Update Tue Mar 1 01:27:38 UTC 2022

2016/CVE-2016-8869.md

@@ -10,6 +10,7 @@ The register method in the UsersModelRegistration class in controllers/user.php
 ### POC
 
 #### Reference
+- https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
 - https://www.exploit-db.com/exploits/40637/
 
 #### Github

2016/CVE-2016-8870.md

@@ -10,6 +10,7 @@ The register method in the UsersModelRegistration class in controllers/user.php
 ### POC
 
 #### Reference
+- https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
 - https://www.exploit-db.com/exploits/40637/
 
 #### Github

2017/CVE-2017-14937.md

@@ -0,0 +1,17 @@
+### [CVE-2017-14937](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The airbag detonation algorithm allows injury to passenger-car occupants via predictable Security Access (SA) data to the internal CAN bus (or the OBD connector). This affects the airbag control units (aka pyrotechnical control units or PCUs) of unspecified passenger vehicles manufactured in 2014 or later, when the ignition is on and the speed is less than 6 km/h. Specifically, there are only 256 possible key pairs, and authentication attempts have no rate limit. In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used). Exploitation would typically involve an attacker who has already gained access to the CAN bus, and sends a crafted Unified Diagnostic Service (UDS) message to detonate the pyrotechnical charges, resulting in the same passenger-injury risks as in any airbag deployment.
+
+### POC
+
+#### Reference
+- https://www.researchgate.net/publication/321183727_Security_Evaluation_of_an_Airbag-ECU_by_Reusing_Threat_Modeling_Artefacts
+
+#### Github
+No PoCs found on GitHub currently.
+

2017/CVE-2017-18738.md

@@ -0,0 +1,17 @@
+### [CVE-2017-18738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18738)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000051517/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-and-Extenders-PSV-2017-0706
+
+#### Github
+No PoCs found on GitHub currently.
+

2019/CVE-2019-11358.md

@@ -632,6 +632,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
 - https://github.com/Serylda/Temporary-11503UltimateGoal
 - https://github.com/ShinigamiHiruzen/SteamOs
 - https://github.com/ShivenV/FTC-FREIGHT-FRENZY-2021-22
+- https://github.com/Shreyas765/9686-FreightFrenzy
 - https://github.com/ShrishChou/BioBotsFreightFrenzy
 - https://github.com/SilasBehnke/UltimateGoal
 - https://github.com/SilkPDX/New7100Controller

2019/CVE-2019-11707.md

@@ -25,6 +25,7 @@ A type confusion vulnerability can occur when manipulating JavaScript objects du
 - https://github.com/googleprojectzero/fuzzilli
 - https://github.com/hectorgie/PoC-in-GitHub
 - https://github.com/m1ghtym0/browser-pwn
+- https://github.com/securesystemslab/PKRU-Safe
 - https://github.com/tunnelshade/cve-2019-11707
 - https://github.com/vigneshsrao/CVE-2019-11707
 

2019/CVE-2019-20746.md

@@ -0,0 +1,17 @@
+### [CVE-2019-20746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20746)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by reflected XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7800 before 1.0.2.58, R8900 before 1.0.4.12, R9000 before 1.0.4.8, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.68.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000060973/Security-Advisory-for-Reflected-Cross-Site-Scripting-on-Some-Routers-Gateways-and-WiFi-Systems-PSV-2018-0252
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-10262.md

@@ -11,6 +11,7 @@ An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can
 
 #### Reference
 - https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-10262.md
+- https://www.youtube.com/watch?v=Cr5DupGxmL4
 
 #### Github
 - https://github.com/Jian-Xian/CVE-POC

2020/CVE-2020-10263.md

@@ -11,6 +11,7 @@ An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can
 
 #### Reference
 - https://github.com/Jian-Xian/CVE-POC/blob/master/CVE-2020-10263.md
+- https://www.youtube.com/watch?v=Cr5DupGxmL4
 
 #### Github
 - https://github.com/Jian-Xian/CVE-POC

2020/CVE-2020-11959.md

@@ -0,0 +1,17 @@
+### [CVE-2020-11959](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11959)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
+
+### POC
+
+#### Reference
+- https://privacy.mi.com/trust#/security/vulnerability-management/vulnerability-announcement/detail?id=14
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-26924.md

@@ -0,0 +1,17 @@
+### [CVE-2020-26924](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26924)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000062328/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Wireless-Access-Points-PSV-2020-0141
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-6859.md

@@ -0,0 +1,17 @@
+### [CVE-2020-6859](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6859)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image.
+
+### POC
+
+#### Reference
+- https://wpvulndb.com/vulnerabilities/10041
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-1732.md

@@ -24,6 +24,7 @@ Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from C
 
 #### Reference
 - http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html
+- http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2021/CVE-2021-23337.md

@@ -21,6 +21,7 @@ Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the tem
 - https://github.com/Refinitiv-API-Samples/Example.EWA.TypeScript.WebApplication
 - https://github.com/andisfar/LaunchQtCreator
 - https://github.com/anthonykirby/lora-packet
+- https://github.com/cduplantis/blank
 - https://github.com/marcosrg9/YouTubeTV
 - https://github.com/p-rog/cve-analyser
 - https://github.com/samoylenko/sample-vulnerable-app-nodejs-express

2021/CVE-2021-24946.md

@@ -13,5 +13,6 @@ The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise
 - http://packetstormsecurity.com/files/165742/WordPress-Modern-Events-Calendar-6.1-SQL-Injection.html
 
 #### Github
+- https://github.com/ARPSyndicate/cvemon
 - https://github.com/Hacker5preme/Exploits
 

2021/CVE-2021-30955.md

@@ -17,5 +17,6 @@ A race condition was addressed with improved state handling. This issue is fixed
 No PoCs from references.
 
