.
A powershell poc to load and automatically run Certify and Rubeus from memory. - lsecqt/CVE-2022-26923-Powershell-POC
👍2
** antSword ** 🔧Tool update
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
GitHub
Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be
中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit. - Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be