👾KEYWORD SERVICE 🏷#cnvd
Name: CNVD-2022-42853-Poc
Github: https://github.com/CCJ-For-Safety/CNVD-2022-42853-Poc
Name: CNVD-2022-42853-Poc
Github: https://github.com/CCJ-For-Safety/CNVD-2022-42853-Poc
GitHub
GitHub - atk7r/CNVD-2022-42853-Poc: Python3验证CNVD-2022-42853禅道16.5 SQL注入
Python3验证CNVD-2022-42853禅道16.5 SQL注入. Contribute to atk7r/CNVD-2022-42853-Poc development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43144
Github: https://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS
Describe:
**
Mumber: CVE-2022-43144
Github: https://github.com/mudassiruddin/CVE-2022-43144-Stored-XSS
Describe:
**
GitHub
GitHub - mudassiruddin/CVE-2022-43144-Stored-XSS: PoC to exploit CVE-2022-43144
PoC to exploit CVE-2022-43144. Contribute to mudassiruddin/CVE-2022-43144-Stored-XSS development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-20138
Github: https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Describe:
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
Mumber: CVE-2022-20138
Github: https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Describe:
In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972
GitHub
GitHub - Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138
Contribute to Trinadh465/frameworks_base_AOSP10_r33_CVE-2022-20138 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1162
Github: https://github.com/ipsBruno/CVE-2022-1162
Describe:
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
Mumber: CVE-2022-1162
Github: https://github.com/ipsBruno/CVE-2022-1162
Describe:
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
GitHub
GitHub - ipsBruno/CVE-2022-1162: A simple tool to enumerate users in gitlab
A simple tool to enumerate users in gitlab. Contribute to ipsBruno/CVE-2022-1162 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3699
Github: https://github.com/alfarom256/CVE-2022-3699
Describe:
**
Mumber: CVE-2022-3699
Github: https://github.com/alfarom256/CVE-2022-3699
Describe:
**
GitHub
GitHub - alfarom256/CVE-2022-3699: Lenovo Diagnostics Driver EoP - Arbitrary R/W
Lenovo Diagnostics Driver EoP - Arbitrary R/W. Contribute to alfarom256/CVE-2022-3699 development by creating an account on GitHub.
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log:
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log:
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>
GitHub
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from … · chaitin/xray@4f47fb1
…'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKal...
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKal...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39395
Github: https://github.com/harry1osborn/CVE-2022-39395
Describe:
**
Mumber: CVE-2022-39395
Github: https://github.com/harry1osborn/CVE-2022-39395
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1012
Github: https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012
Describe:
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
Mumber: CVE-2022-1012
Github: https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012
Describe:
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
GitHub
nanopathi/Linux-4.19.72_CVE-2022-1012
Contribute to nanopathi/Linux-4.19.72_CVE-2022-1012 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43332
Github: https://github.com/maikroservice/CVE-2022-43332
Describe:
**
Mumber: CVE-2022-43332
Github: https://github.com/maikroservice/CVE-2022-43332
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42055
Github: https://github.com/gigaryte/cve-2022-42055
Describe:
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
Mumber: CVE-2022-42055
Github: https://github.com/gigaryte/cve-2022-42055
Describe:
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31898
Github: https://github.com/gigaryte/cve-2022-31898
Describe:
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
Mumber: CVE-2022-31898
Github: https://github.com/gigaryte/cve-2022-31898
Describe:
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
GitHub
GitHub - gigaryte/cve-2022-31898: Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below…
Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215 - gigaryte/cve-2022-31898
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27492
Github: https://github.com/F1uk368/CVE-2022-27492
Describe:
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
Mumber: CVE-2022-27492
Github: https://github.com/F1uk368/CVE-2022-27492
Describe:
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3942
Github: https://github.com/maikroservice/CVE-2022-3942
Describe:
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.
Mumber: CVE-2022-3942
Github: https://github.com/maikroservice/CVE-2022-3942
Describe:
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.
GitHub
GitHub - maikroservice/CVE-2022-3942
Contribute to maikroservice/CVE-2022-3942 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
GitHub
GitHub - ysanatomic/CVE-2022-1015: A write-up and LPE PoC of an OOB read and write vulnerability in the Linux Kernel.
A write-up and LPE PoC of an OOB read and write vulnerability in the Linux Kernel. - ysanatomic/CVE-2022-1015
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**
GitHub
GitHub - maikroservice/CVE-2022-3949: XSS in Simple Cashiering System
XSS in Simple Cashiering System. Contribute to maikroservice/CVE-2022-3949 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
GitHub
GitHub - ipsBruno/CVE-2022-40140-SCANNER: A Shodan hunter for CVE-2022-40140
A Shodan hunter for CVE-2022-40140 . Contribute to ipsBruno/CVE-2022-40140-SCANNER development by creating an account on GitHub.
** nps ** 🔧Tool update
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
GitHub
Merge pull request #866 from freeoa/master · ehang-io/nps@ab648d6
add build to apple silicon(M1)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**