Update Thu Feb 13 04:27:07 UTC 2025

trickest · Feb 13, 2025 · f38b831 · f38b831
1 parent aed98e0
commit f38b831
Show file tree

Hide file tree

Showing 9 changed files with 130 additions and 0 deletions.
diff --git a/2009/CVE-2009-1626.md b/2009/CVE-2009-1626.md
@@ -10,6 +10,7 @@ SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 2009
 ### POC
 
 #### Reference
+- http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152
 - https://www.exploit-db.com/exploits/8547
 
 #### Github

diff --git a/2024/CVE-2024-51376.md b/2024/CVE-2024-51376.md
@@ -0,0 +1,18 @@
+### [CVE-2024-51376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51376)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.
+
+### POC
+
+#### Reference
+- https://github.com/echo0d/vulnerability/blob/main/yeqifu_carRental/DirectoryTraversal.md
+- https://github.com/yeqifu/carRental/issues/43
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-57601.md b/2024/CVE-2024-57601.md
@@ -0,0 +1,17 @@
+### [CVE-2024-57601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57601)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.
+
+### POC
+
+#### Reference
+- https://hkohi.ca/vulnerability/13
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-57602.md b/2024/CVE-2024-57602.md
@@ -0,0 +1,17 @@
+### [CVE-2024-57602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57602)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
+
+### POC
+
+#### Reference
+- https://hkohi.ca/vulnerability/12
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-57603.md b/2024/CVE-2024-57603.md
@@ -0,0 +1,17 @@
+### [CVE-2024-57603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57603)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.
+
+### POC
+
+#### Reference
+- https://hkohi.ca/vulnerability/1
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-57604.md b/2024/CVE-2024-57604.md
@@ -0,0 +1,17 @@
+### [CVE-2024-57604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57604)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.
+
+### POC
+
+#### Reference
+- https://hkohi.ca/vulnerability/2
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-57605.md b/2024/CVE-2024-57605.md
@@ -0,0 +1,17 @@
+### [CVE-2024-57605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57605)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalate privileges via the /fuel/blocks/ and /fuel/pages components.
+
+### POC
+
+#### Reference
+- https://hkohi.ca/vulnerability/3
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/2024/CVE-2024-8266.md b/2024/CVE-2024-8266.md
@@ -0,0 +1,17 @@
+### [CVE-2024-8266](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8266)
+![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=17.1%3C%2017.6.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-250%3A%20Execution%20with%20Unnecessary%20Privileges&color=brighgreen)
+
+### Description
+
+An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.
+
+### POC
+
+#### Reference
+- https://gitlab.com/gitlab-org/gitlab/-/issues/481531
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -16298,6 +16298,7 @@ CVE-2009-1622 - https://www.exploit-db.com/exploits/8548
 CVE-2009-1623 - https://www.exploit-db.com/exploits/8545
 CVE-2009-1624 - https://www.exploit-db.com/exploits/8545
 CVE-2009-1625 - https://www.exploit-db.com/exploits/8546
+CVE-2009-1626 - http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152
 CVE-2009-1626 - https://www.exploit-db.com/exploits/8547
 CVE-2009-1627 - https://www.exploit-db.com/exploits/8531
 CVE-2009-1627 - https://www.exploit-db.com/exploits/8536
@@ -109508,6 +109509,8 @@ CVE-2024-51363 - https://github.com/Gelcon/PoC-of-Hodoku-V2.3.0-RCE
 CVE-2024-51364 - https://github.com/Gelcon/PoC-ModbusMechanic-3.0-Insecure-Deserialization-and-RCE
 CVE-2024-51365 - https://github.com/Gelcon/PoC-of-VisiCut2_1-Stack-Overflow-Vul
 CVE-2024-5137 - https://github.com/BurakSevben/CVEs/blob/main/Directory%20Management%20System/Directory%20Management%20System%20-%20Cross-Site-Scripting%20-%202.md
+CVE-2024-51376 - https://github.com/echo0d/vulnerability/blob/main/yeqifu_carRental/DirectoryTraversal.md
+CVE-2024-51376 - https://github.com/yeqifu/carRental/issues/43
 CVE-2024-51378 - https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/
 CVE-2024-51378 - https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
 CVE-2024-5138 - https://bugs.launchpad.net/snapd/+bug/2065077
@@ -109958,6 +109961,11 @@ CVE-2024-57580 - https://github.com/qijiale/Tenda/tree/main/7
 CVE-2024-57581 - https://github.com/qijiale/Tenda/tree/main/8
 CVE-2024-57582 - https://github.com/qijiale/Tenda/tree/main/9
 CVE-2024-57595 - https://www.dlink.com/en/security-bulletin/
+CVE-2024-57601 - https://hkohi.ca/vulnerability/13
+CVE-2024-57602 - https://hkohi.ca/vulnerability/12
+CVE-2024-57603 - https://hkohi.ca/vulnerability/1
+CVE-2024-57604 - https://hkohi.ca/vulnerability/2
+CVE-2024-57605 - https://hkohi.ca/vulnerability/3
 CVE-2024-57611 - https://github.com/daodaoshao/Yunpeng-Yin/tree/main/7/readme.md
 CVE-2024-57615 - https://github.com/MonetDB/MonetDB/issues/7413
 CVE-2024-57616 - https://github.com/MonetDB/MonetDB/issues/7412
@@ -110853,6 +110861,7 @@ CVE-2024-8230 - https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tend
 CVE-2024-8231 - https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O6V3.0/fromVirtualSet.md
 CVE-2024-8233 - https://gitlab.com/gitlab-org/gitlab/-/issues/480867
 CVE-2024-8239 - https://wpscan.com/vulnerability/02796da0-218d-4cbb-98ca-49eeea83cac5/
+CVE-2024-8266 - https://gitlab.com/gitlab-org/gitlab/-/issues/481531
 CVE-2024-8283 - https://wpscan.com/vulnerability/a60aed55-c0a2-4912-8844-cdddf31d90b6/
 CVE-2024-8301 - https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/dingfanzu-CMS/dingfanzu-CMS%20checkin.php%20username%20SQL-inject.md
 CVE-2024-8302 - https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/dingfanzu-CMS/dingfanzu-CMS%20chpwd.php%20username%20SQL-inject.md