Update Mon Dec 30 20:09:28 UTC 2024

2006/CVE-2006-2842.md

@@ -18,5 +18,6 @@ No PoCs from references.
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/Cappricio-Securities/CVE-2021-20323
 - https://github.com/gnarkill78/CSA_S2_2024
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/karthi-the-hacker/CVE-2006-2842
 

2007/CVE-2007-0368.md

@@ -10,6 +10,7 @@ Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to e
 ### POC
 
 #### Reference
+- http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051859.html
 - https://www.exploit-db.com/exploits/3154
 
 #### Github

2007/CVE-2007-3898.md

@@ -13,6 +13,7 @@ The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2
 - http://securityreason.com/securityalert/3373
 - http://www.trusteer.com/docs/windowsdns.html
 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-062
+- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4395
 
 #### Github
 No PoCs found on GitHub currently.

2007/CVE-2007-6750.md

@@ -45,6 +45,7 @@ No PoCs from references.
 - https://github.com/bioly230/THM_Skynet
 - https://github.com/giusepperuggiero96/Network-Security-2021
 - https://github.com/h0ussni/pwnloris
+- https://github.com/hibahmad30/NmapAnalysis
 - https://github.com/hktalent/bug-bounty
 - https://github.com/issdp/test
 - https://github.com/jaiderospina/NMAP

2008/CVE-2008-3716.md

@@ -0,0 +1,17 @@
+### [CVE-2008-3716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3716)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/tracker/index.php?func=detail&aid=2040513&group_id=82171&atid=1098812
+
+#### Github
+No PoCs found on GitHub currently.
+

2009/CVE-2009-2692.md

@@ -39,6 +39,7 @@ The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not in
 - https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits
 - https://github.com/albinjoshy03/linux-kernel-exploits
 - https://github.com/alian87/linux-kernel-exploits
+- https://github.com/aquahubtest4/exploit
 - https://github.com/cloudsec/exploit
 - https://github.com/coffee727/linux-exp
 - https://github.com/copperfieldd/linux-kernel-exploits

2009/CVE-2009-2698.md

@@ -40,6 +40,7 @@ The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2)
 - https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits
 - https://github.com/albinjoshy03/linux-kernel-exploits
 - https://github.com/alian87/linux-kernel-exploits
+- https://github.com/aquahubtest4/exploit
 - https://github.com/christian-byrne/custom-nodes-security-scan
 - https://github.com/christian-byrne/node-sec-scan
 - https://github.com/cloudsec/exploit

2011/CVE-2011-2523.md

@@ -86,6 +86,7 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which
 - https://github.com/giusepperuggiero96/Network-Security-2021
 - https://github.com/gwyomarch/CVE-Collection
 - https://github.com/hack-parthsharma/Vision
+- https://github.com/hibahmad30/NmapAnalysis
 - https://github.com/jaykerzb/Metasploitable
 - https://github.com/jaytiwari05/vsftpd_2.3.4_Exploit
 - https://github.com/k8gege/Ladon

2014/CVE-2014-0224.md

@@ -82,6 +82,7 @@ OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not pr
 - https://github.com/geon071/netolofy_12
 - https://github.com/giusepperuggiero96/Network-Security-2021
 - https://github.com/hahwul/a2sv
+- https://github.com/hibahmad30/NmapAnalysis
 - https://github.com/hrbrmstr/internetdb
 - https://github.com/iSECPartners/ccs-testing-tool
 - https://github.com/ilya-starchikov/devops-netology

2014/CVE-2014-3566.md

@@ -89,6 +89,7 @@ The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses
 - https://github.com/giusepperuggiero96/Network-Security-2021
 - https://github.com/hahwul/a2sv
 - https://github.com/halencarjunior/HTTPSScan-PYTHON
+- https://github.com/hibahmad30/NmapAnalysis
 - https://github.com/hktalent/TOP
 - https://github.com/hrbrmstr/internetdb
 - https://github.com/huggablehacker/poodle-test

2014/CVE-2014-6271.md

@@ -481,6 +481,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/linuxjustin/Tools
 - https://github.com/liorsivan/hackthebox-machines
 - https://github.com/liquidlegs/naths-hacking-walkthroughs
+- https://github.com/lochner-tech/auto_vulnerability_tester
 - https://github.com/lotusirous/vulnwebcollection
 - https://github.com/louisdeck/empiricism
 - https://github.com/loyality7/Awesome-Cyber

2016/CVE-2016-5195.md

@@ -214,6 +214,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo
 - https://github.com/droidvoider/dirtycow-replacer
 - https://github.com/dulanjaya23/Dirty-Cow-CVE-2016-5195-
 - https://github.com/e-hakson/OSCP
+- https://github.com/e11i0t4lders0n/FYI
 - https://github.com/echohun/tools
 - https://github.com/eliesaba/Hack_The_Box
 - https://github.com/eljosep/OSCP-Guide

