Update Tue Nov 14 12:13:48 UTC 2023

trickest · Nov 14, 2023 · 3ca66ef · 3ca66ef
1 parent a7fb81c
commit 3ca66ef
Show file tree

Hide file tree

Showing 95 changed files with 1,100 additions and 27 deletions.
diff --git a/1999/CVE-1999-0199.md b/1999/CVE-1999-0199.md
@@ -0,0 +1,17 @@
+### [CVE-1999-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0199)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/u91738/cvematch
+
diff --git a/2018/CVE-2018-14629.md b/2018/CVE-2018-14629.md
@@ -0,0 +1,17 @@
+### [CVE-2018-14629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14629)
+![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400&color=brighgreen)
+
+### Description
+
+A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop could lead to infinite recursion in the server. An unprivileged local attacker could create such an entry, leading to denial of service.
+
+### POC
+
+#### Reference
+- https://usn.ubuntu.com/3827-2/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-16841.md b/2018/CVE-2018-16841.md
@@ -0,0 +1,17 @@
+### [CVE-2018-16841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16841)
+![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416&color=brighgreen)
+
+### Description
+
+Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.
+
+### POC
+
+#### Reference
+- https://usn.ubuntu.com/3827-2/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-16851.md b/2018/CVE-2018-16851.md
@@ -0,0 +1,17 @@
+### [CVE-2018-16851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16851)
+![](https://img.shields.io/static/v1?label=Product&message=samba&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-476&color=brighgreen)
+
+### Description
+
+Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.
+
+### POC
+
+#### Reference
+- https://usn.ubuntu.com/3827-2/
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-21124.md b/2018/CVE-2018-21124.md
@@ -0,0 +1,17 @@
+### [CVE-2018-21124](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21124)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000060234/Security-Advisory-for-a-Vertical-Privilege-Escalation-on-WAC510-PSV-2018-0260
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2018/CVE-2018-25055.md b/2018/CVE-2018-25055.md
@@ -0,0 +1,17 @@
+### [CVE-2018-25055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25055)
+![](https://img.shields.io/static/v1?label=Product&message=FarCry%20Solr%20Pro%20Plugin&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is b8f3d61511c9b02b781ec442bfb803cbff8e08d5. It is recommended to upgrade the affected component. The identifier VDB-216961 was assigned to this vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/jeffcoughlin/farcrysolrpro/issues/78
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2020/CVE-2020-5902.md b/2020/CVE-2020-5902.md
@@ -15,6 +15,7 @@ In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.
 - http://packetstormsecurity.com/files/158366/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html
 - http://packetstormsecurity.com/files/158414/Checker-CVE-2020-5902.html
 - http://packetstormsecurity.com/files/158581/F5-Big-IP-13.1.3-Build-0.0.6-Local-File-Inclusion.html
+- http://packetstormsecurity.com/files/175671/F5-BIG-IP-TMUI-Directory-Traversal-File-Upload-Code-Execution.html
 - https://badpackets.net/over-3000-f5-big-ip-endpoints-vulnerable-to-cve-2020-5902/
 - https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902
 - https://swarm.ptsecurity.com/rce-in-f5-big-ip/

diff --git a/2021/CVE-2021-23758.md b/2021/CVE-2021-23758.md
@@ -10,7 +10,7 @@ All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/175677/AjaxPro-Deserialization-Remote-Code-Execution.html
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

diff --git a/2021/CVE-2021-39236.md b/2021/CVE-2021-39236.md
@@ -0,0 +1,17 @@
+### [CVE-2021-39236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39236)
+![](https://img.shields.io/static/v1?label=Product&message=Apache%20Ozone&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen)
+
+### Description
+
+In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/fkie-cad/nvd-json-data-feeds
+
diff --git a/2021/CVE-2021-44832.md b/2021/CVE-2021-44832.md
@@ -35,6 +35,7 @@ Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases
 - https://github.com/aws/aws-msk-iam-auth
 - https://github.com/cckuailong/log4j_RCE_CVE-2021-44832
 - https://github.com/christian-taillon/log4shell-hunting
+- https://github.com/clouditor/clouditor
 - https://github.com/dbzoo/log4j_scanner
 - https://github.com/demonrvm/Log4ShellRemediation
 - https://github.com/dinlaks/RunTime-Vulnerability-Prevention---RHACS-Demo

