Update Sat Feb 26 01:28:31 UTC 2022

2006/CVE-2006-0778.md

@@ -0,0 +1,17 @@
+### [CVE-2006-0778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0778)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php.
+
+### POC
+
+#### Reference
+- http://www.securityfocus.com/archive/1/425084/100/0/threaded
+
+#### Github
+No PoCs found on GitHub currently.
+

2006/CVE-2006-0779.md

@@ -0,0 +1,17 @@
+### [CVE-2006-0779](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0779)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.
+
+### POC
+
+#### Reference
+- http://www.securityfocus.com/archive/1/425084/100/0/threaded
+
+#### Github
+No PoCs found on GitHub currently.
+

2015/CVE-2015-1427.md

@@ -31,4 +31,5 @@ The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3
 - https://github.com/marcocesarato/Shell-BotKiller
 - https://github.com/shildenbrand/Exploits
 - https://github.com/superfish9/pt
+- https://github.com/waqeen/cyber_security21
 

2015/CVE-2015-3306.md

@@ -29,5 +29,6 @@ The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write t
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/vshaliii/Funbox2-rookie
+- https://github.com/waqeen/cyber_security21
 - https://github.com/xbl3/awesome-cve-poc_qazbnm456
 

2016/CVE-2016-10033.md

@@ -139,6 +139,7 @@ The mailSend function in the isMail transport in PHPMailer before 5.2.18 might a
 - https://github.com/vaartjesd/test
 - https://github.com/vatann07/BloodConnect
 - https://github.com/vedavith/mailer
+- https://github.com/waqeen/cyber_security21
 - https://github.com/wesandradealves/sitio_email_api_demo
 - https://github.com/windypermadi/PHP-Mailer
 - https://github.com/xbl3/awesome-cve-poc_qazbnm456

2016/CVE-2016-9299.md

@@ -18,6 +18,7 @@ The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote a
 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs
 - https://github.com/klausware/Java-Deserialization-Cheat-Sheet
+- https://github.com/mandiant/heyserial
 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
 - https://github.com/superfish9/pt
 

2017/CVE-2017-0213.md

@@ -13,6 +13,7 @@ Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1,
 - https://www.exploit-db.com/exploits/42020/
 
 #### Github
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/AfvanMoopen/tryhackme-
 - https://github.com/Al1ex/WindowsElevation
 - https://github.com/AndreaOm/awesome-stars

2017/CVE-2017-1002101.md

@@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/Pray3r/cloud-native-security
 - https://github.com/bgeesaman/subpath-exploit
 - https://github.com/h34dless/kubernetes-pocs
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/reni2study/Cloud-Native-Security2
 - https://github.com/ssst0n3/docker_archive

2017/CVE-2017-1002102.md

@@ -0,0 +1,17 @@
+### [CVE-2017-1002102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1002102)
+![](https://img.shields.io/static/v1?label=Product&message=Kubernetes&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.3.x%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=handled%20symbolic%20links%20insecurely&color=brighgreen)
+
+### Description
+
+In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
+

2017/CVE-2017-5638.md

@@ -77,6 +77,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be
 - https://github.com/gmu-swe/rivulet
 - https://github.com/gobysec/Goby
 - https://github.com/gsfish/S2-Reaper
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/hellochunqiu/PayloadsAllTheThings
 - https://github.com/hktalent/myhktools
 - https://github.com/homjxi0e/CVE-2017-5638

2017/CVE-2017-8464.md

@@ -15,6 +15,7 @@ Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi
 
 #### Github
 - https://github.com/3gstudent/CVE-2017-8464-EXP
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Al1ex/WindowsElevation
 - https://github.com/Apri1y/Red-Team-links
 - https://github.com/Ascotbe/Kernelhub

2018/CVE-2018-0743.md

@@ -14,6 +14,7 @@ Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709,
 - https://www.exploit-db.com/exploits/43962/
 
 #### Github
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Jkrasher/WindowsThreatResearch_JKrasher
 - https://github.com/Micr067/windows-kernel-exploits
 - https://github.com/QChiLan/win-exploit

2018/CVE-2018-0833.md

@@ -14,6 +14,7 @@ The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8
 - https://www.exploit-db.com/exploits/44189/
 
 #### Github
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Al1ex/WindowsElevation
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/Jkrasher/WindowsThreatResearch_JKrasher

2018/CVE-2018-1000548.md

@@ -11,6 +11,7 @@ Umlet version < 14.3 contains a XML External Entity (XXE) vulnerability in File
 
 #### Reference
 - http://0dd.zone/2018/04/23/UMLet-XXE/
+- https://github.com/umlet/umlet/issues/500
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-1002100.md

@@ -16,4 +16,5 @@ In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, t
 #### Github
 - https://github.com/Metarget/awesome-cloud-native-security
 - https://github.com/Metarget/metarget
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 

