👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40126
Github: https://github.com/LovelyWei/CVE-2022-40126
Describe:
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
Mumber: CVE-2022-40126
Github: https://github.com/LovelyWei/CVE-2022-40126
Describe:
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.
GitHub
GitHub - LovelyWei/CVE-2022-40126: Don't be evil.
Don't be evil. Contribute to LovelyWei/CVE-2022-40126 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26726
Github: https://github.com/acheong08/CVE-2022-26726-POC
Describe:
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
Mumber: CVE-2022-26726
Github: https://github.com/acheong08/CVE-2022-26726-POC
Describe:
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.
GitHub
GitHub - acheong08/CVE-2022-26726-POC: TCC Bypass
TCC Bypass. Contribute to acheong08/CVE-2022-26726-POC development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41218
Github: https://github.com/V4bel/CVE-2022-41218
Describe:
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
Mumber: CVE-2022-41218
Github: https://github.com/V4bel/CVE-2022-41218
Describe:
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41082
Github: https://github.com/revers0id/CVE-2022-41082-PoC
Describe:
**
Mumber: CVE-2022-41082
Github: https://github.com/revers0id/CVE-2022-41082-PoC
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37434
Github: https://github.com/nidhi7598/external_zlib-1.2.7_CVE-2022-37434
Describe:
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Mumber: CVE-2022-37434
Github: https://github.com/nidhi7598/external_zlib-1.2.7_CVE-2022-37434
Describe:
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
GitHub
GitHub - nidhi7598/external_zlib-1.2.7_CVE-2022-37434
Contribute to nidhi7598/external_zlib-1.2.7_CVE-2022-37434 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41040
Github: https://github.com/kev1n-beaum0nt/CVE-2022-41040-RCE-POC
Describe:
**
Mumber: CVE-2022-41040
Github: https://github.com/kev1n-beaum0nt/CVE-2022-41040-RCE-POC
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-35914
Github: https://github.com/cactuschibre/CVE-2022-35914-poc
Describe:
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
Mumber: CVE-2022-35914
Github: https://github.com/cactuschibre/CVE-2022-35914-poc
Describe:
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
GitHub
GitHub - cosad3s/CVE-2022-35914-poc
Contribute to cosad3s/CVE-2022-35914-poc development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30600
Github: https://github.com/Boonjune/POC-CVE-2022-30600
Describe:
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Mumber: CVE-2022-30600
Github: https://github.com/Boonjune/POC-CVE-2022-30600
Describe:
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
GitHub
GitHub - Boonjune/POC-CVE-2022-30600: A proof of concept for CVE-2022-30600
A proof of concept for CVE-2022-30600. Contribute to Boonjune/POC-CVE-2022-30600 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41208
Github: https://github.com/L34ked/CVE-2022-41208
Describe:
**
Mumber: CVE-2022-41208
Github: https://github.com/L34ked/CVE-2022-41208
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39959
Github: https://github.com/usmarine2141/CVE-2022-39959
Describe:
**
Mumber: CVE-2022-39959
Github: https://github.com/usmarine2141/CVE-2022-39959
Describe:
**
GitHub
GitHub - usmarine2141/CVE-2022-39959: CVE-2022-39959
CVE-2022-39959. Contribute to usmarine2141/CVE-2022-39959 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22954
Github: https://github.com/trhacknon/CVE-2022-22954-PoC
Describe:
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Mumber: CVE-2022-22954
Github: https://github.com/trhacknon/CVE-2022-22954-PoC
Describe:
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31629
Github: https://github.com/SilNex/CVE-2022-31629-poc
Describe:
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Mumber: CVE-2022-31629
Github: https://github.com/SilNex/CVE-2022-31629-poc
Describe:
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
GitHub
GitHub - silnex/CVE-2022-31629-poc: CVE-2022-31629 POC
CVE-2022-31629 POC. Contribute to silnex/CVE-2022-31629-poc development by creating an account on GitHub.
👍1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21971
Github: https://github.com/Malwareman007/CVE-2022-21971
Describe:
Windows Runtime Remote Code Execution Vulnerability.
Mumber: CVE-2022-21971
Github: https://github.com/Malwareman007/CVE-2022-21971
Describe:
Windows Runtime Remote Code Execution Vulnerability.
GitHub
GitHub - Malwareman007/CVE-2022-21971: POC Of CVE-2022-21971
POC Of CVE-2022-21971 . Contribute to Malwareman007/CVE-2022-21971 development by creating an account on GitHub.
** mimikatz ** 🔧Tool update
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
GitHub
Revert to Visual Studio 2013 (due to an error in Microsoft headers, c… · gentilkiwi/mimikatz@c78b1cf
…an't build in Win32)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26937
Github: https://github.com/Malwareman007/CVE-2022-26937
Describe:
Windows Network File System Remote Code Execution Vulnerability.
Mumber: CVE-2022-26937
Github: https://github.com/Malwareman007/CVE-2022-26937
Describe:
Windows Network File System Remote Code Execution Vulnerability.
GitHub
GitHub - Malwareman007/CVE-2022-26937: POC Of CVE-2022-26937
POC Of CVE-2022-26937. Contribute to Malwareman007/CVE-2022-26937 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40684
Github: https://github.com/dickson0day/CVE-2022-40684
Describe:
**
Mumber: CVE-2022-40684
Github: https://github.com/dickson0day/CVE-2022-40684
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29988
Github: https://github.com/0x8848/CVE-2022-29988
Describe:
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
Mumber: CVE-2022-29988
Github: https://github.com/0x8848/CVE-2022-29988
Describe:
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31479
Github: https://github.com/realyme/CVE-2022-31479-test
Describe:
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.
Mumber: CVE-2022-31479
Github: https://github.com/realyme/CVE-2022-31479-test
Describe:
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.
GitHub
realyme/CVE-2022-31479-test
testtesttesttesttesttesttesttesttesttest. Contribute to realyme/CVE-2022-31479-test development by creating an account on GitHub.
👍2🔥1