👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37042
Github: https://github.com/GreyNoise-Intelligence/Zimbra_Collaboration_CVE-2022-37042-_CVE-2022-27925
Describe:
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
Mumber: CVE-2022-37042
Github: https://github.com/GreyNoise-Intelligence/Zimbra_Collaboration_CVE-2022-37042-_CVE-2022-27925
Describe:
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
GitHub
GitHub - GreyNoise-Intelligence/Zimbra_Collaboration_CVE-2022-37042-_CVE-2022-27925: Zimbra_Collaboration_CVE-2022-37042-_CVE-2022…
Zimbra_Collaboration_CVE-2022-37042-_CVE-2022-27925 - GitHub - GreyNoise-Intelligence/Zimbra_Collaboration_CVE-2022-37042-_CVE-2022-27925: Zimbra_Collaboration_CVE-2022-37042-_CVE-2022-27925
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2414
Github: https://github.com/superhac/CVE-2022-2414-POC
Describe:
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
Mumber: CVE-2022-2414
Github: https://github.com/superhac/CVE-2022-2414-POC
Describe:
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
GitHub
GitHub - superhac/CVE-2022-2414-POC
Contribute to superhac/CVE-2022-2414-POC development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31793
Github: https://github.com/xpgdgit/CVE-2022-31793
Describe:
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
Mumber: CVE-2022-31793
Github: https://github.com/xpgdgit/CVE-2022-31793
Describe:
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
GitHub
GitHub - xpgdgit/CVE-2022-31793
Contribute to xpgdgit/CVE-2022-31793 development by creating an account on GitHub.
👍1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1802
Github: https://github.com/mistymntncop/CVE-2022-1802
Describe:
**
Mumber: CVE-2022-1802
Github: https://github.com/mistymntncop/CVE-2022-1802
Describe:
**
GitHub
GitHub - mistymntncop/CVE-2022-1802
Contribute to mistymntncop/CVE-2022-1802 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37150
Github: https://github.com/Fjowel/CVE-2022-37150-CVE-2022-37151-CVE-2022-37152
Describe:
**
Mumber: CVE-2022-37150
Github: https://github.com/Fjowel/CVE-2022-37150-CVE-2022-37151-CVE-2022-37152
Describe:
**
GitHub
GitHub - Fjowel/CVE-2022-37150-CVE-2022-37151-CVE-2022-37152: multi vuls of odlms
multi vuls of odlms. Contribute to Fjowel/CVE-2022-37150-CVE-2022-37151-CVE-2022-37152 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37153
Github: https://github.com/Fjowel/CVE-2022-37153
Describe:
**
Mumber: CVE-2022-37153
Github: https://github.com/Fjowel/CVE-2022-37153
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-23779
Github: https://github.com/Vulnmachines/Zoho_CVE-2022-23779
Describe:
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
Mumber: CVE-2022-23779
Github: https://github.com/Vulnmachines/Zoho_CVE-2022-23779
Describe:
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
GitHub
GitHub - Vulnmachines/Zoho_CVE-2022-23779: Internal Hostname Disclosure Vulnerability
Internal Hostname Disclosure Vulnerability. Contribute to Vulnmachines/Zoho_CVE-2022-23779 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32250
Github: https://github.com/theori-io/CVE-2022-32250-exploit
Describe:
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
Mumber: CVE-2022-32250
Github: https://github.com/theori-io/CVE-2022-32250-exploit
Describe:
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
GitHub
GitHub - theori-io/CVE-2022-32250-exploit
Contribute to theori-io/CVE-2022-32250-exploit development by creating an account on GitHub.
👍1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37152
Github: https://github.com/Fjowel/CVE-2022-37152
Describe:
**
Mumber: CVE-2022-37152
Github: https://github.com/Fjowel/CVE-2022-37152
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37151
Github: https://github.com/Fjowel/CVE-2022-37151
Describe:
**
Mumber: CVE-2022-37151
Github: https://github.com/Fjowel/CVE-2022-37151
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21371
Github: https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Mumber: CVE-2022-21371
Github: https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
GitHub
GitHub - Vulnmachines/Oracle-WebLogic-CVE-2022-21371: Oracle WebLogic CVE-2022-21371
Oracle WebLogic CVE-2022-21371. Contribute to Vulnmachines/Oracle-WebLogic-CVE-2022-21371 development by creating an account on GitHub.
👾KEYWORD SERVICE 🏷#cnvd
Name: bigger-than-bigger
Github: https://github.com/Bin4xin/bigger-than-bigger
Name: bigger-than-bigger
Github: https://github.com/Bin4xin/bigger-than-bigger
GitHub
GitHub - Bin4xin/bigger-than-bigger: Expolit Lists. 相关集合💥💥💥 ;) 用友NC反序列化/ CTF/ Java Deserialization/Shiro Vulns/ CNVD or CVE Vulns/…
Expolit Lists. 相关集合💥💥💥 ;) 用友NC反序列化/ CTF/ Java Deserialization/Shiro Vulns/ CNVD or CVE Vulns/ Log4j2/ Hikvision-decrypter...✨✨✨ - Bin4xin/bigger-than-bigger
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20007
Github: https://github.com/nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007
Describe:
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
Mumber: CVE-2022-20007
Github: https://github.com/nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007
Describe:
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
GitHub
nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007
Contribute to nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20142
Github: https://github.com/pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142
Describe:
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
Mumber: CVE-2022-20142
Github: https://github.com/pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142
Describe:
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
GitHub
GitHub - pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142
Contribute to pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38766
Github: https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766
Describe:
**
Mumber: CVE-2022-38766
Github: https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0492
Github: https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape
Describe:
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Mumber: CVE-2022-0492
Github: https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape
Describe:
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
GitHub
GitHub - yoeelingBin/CVE-2022-0492-Container-Escape: CVE-2022-0492-Container-Escape
CVE-2022-0492-Container-Escape. Contribute to yoeelingBin/CVE-2022-0492-Container-Escape development by creating an account on GitHub.
** antSword ** 🔧Tool update
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
GitHub
Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be
中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit. - Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be
👍2
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24637
Github: https://github.com/watchdog2000/cve-2022-24637_open-web-analytics-info-disclosure-to-rce
Describe:
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
Mumber: CVE-2022-24637
Github: https://github.com/watchdog2000/cve-2022-24637_open-web-analytics-info-disclosure-to-rce
Describe:
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36200
Github: https://github.com/afaq1337/CVE-2022-36200
Describe:
**
Mumber: CVE-2022-36200
Github: https://github.com/afaq1337/CVE-2022-36200
Describe:
**
GitHub
GitHub - afaq1337/CVE-2022-36200: CVE-2022-36200 PoC
CVE-2022-36200 PoC. Contribute to afaq1337/CVE-2022-36200 development by creating an account on GitHub.