2018/CVE-2018-1002105.md

@@ -29,6 +29,7 @@ In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect ha
 - https://github.com/evict/poc_CVE-2018-1002105
 - https://github.com/g3rzi/HackingKubernetes
 - https://github.com/gravitational/cve-2018-1002105
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/k8s-sec/k8s-sec.github.io
 - https://github.com/merlinxcy/ToolBox
 - https://github.com/owen800q/Awesome-Stars

2018/CVE-2018-1038.md

@@ -14,6 +14,7 @@ The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an ele
 - https://www.exploit-db.com/exploits/44581/
 
 #### Github
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/Jkrasher/WindowsThreatResearch_JKrasher
 - https://github.com/Micr067/windows-kernel-exploits

2018/CVE-2018-10716.md

@@ -0,0 +1,17 @@
+### [CVE-2018-10716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10716)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly considered.
+
+### POC
+
+#### Reference
+- https://github.com/rebol0x6c/2345_msg_poc
+
+#### Github
+No PoCs found on GitHub currently.
+

2018/CVE-2018-10790.md

@@ -11,6 +11,7 @@ The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote a
 
 #### Reference
 - https://docs.google.com/document/d/1OSwQjtyALgV3OulmWGaTqZrSzk7Ta-xGrcLI0I7SPyM
+- https://github.com/axiomatic-systems/Bento4/issues/390
 
 #### Github
 No PoCs found on GitHub currently.

2018/CVE-2018-18264.md

@@ -16,4 +16,5 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/Elsfa7-110/kenzer-templates
 - https://github.com/g3rzi/HackingKubernetes
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 

2018/CVE-2018-8120.md

@@ -16,6 +16,7 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon
 
 #### Github
 - https://github.com/0xT11/CVE-POC
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Al1ex/WindowsElevation
 - https://github.com/Apri1y/Red-Team-links
 - https://github.com/Ascotbe/Kernelhub

2018/CVE-2018-8440.md

@@ -24,6 +24,7 @@ An elevation of privilege vulnerability exists when Windows improperly handles c
 
 #### Github
 - https://github.com/0xT11/CVE-POC
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/Jkrasher/WindowsThreatResearch_JKrasher
 - https://github.com/Micr067/windows-kernel-exploits

2018/CVE-2018-8453.md

@@ -26,6 +26,7 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon
 #### Github
 - https://github.com/0xT11/CVE-POC
 - https://github.com/0xpetros/windows-privilage-escalation
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/ExpLife0011/awesome-windows-kernel-security-development
 - https://github.com/FULLSHADE/WindowsExploitationResources

2018/CVE-2018-8639.md

@@ -25,6 +25,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/0xT11/CVE-POC
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/Jkrasher/WindowsThreatResearch_JKrasher
 - https://github.com/Micr067/windows-kernel-exploits

2019/CVE-2019-0803.md

@@ -15,6 +15,7 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon
 
 #### Github
 - https://github.com/0xT11/CVE-POC
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Al1ex/WindowsElevation
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/CnHack3r/Penetration_PoC

2019/CVE-2019-1002100.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/Marquesledivan/terraform-aws-k8s
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/novemberrain-test/k8s-aws
 - https://github.com/saipasham/kub_test-
 - https://github.com/scholzj/aws-kubernetes

2019/CVE-2019-1002101.md

@@ -23,6 +23,7 @@ No PoCs from references.
 - https://github.com/brompwnie/botb
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/g3rzi/HackingKubernetes
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/heroku/bheu19-attacking-cloud-builds
 - https://github.com/k1LoW/oshka

2019/CVE-2019-11245.md

@@ -15,5 +15,6 @@ No PoCs from references.
 #### Github
 - https://github.com/Metarget/awesome-cloud-native-security
 - https://github.com/alphaSeclab/sec-daily-2019
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/reni2study/Cloud-Native-Security2
 

2019/CVE-2019-11247.md

@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/g3rzi/HackingKubernetes
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/stackrox/blog-examples
 

2019/CVE-2019-11248.md

@@ -16,5 +16,6 @@ No PoCs from references.
 - https://github.com/0xT11/CVE-POC
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/Elsfa7-110/kenzer-templates
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/sobinge/nuclei-templates
 

2019/CVE-2019-11249.md

@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/Metarget/awesome-cloud-native-security
 - https://github.com/Metarget/metarget
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 

2019/CVE-2019-11250.md

@@ -13,5 +13,6 @@ The Kubernetes client-go library logs request headers at verbosity levels of 7 o
 No PoCs from references.
 
