Update Thu Feb 24 06:25:34 UTC 2022

2009/CVE-2009-2663.md

@@ -0,0 +1,17 @@
+### [CVE-2009-2663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=516259
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-8664.md

@@ -0,0 +1,17 @@
+### [CVE-2014-8664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8664)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
+
+### POC
+
+#### Reference
+- http://service.sap.com/sap/support/notes/0001810405
+
+#### Github
+No PoCs found on GitHub currently.
+

2017/CVE-2017-1000491.md

@@ -0,0 +1,17 @@
+### [CVE-2017-1000491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000491)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
+
+### POC
+
+#### Reference
+- https://github.com/rhysd/Shiba/issues/42
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-11358.md

@@ -176,6 +176,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Chickenados/8628-FreightFrenzy
 - https://github.com/Chuvxjr/Phanton_FtcRobotController
 - https://github.com/ChuyChugh/ftc-2021
+- https://github.com/Cl0ck21/2021-2022FIxed
 - https://github.com/Cl0ck21/CrowForce2021-2022
 - https://github.com/Cl0ck21/HAL9001D-master
 - https://github.com/ClashOfCoders/UltimateGoal-2020-2021

2019/CVE-2019-6551.md

@@ -0,0 +1,17 @@
+### [CVE-2019-6551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6551)
+![](https://img.shields.io/static/v1?label=Product&message=Pangea%20Communications%20Internet%20FAX%20ATA&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=AUTHENTICATION%20BYPASS%20USING%20AN%20ALTERNATE%20PATH%20OR%20CHANNEL%20CWE-288&color=brighgreen)
+
+### Description
+
+Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition.
+
+### POC
+
+#### Reference
+- http://www.securityfocus.com/bid/107031
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-27662.md

@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/hectorgie/PoC-in-GitHub
+- https://github.com/indevi0us/indevi0us
 

2020/CVE-2020-27663.md

@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/hectorgie/PoC-in-GitHub
+- https://github.com/indevi0us/indevi0us
 

2021/CVE-2021-21255.md

@@ -0,0 +1,17 @@
+### [CVE-2021-21255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21255)
+![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI version 9.5.3, it was possible to switch entities with IDOR from a logged in user. This is fixed in version 9.5.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/indevi0us/indevi0us
+

2021/CVE-2021-21324.md

@@ -0,0 +1,17 @@
+### [CVE-2021-21324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21324)
+![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)
+
+### Description
+
+GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 there is an Insecure Direct Object Reference (IDOR) on "Solutions". This vulnerability gives an unauthorized user the ability to enumerate GLPI items names (including users logins) using the knowbase search form (requires authentication). To Reproduce: Perform a valid authentication at your GLPI instance, Browse the ticket list and select any open ticket, click on Solution form, then Search a solution form that will redirect you to the endpoint /"glpi/front/knowbaseitem.php?item_itemtype=Ticket&item_items_id=18&forcetab=Knowbase$1", and the item_itemtype=Ticket parameter present in the previous URL will point to the PHP alias of glpi_tickets table, so just replace it with "Users" to point to glpi_users table instead; in the same way, item_items_id=18 will point to the related column id, so changing it too you should be able to enumerate all the content which has an alias. Since such id(s) are obviously incremental, a malicious party could exploit the vulnerability simply by guessing-based attempts.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/indevi0us/indevi0us
+

2021/CVE-2021-21326.md

@@ -0,0 +1,17 @@
+### [CVE-2021-21326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21326)
+![](https://img.shields.io/static/v1?label=Product&message=glpi&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 it is possible to create tickets for another user with self-service interface without delegatee systems enabled. This is fixed in version 9.5.4.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/indevi0us/indevi0us
+

2021/CVE-2021-29436.md

@@ -0,0 +1,17 @@
+### [CVE-2021-29436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29436)
+![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=%7B%22CWE-352%22%3A%22Cross-Site%20Request%20Forgery%20(CSRF)%22%7D&color=brighgreen)
+
+### Description
+
+Anuko Time Tracker is an open source, web-based time tracking application written in PHP. In Time Tracker before version 1.19.27.5431 a Cross site request forgery (CSRF) vulnerability existed. The nature of CSRF is that a logged on user may be tricked by social engineering to click on an attacker-provided form that executes an unintended action such as changing user password. The vulnerability is fixed in Time Tracker version 1.19.27.5431. Upgrade is recommended. If upgrade is not practical, introduce ttMitigateCSRF() function in /WEB-INF/lib/common.php.lib using the latest available code and call it from ttAccessAllowed().
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/indevi0us/indevi0us
+

2021/CVE-2021-41139.md

@@ -0,0 +1,17 @@
+### [CVE-2021-41139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41139)
+![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Because of not checking this parameter for sanity in versions prior to 1.19.30.5600, it was possible to craft the URI with malicious JavaScript, use social engineering to convince logged on user to click on such link, and have the attacker-supplied JavaScript to be executed in user's browser. This issue is patched in version 1.19.30.5600. As a workaround, one may introduce `ttValidDbDateFormatDate` function as in the latest version and add a call to it within the access checks block in time.php.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/indevi0us/indevi0us
+

2021/CVE-2021-41156.md

@@ -0,0 +1,17 @@
+### [CVE-2021-41156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41156)
+![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft an html form with malicious JavaScript, use social engineering to convince logged on users to execute a POST from such form, and have the attacker-supplied JavaScript to be executed in user's browser. This has been patched in version 1.19.30.5600. Upgrade is recommended. If it is not practical, introduce ttValidDbDateFormatDate function as in the latest version and add a call to it within the access checks block.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/indevi0us/indevi0us
+

2021/CVE-2021-43851.md

@@ -0,0 +1,17 @@
+### [CVE-2021-43851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43851)
+![](https://img.shields.io/static/v1?label=Product&message=timetracker&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/indevi0us/indevi0us
+

2022/CVE-2022-25329.md

@@ -0,0 +1,20 @@
+### [CVE-2022-25329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25329)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20EMC%20Celerra&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Microsoft%20Windows%20%2F%20Novell%20NetWare&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Network%20Appliance%20Filers&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Storage&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Static%20Credential&color=brighgreen)
+
+### Description
+
+Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console.  An unauthenticated remote attacker with access to the Information Server could exploit this to register to the server and perform authenticated actions.
+
+### POC
+
+#### Reference
+- https://www.tenable.com/security/research/tra-2022-05
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-25330.md

@@ -0,0 +1,20 @@
+### [CVE-2022-25330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25330)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20EMC%20Celerra&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Microsoft%20Windows%20%2F%20Novell%20NetWare&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Network%20Appliance%20Filers&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Storage&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20Integer%20Overflow&color=brighgreen)
+
+### Description
+
+Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution.
+
+### POC
+
+#### Reference
+- https://www.tenable.com/security/research/tra-2022-05
+
+#### Github
+No PoCs found on GitHub currently.
+

2022/CVE-2022-25331.md

@@ -0,0 +1,20 @@
+### [CVE-2022-25331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25331)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20EMC%20Celerra&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Microsoft%20Windows%20%2F%20Novell%20NetWare&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Network%20Appliance%20Filers&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Trend%20Micro%20ServerProtect%20for%20Storage&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Command%20DoS&color=brighgreen)
+
+### Description
+
+Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process.
+
+### POC
+
+#### Reference
+- https://www.tenable.com/security/research/tra-2022-05
+
+#### Github
+No PoCs found on GitHub currently.
+