👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40127
Github: https://github.com/Mr-xn/CVE-2022-40127
Describe:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
Mumber: CVE-2022-40127
Github: https://github.com/Mr-xn/CVE-2022-40127
Describe:
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
GitHub
GitHub - Mr-xn/CVE-2022-40127: Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC
Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC - Mr-xn/CVE-2022-40127
👍1
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/ae86f08432fce6a4941e245c0373f13e8a2e5f71
commitUpdate log:
Merge remote-tracking branch 'origin/main'
# Conflicts:
# Plugins/webtitle.go
# WebScan/WebScan.go
# WebScan/pocs/Hotel-Internet-Manage-RCE.yml
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/ae86f08432fce6a4941e245c0373f13e8a2e5f71
commitUpdate log:
Merge remote-tracking branch 'origin/main'
# Conflicts:
# Plugins/webtitle.go
# WebScan/WebScan.go
# WebScan/pocs/Hotel-Internet-Manage-RCE.yml
GitHub
Merge remote-tracking branch 'origin/main' · shadow1ng/fscan@ae86f08
# Conflicts:
#
Plugins/webtitle.go
#
WebScan/WebScan.go
#
WebScan/pocs/Hotel-Internet-Manage-RCE.yml
#
Plugins/webtitle.go
#
WebScan/WebScan.go
#
WebScan/pocs/Hotel-Internet-Manage-RCE.yml
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3992
Github: https://github.com/Urban4/CVE-2022-3992
Describe:
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.
Mumber: CVE-2022-3992
Github: https://github.com/Urban4/CVE-2022-3992
Describe:
A vulnerability classified as problematic was found in SourceCodester Sanitization Management System. Affected by this vulnerability is an unknown functionality of the file admin/?page=system_info of the component Banner Image Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-213571.
GitHub
GitHub - Urban4/CVE-2022-3992: Cross Site Scripting on sanitization-management-system
Cross Site Scripting on sanitization-management-system - GitHub - Urban4/CVE-2022-3992: Cross Site Scripting on sanitization-management-system
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3546
Github: https://github.com/thehackingverse/CVE-2022-3546
Describe:
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.
Mumber: CVE-2022-3546
Github: https://github.com/thehackingverse/CVE-2022-3546
Describe:
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /csms/admin/?page=user/list of the component Create User Handler. The manipulation of the argument First Name/Last Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-211046 is the identifier assigned to this vulnerability.
GitHub
GitHub - thehackingverse/CVE-2022-3546
Contribute to thehackingverse/CVE-2022-3546 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-44830
Github: https://github.com/RashidKhanPathan/CVE-2022-44830
Describe:
**
Mumber: CVE-2022-44830
Github: https://github.com/RashidKhanPathan/CVE-2022-44830
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-44830
Contribute to RashidKhanPathan/CVE-2022-44830 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43117
Github: https://github.com/RashidKhanPathan/CVE-2022-43117
Describe:
**
Mumber: CVE-2022-43117
Github: https://github.com/RashidKhanPathan/CVE-2022-43117
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-43117
Contribute to RashidKhanPathan/CVE-2022-43117 development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/releases/tag/1.8.2
Update log:
加入hash碰撞、wmiiexec无回显命令执行
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/releases/tag/1.8.2
Update log:
加入hash碰撞、wmiiexec无回显命令执行
GitHub
Release fscan 1.8.2 · shadow1ng/fscan
加入hash碰撞、wmiiexec无回显命令执行
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41923
Github: https://github.com/grails/GSSC-CVE-2022-41923
Describe:
**
Mumber: CVE-2022-41923
Github: https://github.com/grails/GSSC-CVE-2022-41923
Describe:
**
GitHub
GitHub - grails/GSSC-CVE-2022-41923
Contribute to grails/GSSC-CVE-2022-41923 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-45472
Github: https://github.com/nicbrinkley/CVE-2022-45472
Describe:
**
Mumber: CVE-2022-45472
Github: https://github.com/nicbrinkley/CVE-2022-45472
Describe:
**
GitHub
GitHub - nicbrinkley/CVE-2022-45472: DOM Based XSS
DOM Based XSS. Contribute to nicbrinkley/CVE-2022-45472 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-44789
Github: https://github.com/alalng/CVE-2022-44789
Describe:
**
Mumber: CVE-2022-44789
Github: https://github.com/alalng/CVE-2022-44789
Describe:
**
GitHub
GitHub - alalng/CVE-2022-44789
Contribute to alalng/CVE-2022-44789 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-39425
Github: https://github.com/bob11vrdp/CVE-2022-39425
Describe:
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Mumber: CVE-2022-39425
Github: https://github.com/bob11vrdp/CVE-2022-39425
Describe:
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
GitHub
GitHub - bob11vrdp/CVE-2022-39425: CVE-2022-39425 PoC
CVE-2022-39425 PoC. Contribute to bob11vrdp/CVE-2022-39425 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32060
Github: https://github.com/bypazs/CVE-2022-32060
Describe:
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
Mumber: CVE-2022-32060
Github: https://github.com/bypazs/CVE-2022-32060
Describe:
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
GitHub
GitHub - bypazs/CVE-2022-32060: An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2…
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. - bypazs/CVE-2022-32060
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38374
Github: https://github.com/azhurtanov/CVE-2022-38374
Describe:
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
Mumber: CVE-2022-38374
Github: https://github.com/azhurtanov/CVE-2022-38374
Describe:
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
GitHub
GitHub - azhurtanov/CVE-2022-38374
Contribute to azhurtanov/CVE-2022-38374 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2650
Github: https://github.com/HackinKraken/CVE-2022-2650
Describe:
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.