diff --git a/2022/CVE-2022-24227.md b/2022/CVE-2022-24227.md
@@ -15,4 +15,5 @@ No PoCs from references.
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Nguyen-Trung-Kien/CVE
+- https://github.com/nomi-sec/PoC-in-GitHub
 
diff --git a/2022/CVE-2022-29455.md b/2022/CVE-2022-29455.md
@@ -17,6 +17,7 @@ DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elem
 - https://github.com/5l1v3r1/CVE-2022-29455
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ARPSyndicate/kenzer-templates
+- https://github.com/Alchustan/Every-Single-Day-A-Writeup
 - https://github.com/Chocapikk/CVE-2022-29455
 - https://github.com/GULL2100/Wordpress_xss-CVE-2022-29455
 - https://github.com/SYRTI/POC_to_review

diff --git a/2023/CVE-2023-0329.md b/2023/CVE-2023-0329.md
@@ -0,0 +1,17 @@
+### [CVE-2023-0329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0329)
+![](https://img.shields.io/static/v1?label=Product&message=Elementor%20Website%20Builder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.12.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/175639/Elementor-Website-Builder-SQL-Injection.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-20198.md b/2023/CVE-2023-20198.md
@@ -10,6 +10,7 @@ Cisco is providing an update for the ongoing investigation into observed exploit
 ### POC
 
 #### Reference
+- http://packetstormsecurity.com/files/175674/Cisco-IOX-XE-Unauthenticated-Remote-Code-Execution.html
 - https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit
 
 #### Github

diff --git a/2023/CVE-2023-20273.md b/2023/CVE-2023-20273.md
@@ -10,7 +10,7 @@ A vulnerability in the web UI feature of Cisco IOS XE Software could allow an au
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/175674/Cisco-IOX-XE-Unauthenticated-Remote-Code-Execution.html
 
 #### Github
 - https://github.com/H4lo/awesome-IoT-security-article

diff --git a/2023/CVE-2023-26035.md b/2023/CVE-2023-26035.md
@@ -0,0 +1,17 @@
+### [CVE-2023-26035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26035)
+![](https://img.shields.io/static/v1?label=Product&message=zoneminder&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.36.33%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%3A%20Missing%20Authorization&color=brighgreen)
+
+### Description
+
+ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/175675/ZoneMinder-Snapshots-Command-Injection.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-27372.md b/2023/CVE-2023-27372.md
@@ -16,6 +16,7 @@ SPIP before 4.2.1 allows Remote Code Execution via form values in the public are
 #### Github
 - https://github.com/0SPwn/CVE-2023-27372-PoC
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/Chocapikk/CVE-2023-27372
 - https://github.com/Pari-Malam/CVE-2023-27372
 - https://github.com/RSTG0D/CVE-2023-27372-PoC
 - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android

diff --git a/2023/CVE-2023-30258.md b/2023/CVE-2023-30258.md
@@ -10,6 +10,7 @@ Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allo
 ### POC
 
 #### Reference
+- http://packetstormsecurity.com/files/175672/MagnusBilling-Remote-Command-Execution.html
 - https://eldstal.se/advisories/230327-magnusbilling.html
 
