👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21971
Github: https://github.com/Malwareman007/CVE-2022-21971
Describe:
Windows Runtime Remote Code Execution Vulnerability.
Mumber: CVE-2022-21971
Github: https://github.com/Malwareman007/CVE-2022-21971
Describe:
Windows Runtime Remote Code Execution Vulnerability.
GitHub
GitHub - Malwareman007/CVE-2022-21971: POC Of CVE-2022-21971
POC Of CVE-2022-21971 . Contribute to Malwareman007/CVE-2022-21971 development by creating an account on GitHub.
** mimikatz ** 🔧Tool update
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
GitHub
Revert to Visual Studio 2013 (due to an error in Microsoft headers, c… · gentilkiwi/mimikatz@c78b1cf
…an't build in Win32)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26937
Github: https://github.com/Malwareman007/CVE-2022-26937
Describe:
Windows Network File System Remote Code Execution Vulnerability.
Mumber: CVE-2022-26937
Github: https://github.com/Malwareman007/CVE-2022-26937
Describe:
Windows Network File System Remote Code Execution Vulnerability.
GitHub
GitHub - Malwareman007/CVE-2022-26937: POC Of CVE-2022-26937
POC Of CVE-2022-26937. Contribute to Malwareman007/CVE-2022-26937 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40684
Github: https://github.com/dickson0day/CVE-2022-40684
Describe:
**
Mumber: CVE-2022-40684
Github: https://github.com/dickson0day/CVE-2022-40684
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29988
Github: https://github.com/0x8848/CVE-2022-29988
Describe:
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
Mumber: CVE-2022-29988
Github: https://github.com/0x8848/CVE-2022-29988
Describe:
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31479
Github: https://github.com/realyme/CVE-2022-31479-test
Describe:
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.
Mumber: CVE-2022-31479
Github: https://github.com/realyme/CVE-2022-31479-test
Describe:
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.
GitHub
realyme/CVE-2022-31479-test
testtesttesttesttesttesttesttesttesttest. Contribute to realyme/CVE-2022-31479-test development by creating an account on GitHub.
👍2🔥1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34718
Github: https://github.com/SecLabResearchBV/CVE-2022-34718-PoC
Describe:
Windows TCP/IP Remote Code Execution Vulnerability.
Mumber: CVE-2022-34718
Github: https://github.com/SecLabResearchBV/CVE-2022-34718-PoC
Describe:
Windows TCP/IP Remote Code Execution Vulnerability.
GitHub
GitHub - SecLabResearchBV/CVE-2022-34718-PoC
Contribute to SecLabResearchBV/CVE-2022-34718-PoC development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41352
Github: https://github.com/segfault-it/cve-2022-41352
Describe:
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.
Mumber: CVE-2022-41352
Github: https://github.com/segfault-it/cve-2022-41352
Describe:
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavisd automatically prefers it over cpio.
GitHub
GitHub - segfault-it/cve-2022-41352: cve-2022-41352 poc
cve-2022-41352 poc. Contribute to segfault-it/cve-2022-41352 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0002
Github: https://github.com/nikokosm/CVE-2022-0002--s-1
Describe:
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Mumber: CVE-2022-0002
Github: https://github.com/nikokosm/CVE-2022-0002--s-1
Describe:
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
GitHub
nikokosm/CVE-2022-0002--s-1
test for CVE-2022-0002 "><s>2 {{9*9}}. Contribute to nikokosm/CVE-2022-0002--s-1 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40471
Github: https://github.com/RashidKhanPathan/CVE-2022-40471
Describe:
**
Mumber: CVE-2022-40471
Github: https://github.com/RashidKhanPathan/CVE-2022-40471
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-40471: RCE Exploit and Research
RCE Exploit and Research . Contribute to RashidKhanPathan/CVE-2022-40471 development by creating an account on GitHub.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
** MDUT ** 🔧Tool update
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log:
Merge pull request #53 from ren-jq101/main
fix(sec): upgrade fastjson to 1.2.83
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log:
Merge pull request #53 from ren-jq101/main
fix(sec): upgrade fastjson to 1.2.83
GitHub
Merge pull request #53 from ren-jq101/main · SafeGroceryStore/MDUT@68b62f9
fix(sec): upgrade fastjson to 1.2.83
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-23277
Github: https://github.com/7BitsTeam/CVE-2022-23277
Describe:
Microsoft Exchange Server Remote Code Execution Vulnerability.
Mumber: CVE-2022-23277
Github: https://github.com/7BitsTeam/CVE-2022-23277
Describe:
Microsoft Exchange Server Remote Code Execution Vulnerability.
GitHub
GitHub - 7BitsTeam/CVE-2022-23277: CVE-2022-23277 POC to write a webshell to aspnet_client
CVE-2022-23277 POC to write a webshell to aspnet_client - 7BitsTeam/CVE-2022-23277
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37298
Github: https://github.com/dbyio/cve-2022-37298-shinken
Describe:
**
Mumber: CVE-2022-37298
Github: https://github.com/dbyio/cve-2022-37298-shinken
Describe:
**
GitHub
GitHub - dbyio/cve-2022-37298-shinken: CVE-2022-37298 Shinken Monitoring
CVE-2022-37298 Shinken Monitoring. Contribute to dbyio/cve-2022-37298-shinken development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40648
Github: https://github.com/b3wT/CVE-2022-40648-MASS
Describe:
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.
Mumber: CVE-2022-40648
Github: https://github.com/b3wT/CVE-2022-40648-MASS
Describe:
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X_B files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17563.
GitHub
GitHub - b3wT/CVE-2022-40648-MASS: Multi-threaded Mass adding ssh keys for CVE-2022-40648
Multi-threaded Mass adding ssh keys for CVE-2022-40648 - GitHub - b3wT/CVE-2022-40648-MASS: Multi-threaded Mass adding ssh keys for CVE-2022-40648
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41852
Github: https://github.com/Warxim/CVE-2022-41852
Describe:
Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.
Mumber: CVE-2022-41852
Github: https://github.com/Warxim/CVE-2022-41852
Describe:
Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.
GitHub
GitHub - Warxim/CVE-2022-41852: CVE-2022-41852 Proof of Concept (unofficial)
CVE-2022-41852 Proof of Concept (unofficial). Contribute to Warxim/CVE-2022-41852 development by creating an account on GitHub.
** nps ** 🔧Tool update
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
GitHub
Merge pull request #866 from freeoa/master · ehang-io/nps@ab648d6
add build to apple silicon(M1)
👍1