2017/CVE-2017-9506.md

@@ -32,6 +32,7 @@ The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before versi
 - https://github.com/cyberanand1337x/bug-bounty-2022
 - https://github.com/d4n-sec/d4n-sec.github.io
 - https://github.com/hktalent/TOP
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/imhunterand/JiraCVE
 - https://github.com/jbmihoub/all-poc
 - https://github.com/labsbots/CVE-2017-9506

2017/CVE-2017-9841.md

@@ -49,6 +49,7 @@ Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows rem
 - https://github.com/dream434/CVE-2017-9841-
 - https://github.com/dream434/dream434
 - https://github.com/giorgimakasarashvili/WEB-PEN-CVE
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/imthenachoman/How-To-Secure-A-Linux-Server
 - https://github.com/incogbyte/laravel-phpunit-rce-masscaner
 - https://github.com/jax7sec/CVE-2017-9841

2020/CVE-2020-12828.md

@@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/alphaSeclab/sec-daily-2020
 - https://github.com/developer3000S/PoC-in-GitHub
 - https://github.com/hectorgie/PoC-in-GitHub
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/soosmile/POC
 

2020/CVE-2020-17453.md

@@ -21,6 +21,7 @@ WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp m
 - https://github.com/apif-review/APIF_tool_2024
 - https://github.com/apit-review-account/apit-tool
 - https://github.com/d4n-sec/d4n-sec.github.io
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/karthi-the-hacker/CVE-2020-17453
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/soosmile/POC

2020/CVE-2020-25213.md

@@ -53,6 +53,7 @@ The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote
 - https://github.com/electronforce/py2to3
 - https://github.com/forse01/CVE-2020-25213-Wordpress
 - https://github.com/hectorgie/PoC-in-GitHub
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/kakamband/WPKiller
 - https://github.com/mansoorr123/wp-file-manager-CVE-2020-25213
 - https://github.com/nomi-sec/PoC-in-GitHub

2020/CVE-2020-3580.md

@@ -24,6 +24,7 @@ No PoCs from references.
 - https://github.com/catatonicprime/CVE-2020-3580
 - https://github.com/cruxN3T/CVE-2020-3580
 - https://github.com/fuckup1337/HackerOneAPIClient
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/imhunterand/CVE-2020-3580
 - https://github.com/n0-traces/cve_monitor
 - https://github.com/n1sh1th/CVE-POC

2021/CVE-2021-21123.md

@@ -21,6 +21,7 @@ No PoCs from references.
 - https://github.com/WhooAmii/POC_to_review
 - https://github.com/adriacabeza/personal-stars
 - https://github.com/anquanscan/sec-tools
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/manas3c/CVE-POC
 - https://github.com/nomi-sec/PoC-in-GitHub

2021/CVE-2021-43008.md

@@ -24,6 +24,7 @@ No PoCs from references.
 - https://github.com/XiaomingX/awesome-poc-for-red-team
 - https://github.com/anquanscan/sec-tools
 - https://github.com/bakery312/Vulhub-Reproduce
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/nomi-sec/PoC-in-GitHub
 - https://github.com/p0dalirius/CVE-2021-43008-AdminerRead
 - https://github.com/p0dalirius/p0dalirius

2021/CVE-2021-44228.md

@@ -1045,6 +1045,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/hypertrace/hypertrace
 - https://github.com/hyperupcall/stars
 - https://github.com/iHDeveloper/SpigotLog4jPatch
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/idmengineering/handy_stuff
 - https://github.com/ihgalis/log4shell
 - https://github.com/imTigger/webapp-hardware-bridge

2022/CVE-2022-0337.md

@@ -22,6 +22,7 @@ No PoCs from references.
 - https://github.com/SYRTI/POC_to_review
 - https://github.com/WhooAmii/POC_to_review
 - https://github.com/anquanscan/sec-tools
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/maldev866/ChExp-CVE-2022-0337-

2022/CVE-2022-23808.md

@@ -27,6 +27,7 @@ No PoCs from references.
 - https://github.com/dipakpanchal456/CVE-2022-23808
 - https://github.com/fkie-cad/nvd-json-data-feeds
 - https://github.com/hktalent/TOP
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/johe123qwe/github-trending
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/manas3c/CVE-POC

2022/CVE-2022-36804.md

@@ -47,6 +47,7 @@ Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 befor
 - https://github.com/d4n-sec/d4n-sec.github.io
 - https://github.com/devengpk/CVE-2022-36804
 - https://github.com/fardeen-ahmed/Bug-bounty-Writeups
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/imbas007/Atlassian-Bitbucket-CVE-2022-36804
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/karimhabush/cyberowl

