From c243af7c9b22c51e3182e378db2a5a90daf8c1bf Mon Sep 17 00:00:00 2001 From: "KhulnaSoft [BOT]" Date: Tue, 17 Sep 2024 01:54:00 +0000 Subject: [PATCH] =?UTF-8?q?Updated=20by=20KhulnaSoft=20[BOT]=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- db/cve.sqlite | Bin 1351680 -> 1351680 bytes docs/README.md | 11 ++++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/db/cve.sqlite b/db/cve.sqlite index 041b81205871f09a2ebe98d70e42d7b1d18c3e12..d2ec764c782c1a4231863ea7ea64e21296c2f990 100644 GIT binary patch delta 1312 zcmb7@O>7%Q7=|%k+iN>+lh{o`4Rphyi4!K?nc4NvR;9RBLL;C!!K$LDC^NO!&8qfp z;$5etD%4wPB-#t097a_S(27%~DlJw(+}b<6a6+5_aX^9|df~zW){dRzP*HK5`F@`7 zedn9j!-dwvh0l)owmu&%__kcah>wvM8SyhBFcM%S$ViA0k&!SX5k{hn3@{R7>AN;@c$g)u$7~{>2v#S_i&}J&KJCEJyD~ry{q*kHZo1bch9i4m=5@h41`- z`xm$K0p{B-2G)I>Z?@o|d$c_*3Lhk0znYx<<;OU$r-sJ(U(v(_U!4pN@Qu{ap&SG# z3)3o+5e5(fm@df~4XPT>EEUeq0Pnt+;c9Il3Mbs7Wi>fIl4;AE4uVv^^|dWlio@2Csz{jxlZy92?3ZXAz4$fhSGgfufgT^>mebRTvn6v zmp_~f8u^y>dF-Wf3K2`R~G z4P`aBJ75pyTJ6cOP9h7OU+^kVY zudFpYVav4NFE@-;$Cj#AL&}@9wqYB#WK|_9Efi)X!<63b)=P!mQfaaVTM?z!vFDOx{oS$zJt z!NXxG@6@Pm83eDMIqmj&(D_8j+rPc>x&Zf$_P8kIT)6C+u)eY7tl$gQ#U}sA zvp~|M=a_I`@+JJ<`)|(Q8sq=+7l@&x_Pq z$fp%m{06aUd-S3E2s V=xwzIl|AuZ1FU}g_+|nJ{{;|Pf_MM` delta 143 zcmZoT5Y%uWXo583vWYUzjLRAmS`!#s6PQ{Pm|GKAS`%1X6WCf4*jp1gS`#>16S!Iv zxLXr=S`&C%6Zl#a_*)YMS`!3Y6NFk5gtsP$Ea?~HvbHjA4PY(9N=y%EV1BUu>`W13HUMB_E~)?k diff --git a/docs/README.md b/docs/README.md index ed81360..29450dd 100644 --- a/docs/README.md +++ b/docs/README.md @@ -2,13 +2,15 @@ > Automatic monitor github cve using Github Actions -Last generated: 2024-09-16 02:19:05.807519 +Last generated: 2024-09-17 01:51:58.915400 | CVE | Name | Description | Date | |---|---|---|---| | [CVE-2024-7954](https://www.cve.org/CVERecord?id=CVE-2024-7954) | [Chocapikk/CVE-2024-7954](https://github.com/Chocapikk/CVE-2024-7954) | Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12 | 2024-08-10T20:15:41Z | | [CVE-2024-7928](https://www.cve.org/CVERecord?id=CVE-2024-7928) | [bigb0x/CVE-2024-7928](https://github.com/bigb0x/CVE-2024-7928) | Will attempt to retrieve DB details for FastAdmin instances | 2024-08-20T03:09:47Z | | [CVE-2024-7928](https://www.cve.org/CVERecord?id=CVE-2024-7928) | [fa-rrel/CVE-2024-7928](https://github.com/fa-rrel/CVE-2024-7928) | CVE-2024-7928 fastadmin vulnerability POC & Scanning | 2024-08-20T12:15:48Z | +| [CVE-2024-7928](https://www.cve.org/CVERecord?id=CVE-2024-7928) | [th3gokul/CVE-2024-7928](https://github.com/th3gokul/CVE-2024-7928) | CVE-2024-7928: FastAdmin < V1.3.4.20220530 Arbitrary File Reading Vulnerability | 2024-08-23T15:50:30Z | +| [CVE-2024-7928](https://www.cve.org/CVERecord?id=CVE-2024-7928) | [wh6amiGit/CVE-2024-7928](https://github.com/wh6amiGit/CVE-2024-7928) | CVE-2024-7928 FastAdmin < V1.3.4.20220530 exploit | 2024-08-22T14:39:13Z | | [CVE-2024-7703](https://www.cve.org/CVERecord?id=CVE-2024-7703) | [lfillaz/CVE-2024-7703](https://github.com/lfillaz/CVE-2024-7703) | This repository contains an exploit for CVE-2024-7703 in the ARMember WordPress plugin. It allows attackers with Subscriber-level access or higher to upload SVG files with malicious JavaScript, leading to Stored XSS attacks. This can result in executing scripts when the file is accessed, potentially compromising user