👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36067
Github: https://github.com/backcr4t/CVE-2022-36067-MASS-RCE
Describe:
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.
Mumber: CVE-2022-36067
Github: https://github.com/backcr4t/CVE-2022-36067-MASS-RCE
Describe:
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. In versions prior to version 3.9.11, a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.11 of vm2. There are no known workarounds.
GitHub
GitHub - backcr4t/CVE-2022-36067-MASS-RCE: vm2 sandbox remote code execution [mass adding] [payload send for botnets]
vm2 sandbox remote code execution [mass adding] [payload send for botnets] - GitHub - backcr4t/CVE-2022-36067-MASS-RCE: vm2 sandbox remote code execution [mass adding] [payload send for botnets]
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-0824
Github: https://github.com/pizza-power/golang-webmin-CVE-2022-0824-revshell
Describe:
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
Mumber: CVE-2022-0824
Github: https://github.com/pizza-power/golang-webmin-CVE-2022-0824-revshell
Describe:
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
GitHub
GitHub - pizza-power/golang-webmin-CVE-2022-0824-revshell: Exploit POC for CVE-2022-0824
Exploit POC for CVE-2022-0824. Contribute to pizza-power/golang-webmin-CVE-2022-0824-revshell development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42889
Github: https://github.com/standb/CVE-2022-42889
Describe:
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
Mumber: CVE-2022-42889
Github: https://github.com/standb/CVE-2022-42889
Describe:
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27502
Github: https://github.com/alirezac0/CVE-2022-27502
Describe:
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.
Mumber: CVE-2022-27502
Github: https://github.com/alirezac0/CVE-2022-27502
Describe:
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.
GitHub
GitHub - alirezac0/CVE-2022-27502: Exploit of RealVNC VNC Server
Exploit of RealVNC VNC Server. Contribute to alirezac0/CVE-2022-27502 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-3368
Github: https://github.com/Wh04m1001/CVE-2022-3368
Describe:
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
Mumber: CVE-2022-3368
Github: https://github.com/Wh04m1001/CVE-2022-3368
Describe:
A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556.
GitHub
GitHub - Wh04m1001/CVE-2022-3368
Contribute to Wh04m1001/CVE-2022-3368 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-42899
Github: https://github.com/iamsanjay/CVE-2022-42899
Describe:
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Mumber: CVE-2022-42899
Github: https://github.com/iamsanjay/CVE-2022-42899
Describe:
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
GitHub
GitHub - iamsanjay/CVE-2022-42899
Contribute to iamsanjay/CVE-2022-42899 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-40674
Github: https://github.com/nidhi7598/-expat_2.1.0_CVE-2022-40674
Describe:
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Mumber: CVE-2022-40674
Github: https://github.com/nidhi7598/-expat_2.1.0_CVE-2022-40674
Describe:
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
GitHub
nidhi7598/-expat_2.1.0_CVE-2022-40674
Contribute to nidhi7598/-expat_2.1.0_CVE-2022-40674 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-27414
Github: https://github.com/lus33rr/CVE-2022-27414
Describe:
**
Mumber: CVE-2022-27414
Github: https://github.com/lus33rr/CVE-2022-27414
Describe:
**
GitHub
GitHub - lus33rr/CVE-2022-27414: Exploit of College Website v1.0 CMS - SQL injection
Exploit of College Website v1.0 CMS - SQL injection - lus33rr/CVE-2022-27414
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-21970
Github: https://github.com/Malwareman007/CVE-2022-21970
Describe:
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.
Mumber: CVE-2022-21970
Github: https://github.com/Malwareman007/CVE-2022-21970
Describe:
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21954.
GitHub
GitHub - Malwareman007/CVE-2022-21970: POC OF CVE-2022-21970
POC OF CVE-2022-21970. Contribute to Malwareman007/CVE-2022-21970 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-29303
Github: https://github.com/trhacknon/CVE-2022-29303-Exploit
Describe:
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
Mumber: CVE-2022-29303
Github: https://github.com/trhacknon/CVE-2022-29303-Exploit
Describe:
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.
GitHub
GitHub - trhacknon/CVE-2022-29303-Exploit
Contribute to trhacknon/CVE-2022-29303-Exploit development by creating an account on GitHub.
👍1
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
GitHub
Merge pull request #225 from evilAdan0s/main · shadow1ng/fscan@38e48ba
去除弱特征:过时UA头
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-2402
Github: https://github.com/SecurityAndStuff/CVE-2022-2402
Describe:
The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.
Mumber: CVE-2022-2402
Github: https://github.com/SecurityAndStuff/CVE-2022-2402
Describe:
The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.
GitHub
GitHub - SecurityAndStuff/CVE-2022-2402
Contribute to SecurityAndStuff/CVE-2022-2402 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-1000
Github: https://github.com/yonggui-li/CVE-2022-1000_poc
Describe:
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
Mumber: CVE-2022-1000
Github: https://github.com/yonggui-li/CVE-2022-1000_poc
Describe:
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
GitHub
GitHub - yonggui-li/CVE-2022-1000_poc
Contribute to yonggui-li/CVE-2022-1000_poc development by creating an account on GitHub.
** fscan ** 🔧Tool update
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
Tools name:fscan
Tools url:https://github.com/shadow1ng/fscan/commit/38e48ba4205196e042db8f832a7789b76ee61c5e
commitUpdate log:
Merge pull request #225 from evilAdan0s/main
去除弱特征:过时UA头
GitHub
Merge pull request #225 from evilAdan0s/main · shadow1ng/fscan@38e48ba
去除弱特征:过时UA头
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-36663
Github: https://github.com/Qeisi/CVE-2022-36663-PoC
Describe:
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
Mumber: CVE-2022-36663
Github: https://github.com/Qeisi/CVE-2022-36663-PoC
Describe:
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Server-Side Request Forgery) attacks via a crafted request_uri parameter.
GitHub
GitHub - aqeisi/CVE-2022-36663-PoC: Internal network scanner through Gluu IAM blind ssrf
Internal network scanner through Gluu IAM blind ssrf - aqeisi/CVE-2022-36663-PoC
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-37704
Github: https://github.com/MaherAzzouzi/CVE-2022-37704
Describe:
**
Mumber: CVE-2022-37704
Github: https://github.com/MaherAzzouzi/CVE-2022-37704
Describe:
**
GitHub
GitHub - MaherAzzouzi/CVE-2022-37704: Amanda 3.5.1 LPE
Amanda 3.5.1 LPE. Contribute to MaherAzzouzi/CVE-2022-37704 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-38813
Github: https://github.com/RashidKhanPathan/CVE-2022-38813
Describe:
**
Mumber: CVE-2022-38813
Github: https://github.com/RashidKhanPathan/CVE-2022-38813
Describe:
**
GitHub
GitHub - RashidKhanPathan/CVE-2022-38813: Authenticated Vertical Privilege Escalation Vulnerability in Blood Donor Management System
Authenticated Vertical Privilege Escalation Vulnerability in Blood Donor Management System - RashidKhanPathan/CVE-2022-38813
** mimikatz ** 🔧Tool update
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
Tools name:mimikatz
Tools url:https://github.com/gentilkiwi/mimikatz/commit/c78b1cf37c517ae9d0e872447bb103da9fa6034a
commitUpdate log:
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
GitHub
Revert to Visual Studio 2013 (due to an error in Microsoft headers, c… · gentilkiwi/mimikatz@c78b1cf
…an't build in Win32)