👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32250
Github: https://github.com/theori-io/CVE-2022-32250-exploit
Describe:
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
Mumber: CVE-2022-32250
Github: https://github.com/theori-io/CVE-2022-32250-exploit
Describe:
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
GitHub
GitHub - theori-io/CVE-2022-32250-exploit
Contribute to theori-io/CVE-2022-32250-exploit development by creating an account on GitHub.
👍1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37152
Github: https://github.com/Fjowel/CVE-2022-37152
Describe:
**
Mumber: CVE-2022-37152
Github: https://github.com/Fjowel/CVE-2022-37152
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37151
Github: https://github.com/Fjowel/CVE-2022-37151
Describe:
**
Mumber: CVE-2022-37151
Github: https://github.com/Fjowel/CVE-2022-37151
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21371
Github: https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Mumber: CVE-2022-21371
Github: https://github.com/Vulnmachines/Oracle-WebLogic-CVE-2022-21371
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
GitHub
GitHub - Vulnmachines/Oracle-WebLogic-CVE-2022-21371: Oracle WebLogic CVE-2022-21371
Oracle WebLogic CVE-2022-21371. Contribute to Vulnmachines/Oracle-WebLogic-CVE-2022-21371 development by creating an account on GitHub.
👾KEYWORD SERVICE 🏷#cnvd
Name: bigger-than-bigger
Github: https://github.com/Bin4xin/bigger-than-bigger
Name: bigger-than-bigger
Github: https://github.com/Bin4xin/bigger-than-bigger
GitHub
GitHub - Bin4xin/bigger-than-bigger: Expolit Lists. 相关集合💥💥💥 ;) 用友NC反序列化/ CTF/ Java Deserialization/Shiro Vulns/ CNVD or CVE Vulns/…
Expolit Lists. 相关集合💥💥💥 ;) 用友NC反序列化/ CTF/ Java Deserialization/Shiro Vulns/ CNVD or CVE Vulns/ Log4j2/ Hikvision-decrypter...✨✨✨ - Bin4xin/bigger-than-bigger
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20007
Github: https://github.com/nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007
Describe:
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
Mumber: CVE-2022-20007
Github: https://github.com/nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007
Describe:
In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342
GitHub
nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007
Contribute to nidhi7598/frameworks_base_AOSP_10_r33_CVE-2022-20007 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20142
Github: https://github.com/pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142
Describe:
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
Mumber: CVE-2022-20142
Github: https://github.com/pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142
Describe:
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962
GitHub
GitHub - pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142
Contribute to pazhanivel07/frameworks_base_AOSP10_r33_CVE-2022-20142 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38766
Github: https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766
Describe:
**
Mumber: CVE-2022-38766
Github: https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0492
Github: https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape
Describe:
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Mumber: CVE-2022-0492
Github: https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape
Describe:
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
GitHub
GitHub - yoeelingBin/CVE-2022-0492-Container-Escape: CVE-2022-0492-Container-Escape
CVE-2022-0492-Container-Escape. Contribute to yoeelingBin/CVE-2022-0492-Container-Escape development by creating an account on GitHub.
** antSword ** 🔧Tool update
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
GitHub
Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be
中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit. - Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be
👍2
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24637
Github: https://github.com/watchdog2000/cve-2022-24637_open-web-analytics-info-disclosure-to-rce
Describe:
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
Mumber: CVE-2022-24637
Github: https://github.com/watchdog2000/cve-2022-24637_open-web-analytics-info-disclosure-to-rce
Describe:
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36200
Github: https://github.com/afaq1337/CVE-2022-36200
Describe:
**
Mumber: CVE-2022-36200
Github: https://github.com/afaq1337/CVE-2022-36200
Describe:
**
GitHub
GitHub - afaq1337/CVE-2022-36200: CVE-2022-36200 PoC
CVE-2022-36200 PoC. Contribute to afaq1337/CVE-2022-36200 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2021-2109
Github: https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Mumber: CVE-2021-2109
Github: https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
GitHub
GitHub - Vulnmachines/oracle-weblogic-CVE-2021-2109: Oracle Weblogic RCE - CVE-2022-2109
Oracle Weblogic RCE - CVE-2022-2109. Contribute to Vulnmachines/oracle-weblogic-CVE-2021-2109 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-23222
Github: https://github.com/FridayOrtiz/CVE-2022-23222
Describe:
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
Mumber: CVE-2022-23222
Github: https://github.com/FridayOrtiz/CVE-2022-23222
Describe:
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
GitHub
GitHub - FridayOrtiz/CVE-2022-23222: CVE-2022-23222, managed with Rust.
CVE-2022-23222, managed with Rust. Contribute to FridayOrtiz/CVE-2022-23222 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24124
Github: https://github.com/cukw/CVE-2022-24124_POC
Describe:
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
Mumber: CVE-2022-24124
Github: https://github.com/cukw/CVE-2022-24124_POC
Describe:
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
GitHub
GitHub - b1gdog/CVE-2022-24124: CVE-2022-24124 exploit
CVE-2022-24124 exploit. Contribute to b1gdog/CVE-2022-24124 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30526
Github: https://github.com/greek0x0/CVE-2022-30526
Describe:
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
Mumber: CVE-2022-30526
Github: https://github.com/greek0x0/CVE-2022-30526
Describe:
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
GitHub
GitHub - greek0x0/CVE-2022-30526: Metasploit exploit for CVE-2022-30526
Metasploit exploit for CVE-2022-30526. Contribute to greek0x0/CVE-2022-30526 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22963
Github: https://github.com/75ACOL/CVE-2022-22963
Describe:
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Mumber: CVE-2022-22963
Github: https://github.com/75ACOL/CVE-2022-22963
Describe:
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
GitHub
75ACOL/CVE-2022-22963
Contribute to 75ACOL/CVE-2022-22963 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-25260
Github: https://github.com/yuriisanin/CVE-2022-25260
Describe:
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
Mumber: CVE-2022-25260
Github: https://github.com/yuriisanin/CVE-2022-25260
Describe:
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
GitHub
GitHub - yuriisanin/CVE-2022-25260: PoC for CVE-2022-25260: pre-auth semi-blind SSRF in JetBrains Hub
PoC for CVE-2022-25260: pre-auth semi-blind SSRF in JetBrains Hub - yuriisanin/CVE-2022-25260
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/4908720acbbb4bdd369a8bfa92c7b73b0ca893cf
commitUpdate log:
socks代理时,自动-np
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/4908720acbbb4bdd369a8bfa92c7b73b0ca893cf
commitUpdate log:
socks代理时,自动-np
GitHub
socks代理时,自动-np · shadow1ng/fscan@4908720
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。. Contribute to shadow1ng/fscan development by creating an account on GitHub.