Update Tue Jan 21 12:20:41 UTC 2025

2021/CVE-2021-25920.md

@@ -0,0 +1,17 @@
+### [CVE-2021-25920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25920)
+![](https://img.shields.io/static/v1?label=Product&message=openemr&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control&color=brighgreen)
+
+### Description
+
+In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating a new user, which leads to a malicious user able to read and send sensitive messages on behalf of the victim user.
+
+### POC
+
+#### Reference
+- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25920
+
+#### Github
+No PoCs found on GitHub currently.
+

2021/CVE-2021-25930.md

@@ -10,7 +10,7 @@ In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNM
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25930
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2021/CVE-2021-29133.md

@@ -10,7 +10,7 @@ Lack of verification in haserl, a component of Alpine Linux Configuration Framew
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://gitlab.alpinelinux.org/alpine/aports/-/issues/12539
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-30612.md

@@ -0,0 +1,17 @@
+### [CVE-2023-30612](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30612)
+![](https://img.shields.io/static/v1?label=Product&message=cloud-hypervisor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2030.0%2C%20%3C%2030.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%3A%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)
+
+### Description
+
+Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability.  Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only.
+
+### POC
+
+#### Reference
+- https://github.com/cloud-hypervisor/cloud-hypervisor/pull/5373
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-3503.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3503](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3503)
+![](https://img.shields.io/static/v1?label=Product&message=Shopping%20Website&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
+
+### Description
+
+A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232951.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.232951
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-3756.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3756)
+![](https://img.shields.io/static/v1?label=Product&message=Atlas%20Business%20Directory%20Listing&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%202.13%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this issue is some unknown functionality of the file /home/search. The manipulation of the argument search_string leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-234428. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.234428
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-3791.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3791)
+![](https://img.shields.io/static/v1?label=Product&message=OA&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%204.5.5%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen)
+
+### Description
+
+A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/zry-wyj/cve/blob/main/ibos.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-6574.md

@@ -10,7 +10,7 @@ A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as c
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://vuldb.com/?id.247154
 
 #### Github
 - https://github.com/tanjiti/sec_profile

2024/CVE-2024-10418.md

@@ -11,6 +11,7 @@ A vulnerability was found in code-projects Blood Bank Management System 1.0. It
 
 #### Reference
 - https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11
+- https://vuldb.com/?submit.431782
 
 #### Github
 No PoCs found on GitHub currently.

2024/CVE-2024-57030.md

@@ -10,7 +10,7 @@ Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_f
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57030
 
 #### Github
 - https://github.com/Sec-Dojo-Cyber-House/cve-hunters

2024/CVE-2024-57031.md

@@ -10,7 +10,7 @@ WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57031
 
 #### Github
 - https://github.com/Sec-Dojo-Cyber-House/cve-hunters

2024/CVE-2024-57032.md

@@ -10,7 +10,7 @@ WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php.
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/nmmorette/vulnerability-research/blob/main/CVE-2024-57032
 
 #### Github
 - https://github.com/Sec-Dojo-Cyber-House/cve-hunters

2024/CVE-2024-57033.md

@@ -10,7 +10,7 @@ WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57033
 
 #### Github
 - https://github.com/Sec-Dojo-Cyber-House/cve-hunters

2024/CVE-2024-57034.md

@@ -10,7 +10,7 @@ WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the q
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57034
 
 #### Github
 - https://github.com/Sec-Dojo-Cyber-House/cve-hunters

2024/CVE-2024-57035.md

@@ -10,7 +10,7 @@ WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /contro
 ### POC
 
 #### Reference
-No PoCs from references.
+- https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57035
 
 #### Github
 - https://github.com/Sec-Dojo-Cyber-House/cve-hunters

2024/CVE-2024-57159.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57159)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.
+
+### POC
+
+#### Reference
+- https://github.com/1091101/yang.xian/tree/main/6/readme.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57160.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57160)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.
+
+### POC
+
+#### Reference
+- https://github.com/1091101/yang.xian/tree/main/7/readme.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57161.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57161)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html
+
+### POC
+
+#### Reference
+- https://github.com/1091101/yang.xian/tree/main/8/readme.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57580.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57580)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
+
+### POC
+
+#### Reference
+- https://github.com/qijiale/Tenda/tree/main/7
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57581.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57581)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.
+
+### POC
+
+#### Reference
+- https://github.com/qijiale/Tenda/tree/main/8
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57582.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57582)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function.
+
+### POC
+
+#### Reference
+- https://github.com/qijiale/Tenda/tree/main/9
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57611.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57611](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57611)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
+
+### POC
+
+#### Reference
+- https://github.com/daodaoshao/Yunpeng-Yin/tree/main/7/readme.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57676.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57676](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57676)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.
+
+### POC
+
+#### Reference
+- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2WlanBasicSetup.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57677.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57677](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57677)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.
+
+### POC
+
+#### Reference
+- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2Wan.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57678.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57678)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.
+
+### POC
+
+#### Reference
+- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2WlAc.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57679.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57679)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.
+
+### POC
+
+#### Reference
+- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2RepeaterSetup.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2024/CVE-2024-57680.md

@@ -0,0 +1,17 @@
+### [CVE-2024-57680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57680)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.
+
+### POC
+
+#### Reference
+- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Unauthorized_Vulnerability/D-Link/DIR-816/form2PortriggerRule.md
+
+#### Github
+No PoCs found on GitHub currently.
+