2022/CVE-2022-41040.md

@@ -50,6 +50,7 @@ Microsoft Exchange Server Elevation of Privilege Vulnerability
 - https://github.com/d3duct1v/CVE-2022-41040
 - https://github.com/getanehAl/Windows-Penetration-Testing
 - https://github.com/giterlizzi/secdb-feeds
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/k0mi-tg/Bug-bounty
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/karimhabush/cyberowl

2022/CVE-2022-42889.md

@@ -91,6 +91,7 @@ Apache Commons Text performs variable interpolation, allowing properties to be d
 - https://github.com/humbss/CVE-2022-42889
 - https://github.com/husnain-ce/Log4j-Scan
 - https://github.com/iamsanjay/CVE-2022-42899
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/inj3ction/log4j-scan
 - https://github.com/jar-analyzer/jar-analyzer
 - https://github.com/jayaram-yalla/CVE-2022-42889-POC_TEXT4SHELL

2022/CVE-2022-44268.md

@@ -54,6 +54,7 @@ ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a P
 - https://github.com/enomothem/PenTestNote
 - https://github.com/entr0pie/CVE-2022-44268
 - https://github.com/fanbyprinciple/ImageMagick-lfi-poc
+- https://github.com/iamthefrogy/BountyHound
 - https://github.com/jnschaeffer/cve-2022-44268-detector
 - https://github.com/k0mi-tg/CVE-POC
 - https://github.com/kljunowsky/CVE-2022-44268

2023/CVE-2023-22880.md

@@ -0,0 +1,20 @@
+### [CVE-2023-22880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22880)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Rooms%20for%20Windows&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20VDI%20for%20Windows&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20for%20Windows&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%205.13.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%205.13.3%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen)
+
+### Description
+
+Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior.
+
+### POC
+
+#### Reference
+- https://explore.zoom.us/en/trust/security/security-bulletin/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-22881.md

@@ -0,0 +1,17 @@
+### [CVE-2023-22881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22881)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20(for%20Android%2C%20iOS%2C%20Linux%2C%20macOS%2C%20and%20Windows)%20clients%20before%20version%205.13.5&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%205.13.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%3A%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen)
+
+### Description
+
+Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
+
+### POC
+
+#### Reference
+- https://explore.zoom.us/en/trust/security/security-bulletin/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-22882.md

@@ -0,0 +1,17 @@
+### [CVE-2023-22882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22882)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20(for%20Android%2C%20iOS%2C%20Linux%2C%20macOS%2C%20and%20Windows)%20clients%20before%20version%205.13.5&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%205.13.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%3A%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen)
+
+### Description
+
+Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
+
+### POC
+
+#### Reference
+- https://explore.zoom.us/en/trust/security/security-bulletin/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-22883.md

@@ -0,0 +1,17 @@
+### [CVE-2023-22883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22883)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Client%20for%20Meetings%20for%20IT%20Admin%20Windows%20installers&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%205.13.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-367%3A%20Time-of-check%20Time-of-use%20(TOCTOU)%20Race%20Condition&color=brighgreen)
+
+### Description
+
+Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user.
+
+### POC
+
+#### Reference
+- https://explore.zoom.us/en/trust/security/security-bulletin/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-28596.md

@@ -10,7 +10,7 @@ Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://explore.zoom.us/en/trust/security/security-bulletin/
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-28597.md

@@ -0,0 +1,20 @@
+### [CVE-2023-28597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28597)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20(for%20Android%2C%20iOS%2C%20Linux%2C%20macOS%2C%20and%20Windows)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20Rooms%20(for%20Android%2C%20iOS%2C%20Linux%2C%20macOS%2C%20and%20Windows)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20VDI%20for%20Windows&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%205.13.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=%3C%205.13.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-501%3A%20Trust%20Boundary%20Violation&color=brighgreen)
+
+### Description
+
+Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
+
+### POC
+
+#### Reference
+- https://explore.zoom.us/en/trust/security/security-bulletin/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-28598.md

@@ -0,0 +1,17 @@
+### [CVE-2023-28598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28598)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20for%20Linux%20clients&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%205.13.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Zoom for  Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.
+
+### POC
+
+#### Reference
+- https://explore.zoom.us/en/trust/security/security-bulletin/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-28599.md

@@ -0,0 +1,21 @@
+### [CVE-2023-28599](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28599)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20for%20Android&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20for%20Linux&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20for%20Windows&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20for%20iOS&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Zoom%20for%20macOS&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%205.13.10%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+Zoom clients prior to 5.13.10 contain an HTML injection vulnerability.  A malicious user could inject HTML into  their display name potentially leading a victim to a malicious website during meeting creation.
+
+### POC
+
+#### Reference
+- https://explore.zoom.us/en/trust/security/security-bulletin/
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-28600.md

@@ -10,7 +10,7 @@ Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnera
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://explore.zoom.us/en/trust/security/security-bulletin/
 
 #### Github
 - https://github.com/kohnakagawa/kohnakagawa