👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40317
Github: https://github.com/izdiwho/CVE-2022-40317
Describe:
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
Mumber: CVE-2022-40317
Github: https://github.com/izdiwho/CVE-2022-40317
Describe:
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
GitHub
GitHub - izdiwho/CVE-2022-40317
Contribute to izdiwho/CVE-2022-40317 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22629
Github: https://github.com/parsdefense/CVE-2022-22629
Describe:
**
Mumber: CVE-2022-22629
Github: https://github.com/parsdefense/CVE-2022-22629
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30206
Github: https://github.com/Pwnrin/CVE-2022-30206
Describe:
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.
Mumber: CVE-2022-30206
Github: https://github.com/Pwnrin/CVE-2022-30206
Describe:
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22022, CVE-2022-22041, CVE-2022-30226.
GitHub
GitHub - MagicPwnrin/CVE-2022-30206: Exploit for CVE-2022-30206
Exploit for CVE-2022-30206. Contribute to MagicPwnrin/CVE-2022-30206 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37706
Github: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
Describe:
**
Mumber: CVE-2022-37706
Github: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit
Describe:
**
GitHub
GitHub - MaherAzzouzi/CVE-2022-37706-LPE-exploit: A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu…
A reliable exploit + write-up to elevate privileges to root. (Tested on Ubuntu 22.04) - MaherAzzouzi/CVE-2022-37706-LPE-exploit
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32548
Github: https://github.com/alexmention/CVE-2022-32548-RCE-POC
Describe:
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
Mumber: CVE-2022-32548
Github: https://github.com/alexmention/CVE-2022-32548-RCE-POC
Describe:
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31474
Github: https://github.com/Administrative2022/CVE-2022-31474-wordpress
Describe:
**
Mumber: CVE-2022-31474
Github: https://github.com/Administrative2022/CVE-2022-31474-wordpress
Describe:
**
👾KEYWORD SERVICE 🏷#cnvd
Name: -17.0CNVD-2022-60632
Github: https://github.com/LittleBear4/-17.0CNVD-2022-60632
Name: -17.0CNVD-2022-60632
Github: https://github.com/LittleBear4/-17.0CNVD-2022-60632
GitHub
GitHub - LittleBear4/-17.0CNVD-2022-60632: 本项目包含poc和exp,未经授权禁止攻击他人电脑。如个人违反安全相关法律,后果与本人无关
本项目包含poc和exp,未经授权禁止攻击他人电脑。如个人违反安全相关法律,后果与本人无关. Contribute to LittleBear4/-17.0CNVD-2022-60632 development by creating an account on GitHub.
** mimikatz ** 🔧Tool update
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20220919
Update log:
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20220919
Update log:
GitHub
Release 2.2.0 20220919 Djoin parser & Citrix SSO Extractor · gentilkiwi/mimikatz
A little tool to play with Windows security. Contribute to gentilkiwi/mimikatz development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
GitHub
Merge pull request #225 from evilAdan0s/main · shadow1ng/fscan@38e48ba
去除弱特征:过时UA头
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20347
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347
Describe:
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811
Mumber: CVE-2022-20347
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347
Describe:
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811
GitHub
GitHub - nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347
Contribute to nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20841
Github: https://github.com/Expl0desploit/CVE-2022-20841
Describe:
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Mumber: CVE-2022-20841
Github: https://github.com/Expl0desploit/CVE-2022-20841
Describe:
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38553
Github: https://github.com/4websecurity/CVE-2022-38553
Describe:
**
Mumber: CVE-2022-38553
Github: https://github.com/4websecurity/CVE-2022-38553
Describe:
**
GitHub
GitHub - 4websecurity/CVE-2022-38553: CROSS SITE SCRIPTING (XSS) ON "ACADEMY LEARNING MANAGEMENT SYSTEM" - PROOF OF CONCEPT (POC)…
CROSS SITE SCRIPTING (XSS) ON "ACADEMY LEARNING MANAGEMENT SYSTEM" - PROOF OF CONCEPT (POC) CVE-2022-38553 - 4websecurity/CVE-2022-38553
👾KEYWORD SERVICE 🏷#cnvd
Name: Zentao-Sql-Injection_CNVD-2022-42853
Github: https://github.com/FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853
Name: Zentao-Sql-Injection_CNVD-2022-42853
Github: https://github.com/FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853
GitHub
GitHub - FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853
Contribute to FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38577
Github: https://github.com/sornram9254/CVE-2022-38577-Processmaker
Describe:
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
Mumber: CVE-2022-38577
Github: https://github.com/sornram9254/CVE-2022-38577-Processmaker
Describe:
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
GitHub
GitHub - sornram9254/CVE-2022-38577-Processmaker: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in…
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. - sornram9254/CVE...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39197
Github: https://github.com/safe3s/CVE-2022-39197
Describe:
**
Mumber: CVE-2022-39197
Github: https://github.com/safe3s/CVE-2022-39197
Describe:
**
GitHub
GitHub - safe3s/CVE-2022-39197: CVE-2022-39197
CVE-2022-39197. Contribute to safe3s/CVE-2022-39197 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31499
Github: https://github.com/omarhashem123/CVE-2022-31499
Describe:
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Mumber: CVE-2022-31499
Github: https://github.com/omarhashem123/CVE-2022-31499
Describe:
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
GitHub
GitHub - omarhashem123/CVE-2022-31499: CVE-2022-31499 Proof of Concept
CVE-2022-31499 Proof of Concept. Contribute to omarhashem123/CVE-2022-31499 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31798
Github: https://github.com/omarhashem123/CVE-2022-31798
Describe:
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
Mumber: CVE-2022-31798
Github: https://github.com/omarhashem123/CVE-2022-31798
Describe:
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
GitHub
GitHub - omarhashem123/CVE-2022-31798: CVE-2022-31798 Proof of Concept
CVE-2022-31798 Proof of Concept. Contribute to omarhashem123/CVE-2022-31798 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-25845
Github: https://github.com/expl0despl0it/CVE-2022-25845
Describe:
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Mumber: CVE-2022-25845
Github: https://github.com/expl0despl0it/CVE-2022-25845
Describe:
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
GitHub
GitHub - expl0despl0it/CVE-2022-25845: Fastjson exploit
Fastjson exploit. Contribute to expl0despl0it/CVE-2022-25845 development by creating an account on GitHub.