sessions or data. | 2024-08-17T14:44:08Z | | [CVE-2024-7339](https://www.cve.org/CVERecord?id=CVE-2024-7339) | [RevoltSecurities/CVE-2024-7339](https://github.com/RevoltSecurities/CVE-2024-7339) | An Vulnerability detection and Exploitation tool for CVE-2024-7339 | 2024-08-05T16:26:18Z | | [CVE-2024-7313](https://www.cve.org/CVERecord?id=CVE-2024-7313) | [Wayne-Ker/CVE-2024-7313](https://github.com/Wayne-Ker/CVE-2024-7313) | Custom Proof-of-Concept on XSS to Unauthorized Admin Account Creation via WordPress Plugin Shield Security < 20.0.6 | 2024-08-16T01:01:57Z | @@ -244,6 +246,7 @@ Last generated: 2024-09-16 02:19:05.807519 | [CVE-2024-4358](https://www.cve.org/CVERecord?id=CVE-2024-4358) | [sinsinology/CVE-2024-4358](https://github.com/sinsinology/CVE-2024-4358) | Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800) | 2024-06-03T08:22:10Z | | [CVE-2024-4358](https://www.cve.org/CVERecord?id=CVE-2024-4358) | [verylazytech/CVE-2024-4358](https://github.com/verylazytech/CVE-2024-4358) | Authentication Bypass Vulnerability — CVE-2024–4358 — Telerik Report Server 2024 | 2024-06-09T06:30:06Z | | [CVE-2024-4352](https://www.cve.org/CVERecord?id=CVE-2024-4352) | [truonghuuphuc/CVE-2024-4352-Poc](https://github.com/truonghuuphuc/CVE-2024-4352-Poc) | CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection | 2024-05-16T14:55:43Z | +| [CVE-2024-43425](https://www.cve.org/CVERecord?id=CVE-2024-43425) | [RedTeamPentesting/moodle-rce-calculatedquestions](https://github.com/RedTeamPentesting/moodle-rce-calculatedquestions) | Scripts for Analysis of a RCE in Moodle Calculated Questions (CVE-2024-43425) | 2024-08-23T09:13:03Z | | [CVE-2024-4323](https://www.cve.org/CVERecord?id=CVE-2024-4323) | [skilfoy/CVE-2024-4323-Exploit-POC](https://github.com/skilfoy/CVE-2024-4323-Exploit-POC) | This proof-of-concept script demonstrates how to exploit CVE-2024-4323, a memory corruption vulnerability in Fluent Bit, enabling remote code execution. | 2024-05-20T15:04:13Z | | [CVE-2024-4323](https://www.cve.org/CVERecord?id=CVE-2024-4323) | [d0rb/CVE-2024-4323](https://github.com/d0rb/CVE-2024-4323) | Critical heap buffer overflow vulnerability in the handle_trace_request and parse_trace_request functions of the Fluent Bit HTTP server. | 2024-05-21T12:59:16Z | | [CVE-2024-4323](https://www.cve.org/CVERecord?id=CVE-2024-4323) | [yuansec/CVE-2024-4323-dos_poc](https://github.com/yuansec/CVE-2024-4323-dos_poc) | no description | 2024-05-22T09:55:30Z | @@ -251,6 +254,7 @@ Last generated: 2024-09-16 02:19:05.807519 | [CVE-2024-43044](https://www.cve.org/CVERecord?id=CVE-2024-43044) | [HwMex0/CVE-2024-43044](https://github.com/HwMex0/CVE-2024-43044) | The script checks Jenkins endpoints for CVE-2024-43044 by retrieving the Jenkins version from the innstance and comparing it against known vulnerable version ranges. | 2024-08-08T08:28:26Z | | [CVE-2024-43044](https://www.cve.org/CVERecord?id=CVE-2024-43044) | [jenkinsci-cert/SECURITY-3430](https://github.com/jenkinsci-cert/SECURITY-3430) | This repository provides a workaround preventing exploitation of SECURITY-3430 / CVE-2024-43044 | 2024-08-08T11:55:32Z | | [CVE-2024-43044](https://www.cve.org/CVERecord?id=CVE-2024-43044) | [v9d0g/CVE-2024-43044-POC](https://github.com/v9d0g/CVE-2024-43044-POC) | CVE-2024-43044的利用方式 | 2024-08-13T07:32:35Z | +| [CVE-2024-43035](https://www.cve.org/CVERecord?id=CVE-2024-43035) | [ZeroPathAI/Fonoster-LFI-PoC](https://github.com/ZeroPathAI/Fonoster-LFI-PoC) | Proof-of-concept exploit for Fonoster LFI vulnerability (CVE-2024-43035) | 2024-08-21T21:12:14Z | | [CVE-2024-42992](https://www.cve.org/CVERecord?id=CVE-2024-42992) | [thanhh23/CVE-2024-42992](https://github.com/thanhh23/CVE-2024-42992) | CVE-2024-42992 | 2024-08-26T03:13:45Z | | [CVE-2024-4295](https://www.cve.org/CVERecord?id=CVE-2024-4295) | [truonghuuphuc/CVE-2024-4295-Poc](https://github.com/truonghuuphuc/CVE-2024-4295-Poc) | CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash | 2024-06-05T09:29:20Z | | [CVE-2024-4295](https://www.cve.org/CVERecord?id=CVE-2024-4295) | [cve-2024/CVE-2024-4295-Poc](https://github.com/cve-2024/CVE-2024-4295-Poc) | no description | 2024-06-14T07:04:36Z | @@ -654,6 +658,7 @@ Last generated: 2024-09-16 02:19:05.807519 | [CVE-2024-31497](https://www.cve.org/CVERecord?id=CVE-2024-31497) | [edutko/cve-2024-31497](https://github.com/edutko/cve-2024-31497) | no description | 2024-04-17T10:43:42Z | | [CVE-2024-31497](https://www.cve.org/CVERecord?id=CVE-2024-31497) | [HugoBond/CVE-2024-31497-POC](https://github.com/HugoBond/CVE-2024-31497-POC) | Proof Of Concept that exploits PuTTy CVE-2024-31497. | 2024-05-10T14:30:50Z | | [CVE-2024-31351](https://www.cve.org/CVERecord?id=CVE-2024-31351) | [KTN1990/CVE-2024-31351_wordpress_exploit](https://github.com/KTN1990/CVE-2024-31351_wordpress_exploit) | Wordpress - Copymatic – AI Content Writer & Generator <= 1.6 - Unauthenticated Arbitrary File Upload | 2024-05-25T04:02:23Z | +| [CVE-2024-31319](https://www.cve.org/CVERecord?id=CVE-2024-31319) | [23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039](https://github.com/23Nero/fix-02-failure-CVE-2024-31319-CVE-2024-0039) | no description | 2024-08-23T06:28:12Z | | [CVE-2024-31211](https://www.cve.org/CVERecord?id=CVE-2024-31211) | [Abdurahmon3236/-CVE-2024-31211](https://github.com/Abdurahmon3236/-CVE-2024-31211) | no description | 2024-08-03T19:26:55Z | | [CVE-2024-31210](https://www.cve.org/CVERecord?id=CVE-2024-31210) | [Abo5/CVE-2024-31210](https://github.com/Abo5/CVE-2024-31210) | This Ruby script checks if a given WordPress site is vulnerable to CVE-2024-31210, which allows administrator-level users on single-site installations and Super Admin-level users on Multisite installations to execute arbitrary PHP code via the plugin upload mechanism. | 2024-06-13T00:24:56Z | | [CVE-2024-3116](https://www.cve.org/CVERecord?id=CVE-2024-3116) | [TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4](https://github.com/TechieNeurons/CVE-2024-3116_RCE_in_pgadmin_8.4) | Making a lab and testing the CVE-2024-3116, a Remote Code Execution in pgadmin <=8.4 | 2024-04-07T23:03:55Z | @@ -1274,6 +1279,7 @@ Last generated: 2024-09-16 02:19:05.807519 | [CVE-2024-21762](https://www.cve.org/CVERecord?id=CVE-2024-21762) | [rdoix/cve-2024-21762-checker](https://github.com/rdoix/cve-2024-21762-checker) | no description | 2024-06-20T02:58:02Z | | [CVE-2024-21754](https://www.cve.org/CVERecord?id=CVE-2024-21754) | [CyberSecuritist/CVE-2024-21754-Forti-RCE](https://github.com/CyberSecuritist/CVE-2024-21754-Forti-RCE) | no