From 062902b4648eac375715c67e987d17cc69d71b91 Mon Sep 17 00:00:00 2001 From: trickest-workflows Date: Thu, 19 Dec 2024 06:29:13 +0000 Subject: [PATCH] Update Thu Dec 19 06:29:13 UTC 2024 --- 2001/CVE-2001-1080.md | 17 +++++++++++++++++ 2003/CVE-2003-0257.md | 17 +++++++++++++++++ 2017/CVE-2017-18723.md | 17 +++++++++++++++++ references.txt | 3 +++ 4 files changed, 54 insertions(+) create mode 100644 2001/CVE-2001-1080.md create mode 100644 2003/CVE-2003-0257.md create mode 100644 2017/CVE-2017-18723.md diff --git a/2001/CVE-2001-1080.md b/2001/CVE-2001-1080.md new file mode 100644 index 0000000000..10b9ad23e1 --- /dev/null +++ b/2001/CVE-2001-1080.md @@ -0,0 +1,17 @@ +### [CVE-2001-1080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1080) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. + +### POC + +#### Reference +- http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0257.md b/2003/CVE-2003-0257.md new file mode 100644 index 0000000000..5df485e365 --- /dev/null +++ b/2003/CVE-2003-0257.md @@ -0,0 +1,17 @@ +### [CVE-2003-0257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0257) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. + +### POC + +#### Reference +- http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-18723.md b/2017/CVE-2017-18723.md new file mode 100644 index 0000000000..38bb2ccea8 --- /dev/null +++ b/2017/CVE-2017-18723.md @@ -0,0 +1,17 @@ +### [CVE-2017-18723](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18723) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. + +### POC + +#### Reference +- https://kb.netgear.com/000052274/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2145 + +#### Github +No PoCs found on GitHub currently. + diff --git a/references.txt b/references.txt index 8d7b7ebf5a..f00b5ef966 100644 --- a/references.txt +++ b/references.txt @@ -190,6 +190,7 @@ CVE-2001-1037 - http://www.cisco.com/warp/public/707/SN-kernel-pub.html CVE-2001-1038 - http://www.cisco.com/warp/public/707/SN-kernel-pub.html CVE-2001-1064 - http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml CVE-2001-1065 - http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml +CVE-2001-1080 - http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt CVE-2001-1081 - http://freshmeat.net/releases/52020/ CVE-2001-1082 - http://freshmeat.net/releases/52020/ CVE-2001-1105 - http://www.cisco.com/warp/public/707/SSL-J-pub.html @@ -510,6 +511,7 @@ CVE-2003-0220 - http://marc.info/?l=bugtraq&m=105155734411836&w=2 CVE-2003-0226 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A933 CVE-2003-0227 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A936 CVE-2003-0227 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A966 +CVE-2003-0257 - http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1 CVE-2003-0258 - http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml CVE-2003-0259 - http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml CVE-2003-0260 - http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml @@ -48116,6 +48118,7 @@ CVE-2017-18715 - https://kb.netgear.com/000053133/Security-Advisory-for-Reflecte CVE-2017-18718 - https://kb.netgear.com/000052279/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2152 CVE-2017-18721 - https://kb.netgear.com/000052276/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2147 CVE-2017-18722 - https://kb.netgear.com/000052275/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2146 +CVE-2017-18723 - https://kb.netgear.com/000052274/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2145 CVE-2017-18724 - https://kb.netgear.com/000052273/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2144 CVE-2017-18726 - https://kb.netgear.com/000051529/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-PSV-2017-2139 CVE-2017-18728 - https://kb.netgear.com/000051527/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Routers-PSV-2017-2136