👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1012
Github: https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012
Describe:
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
Mumber: CVE-2022-1012
Github: https://github.com/nanopathi/Linux-4.19.72_CVE-2022-1012
Describe:
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.
GitHub
nanopathi/Linux-4.19.72_CVE-2022-1012
Contribute to nanopathi/Linux-4.19.72_CVE-2022-1012 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43332
Github: https://github.com/maikroservice/CVE-2022-43332
Describe:
**
Mumber: CVE-2022-43332
Github: https://github.com/maikroservice/CVE-2022-43332
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42055
Github: https://github.com/gigaryte/cve-2022-42055
Describe:
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
Mumber: CVE-2022-42055
Github: https://github.com/gigaryte/cve-2022-42055
Describe:
Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31898
Github: https://github.com/gigaryte/cve-2022-31898
Describe:
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
Mumber: CVE-2022-31898
Github: https://github.com/gigaryte/cve-2022-31898
Describe:
gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters.
GitHub
GitHub - gigaryte/cve-2022-31898: Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below…
Exploit POC code for CVE-2022-31898, a command injection for GL-iNet routers with firmware below 3.215 - gigaryte/cve-2022-31898
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27492
Github: https://github.com/F1uk368/CVE-2022-27492
Describe:
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
Mumber: CVE-2022-27492
Github: https://github.com/F1uk368/CVE-2022-27492
Describe:
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3942
Github: https://github.com/maikroservice/CVE-2022-3942
Describe:
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.
Mumber: CVE-2022-3942
Github: https://github.com/maikroservice/CVE-2022-3942
Describe:
A vulnerability was found in SourceCodester Sanitization Management System and classified as problematic. This issue affects some unknown processing of the file php-sms/?p=request_quote. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-213449 was assigned to this vulnerability.
GitHub
GitHub - maikroservice/CVE-2022-3942
Contribute to maikroservice/CVE-2022-3942 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
GitHub
GitHub - ysanatomic/CVE-2022-1015: A write-up and LPE PoC of an OOB read and write vulnerability in the Linux Kernel.
A write-up and LPE PoC of an OOB read and write vulnerability in the Linux Kernel. - ysanatomic/CVE-2022-1015
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**
GitHub
GitHub - maikroservice/CVE-2022-3949: XSS in Simple Cashiering System
XSS in Simple Cashiering System. Contribute to maikroservice/CVE-2022-3949 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
GitHub
GitHub - ipsBruno/CVE-2022-40140-SCANNER: A Shodan hunter for CVE-2022-40140
A Shodan hunter for CVE-2022-40140 . Contribute to ipsBruno/CVE-2022-40140-SCANNER development by creating an account on GitHub.
** nps ** 🔧Tool update
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
GitHub
Merge pull request #866 from freeoa/master · ehang-io/nps@ab648d6
add build to apple silicon(M1)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43096
Github: https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096
Describe:
**
Mumber: CVE-2022-43096
Github: https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096
Describe:
**
GitHub
GitHub - ProxyStaffy/Mediatrix-CVE-2022-43096
Contribute to ProxyStaffy/Mediatrix-CVE-2022-43096 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30525
Github: https://github.com/trhacknon/CVE-2022-30525-Reverse-Shell
Describe:
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Mumber: CVE-2022-30525
Github: https://github.com/trhacknon/CVE-2022-30525-Reverse-Shell
Describe:
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31691
Github: https://github.com/SpindleSec/CVE-2022-31691
Describe:
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
Mumber: CVE-2022-31691
Github: https://github.com/SpindleSec/CVE-2022-31691
Describe:
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
GitHub
GitHub - blipzip/CVE-2022-31691: A write-up of my (so far inconclusive) look into CVE-2022-31691
A write-up of my (so far inconclusive) look into CVE-2022-31691 - blipzip/CVE-2022-31691
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log:
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log:
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>
GitHub
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from … · chaitin/xray@4f47fb1
…'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKal...
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKal...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0441
Github: https://github.com/SDragon1205/cve-2022-0441
Describe:
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
Mumber: CVE-2022-0441
Github: https://github.com/SDragon1205/cve-2022-0441
Describe:
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
GitHub
GitHub - SDragon1205/cve-2022-0441: CVE-2022-0441 - MasterStudy LMS 2.7.6
CVE-2022-0441 - MasterStudy LMS 2.7.6. Contribute to SDragon1205/cve-2022-0441 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40127
Github: https://github.com/Mr-xn/CVE-2022-40127
Describe:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
Mumber: CVE-2022-40127
Github: https://github.com/Mr-xn/CVE-2022-40127
Describe:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
GitHub
GitHub - Mr-xn/CVE-2022-40127: Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC
Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC - Mr-xn/CVE-2022-40127
👍1
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/ae86f08432fce6a4941e245c0373f13e8a2e5f71
commitUpdate log:
Merge remote-tracking branch 'origin/main'
# Conflicts:
# Plugins/webtitle.go
# WebScan/WebScan.go
# WebScan/pocs/Hotel-Internet-Manage-RCE.yml
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/ae86f08432fce6a4941e245c0373f13e8a2e5f71
commitUpdate log:
Merge remote-tracking branch 'origin/main'
# Conflicts:
# Plugins/webtitle.go
# WebScan/WebScan.go
# WebScan/pocs/Hotel-Internet-Manage-RCE.yml
GitHub
Merge remote-tracking branch 'origin/main' · shadow1ng/fscan@ae86f08
# Conflicts:
#
Plugins/webtitle.go
#
WebScan/WebScan.go
#
WebScan/pocs/Hotel-Internet-Manage-RCE.yml
#
Plugins/webtitle.go
#
WebScan/WebScan.go
#
WebScan/pocs/Hotel-Internet-Manage-RCE.yml