👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41208
Github: https://github.com/L34ked/CVE-2022-41208
Describe:
**
Mumber: CVE-2022-41208
Github: https://github.com/L34ked/CVE-2022-41208
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39959
Github: https://github.com/usmarine2141/CVE-2022-39959
Describe:
**
Mumber: CVE-2022-39959
Github: https://github.com/usmarine2141/CVE-2022-39959
Describe:
**
GitHub
GitHub - usmarine2141/CVE-2022-39959: CVE-2022-39959
CVE-2022-39959. Contribute to usmarine2141/CVE-2022-39959 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22954
Github: https://github.com/trhacknon/CVE-2022-22954-PoC
Describe:
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
Mumber: CVE-2022-22954
Github: https://github.com/trhacknon/CVE-2022-22954-PoC
Describe:
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31629
Github: https://github.com/SilNex/CVE-2022-31629-poc
Describe:
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Mumber: CVE-2022-31629
Github: https://github.com/SilNex/CVE-2022-31629-poc
Describe:
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
GitHub
GitHub - silnex/CVE-2022-31629-poc: CVE-2022-31629 POC
CVE-2022-31629 POC. Contribute to silnex/CVE-2022-31629-poc development by creating an account on GitHub.
👍1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21971
Github: https://github.com/Malwareman007/CVE-2022-21971
Describe:
Windows Runtime Remote Code Execution Vulnerability.
Mumber: CVE-2022-21971
Github: https://github.com/Malwareman007/CVE-2022-21971
Describe:
Windows Runtime Remote Code Execution Vulnerability.
GitHub
GitHub - Malwareman007/CVE-2022-21971: POC Of CVE-2022-21971
POC Of CVE-2022-21971 . Contribute to Malwareman007/CVE-2022-21971 development by creating an account on GitHub.
** mimikatz ** 🔧Tool update
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
GitHub
Revert to Visual Studio 2013 (due to an error in Microsoft headers, c… · gentilkiwi/mimikatz@c78b1cf
…an't build in Win32)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26937
Github: https://github.com/Malwareman007/CVE-2022-26937
Describe:
Windows Network File System Remote Code Execution Vulnerability.
Mumber: CVE-2022-26937
Github: https://github.com/Malwareman007/CVE-2022-26937
Describe:
Windows Network File System Remote Code Execution Vulnerability.
GitHub
GitHub - Malwareman007/CVE-2022-26937: POC Of CVE-2022-26937
POC Of CVE-2022-26937. Contribute to Malwareman007/CVE-2022-26937 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40684
Github: https://github.com/dickson0day/CVE-2022-40684
Describe:
**
Mumber: CVE-2022-40684
Github: https://github.com/dickson0day/CVE-2022-40684
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29988
Github: https://github.com/0x8848/CVE-2022-29988
Describe:
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
Mumber: CVE-2022-29988
Github: https://github.com/0x8848/CVE-2022-29988
Describe:
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31479
Github: https://github.com/realyme/CVE-2022-31479-test
Describe:
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.
Mumber: CVE-2022-31479
Github: https://github.com/realyme/CVE-2022-31479-test
Describe:
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.
GitHub
realyme/CVE-2022-31479-test
testtesttesttesttesttesttesttesttesttest. Contribute to realyme/CVE-2022-31479-test development by creating an account on GitHub.
👍2🔥1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34718
Github: https://github.com/SecLabResearchBV/CVE-2022-34718-PoC
Describe:
Windows TCP/IP Remote Code Execution Vulnerability.
Mumber: CVE-2022-34718
Github: https://github.com/SecLabResearchBV/CVE-2022-34718-PoC
Describe:
Windows TCP/IP Remote Code Execution Vulnerability.
GitHub
GitHub - SecLabResearchBV/CVE-2022-34718-PoC
Contribute to SecLabResearchBV/CVE-2022-34718-PoC development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41352
Github: https://github.com/segfault-it/cve-2022-41352
Describe:
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.
Mumber: CVE-2022-41352
Github: https://github.com/segfault-it/cve-2022-41352
Describe:
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.
GitHub
GitHub - segfault-it/cve-2022-41352: cve-2022-41352 poc
cve-2022-41352 poc. Contribute to segfault-it/cve-2022-41352 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0002
Github: https://github.com/nikokosm/CVE-2022-0002--s-1
Describe:
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Mumber: CVE-2022-0002
Github: https://github.com/nikokosm/CVE-2022-0002--s-1
Describe:
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
GitHub
nikokosm/CVE-2022-0002--s-1
test for CVE-2022-0002 "><s>2 {{9*9}}. Contribute to nikokosm/CVE-2022-0002--s-1 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40471
Github: https://github.com/RashidKhanPathan/CVE-2022-40471
Describe:
**
Mumber: CVE-2022-40471
Github: https://github.com/RashidKhanPathan/CVE-2022-40471
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-40471: RCE Exploit and Research
RCE Exploit and Research . Contribute to RashidKhanPathan/CVE-2022-40471 development by creating an account on GitHub.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
** MDUT ** 🔧Tool update
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log:
Merge pull request #53 from ren-jq101/main
fix(sec): upgrade fastjson to 1.2.83
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log:
Merge pull request #53 from ren-jq101/main
fix(sec): upgrade fastjson to 1.2.83
GitHub
Merge pull request #53 from ren-jq101/main · SafeGroceryStore/MDUT@68b62f9
fix(sec): upgrade fastjson to 1.2.83
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-23277
Github: https://github.com/7BitsTeam/CVE-2022-23277
Describe:
Microsoft Exchange Server Remote Code Execution Vulnerability.
Mumber: CVE-2022-23277
Github: https://github.com/7BitsTeam/CVE-2022-23277
Describe:
Microsoft Exchange Server Remote Code Execution Vulnerability.
GitHub
GitHub - 7BitsTeam/CVE-2022-23277: CVE-2022-23277 POC to write a webshell to aspnet_client
CVE-2022-23277 POC to write a webshell to aspnet_client - 7BitsTeam/CVE-2022-23277