👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
Mumber: CVE-2022-1015
Github: https://github.com/ysanatomic/CVE-2022-1015
Describe:
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
GitHub
GitHub - ysanatomic/CVE-2022-1015: A write-up and LPE PoC of an OOB read and write vulnerability in the Linux Kernel.
A write-up and LPE PoC of an OOB read and write vulnerability in the Linux Kernel. - ysanatomic/CVE-2022-1015
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**
Mumber: CVE-2022-3949
Github: https://github.com/maikroservice/CVE-2022-3949
Describe:
**
GitHub
GitHub - maikroservice/CVE-2022-3949: XSS in Simple Cashiering System
XSS in Simple Cashiering System. Contribute to maikroservice/CVE-2022-3949 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Mumber: CVE-2022-40140
Github: https://github.com/ipsBruno/CVE-2022-40140-SCANNER
Describe:
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
GitHub
GitHub - ipsBruno/CVE-2022-40140-SCANNER: A Shodan hunter for CVE-2022-40140
A Shodan hunter for CVE-2022-40140 . Contribute to ipsBruno/CVE-2022-40140-SCANNER development by creating an account on GitHub.
** nps ** 🔧Tool update
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
Tools name:nps
Tools url:https://github.com/ehang-io/nps/commit/ab648d6f0c618c690a7a79948a7ebd686e1cdafc
commitUpdate log:
Merge pull request #866 from freeoa/master
add build to apple silicon(M1)
GitHub
Merge pull request #866 from freeoa/master · ehang-io/nps@ab648d6
add build to apple silicon(M1)
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**
Mumber: CVE-2022-2601
Github: https://github.com/zhangboyang/cve-2022-2601
Describe:
**
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43096
Github: https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096
Describe:
**
Mumber: CVE-2022-43096
Github: https://github.com/ProxyStaffy/Mediatrix-CVE-2022-43096
Describe:
**
GitHub
GitHub - ProxyStaffy/Mediatrix-CVE-2022-43096
Contribute to ProxyStaffy/Mediatrix-CVE-2022-43096 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-30525
Github: https://github.com/trhacknon/CVE-2022-30525-Reverse-Shell
Describe:
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Mumber: CVE-2022-30525
Github: https://github.com/trhacknon/CVE-2022-30525-Reverse-Shell
Describe:
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-31691
Github: https://github.com/SpindleSec/CVE-2022-31691
Describe:
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
Mumber: CVE-2022-31691
Github: https://github.com/SpindleSec/CVE-2022-31691
Describe:
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker.
GitHub
GitHub - blipzip/CVE-2022-31691: A write-up of my (so far inconclusive) look into CVE-2022-31691
A write-up of my (so far inconclusive) look into CVE-2022-31691 - blipzip/CVE-2022-31691
** xray ** 🔧Tool update
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log:
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>
Tools name:xray
Tools url:https://github.com/chaitin/xray/commit/4f47fb13a2454590309eaf2279ba2c9a3b1150fe
commitUpdate log:
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from 'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Co-authored-by: DroidKali <DroidKali@users.noreply.github.com>
GitHub
Fix Python3 Flask bug: ImportError: cannot import name 'escape' from … · chaitin/xray@4f47fb1
…'jinja2' (/usr/local/lib/python3.9/dist-packages/jinja2/__init__.py) (#1680)
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKal...
Signed-off-by: DroidKali <DroidKali@users.noreply.github.com>
Signed-off-by: DroidKal...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0441
Github: https://github.com/SDragon1205/cve-2022-0441
Describe:
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
Mumber: CVE-2022-0441
Github: https://github.com/SDragon1205/cve-2022-0441
Describe:
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
GitHub
GitHub - SDragon1205/cve-2022-0441: CVE-2022-0441 - MasterStudy LMS 2.7.6
CVE-2022-0441 - MasterStudy LMS 2.7.6. Contribute to SDragon1205/cve-2022-0441 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40127
Github: https://github.com/Mr-xn/CVE-2022-40127
Describe:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
Mumber: CVE-2022-40127
Github: https://github.com/Mr-xn/CVE-2022-40127
Describe:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
GitHub
GitHub - Mr-xn/CVE-2022-40127: Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC
Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC - Mr-xn/CVE-2022-40127
👍1
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/ae86f08432fce6a4941e245c0373f13e8a2e5f71
commitUpdate log:
Merge remote-tracking branch 'origin/main'
# Conflicts:
# Plugins/webtitle.go
# WebScan/WebScan.go
# WebScan/pocs/Hotel-Internet-Manage-RCE.yml
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/ae86f08432fce6a4941e245c0373f13e8a2e5f71
commitUpdate log:
Merge remote-tracking branch 'origin/main'
# Conflicts:
# Plugins/webtitle.go
# WebScan/WebScan.go
# WebScan/pocs/Hotel-Internet-Manage-RCE.yml
GitHub
Merge remote-tracking branch 'origin/main' · shadow1ng/fscan@ae86f08
# Conflicts:
#
Plugins/webtitle.go
#
WebScan/WebScan.go
#
WebScan/pocs/Hotel-Internet-Manage-RCE.yml
#
Plugins/webtitle.go
#
WebScan/WebScan.go
#
WebScan/pocs/Hotel-Internet-Manage-RCE.yml
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3992
Github: https://github.com/Urban4/CVE-2022-3992
Describe:
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.
Mumber: CVE-2022-3992
Github: https://github.com/Urban4/CVE-2022-3992
Describe:
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.
GitHub
GitHub - Urban4/CVE-2022-3992: Cross Site Scripting on sanitization-management-system
Cross Site Scripting on sanitization-management-system - GitHub - Urban4/CVE-2022-3992: Cross Site Scripting on sanitization-management-system
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3546
Github: https://github.com/thehackingverse/CVE-2022-3546
Describe:
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.
Mumber: CVE-2022-3546
Github: https://github.com/thehackingverse/CVE-2022-3546
Describe:
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.
GitHub
GitHub - thehackingverse/CVE-2022-3546
Contribute to thehackingverse/CVE-2022-3546 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-44830
Github: https://github.com/RashidKhanPathan/CVE-2022-44830
Describe:
**
Mumber: CVE-2022-44830
Github: https://github.com/RashidKhanPathan/CVE-2022-44830
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-44830
Contribute to RashidKhanPathan/CVE-2022-44830 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43117
Github: https://github.com/RashidKhanPathan/CVE-2022-43117
Describe:
**
Mumber: CVE-2022-43117
Github: https://github.com/RashidKhanPathan/CVE-2022-43117
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-43117
Contribute to RashidKhanPathan/CVE-2022-43117 development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/releases/tag/1.8.2
Update log:
加入hash碰撞、wmiiexec无回显命令执行
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/releases/tag/1.8.2
Update log:
加入hash碰撞、wmiiexec无回显命令执行
GitHub
Release fscan 1.8.2 · shadow1ng/fscan
加入hash碰撞、wmiiexec无回显命令执行
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41923
Github: https://github.com/grails/GSSC-CVE-2022-41923
Describe:
**
Mumber: CVE-2022-41923
Github: https://github.com/grails/GSSC-CVE-2022-41923
Describe:
**
GitHub
GitHub - grails/GSSC-CVE-2022-41923
Contribute to grails/GSSC-CVE-2022-41923 development by creating an account on GitHub.