description | 2024-06-27T18:52:06Z | | [CVE-2024-21733](https://www.cve.org/CVERecord?id=CVE-2024-21733) | [LtmThink/CVE-2024-21733](https://github.com/LtmThink/CVE-2024-21733) | 一个验证对CVE-2024-21733 | 2024-08-15T09:47:32Z | +| [CVE-2024-21689](https://www.cve.org/CVERecord?id=CVE-2024-21689) | [salvadornakamura/CVE-2024-21689](https://github.com/salvadornakamura/CVE-2024-21689) | CVE-2024–21689 RCE Bamboo Data Center and Server Atlassian POC | 2024-08-23T15:32:50Z | | [CVE-2024-21683](https://www.cve.org/CVERecord?id=CVE-2024-21683) | [r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server](https://github.com/r00t7oo2jm/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server) | This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable Confluence server. The vulnerability exists due to an improper validation of user-supplied input in the Confluence REST API. This allows an attacker to inject malicious code into the Confluence server, which can then be executed by the server | 2024-05-23T02:10:24Z | | [CVE-2024-21683](https://www.cve.org/CVERecord?id=CVE-2024-21683) | [absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server](https://github.com/absholi7ly/-CVE-2024-21683-RCE-in-Confluence-Data-Center-and-Server) | This vulnerability could allow an attacker to take complete control of a vulnerable Confluence server. This could allow the attacker to steal data, modify data, or disrupt the availability of the server. | 2024-05-24T05:38:18Z | | [CVE-2024-21683](https://www.cve.org/CVERecord?id=CVE-2024-21683) | [W01fh4cker/CVE-2024-21683-RCE](https://github.com/W01fh4cker/CVE-2024-21683-RCE) | CVE-2024-21683 Confluence Post Auth RCE | 2024-05-23T09:05:40Z | @@ -3020,6 +3026,7 @@ Last generated: 2024-09-16 02:19:05.807519 | [CVE-2023-23752](https://www.cve.org/CVERecord?id=CVE-2023-23752) | [N3rdyN3xus/CVE-2023-23752](https://github.com/N3rdyN3xus/CVE-2023-23752) | Joomla! v4.2.8 - Unauthenticated information disclosure | 2024-05-04T18:44:12Z | | [CVE-2023-23638](https://www.cve.org/CVERecord?id=CVE-2023-23638) | [YYHYlh/Apache-Dubbo-CVE-2023-23638-exp](https://github.com/YYHYlh/Apache-Dubbo-CVE-2023-23638-exp) | Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践 | 2023-05-11T07:37:52Z | | [CVE-2023-23638](https://www.cve.org/CVERecord?id=CVE-2023-23638) | [CKevens/CVE-2023-23638-Tools](https://github.com/CKevens/CVE-2023-23638-Tools) | no description | 2023-06-08T05:14:01Z | +| [CVE-2023-23607](https://www.cve.org/CVERecord?id=CVE-2023-23607) | [Pylonet/CVE-2023-23607](https://github.com/Pylonet/CVE-2023-23607) | no description | 2024-06-16T10:50:32Z | | [CVE-2023-23583](https://www.cve.org/CVERecord?id=CVE-2023-23583) | [Mav3r1ck0x1/CVE-2023-23583-Reptar-](https://github.com/Mav3r1ck0x1/CVE-2023-23583-Reptar-) | This script can help determine the CPU ID for the processor of your system, please note that I have not added every CPU ID to this script, edit as needed. | 2023-11-22T15:02:49Z | | [CVE-2023-23488](https://www.cve.org/CVERecord?id=CVE-2023-23488) | [cybfar/CVE-2023-23488-pmpro-2.8](https://github.com/cybfar/CVE-2023-23488-pmpro-2.8) | Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection | 2023-06-07T17:30:25Z | | [CVE-2023-23397](https://www.cve.org/CVERecord?id=CVE-2023-23397) | [Muhammad-Ali007/OutlookNTLM_CVE-2023-23397](https://github.com/Muhammad-Ali007/OutlookNTLM_CVE-2023-23397) | no description | 2023-07-14T22:02:55Z | @@ -3531,6 +3538,7 @@ Last generated: 2024-09-16 02:19:05.807519 | [CVE-2022-25943](https://www.cve.org/CVERecord?id=CVE-2022-25943) | [webraybtl/CVE-2022-25943](https://github.com/webraybtl/CVE-2022-25943) | CVE-2022-25943 | 2022-04-22T08:30:55Z | | [CVE-2022-2588](https://www.cve.org/CVERecord?id=CVE-2022-2588) | [dom4570/CVE-2022-2588](https://github.com/dom4570/CVE-2022-2588) | no description | 2023-03-09T21:29:56Z | | [CVE-2022-2588](https://www.cve.org/CVERecord?id=CVE-2022-2588) | [veritas501/CVE-2022-2588](https://github.com/veritas501/CVE-2022-2588) | CVE-2022-2588 | 2023-03-02T07:45:22Z | +| [CVE-2022-25813](https://www.cve.org/CVERecord?id=CVE-2022-25813) | [mbadanoiu/CVE-2022-25813](https://github.com/mbadanoiu/CVE-2022-25813) | CVE-2022-25813: FreeMarker Server-Side Template Injection in Apache OfBiz | 2023-12-17T20:43:26Z | | [CVE-2022-25765](https://www.cve.org/CVERecord?id=CVE-2022-25765) | [UNICORDev/exploit-CVE-2022-25765](https://github.com/UNICORDev/exploit-CVE-2022-25765) | Exploit for CVE-2022–25765 (pdfkit) - Command Injection | 2023-02-10T00:50:35Z | | [CVE-2022-25315](https://www.cve.org/CVERecord?id=CVE-2022-25315) | [hshivhare67/external_expat_v2.1.0_CVE-2022-25315](https://github.com/hshivhare67/external_expat_v2.1.0_CVE-2022-25315) | no description | 2023-04-06T05:42:39Z | | [CVE-2022-25313](https://www.cve.org/CVERecord?id=CVE-2022-25313) | [Trinadh465/external_expat-2.1.0_CVE-2022-25313](https://github.com/Trinadh465/external_expat-2.1.0_CVE-2022-25313) | no description | 2023-04-12T05:30:46Z | @@ -4015,6 +4023,7 @@ Last generated: 2024-09-16 02:19:05.807519 | [CVE-2021-29156](https://www.cve.org/CVERecord?id=CVE-2021-29156) | [guidepointsecurity/CVE-2021-29156](https://github.com/guidepointsecurity/CVE-2021-29156) | Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0. | 2021-11-03T13:21:50Z | | [CVE-2021-29003](https://www.cve.org/CVERecord?id=CVE-2021-29003) | [jaysharma786/CVE-2021-29003](https://github.com/jaysharma786/CVE-2021-29003) | no description | 2021-09-15T06:14:47Z | | [CVE-2021-28165](https://www.cve.org/CVERecord?id=CVE-2021-28165) | [uthrasri/CVE-2021-28165](https://github.com/uthrasri/CVE-2021-28165) | no description | 2023-11-02T11:08:06Z | +| [CVE-2021-28165](https://www.cve.org/CVERecord?id=CVE-2021-28165) | [hshivhare67/Jetty_v9.4.31_CVE-2021-28165](https://github.com/hshivhare67/Jetty_v9.4.31_CVE-2021-28165) | no description | 2023-11-16T07:15:37Z | | [CVE-2021-28164](https://www.cve.org/CVERecord?id=CVE-2021-28164) | [jammy0903/-jettyCVE-2021-28164-](https://github.com/jammy0903/-jettyCVE-2021-28164-) | jetty /CVE-2021-28164/분석 및 결과 | 2023-10-31T14:59:29Z | | [CVE-2021-27928](https://www.cve.org/CVERecord?id=CVE-2021-27928) | [LalieA/CVE-2021-27928](https://github.com/LalieA/CVE-2021-27928) | A Proof of Concept for the CVE-2021-27928 flaw exploitation | 2022-12-14T17:36:38Z | | [CVE-2021-27928](https://www.cve.org/CVERecord?id=CVE-2021-27928) | [YourKeeper/SunScope](https://github.com/YourKeeper/SunScope) | Inspired by Ambassador on HackTheBox to exploit the now patched CVE-2021-43798 | 2022-12-14T05:11:57Z |