Mumber: CVE-2022-2650
Github: https://github.com/HackinKraken/CVE-2022-2650
Describe:
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-22971
Github: https://github.com/tchize/CVE-2022-22971
Describe:
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
Mumber: CVE-2022-22971
Github: https://github.com/tchize/CVE-2022-22971
Describe:
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
GitHub
GitHub - tchize/CVE-2022-22971
Contribute to tchize/CVE-2022-22971 development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/27c7e3977e6a2c412db7c6c452095075eb3d696c
commitUpdate log:
修改文件保存路径设置
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/27c7e3977e6a2c412db7c6c452095075eb3d696c
commitUpdate log:
修改文件保存路径设置
GitHub
修改文件保存路径设置 · shadow1ng/fscan@27c7e39
一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。. Contribute to shadow1ng/fscan development by creating an account on GitHub.
** Behinder ** 🔧Tool update
Tools name:Behinder
Tools url:https://github.com/rebeyond/Behinder/releases/tag/Behinder_v4.0.6
Update log:
### 2022.11.28 v4.0.6 更新日志
1.修复了Tomcat10中内存马植入无法连接的问题;
2.修复了asp版本内置传输协议的连接问题;
3.修复了传输协议在恢复默认时会出现错误的问题;
4.内置了Javafx库,修复了各类因为Javafx环境无法运行的问题;
5.修复了客户端兼容性问题,客户端兼容Java8至Java19;
6.新增“默认”连接模式,兼容冰蝎3默认服务端;
7.其他的一些优化。
Tools name:Behinder
Tools url:https://github.com/rebeyond/Behinder/releases/tag/Behinder_v4.0.6
Update log:
### 2022.11.28 v4.0.6 更新日志
1.修复了Tomcat10中内存马植入无法连接的问题;
2.修复了asp版本内置传输协议的连接问题;
3.修复了传输协议在恢复默认时会出现错误的问题;
4.内置了Javafx库,修复了各类因为Javafx环境无法运行的问题;
5.修复了客户端兼容性问题,客户端兼容Java8至Java19;
6.新增“默认”连接模式,兼容冰蝎3默认服务端;
7.其他的一些优化。
GitHub
Release Behinder_v4.0.6 · rebeyond/Behinder
2022.11.28 v4.0.6 更新日志
1.修复了Tomcat10中内存马植入无法连接的问题;
2.修复了asp版本内置传输协议的连接问题;
3.修复了传输协议在恢复默认时会出现错误的问题;
4.内置了Javafx库,修复了各类因为Javafx环境无法运行的问题;
5.修复了客户端兼容性问题,客户端兼容Java8至Java19;
6.新增“默认”连接模式,兼容冰蝎3默认服务端;
7.其...
1.修复了Tomcat10中内存马植入无法连接的问题;
2.修复了asp版本内置传输协议的连接问题;
3.修复了传输协议在恢复默认时会出现错误的问题;
4.内置了Javafx库,修复了各类因为Javafx环境无法运行的问题;
5.修复了客户端兼容性问题,客户端兼容Java8至Java19;
6.新增“默认”连接模式,兼容冰蝎3默认服务端;
7.其...
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41413
Github: https://github.com/renmizo/CVE-2022-41413
Describe:
**
Mumber: CVE-2022-41413
Github: https://github.com/renmizo/CVE-2022-41413
Describe:
**
GitHub
GitHub - renmizo/CVE-2022-41413
Contribute to renmizo/CVE-2022-41413 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-41412
Github: https://github.com/renmizo/CVE-2022-41412
Describe:
**
Mumber: CVE-2022-41412
Github: https://github.com/renmizo/CVE-2022-41412
Describe:
**
GitHub
GitHub - renmizo/CVE-2022-41412
Contribute to renmizo/CVE-2022-41412 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-43369
Github: https://github.com/sudoninja-noob/CVE-2022-43369
Describe:
**
Mumber: CVE-2022-43369
Github: https://github.com/sudoninja-noob/CVE-2022-43369
Describe:
**
GitHub
GitHub - sudoninja-noob/CVE-2022-43369
Contribute to sudoninja-noob/CVE-2022-43369 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-45217
Github: https://github.com/sudoninja-noob/CVE-2022-45217
Describe:
**
Mumber: CVE-2022-45217
Github: https://github.com/sudoninja-noob/CVE-2022-45217
Describe:
**
GitHub
GitHub - sudoninja-noob/CVE-2022-45217
Contribute to sudoninja-noob/CVE-2022-45217 development by creating an account on GitHub.