 #### Github

diff --git a/2023/CVE-2023-31230.md b/2023/CVE-2023-31230.md
@@ -0,0 +1,17 @@
+### [CVE-2023-31230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31230)
+![](https://img.shields.io/static/v1?label=Product&message=Baidu%20Tongji%20generator&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.0.2%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS.This issue affects Baidu Tongji generator: from n/a through 1.0.2.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/hackintoanetwork/hackintoanetwork
+
diff --git a/2023/CVE-2023-31754.md b/2023/CVE-2023-31754.md
@@ -0,0 +1,17 @@
+### [CVE-2023-31754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31754)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel.
+
+### POC
+
+#### Reference
+- https://labs.withsecure.com/advisories/optimizely-admin-panel-dom-xss
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-32741.md b/2023/CVE-2023-32741.md
@@ -0,0 +1,17 @@
+### [CVE-2023-32741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32741)
+![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20to%20Any%20API&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen)
+
+### Description
+
+Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/175654/WordPress-Contact-Form-To-Any-API-1.1.2-SQL-Injection.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-32832.md b/2023/CVE-2023-32832.md
@@ -0,0 +1,17 @@
+### [CVE-2023-32832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32832)
+![](https://img.shields.io/static/v1?label=Product&message=MT6883%2C%20MT6885%2C%20MT6889%2C%20MT6893%2C%20MT6895%2C%20MT6983%2C%20MT6985%2C%20MT8797%2C%20MT8798&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen)
+
+### Description
+
+In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/175662/Android-mtk_jpeg-Driver-Race-Condition-Privilege-Escalation.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-32837.md b/2023/CVE-2023-32837.md
@@ -0,0 +1,17 @@
+### [CVE-2023-32837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32837)
+![](https://img.shields.io/static/v1?label=Product&message=MT6883%2C%20MT6885%2C%20MT6889%2C%20MT6893%2C%20MT8797%2C%20MT8798&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen)
+
+### Description
+
+In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/175665/mtk-jpeg-Driver-Out-Of-Bounds-Read-Write.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-35082.md b/2023/CVE-2023-35082.md
@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/netlas-io/netlas-dorks
+- https://github.com/nomi-sec/PoC-in-GitHub
 
diff --git a/2023/CVE-2023-35877.md b/2023/CVE-2023-35877.md
@@ -0,0 +1,17 @@
+### [CVE-2023-35877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35877)
+![](https://img.shields.io/static/v1?label=Product&message=Extra%20User%20Details&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)
+
+### Description
+
+Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS.This issue affects Extra User Details: from n/a through 0.5.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/hackintoanetwork/hackintoanetwork
+
diff --git a/2023/CVE-2023-36576.md b/2023/CVE-2023-36576.md
@@ -0,0 +1,33 @@
+### [CVE-2023-36576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36576)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue)
+![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.6351%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.4974%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19041.3570%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.3570%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2031%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2538%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.2428%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen)
+
+### Description
+
+Windows Kernel Information Disclosure Vulnerability
+
+### POC
+
+#### Reference
+- http://packetstormsecurity.com/files/175659/Windows-Kernel-Containerized-Registry-Escape.html
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2023/CVE-2023-3725.md b/2023/CVE-2023-3725.md
@@ -11,7 +11,7 @@ Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://packetstormsecurity.com/files/175657/Zephyr-RTOS-3.x.0-Buffer-Overflows.html
 
 #### Github
 - https://github.com/0xdea/advisories

diff --git a/2023/CVE-2023-37857.md b/2023/CVE-2023-37857.md
@@ -10,7 +10,7 @@
 
 ### Description
 
-In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).
+In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies.  These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
 
 ### POC
Original file line number	Diff line number	Diff line change
Expand Up		@@ -14,4 +14,5 @@ No PoCs from references.

		#### Github
		- https://github.com/netlas-io/netlas-dorks
		- https://github.com/nomi-sec/PoC-in-GitHub
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,7 +10,7 @@ @@
     ### Description
-    In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).
+    In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies.  These session-cookies created by the attacker are not sufficient to obtain a valid session on the device.
     ### POC
@@ Expand Down @@