trickest / cve Goto Github PK
View Code? Open in Web Editor NEWGather and update all available and newest CVEs with their PoC.
Home Page: https://trickest.com
License: MIT License
Gather and update all available and newest CVEs with their PoC.
Home Page: https://trickest.com
License: MIT License
Along with the references.txt
we should add github.txt
which will contain all of the GitHub repositories, for further examination by workflow
Hi. I am using another project, which uses trickest / cve to display possible PoC Code for found CVEs.
While using this, I came across lots of links to repositories, which only contains the descriptions of the CVEs or just list the CVEs without any PoC code.
e.g. https://github.com/facebookincubator/nvdtools
Can they be added to the blacklist? I can either list the ones I found here or do a pull request for adding them to the blacklist if you are interested.
Describe the bug
Stored XSS caused by remote malicious content.
To Reproduce
According to the rules of regular matching, remotely construct malicious vulnerability description content, insert XSS payload into it, such as: <script>alert(1)</script> or payload that steals cookies.
Affected Version
Lastest.
Please do add the truncated data
I reckon it could be useful for people to know what is being exploited, I tried to make this easily accessible here:
https://github.com/gmatuz/inthewilddb
maybe there is also some PoCs you can take from it. All data is Apache 2.0
If you find some PoC you miss, reach out glad to share the collection code too
hi, as i can see 2023 cves md files are empty , this even cause a problem while trying running python script related to summary_html
Vulnerable product: Cisco BroadWorks
Author: Eslam Akl (@eslam3kll)
CVE-2021–34785: IDOR lead to privileges escalation “Admin account takeover”
CVE-2021-34786: IDOR lead to delete arbitrary admin user accounts
Record : cve/2019/CVE-2019-12761.md
The PoC is the first mentioned reference : https://gist.github.com/dhondta/b45cd41f4186110a354dc7272916feba
But no PoC was found.
Note that the actual PoC (the first reference) has the keywords "Proof-of-Concept" mentioned in the Gist's description.
Since fuff is not completely accurate because of different HTTP responses for each execution, anew should give us only new results which we should update and previous ones should stay.
This could be done by getting the previous references.txt
directly from the repository
Hi, I'm the author of CVE-2019-2832.
This is a relevant reference:
https://github.com/0xdea/raptor_infiltrate19
PoCs are available here:
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc.c
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc2.c
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_sparc3.c
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintname_intel.c
https://github.com/0xdea/raptor_infiltrate19/blob/master/exploits/bas/aix_ppc_dtprintinfo.c
https://github.com/0xdea/raptor_infiltrate19/blob/master/exploits/bas/sol_sparc_dtp.c
https://github.com/0xdea/raptor_infiltrate19/blob/master/exploits/dave/dtprintinfo27.tar
https://github.com/0xdea/raptor_infiltrate19/blob/master/exploits/dave/dtprintinfo28.tar
https://github.com/0xdea/raptor_infiltrate19/blob/master/exploits/dave/nonexecdtprintinfo27.tar
https://github.com/0xdea/raptor_infiltrate19/blob/master/exploits/dave/nonexecdtprintinfo28.tar
https://github.com/0xdea/raptor_infiltrate19/blob/master/exploits/dave/nonexecdtprintinfo28v12.tar.Z
Hello, May I ask whether the CVE files listed in the warehouse are all with POC?
Create workflow for gathering all available POCs for CVEs from different informational sources.
I could not find the code behind this workflow. Can you point me to it? Thanks!
Good afternoon, I would like to share the recent exploit I created and would like it to be incorporated into this repository: https://github.com/david-botelho-mariano/exploit-CVE-2024-25723
As per https://twitter.com/_prbh/status/1492173398763618317 suggestion, thanks!
Hi, I'm the author of CVE-2006-1242. If you're interested in a PoC, check out my original Bugtraq report here, since CVE references are outdated:
https://seclists.org/bugtraq/2006/Mar/258
The affected product is the Linux kernel 2.4.x and 2.6.x before 2.6.16.
Hello!
I hope you are doing well!
We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.
Can you enable it, so that we can report it?
Thanks in advance!
PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
We should create blacklists for github repositories that are known not to be reliable sources.
Hey! I think you can add a lot of PoCs from https://securitylab.github.com/advisories/
Record : cve/2019/CVE-2019-12760.md
The PoC is the first mentioned reference : https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7
But the PoC found is : https://github.com/kaashmonee/rM2FS
The PoC found only mentions the vulnerability but is actually NOT the proof-of-concept. Note that the actual PoC (the first reference) has the keywords "Proof-of-Concept" mentioned in the Gist's description.
You should add some topics to get your repo better referenced. The following list provides some trendy topics I found via https://github.com/topics while browsing other related projects where you could settle your project in the top.
poc
cve
cve-poc
latest-cve
vulnerability
vulnerabilities
software-vulnerabilities
exploit
security
infosec
hacking
pentesting
penetration-testing
red-team
security-tools
md present without a poc at https://github.com/trickest/cve/blob/main/2024/CVE-2024-21672.md
We should appreciate all the authors that contribute POCs on Github in separate file ❤️
Please update
Consider adapting your regex to something case-insensitive like the following :
(?i)[^a-z0-9]+(poc|proof of concept|proof-of-concept)[^a-z0-9]+
I've already seen some examples of PoC's not caught for CVE's that are well in your repo, therefore resulting in "No GitHub POC found".
Hi trickest,
Some may use the uppercase of Proof and Concept
(?i)[^a-z0-9]+([Pp]o[Cc]|[Pp]roof of [Cc]oncept|[Pp]roof[-_]of[-_][Cc]oncept)[^a-z0-9]+
such as the "Exploit Proof of Concept" in this page
Thanks,
dingisoul
@trickest Thank you very much for quoting my project in your repo, for some reason I can't make other modifications, but for learning purposes, you can visit fahai.org for scripts
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.