Update Sat Feb 19 21:59:41 UTC 2022

m4ll0k · Feb 19, 2022 · 90bbd06 · 90bbd06
1 parent a184de7
commit 90bbd06
Show file tree

Hide file tree

Showing 2,257 changed files with 18,017 additions and 199 deletions.
diff --git a/2009/CVE-2009-2009.md b/2009/CVE-2009-2009.md
@@ -0,0 +1,17 @@
+### [CVE-2009-2009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2009)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/wst24365888/get_code_segment
+
diff --git a/2010/CVE-2010-1240.md b/2010/CVE-2010-1240.md
@@ -14,5 +14,5 @@ Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and M
 - http://blog.didierstevens.com/2010/06/29/quickpost-no-escape-from-pdf/
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Jasmoon99/Embedded-PDF
 
diff --git a/2010/CVE-2010-1256.md b/2010/CVE-2010-1256.md
@@ -13,5 +13,5 @@ Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Prot
 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-040
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Romulus968/copycat
 
diff --git a/2010/CVE-2010-1899.md b/2010/CVE-2010-1899.md
@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/Al1ex/WindowsElevation
+- https://github.com/Romulus968/copycat
 - https://github.com/fei9747/WindowsElevation
 
diff --git a/2010/CVE-2010-2330.md b/2010/CVE-2010-2330.md
@@ -13,5 +13,5 @@ Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote a
 - http://www.exploit-db.com/exploits/13876
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/GihanJ/Structured-Exception-Handling-SEH-Buffer-Overflow
 
diff --git a/2010/CVE-2010-2331.md b/2010/CVE-2010-2331.md
@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/0xhuesca/CVE-2019-18655
+- https://github.com/GihanJ/Structured-Exception-Handling-SEH-Buffer-Overflow
 - https://github.com/developer3000S/PoC-in-GitHub
 
diff --git a/2010/CVE-2010-2730.md b/2010/CVE-2010-2730.md
@@ -13,5 +13,6 @@ Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastC
 No PoCs from references.
 
 #### Github
+- https://github.com/Romulus968/copycat
 - https://github.com/ycdxsb/WindowsPrivilegeEscalation
 
diff --git a/2010/CVE-2010-3333.md b/2010/CVE-2010-3333.md
@@ -14,8 +14,11 @@ No PoCs from references.
 
 #### Github
 - https://github.com/CERT-hr/modified_cve-search
+- https://github.com/ZeroRaidStudios/api.notzerotwo.ml
 - https://github.com/cve-search/cve-search
 - https://github.com/cve-search/cve-search-ng
+- https://github.com/djschleen/ash
+- https://github.com/doshyt/cve-monitor
 - https://github.com/enthought/cve-search
 - https://github.com/extremenetworks/cve-search-src
 - https://github.com/miradam/cve-search

diff --git a/2010/CVE-2010-3972.md b/2010/CVE-2010-3972.md
@@ -14,5 +14,5 @@ Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in
 - http://www.exploit-db.com/exploits/15803
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Romulus968/copycat
 
diff --git a/2010/CVE-2010-4662.md b/2010/CVE-2010-4662.md
@@ -13,5 +13,6 @@ PmWiki before 2.2.21 has XSS.
 - https://packetstormsecurity.com/files/cve/CVE-2010-4662
 
 #### Github
+- https://github.com/0xffee/Layer2HackerDao
 - https://github.com/plasticuproject/nvd_api
 
diff --git a/2011/CVE-2011-0751.md b/2011/CVE-2011-0751.md
@@ -14,5 +14,6 @@ Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.
 - http://www.redteam-pentesting.de/advisories/rt-sa-2011-001
 
 #### Github
+- https://github.com/NHPT/CVE-2019-16278
 - https://github.com/jas502n/CVE-2019-16278
 
diff --git a/2011/CVE-2011-2461.md b/2011/CVE-2011-2461.md
@@ -14,6 +14,7 @@ Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x befor
 - https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-years-after-patch/111754
 
 #### Github
+- https://github.com/Nieuport/awesome-burp-extensions
 - https://github.com/awc/bappstore_list
 - https://github.com/cranelab/webapp-tech
 - https://github.com/snoopysecurity/awesome-burp-extensions

diff --git a/2011/CVE-2011-2894.md b/2011/CVE-2011-2894.md
@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs
+- https://github.com/galimba/Jackson-deserialization-PoC
 - https://github.com/kajalNair/OSWE-Prep
 
diff --git a/2011/CVE-2011-3374.md b/2011/CVE-2011-3374.md
@@ -14,7 +14,9 @@ No PoCs from references.
 