 #### Github
+- https://github.com/ARPSyndicate/cvemon
 - https://github.com/nomi-sec/PoC-in-GitHub
 

2021/CVE-2021-44228.md

@@ -29,6 +29,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 
 #### Github
 - https://github.com/0xsyr0/OSCP
+- https://github.com/1in9e/Apache-Log4j2-RCE
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
 - https://github.com/AndriyKalashnykov/spring-on-k8s
@@ -61,13 +62,16 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/J0B10/Voteban
 - https://github.com/Jean-Francois-C/Windows-Penetration-Testing
 - https://github.com/KONNEKTIO/konnekt-docs
+- https://github.com/KosmX/CVE-2021-44228-example
 - https://github.com/Log4s/log4s
 - https://github.com/LoliKingdom/NukeJndiLookupFromLog4j
+- https://github.com/MarkusBordihn/BOs-Critical-Version-Forcer
 - https://github.com/MedKH1684/Log4j-Vulnerability-Exploitation
 - https://github.com/Mr-xn/Penetration_Testing_POC
 - https://github.com/NUMde/compass-num-conformance-checker
 - https://github.com/Neo23x0/log4shell-detector
 - https://github.com/NiftyBank/java-app
+- https://github.com/NorthwaveSecurity/log4jcheck
 - https://github.com/OsiriX-Foundation/karnak
 - https://github.com/OtherDevOpsGene/kubernetes-security-tools
 - https://github.com/PAXSTORE/paxstore-openapi-java-sdk
@@ -120,6 +124,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/git-bom/bomsh
 - https://github.com/goofball222/unifi
 - https://github.com/gredler/aegis4j
+- https://github.com/greymd/CVE-2021-44228
 - https://github.com/guerzon/guerzon
 - https://github.com/hex0wn/learn-java-bug
 - https://github.com/hotpotcookie/lol4j-white-box
@@ -141,6 +146,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/kward/log4sh
 - https://github.com/kyoshiaki/docker-compose-wordpress
 - https://github.com/leonjza/log4jpwn
+- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228
 - https://github.com/linuxserver/davos
 - https://github.com/linuxserver/docker-fleet
 - https://github.com/linuxserver/docker-unifi-controller
@@ -161,10 +167,12 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/mguessan/davmail
 - https://github.com/microsoft/ApplicationInsights-Java
 - https://github.com/mklinkj/log4j2-test
+- https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
 - https://github.com/nedenwalker/spring-boot-app-using-gradle
 - https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln
 - https://github.com/netarchivesuite/solrwayback
 - https://github.com/newrelic/java-log-extensions
+- https://github.com/nkoneko/VictimApp
 - https://github.com/nlmaca/Wowza_Installers
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/nroduit/Weasis

2021/CVE-2021-44832.md

@@ -20,6 +20,7 @@ Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases
 - https://github.com/Qualys/log4jscanwin
 - https://github.com/aws/aws-msk-iam-auth
 - https://github.com/domwood/kiwi-kafka
+- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228
 - https://github.com/logpresso/CVE-2021-44228-Scanner
 - https://github.com/marklogic/marklogic-contentpump
 - https://github.com/mergebase/csv-compare

2021/CVE-2021-45046.md

@@ -41,6 +41,7 @@ It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was i
 - https://github.com/jacobalberty/unifi-docker
 - https://github.com/justb4/docker-jmeter
 - https://github.com/kdpuvvadi/Omada-Ansible
+- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228
 - https://github.com/logpresso/CVE-2021-44228-Scanner
 - https://github.com/mergebase/csv-compare
 - https://github.com/nlmaca/Wowza_Installers

2021/CVE-2021-45105.md

@@ -26,6 +26,7 @@ Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) di
 - https://github.com/davejwilson/azure-spark-pools-log4j
 - https://github.com/imTigger/webapp-hardware-bridge
 - https://github.com/jacobalberty/unifi-docker
+- https://github.com/lhotari/pulsar-docker-images-patch-CVE-2021-44228
 - https://github.com/logpresso/CVE-2021-44228-Scanner
 - https://github.com/mergebase/csv-compare
 - https://github.com/mosaic-hgw/jMeter

2022/CVE-2022-0768.md

@@ -10,7 +10,7 @@ Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903
 
 #### Github
 - https://github.com/416e6e61/My-CVEs

2022/CVE-2022-21882.md

@@ -28,7 +28,7 @@ Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-24124.md

@@ -10,7 +10,7 @@ The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/166163/Casdoor-1.13.0-SQL-Injection.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-26155.md

@@ -0,0 +1,19 @@
+### [CVE-2022-26155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26155)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/l00neyhacker/CVE-2022-26155
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2022/CVE-2022-26156.md

@@ -0,0 +1,19 @@
+### [CVE-2022-26156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26156)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/l00neyhacker/CVE-2022-26156
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2022/CVE-2022-26157.md

@@ -0,0 +1,19 @@
+### [CVE-2022-26157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26157)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/l00neyhacker/CVE-2022-26157
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2022/CVE-2022-26158.md

@@ -0,0 +1,19 @@
+### [CVE-2022-26158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26158)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/ARPSyndicate/cvemon
+- https://github.com/l00neyhacker/CVE-2022-26158
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2022/CVE-2022-26159.md

@@ -10,9 +10,10 @@ The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenti
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://podalirius.net/en/cves/2022-26159/
 
 #### Github
+- https://github.com/ARPSyndicate/cvemon
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/p0dalirius/CVE-2022-26159-Ametys-Autocompletion-XML