👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42098
Github: https://github.com/bypazs/CVE-2022-42098
Describe:
**
Mumber: CVE-2022-42098
Github: https://github.com/bypazs/CVE-2022-42098
Describe:
**
GitHub
GitHub - bypazs/CVE-2022-42098: KLiK-SocialMediaWebsite v1.0.1 has SQL Injection Vulnerabilities at profile.php
KLiK-SocialMediaWebsite v1.0.1 has SQL Injection Vulnerabilities at profile.php - bypazs/CVE-2022-42098
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22909
Github: https://github.com/0z09e/CVE-2022-22909
Describe:
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
Mumber: CVE-2022-22909
Github: https://github.com/0z09e/CVE-2022-22909
Describe:
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
GitHub
GitHub - 0z09e/CVE-2022-22909: Hotel Druid 3.0.3 Code Injection to Remote Code Execution
Hotel Druid 3.0.3 Code Injection to Remote Code Execution - 0z09e/CVE-2022-22909
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40146
Github: https://github.com/cckuailong/CVE-2022-40146_Exploit_Jar
Describe:
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Mumber: CVE-2022-40146
Github: https://github.com/cckuailong/CVE-2022-40146_Exploit_Jar
Describe:
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
GitHub
GitHub - cckuailong/CVE-2022-40146_Exploit_Jar
Contribute to cckuailong/CVE-2022-40146_Exploit_Jar development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40470
Github: https://github.com/RashidKhanPathan/CVE-2022-40470
Describe:
**
Mumber: CVE-2022-40470
Github: https://github.com/RashidKhanPathan/CVE-2022-40470
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-40470: Cross Site Scripting in Blood Donor Management System Using CodeIgniter - 1.0
Cross Site Scripting in Blood Donor Management System Using CodeIgniter - 1.0 - RashidKhanPathan/CVE-2022-40470
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3518
Github: https://github.com/lohith19/CVE-2022-3518
Describe:
A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.
Mumber: CVE-2022-3518
Github: https://github.com/lohith19/CVE-2022-3518
Describe:
A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.
GitHub
GitHub - lohith19/CVE-2022-3518
Contribute to lohith19/CVE-2022-3518 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3602
Github: https://github.com/colmmacc/CVE-2022-3602
Describe:
**
Mumber: CVE-2022-3602
Github: https://github.com/colmmacc/CVE-2022-3602
Describe:
**
GitHub
GitHub - colmmacc/CVE-2022-3602
Contribute to colmmacc/CVE-2022-3602 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42176
Github: https://github.com/soy-oreocato/CVE-2022-42176
Describe:
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
Mumber: CVE-2022-42176
Github: https://github.com/soy-oreocato/CVE-2022-42176
Describe:
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
GitHub
GitHub - soy-oreocato/CVE-2022-42176
Contribute to soy-oreocato/CVE-2022-42176 development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
GitHub
Merge pull request #225 from evilAdan0s/main · shadow1ng/fscan@38e48ba
去除弱特征:过时UA头
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31692
Github: https://github.com/SpindleSec/CVE-2022-31692
Describe:
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
Mumber: CVE-2022-31692
Github: https://github.com/SpindleSec/CVE-2022-31692
Describe:
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
GitHub
GitHub - blipzip/cve-2022-31692: A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE…
A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692 - blipzip/cve-2022-31692
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0185
Github: https://github.com/featherL/CVE-2022-0185-exploit
Describe:
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
Mumber: CVE-2022-0185
Github: https://github.com/featherL/CVE-2022-0185-exploit
Describe:
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.
GitHub
GitHub - featherL/CVE-2022-0185-exploit: CVE-2022-0185 exploit
CVE-2022-0185 exploit. Contribute to featherL/CVE-2022-0185-exploit development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33079
Github: https://github.com/Bdenneu/CVE-2022-33079
Describe:
**
Mumber: CVE-2022-33079
Github: https://github.com/Bdenneu/CVE-2022-33079
Describe:
**
GitHub
GitHub - Bdenneu/CVE-2022-33679: One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html - GitHub - Bdenneu/CVE-2022-33679: One day based on https://googleprojectzero.blogspot.com/2022/...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41445
Github: https://github.com/RashidKhanPathan/CVE-2022-41445
Describe:
**
Mumber: CVE-2022-41445
Github: https://github.com/RashidKhanPathan/CVE-2022-41445
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-41445: Cross Site Scripting in Teacher's Record Management System using CodeIgnitor
Cross Site Scripting in Teacher's Record Management System using CodeIgnitor - RashidKhanPathan/CVE-2022-41445
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41446
Github: https://github.com/RashidKhanPathan/CVE-2022-41446
Describe:
**
Mumber: CVE-2022-41446
Github: https://github.com/RashidKhanPathan/CVE-2022-41446
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-41446: Privilege Escalation in Teachers Record Management System using CodeIgnitor
Privilege Escalation in Teachers Record Management System using CodeIgnitor - RashidKhanPathan/CVE-2022-41446
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33679
Github: https://github.com/Blyth0He/CVE-2022-33679
Describe:
Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.
Mumber: CVE-2022-33679
Github: https://github.com/Blyth0He/CVE-2022-33679
Describe:
Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33647.
GitHub
GitHub - Blyth0He/CVE-2022-33679: poc of CVE-2022-33679
poc of CVE-2022-33679. Contribute to Blyth0He/CVE-2022-33679 development by creating an account on GitHub.
** MDUT ** 🔧Tool update
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log:
Merge pull request #53 from ren-jq101/main
fix(sec): upgrade fastjson to 1.2.83
Tools name:MDUT
Tools url:https://github.com/SafeGroceryStore/MDUT/commit/68b62f99153980d46a5cd2112b9e1daf8d413b81
commitUpdate log:
Merge pull request #53 from ren-jq101/main
fix(sec): upgrade fastjson to 1.2.83
GitHub
Merge pull request #53 from ren-jq101/main · SafeGroceryStore/MDUT@68b62f9
fix(sec): upgrade fastjson to 1.2.83
👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD-2022-42853-Poc
Github: https://github.com/CCJ-For-Safety/CNVD-2022-42853-Poc
Name: CNVD-2022-42853-Poc
Github: https://github.com/CCJ-For-Safety/CNVD-2022-42853-Poc
GitHub
GitHub - atk7r/CNVD-2022-42853-Poc: Python3验证CNVD-2022-42853禅道16.5 SQL注入
Python3验证CNVD-2022-42853禅道16.5 SQL注入. Contribute to atk7r/CNVD-2022-42853-Poc development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43144
Github: https://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS
Describe:
**
Mumber: CVE-2022-43144
Github: https://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS
Describe:
**
GitHub
GitHub - mudassiruddin/CVE-2022-43144-Stored-XSS: PoC to exploit CVE-2022-43144
PoC to exploit CVE-2022-43144. Contribute to mudassiruddin/CVE-2022-43144-Stored-XSS development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20138
Github: https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Describe:
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
Mumber: CVE-2022-20138
Github: https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Describe:
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
GitHub
GitHub - Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Contribute to Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1162
Github: https://github.com/ipsBruno/CVE-2022-1162
Describe:
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
Mumber: CVE-2022-1162
Github: https://github.com/ipsBruno/CVE-2022-1162
Describe:
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
GitHub
GitHub - ipsBruno/CVE-2022-1162: A simple tool to enumerate users in gitlab
A simple tool to enumerate users in gitlab. Contribute to ipsBruno/CVE-2022-1162 development by creating an account on GitHub.