 #### Github
 - https://github.com/Azure/container-scan
+- https://github.com/KorayAgaya/TrivyWeb
 - https://github.com/cynalytica/container-scan
+- https://github.com/devopstales/trivy-operator
 - https://github.com/drjhunter/container-scan
 - https://github.com/flyrev/security-scan-ci-presentation
 - https://github.com/garethr/findcve

diff --git a/2011/CVE-2011-3389.md b/2011/CVE-2011-3389.md
@@ -19,8 +19,11 @@ The SSL protocol, as used in certain configurations in Microsoft Windows and Mic
 #### Github
 - https://github.com/Artem-Salnikov/devops-netology
 - https://github.com/Astrogeorgeonethree/Starred
+- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
 - https://github.com/WiktorMysz/devops-netology
 - https://github.com/alexandrburyakov/Rep2
 - https://github.com/bysart/devops-netology
+- https://github.com/daniel1302/litecoin
 - https://github.com/garethr/snykout
+- https://github.com/yellownine/netology-DevOps
 
diff --git a/2012/CVE-2012-0217.md b/2012/CVE-2012-0217.md
@@ -15,12 +15,18 @@ The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in
 - https://www.exploit-db.com/exploits/46508/
 
 #### Github
+- https://github.com/Apri1y/Red-Team-links
 - https://github.com/Ascotbe/Kernelhub
 - https://github.com/Echocipher/Resource-list
 - https://github.com/Flerov/WindowsExploitDev
 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE
 - https://github.com/anoaghost/Localroot_Compile
 - https://github.com/cranelab/exploit-development
 - https://github.com/felixlinker/ifc-rv-thesis
+- https://github.com/hudunkey/Red-Team-links
+- https://github.com/john-80/-007
+- https://github.com/lp008/Hack-readme
+- https://github.com/slimdaddy/RedTeam
+- https://github.com/xiaoZ-hc/redtool
 - https://github.com/ycdxsb/WindowsPrivilegeEscalation
 
diff --git a/2012/CVE-2012-0469.md b/2012/CVE-2012-0469.md
@@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/Hwangtaewon/radamsa
 - https://github.com/StephenHaruna/RADAMSA
+- https://github.com/ZihanYe/web-browser-vulnerabilities
 - https://github.com/benoit-a/radamsa
 - https://github.com/sunzu94/radamsa-Fuzzer
 
diff --git a/2012/CVE-2012-1182.md b/2012/CVE-2012-1182.md
@@ -17,6 +17,7 @@ The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.
 - https://github.com/Qftm/Information_Collection_Handbook
 - https://github.com/amishamunjal-az/Week16-Homework
 - https://github.com/esteban0477/RedTeamPlaybook
+- https://github.com/katgoods/week16
 - https://github.com/notsag-dev/htb-blue
 - https://github.com/notsag-dev/htb-legacy
 - https://github.com/superhero1/OSCP-Prep

diff --git a/2012/CVE-2012-1876.md b/2012/CVE-2012-1876.md
@@ -13,5 +13,5 @@ Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not prope
 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/migraine-sudo/Arsenal
 
diff --git a/2012/CVE-2012-2531.md b/2012/CVE-2012-2531.md
@@ -0,0 +1,17 @@
+### [CVE-2012-2531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2531)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Romulus968/copycat
+
diff --git a/2012/CVE-2012-2570.md b/2012/CVE-2012-2570.md
@@ -13,5 +13,6 @@ Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5
 - http://www.exploit-db.com/exploits/20010
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/sailay1996/offsec_WE
 
diff --git a/2012/CVE-2012-2574.md b/2012/CVE-2012-2574.md
@@ -13,5 +13,6 @@ SQL injection vulnerability in the management console in Symantec Web Gateway 5.
 No PoCs from references.
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/sailay1996/offsec_WE
 
diff --git a/2012/CVE-2012-2576.md b/2012/CVE-2012-2576.md
@@ -13,5 +13,6 @@ SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manag
 - http://www.exploit-db.com/exploits/18833
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/sailay1996/offsec_WE
 
diff --git a/2012/CVE-2012-2577.md b/2012/CVE-2012-2577.md
@@ -13,5 +13,6 @@ Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network
 - http://www.kb.cert.org/vuls/id/174119
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/sailay1996/offsec_WE
 
diff --git a/2012/CVE-2012-2589.md b/2012/CVE-2012-2589.md
@@ -13,5 +13,6 @@
 No PoCs from references.
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/sailay1996/offsec_WE
 
diff --git a/2012/CVE-2012-2593.md b/2012/CVE-2012-2593.md
@@ -13,6 +13,7 @@ Cross-site scripting (XSS) vulnerability in the administrative interface in Atma
 No PoCs from references.
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/p1ay8y3ar/cve_monitor
 - https://github.com/sailay1996/offsec_WE
 - https://github.com/timip/OSWE

diff --git a/2012/CVE-2012-2599.md b/2012/CVE-2012-2599.md
@@ -13,5 +13,6 @@
 No PoCs from references.
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/sailay1996/offsec_WE
 
diff --git a/2012/CVE-2012-2661.md b/2012/CVE-2012-2661.md
@@ -0,0 +1,17 @@
+### [CVE-2012-2661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ehayushpathak/WebApp-Hacking
+
diff --git a/2012/CVE-2012-2953.md b/2012/CVE-2012-2953.md
@@ -13,5 +13,6 @@ The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remo
 No PoCs from references.
 