 #### Github
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/k1LoW/oshka
 

2019/CVE-2019-11358.md

@@ -241,6 +241,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/EricLottman/6.2ftc20-21-PADEMIC-EDITION-master
 - https://github.com/Esquimalt-Atom-Smashers/Chomper_not_working
 - https://github.com/Ethanporath/FtcRobotController-master
+- https://github.com/Ethanporath/Team-20290-BostonBasketbots
 - https://github.com/EvanBartekYeet/FTCRobitControlVNew
 - https://github.com/EvanBartekYeet/NewTestRambotics
 - https://github.com/EvanCWolfe/VicRobotics2020-2021
@@ -365,6 +366,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Im-not-a-bot/roboPiotr
 - https://github.com/Innov8FIRST/UltimateGoal
 - https://github.com/InspirationRobotics/inspiration_ftc
+- https://github.com/IoanaAdrian/FreightFrenzySoftHoarders
 - https://github.com/Iobotics/FTC-2021-FreightFrenzy
 - https://github.com/IronEaglesRobotics/FreightFrenzy
 - https://github.com/IronReign/FreightFrenzyPipeline
@@ -778,6 +780,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/aditWorkspace/SkyStone-master
 - https://github.com/admiralwaffle4/InvictaCode-21-22
 - https://github.com/ahmedCoder12424/FtcRobotController
+- https://github.com/ajenkins13/robotics5017
 - https://github.com/akumar13-you/CRMS8424-FreightFrenzy
 - https://github.com/alexDHS0/FtcRobotController-10630-master
 - https://github.com/alexDHS0/FtcRobotController-master
@@ -814,6 +817,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/ayuram/FtcRobotController
 - https://github.com/banks-4239/FtcRobotController
 - https://github.com/barbaralau3/FTC_2021_FREIGHT-FRENZY
+- https://github.com/barreirobots/FtcRobotController-master
 - https://github.com/batcarrot/Freight-Frenzy-2021-master-2
 - https://github.com/baylocke/UltimateGoalRepo
 - https://github.com/bcbro/14663-UltimateGoal_2021
@@ -888,6 +892,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/ftc-16244/FreightFrenzy
 - https://github.com/ftc-16244/IL_FTC_Minibots
 - https://github.com/ftc-9773/UltimateGoal
+- https://github.com/ftc-team-8013/Ultimate-Goal
 - https://github.com/ftc-team-8813/ftc_app
 - https://github.com/ftc10131/UltimateGoal
 - https://github.com/ftc11109/FtcRobotController2020
@@ -1037,6 +1042,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/modengann/Robotics
 - https://github.com/motherboard7444/2021-FTC-FreightFrenzy-master
 - https://github.com/motherboard7444/2021-Freight-Frenzy-7.0
+- https://github.com/mrHurst/ChouTimeRobotics
 - https://github.com/mrisatmo/Connection2021
 - https://github.com/n0tchmc/FTC4890
 - https://github.com/neobots2903/FtcRobotController-2021

2019/CVE-2019-1458.md

@@ -17,6 +17,7 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon
 #### Github
 - https://github.com/0xT11/CVE-POC
 - https://github.com/0xpetros/windows-privilage-escalation
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/CnHack3r/Penetration_PoC
 - https://github.com/DreamoneOnly/CVE-2019-1458-malware

2019/CVE-2019-16884.md

@@ -16,5 +16,6 @@ No PoCs from references.
 - https://github.com/Metarget/awesome-cloud-native-security
 - https://github.com/Metarget/metarget
 - https://github.com/PRISHIta123/Securing_Open_Source_Components_on_Containers
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/ssst0n3/docker_archive
 

2019/CVE-2019-18211.md

@@ -0,0 +1,17 @@
+### [CVE-2019-18211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18211)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/mandiant/heyserial
+

2019/CVE-2019-18935.md

@@ -28,6 +28,7 @@ Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deseria
 - https://github.com/becrevex/Telerik_CVE-2019-18935
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/hectorgie/PoC-in-GitHub
+- https://github.com/mandiant/heyserial
 - https://github.com/mcgyver5/scrap_telerik
 - https://github.com/murataydemir/CVE-2019-18935
 - https://github.com/noperator/CVE-2019-18935

2019/CVE-2019-5736.md

@@ -54,6 +54,7 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/epsteina16/Docker-Escape-Miner
 - https://github.com/geropl/CVE-2019-5736
+- https://github.com/hacking-kubernetes/hacking-kubernetes.info
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/heroku/bheu19-attacking-cloud-builds
 - https://github.com/jakubkrawczyk/cve-2019-5736
@@ -85,6 +86,7 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow
 - https://github.com/taielab/awesome-hacking-lists
 - https://github.com/twistlock/RunC-CVE-2019-5736
 - https://github.com/twistlock/whoc
+- https://github.com/waqeen/cyber_security21
 - https://github.com/xbl3/awesome-cve-poc_qazbnm456
 - https://github.com/yyqs2008/CVE-2019-5736-PoC-2
 - https://github.com/zhonghual1206/biyi-sealidentify

2020/CVE-2020-0787.md

@@ -23,6 +23,7 @@ An elevation of privilege vulnerability exists when the Windows Background Intel
 
 #### Github
 - https://github.com/0xT11/CVE-POC
+- https://github.com/ASR511-OO7/windows-kernel-exploits
 - https://github.com/Al1ex/WindowsElevation
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/CnHack3r/Penetration_PoC