** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
GitHub
Merge pull request #225 from evilAdan0s/main · shadow1ng/fscan@38e48ba
去除弱特征:过时UA头
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20347
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347
Describe:
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811
Mumber: CVE-2022-20347
Github: https://github.com/nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347
Describe:
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811
GitHub
GitHub - nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347
Contribute to nidhi7598/packages_apps_Settings_AOSP_10_r33_CVE-2022-20347 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20841
Github: https://github.com/Expl0desploit/CVE-2022-20841
Describe:
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Mumber: CVE-2022-20841
Github: https://github.com/Expl0desploit/CVE-2022-20841
Describe:
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38553
Github: https://github.com/4websecurity/CVE-2022-38553
Describe:
**
Mumber: CVE-2022-38553
Github: https://github.com/4websecurity/CVE-2022-38553
Describe:
**
GitHub
GitHub - 4websecurity/CVE-2022-38553: CROSS SITE SCRIPTING (XSS) ON "ACADEMY LEARNING MANAGEMENT SYSTEM" - PROOF OF CONCEPT (POC)…
CROSS SITE SCRIPTING (XSS) ON "ACADEMY LEARNING MANAGEMENT SYSTEM" - PROOF OF CONCEPT (POC) CVE-2022-38553 - GitHub - 4websecurity/CVE-2022-38553: CROSS SITE SCRIPTING (XSS) ON &a...
👾KEYWORD SERVICE 🏷#cnvd
Name: Zentao-Sql-Injection_CNVD-2022-42853
Github: https://github.com/FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853
Name: Zentao-Sql-Injection_CNVD-2022-42853
Github: https://github.com/FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853
GitHub
GitHub - FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853
Contribute to FeatherStark/Zentao-Sql-Injection_CNVD-2022-42853 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38577
Github: https://github.com/sornram9254/CVE-2022-38577-Processmaker
Describe:
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
Mumber: CVE-2022-38577
Github: https://github.com/sornram9254/CVE-2022-38577-Processmaker
Describe:
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators.
GitHub
GitHub - sornram9254/CVE-2022-38577-Processmaker: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in…
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. - sornram9254/CVE...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39197
Github: https://github.com/safe3s/CVE-2022-39197
Describe:
**
Mumber: CVE-2022-39197
Github: https://github.com/safe3s/CVE-2022-39197
Describe:
**
GitHub
GitHub - safe3s/CVE-2022-39197: CVE-2022-39197
CVE-2022-39197. Contribute to safe3s/CVE-2022-39197 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31499
Github: https://github.com/omarhashem123/CVE-2022-31499
Describe:
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Mumber: CVE-2022-31499
Github: https://github.com/omarhashem123/CVE-2022-31499
Describe:
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
GitHub
GitHub - omarhashem123/CVE-2022-31499: CVE-2022-31499 Proof of Concept
CVE-2022-31499 Proof of Concept. Contribute to omarhashem123/CVE-2022-31499 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31798
Github: https://github.com/omarhashem123/CVE-2022-31798
Describe:
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
Mumber: CVE-2022-31798
Github: https://github.com/omarhashem123/CVE-2022-31798
Describe:
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
GitHub
GitHub - omarhashem123/CVE-2022-31798: CVE-2022-31798 Proof of Concept
CVE-2022-31798 Proof of Concept. Contribute to omarhashem123/CVE-2022-31798 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-25845
Github: https://github.com/expl0despl0it/CVE-2022-25845
Describe:
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Mumber: CVE-2022-25845
Github: https://github.com/expl0despl0it/CVE-2022-25845
Describe:
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
GitHub
GitHub - expl0despl0it/CVE-2022-25845: Fastjson exploit
Fastjson exploit. Contribute to expl0despl0it/CVE-2022-25845 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34729
Github: https://github.com/Pwnrin/CVE-2022-34729
Describe:
Windows GDI Elevation of Privilege Vulnerability.
Mumber: CVE-2022-34729
Github: https://github.com/Pwnrin/CVE-2022-34729
Describe:
Windows GDI Elevation of Privilege Vulnerability.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2274
Github: https://github.com/Malwareman007/CVE-2022-2274
Describe:
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
Mumber: CVE-2022-2274
Github: https://github.com/Malwareman007/CVE-2022-2274
Describe:
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
GitHub
GitHub - Malwareman007/CVE-2022-2274: A POC OF CVE-2022-2274 (openssl)
A POC OF CVE-2022-2274 (openssl). Contribute to Malwareman007/CVE-2022-2274 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-28282
Github: https://github.com/Pwnrin/CVE-2022-28282
Describe:
**
Mumber: CVE-2022-28282
Github: https://github.com/Pwnrin/CVE-2022-28282
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29581
Github: https://github.com/nidhi7598/linux-4.19.72_CVE-2022-29581
Describe:
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
Mumber: CVE-2022-29581
Github: https://github.com/nidhi7598/linux-4.19.72_CVE-2022-29581
Describe:
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
GitHub
GitHub - nidhi7598/linux-4.19.72_CVE-2022-29581
Contribute to nidhi7598/linux-4.19.72_CVE-2022-29581 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36934
Github: https://github.com/F1uk369/CVE-2022-36934
Describe:
An integer overflow in WhatsApp could result in remote code execution in an established video call.
Mumber: CVE-2022-36934
Github: https://github.com/F1uk369/CVE-2022-36934
Describe:
An integer overflow in WhatsApp could result in remote code execution in an established video call.
💩1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3236
Github: https://github.com/Xu0Tex1/CVE-2022-3236
Describe:
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
Mumber: CVE-2022-3236
Github: https://github.com/Xu0Tex1/CVE-2022-3236
Describe:
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
👎1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40916
Github: https://github.com/whitej3rry/CVE-2022-40916
Describe:
**
Mumber: CVE-2022-40916
Github: https://github.com/whitej3rry/CVE-2022-40916
Describe:
**
GitHub
GitHub - whitej3rry/CVE-2022-40916
Contribute to whitej3rry/CVE-2022-40916 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40490
Github: https://github.com/whitej3rry/CVE-2022-40490
Describe:
**
Mumber: CVE-2022-40490
Github: https://github.com/whitej3rry/CVE-2022-40490
Describe:
**
GitHub
GitHub - whitej3rry/CVE-2022-40490: Tiny File Manager v2.4.7 and below are vulnerable to Cross Site Scripting
Tiny File Manager v2.4.7 and below are vulnerable to Cross Site Scripting - GitHub - whitej3rry/CVE-2022-40490: Tiny File Manager v2.4.7 and below are vulnerable to Cross Site Scripting
** MDUT ** 🔧Tool update
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/ba7365f4f69be90353fde39dee6b62f246387195
commitUpdate log:
Merge pull request #48 from SafeGroceryStore/dev
pr
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/ba7365f4f69be90353fde39dee6b62f246387195
commitUpdate log:
Merge pull request #48 from SafeGroceryStore/dev
pr
GitHub
Merge pull request #48 from SafeGroceryStore/dev · SafeGroceryStore/MDUT@ba7365f
pr