 #### Github
+- https://github.com/mishmashclone/sailay1996-offsec_WE
 - https://github.com/sailay1996/offsec_WE
 
diff --git a/2012/CVE-2012-2982.md b/2012/CVE-2012-2982.md
@@ -13,5 +13,5 @@ file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to e
 - http://www.kb.cert.org/vuls/id/788478
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/JohnHammond/CVE-2012-2982
 
diff --git a/2012/CVE-2012-3789.md b/2012/CVE-2012-3789.md
@@ -0,0 +1,17 @@
+### [CVE-2012-3789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3789)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nachobonilla/awesome-blockchain-security
+
diff --git a/2012/CVE-2012-4683.md b/2012/CVE-2012-4683.md
@@ -0,0 +1,17 @@
+### [CVE-2012-4683](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4683)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nachobonilla/awesome-blockchain-security
+
diff --git a/2012/CVE-2012-4684.md b/2012/CVE-2012-4684.md
@@ -0,0 +1,17 @@
+### [CVE-2012-4684](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4684)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 supports different character representations of the same signature data, but relies on a hash of this signature, which allows remote attackers to cause a denial of service (resource consumption) via a valid modified signature for a circulating alert.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nachobonilla/awesome-blockchain-security
+
diff --git a/2012/CVE-2012-4929.md b/2012/CVE-2012-4929.md
@@ -21,6 +21,7 @@ The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt,
 - https://github.com/F4RM0X/script_a2sv
 - https://github.com/H4CK3RT3CH/a2sv
 - https://github.com/Mre11i0t/a2sv
+- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
 - https://github.com/WiktorMysz/devops-netology
 - https://github.com/alexandrburyakov/Rep2
 - https://github.com/bysart/devops-netology
@@ -30,4 +31,5 @@ The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt,
 - https://github.com/fireorb/sslscanner
 - https://github.com/mohitrex7/Wap-Recon
 - https://github.com/nkiselyov/devops-netology
+- https://github.com/yellownine/netology-DevOps
 
diff --git a/2013/CVE-2013-0169.md b/2013/CVE-2013-0169.md
@@ -15,6 +15,7 @@ The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenS
 #### Github
 - https://github.com/Artem-Salnikov/devops-netology
 - https://github.com/PeterMosmans/security-scripts
+- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
 - https://github.com/WiktorMysz/devops-netology
 - https://github.com/alexandrburyakov/Rep2
 - https://github.com/bysart/devops-netology
@@ -23,4 +24,5 @@ The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenS
 - https://github.com/sailfishos-mirror/tlslite-ng
 - https://github.com/tlsfuzzer/tlslite-ng
 - https://github.com/xbl3/awesome-cve-poc_qazbnm456
+- https://github.com/yellownine/netology-DevOps
 
diff --git a/2013/CVE-2013-2028.md b/2013/CVE-2013-2028.md
@@ -14,6 +14,7 @@ The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 thro
 - https://github.com/rapid7/metasploit-framework/pull/1834
 
 #### Github
+- https://github.com/camel-clarkson/non-controlflow-hijacking-datasets
 - https://github.com/mertsarica/hack4career
 - https://github.com/mudongliang/LinuxFlaw
 - https://github.com/oneoy/cve-

diff --git a/2013/CVE-2013-2251.md b/2013/CVE-2013-2251.md
@@ -20,19 +20,30 @@ Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary
 - https://github.com/3vikram/Application-Vulnerabilities-Payloads
 - https://github.com/84KaliPleXon3/Payloads_All_The_Things
 - https://github.com/ARPSyndicate/kenzer-templates
+- https://github.com/Delishsploits/PayloadsAndMethodology
 - https://github.com/Elsfa7-110/kenzer-templates
+- https://github.com/GuynnR/Payloads
 - https://github.com/Muhammd/Awesome-Payloads
+- https://github.com/Nieuport/PayloadsAllTheThings
 - https://github.com/Ra7mo0on/PayloadsAllTheThings
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/XPR1M3/Payloads_All_The_Things
 - https://github.com/andrysec/PayloadsAllVulnerability
 - https://github.com/anhtu97/PayloadAllEverything
+- https://github.com/apkadmin/PayLoadsAll
+- https://github.com/chanchalpatra/payload
 - https://github.com/eescanilla/Apache-Struts-v3
 - https://github.com/fupinglee/Struts2_Bugs
 - https://github.com/gobysec/Goby
+- https://github.com/hellochunqiu/PayloadsAllTheThings
+- https://github.com/ksw9722/PayloadsAllTheThings
+- https://github.com/mrhacker51/ReverseShellCommands
+- https://github.com/nevidimk0/PayloadsAllTheThings
 - https://github.com/s1kr10s/Apache-Struts-v4
 - https://github.com/sobinge/--1
 - https://github.com/sobinge/PayloadsAllTheThings
+- https://github.com/sobinge/PayloadsAllThesobinge
 - https://github.com/sobinge/nuclei-templates
+- https://github.com/winterwolf32/PayloadsAllTheThings
 - https://github.com/woods-sega/woodswiki