👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42889
Github: https://github.com/standb/CVE-2022-42889
Describe:
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
Mumber: CVE-2022-42889
Github: https://github.com/standb/CVE-2022-42889
Describe:
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27502
Github: https://github.com/alirezac0/CVE-2022-27502
Describe:
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.
Mumber: CVE-2022-27502
Github: https://github.com/alirezac0/CVE-2022-27502
Describe:
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.
GitHub
GitHub - alirezac0/CVE-2022-27502: Exploit of RealVNC VNC Server
Exploit of RealVNC VNC Server. Contribute to alirezac0/CVE-2022-27502 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3368
Github: https://github.com/Wh04m1001/CVE-2022-3368
Describe:
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
Mumber: CVE-2022-3368
Github: https://github.com/Wh04m1001/CVE-2022-3368
Describe:
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
GitHub
GitHub - Wh04m1001/CVE-2022-3368
Contribute to Wh04m1001/CVE-2022-3368 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42899
Github: https://github.com/iamsanjay/CVE-2022-42899
Describe:
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Mumber: CVE-2022-42899
Github: https://github.com/iamsanjay/CVE-2022-42899
Describe:
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
GitHub
GitHub - iamsanjay/CVE-2022-42899
Contribute to iamsanjay/CVE-2022-42899 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40674
Github: https://github.com/nidhi7598/-expat_2.1.0_CVE-2022-40674
Describe:
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Mumber: CVE-2022-40674
Github: https://github.com/nidhi7598/-expat_2.1.0_CVE-2022-40674
Describe:
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
GitHub
nidhi7598/-expat_2.1.0_CVE-2022-40674
Contribute to nidhi7598/-expat_2.1.0_CVE-2022-40674 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27414
Github: https://github.com/lus33rr/CVE-2022-27414
Describe:
**
Mumber: CVE-2022-27414
Github: https://github.com/lus33rr/CVE-2022-27414
Describe:
**
GitHub
GitHub - lus33rr/CVE-2022-27414: Exploit of College Website v1.0 CMS - SQL injection
Exploit of College Website v1.0 CMS - SQL injection - lus33rr/CVE-2022-27414
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21970
Github: https://github.com/Malwareman007/CVE-2022-21970
Describe:
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.
Mumber: CVE-2022-21970
Github: https://github.com/Malwareman007/CVE-2022-21970
Describe:
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.
GitHub
GitHub - Malwareman007/CVE-2022-21970: POC OF CVE-2022-21970
POC OF CVE-2022-21970. Contribute to Malwareman007/CVE-2022-21970 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29303
Github: https://github.com/trhacknon/CVE-2022-29303-Exploit
Describe:
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
Mumber: CVE-2022-29303
Github: https://github.com/trhacknon/CVE-2022-29303-Exploit
Describe:
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
GitHub
GitHub - trhacknon/CVE-2022-29303-Exploit
Contribute to trhacknon/CVE-2022-29303-Exploit development by creating an account on GitHub.
👍1
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
GitHub
Merge pull request #225 from evilAdan0s/main · shadow1ng/fscan@38e48ba
去除弱特征:过时UA头
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2402
Github: https://github.com/SecurityAndStuff/CVE-2022-2402
Describe:
The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.
Mumber: CVE-2022-2402
Github: https://github.com/SecurityAndStuff/CVE-2022-2402
Describe:
The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.
GitHub
GitHub - SecurityAndStuff/CVE-2022-2402
Contribute to SecurityAndStuff/CVE-2022-2402 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1000
Github: https://github.com/yonggui-li/CVE-2022-1000_poc
Describe:
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
Mumber: CVE-2022-1000
Github: https://github.com/yonggui-li/CVE-2022-1000_poc
Describe:
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
GitHub
GitHub - yonggui-li/CVE-2022-1000_poc
Contribute to yonggui-li/CVE-2022-1000_poc development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
GitHub
Merge pull request #225 from evilAdan0s/main · shadow1ng/fscan@38e48ba
去除弱特征:过时UA头
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36663
Github: https://github.com/Qeisi/CVE-2022-36663-PoC
Describe:
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
Mumber: CVE-2022-36663
Github: https://github.com/Qeisi/CVE-2022-36663-PoC
Describe:
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
GitHub
GitHub - aqeisi/CVE-2022-36663-PoC: Internal network scanner through Gluu IAM blind ssrf
Internal network scanner through Gluu IAM blind ssrf - aqeisi/CVE-2022-36663-PoC
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37704
Github: https://github.com/MaherAzzouzi/CVE-2022-37704
Describe:
**
Mumber: CVE-2022-37704
Github: https://github.com/MaherAzzouzi/CVE-2022-37704
Describe:
**
GitHub
GitHub - MaherAzzouzi/CVE-2022-37704: Amanda 3.5.1 LPE
Amanda 3.5.1 LPE. Contribute to MaherAzzouzi/CVE-2022-37704 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38813
Github: https://github.com/RashidKhanPathan/CVE-2022-38813
Describe:
**
Mumber: CVE-2022-38813
Github: https://github.com/RashidKhanPathan/CVE-2022-38813
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-38813: Authenticated Vertical Privilege Escalation Vulnerability in Blood Donor Management System
Authenticated Vertical Privilege Escalation Vulnerability in Blood Donor Management System - RashidKhanPathan/CVE-2022-38813
** mimikatz ** 🔧Tool update
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
GitHub
Revert to Visual Studio 2013 (due to an error in Microsoft headers, c… · gentilkiwi/mimikatz@c78b1cf
…an't build in Win32)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42045
Github: https://github.com/ReCryptLLC/CVE-2022-42045
Describe:
**
Mumber: CVE-2022-42045
Github: https://github.com/ReCryptLLC/CVE-2022-42045
Describe:
**
GitHub
GitHub - ReCryptLLC/CVE-2022-42045
Contribute to ReCryptLLC/CVE-2022-42045 development by creating an account on GitHub.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/a9ddda5e28119f72e391b8a0c8fb753d6c53c0d5
commitUpdate log:
Update jellyfin-cve-2021-29490.yml (#1632)
GitHub
Update jellyfin-cve-2021-29490.yml (#1632) · chaitin/xray@a9ddda5
一款完善的安全评估工具,支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档. Contribute to chaitin/xray development by creating an account on GitHub.
👍1