👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38766
Github: https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766
Describe:
**
Mumber: CVE-2022-38766
Github: https://github.com/AUTOCRYPT-IVS-VnV/CVE-2022-38766
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0492
Github: https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape
Describe:
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Mumber: CVE-2022-0492
Github: https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape
Describe:
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
GitHub
GitHub - yoeelingBin/CVE-2022-0492-Container-Escape: CVE-2022-0492-Container-Escape
CVE-2022-0492-Container-Escape. Contribute to yoeelingBin/CVE-2022-0492-Container-Escape development by creating an account on GitHub.
** antSword ** 🔧Tool update
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
Tools name:antSword
Tools url:https://github.com/AntSwordProject/antSword/commit/3faa3beb2906c0a206a04b7053254dea6348d9c6
commitUpdate log:
Fix(Core/PHP): fix #319
GitHub
Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be
中国蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit. - Fix(Core/PHP): fix #319 · AntSwordProject/antSword@3faa3be
👍2
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24637
Github: https://github.com/watchdog2000/cve-2022-24637_open-web-analytics-info-disclosure-to-rce
Describe:
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
Mumber: CVE-2022-24637
Github: https://github.com/watchdog2000/cve-2022-24637_open-web-analytics-info-disclosure-to-rce
Describe:
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36200
Github: https://github.com/afaq1337/CVE-2022-36200
Describe:
**
Mumber: CVE-2022-36200
Github: https://github.com/afaq1337/CVE-2022-36200
Describe:
**
GitHub
GitHub - afaq1337/CVE-2022-36200: CVE-2022-36200 PoC
CVE-2022-36200 PoC. Contribute to afaq1337/CVE-2022-36200 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2021-2109
Github: https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Mumber: CVE-2021-2109
Github: https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109
Describe:
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
GitHub
GitHub - Vulnmachines/oracle-weblogic-CVE-2021-2109: Oracle Weblogic RCE - CVE-2022-2109
Oracle Weblogic RCE - CVE-2022-2109. Contribute to Vulnmachines/oracle-weblogic-CVE-2021-2109 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-23222
Github: https://github.com/FridayOrtiz/CVE-2022-23222
Describe:
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
Mumber: CVE-2022-23222
Github: https://github.com/FridayOrtiz/CVE-2022-23222
Describe:
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
GitHub
GitHub - FridayOrtiz/CVE-2022-23222: CVE-2022-23222, managed with Rust.
CVE-2022-23222, managed with Rust. Contribute to FridayOrtiz/CVE-2022-23222 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24124
Github: https://github.com/cukw/CVE-2022-24124_POC
Describe:
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
Mumber: CVE-2022-24124
Github: https://github.com/cukw/CVE-2022-24124_POC
Describe:
The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.
GitHub
GitHub - b1gdog/CVE-2022-24124: CVE-2022-24124 exploit
CVE-2022-24124 exploit. Contribute to b1gdog/CVE-2022-24124 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30526
Github: https://github.com/greek0x0/CVE-2022-30526
Describe:
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
Mumber: CVE-2022-30526
Github: https://github.com/greek0x0/CVE-2022-30526
Describe:
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
GitHub
GitHub - greek0x0/CVE-2022-30526: Metasploit exploit for CVE-2022-30526
Metasploit exploit for CVE-2022-30526. Contribute to greek0x0/CVE-2022-30526 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22963
Github: https://github.com/75ACOL/CVE-2022-22963
Describe:
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Mumber: CVE-2022-22963
Github: https://github.com/75ACOL/CVE-2022-22963
Describe:
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
GitHub
75ACOL/CVE-2022-22963
Contribute to 75ACOL/CVE-2022-22963 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-25260
Github: https://github.com/yuriisanin/CVE-2022-25260
Describe:
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
Mumber: CVE-2022-25260
Github: https://github.com/yuriisanin/CVE-2022-25260
Describe:
JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side Request Forgery (SSRF).
GitHub
GitHub - yuriisanin/CVE-2022-25260: PoC for CVE-2022-25260: pre-auth semi-blind SSRF in JetBrains Hub
PoC for CVE-2022-25260: pre-auth semi-blind SSRF in JetBrains Hub - yuriisanin/CVE-2022-25260
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/4908720acbbb4bdd369a8bfa92c7b73b0ca893cf
commitUpdate log:
socks代理时,自动-np
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/4908720acbbb4bdd369a8bfa92c7b73b0ca893cf
commitUpdate log:
socks代理时,自动-np
GitHub
socks代理时,自动-np · shadow1ng/fscan@4908720
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。. Contribute to shadow1ng/fscan development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33174
Github: https://github.com/Henry4E36/CVE-2022-33174
Describe:
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
Mumber: CVE-2022-33174
Github: https://github.com/Henry4E36/CVE-2022-33174
Describe:
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.
GitHub
GitHub - Henry4E36/CVE-2022-33174: Powertek PDU身份绕过
Powertek PDU身份绕过. Contribute to Henry4E36/CVE-2022-33174 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-24780
Github: https://github.com/Acceis/exploit-CVE-2022-24780
Describe:
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
Mumber: CVE-2022-24780
Github: https://github.com/Acceis/exploit-CVE-2022-24780
Describe:
Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.
GitHub
GitHub - Acceis/exploit-CVE-2022-24780: iTop < 2.7.6 - (Authenticated) Remote command execution
iTop < 2.7.6 - (Authenticated) Remote command execution - Acceis/exploit-CVE-2022-24780
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39196
Github: https://github.com/DayiliWaseem/CVE-2022-39196-
Describe:
**
Mumber: CVE-2022-39196
Github: https://github.com/DayiliWaseem/CVE-2022-39196-
Describe:
**
GitHub
GitHub - DayiliWaseem/CVE-2022-39196-: Black board CMS Escalation of Privileges
Black board CMS Escalation of Privileges. Contribute to DayiliWaseem/CVE-2022-39196- development by creating an account on GitHub.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36804
Github: https://github.com/cryptolakk/CVE-2022-36804-RCE
Describe:
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
Mumber: CVE-2022-36804
Github: https://github.com/cryptolakk/CVE-2022-36804-RCE
Describe:
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2586
Github: https://github.com/aels/CVE-2022-2586-LPE
Describe:
**
Mumber: CVE-2022-2586
Github: https://github.com/aels/CVE-2022-2586-LPE
Describe:
**
GitHub
GitHub - aels/CVE-2022-2586-LPE: CVE-2022-2586: Linux kernel nft_object UAF
CVE-2022-2586: Linux kernel nft_object UAF. Contribute to aels/CVE-2022-2586-LPE development by creating an account on GitHub.