Update Thu Feb 16 05:58:32 UTC 2023

Author: trickest-workflows

2007/CVE-2007-6750.md

@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/3vil-Tux/Pentesting-Resources
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Brindamour76/THM---PickleRick
+- https://github.com/DButter/whitehat_public
 - https://github.com/Eutectico/Steel-Mountain
 - https://github.com/GiJ03/ReconScan
 - https://github.com/MrFrozenPepe/Pentest-Cheetsheet

2008/CVE-2008-0005.md

@@ -13,5 +13,6 @@ mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/Live-Hack-CVE/CVE-2008-0005
 

2008/CVE-2008-0226.md

@@ -13,5 +13,5 @@ Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possi
 - http://securityreason.com/securityalert/3531
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DButter/whitehat_public
 

2008/CVE-2008-0455.md

@@ -15,6 +15,7 @@ Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Ap
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/Live-Hack-CVE/CVE-2008-0455
 - https://github.com/SecureAxom/strike
 - https://github.com/xxehacker/strike

2008/CVE-2008-0456.md

@@ -15,6 +15,7 @@ CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Se
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/Live-Hack-CVE/CVE-2008-0456
 - https://github.com/SecureAxom/strike
 - https://github.com/xxehacker/strike

2008/CVE-2008-1657.md

@@ -13,5 +13,6 @@ OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypas
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/kaio6fellipe/ssh-enum
 

2008/CVE-2008-2079.md

@@ -15,6 +15,7 @@ MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x b
 #### Github
 - https://github.com/CoolerVoid/Vision
 - https://github.com/CoolerVoid/Vision2
+- https://github.com/DButter/whitehat_public
 - https://github.com/hack-parthsharma/Vision
 - https://github.com/tomwillfixit/alpine-cvecheck
 

2008/CVE-2008-2364.md

@@ -13,6 +13,7 @@ The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy
 - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/GiJ03/ReconScan
 - https://github.com/Live-Hack-CVE/CVE-2008-2364
 - https://github.com/RoliSoft/ReconScan

2008/CVE-2008-2939.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/GiJ03/ReconScan
 - https://github.com/MrFrozenPepe/Pentest-Cheetsheet
 - https://github.com/RoliSoft/ReconScan

2008/CVE-2008-3259.md

@@ -0,0 +1,17 @@
+### [CVE-2008-3259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3259)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2008/CVE-2008-3963.md

@@ -13,5 +13,6 @@ MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not proper
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/tomwillfixit/alpine-cvecheck
 

2008/CVE-2008-4098.md

@@ -13,5 +13,6 @@ MySQL before 5.0.67 allows local users to bypass certain privilege checks by cal
 - http://bugs.mysql.com/bug.php?id=32167
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/tomwillfixit/alpine-cvecheck
 

2008/CVE-2008-4163.md

@@ -0,0 +1,17 @@
+### [CVE-2008-4163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4163)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2008/CVE-2008-5161.md

@@ -14,6 +14,7 @@ Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Conne
 
 #### Github
 - https://github.com/AAROC/harden-ssh
+- https://github.com/DButter/whitehat_public
 - https://github.com/ekiojp/hanase
 - https://github.com/joshgarlandreese/WordPressRedTeam_BlueTeam
 - https://github.com/kaio6fellipe/ssh-enum

2008/CVE-2008-7247.md

@@ -13,5 +13,6 @@ sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 be
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/tomwillfixit/alpine-cvecheck
 

2008/CVE-2008-7265.md

@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/firatesatoglu/shodanSearch
 

2009/CVE-2009-0025.md

@@ -0,0 +1,17 @@
+### [CVE-2009-0025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2009/CVE-2009-0265.md

@@ -0,0 +1,17 @@
+### [CVE-2009-0265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2009/CVE-2009-0543.md

@@ -15,6 +15,7 @@ No PoCs from references.
 #### Github
 - https://github.com/CoolerVoid/Vision
 - https://github.com/CoolerVoid/Vision2
+- https://github.com/DButter/whitehat_public
 - https://github.com/firatesatoglu/shodanSearch
 - https://github.com/hack-parthsharma/Vision
 - https://github.com/tpez0/node-nmap-vulners

2009/CVE-2009-0696.md

@@ -13,5 +13,5 @@ The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P
 - http://www.vmware.com/security/advisories/VMSA-2009-0016.html
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/DButter/whitehat_public
 

2009/CVE-2009-0922.md

@@ -0,0 +1,17 @@
+### [CVE-2009-0922](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0922)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding, as demonstrated using mismatched encoding conversion requests.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2009/CVE-2009-1195.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/GiJ03/ReconScan
 - https://github.com/RoliSoft/ReconScan
 - https://github.com/SecureAxom/strike

2009/CVE-2009-1890.md

@@ -14,6 +14,7 @@ The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in th
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/GiJ03/ReconScan
 - https://github.com/Live-Hack-CVE/CVE-2009-1890
 - https://github.com/RoliSoft/ReconScan

2009/CVE-2009-1891.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/GiJ03/ReconScan
 - https://github.com/Live-Hack-CVE/CVE-2009-1891
 - https://github.com/RoliSoft/ReconScan

2009/CVE-2009-2446.md

@@ -13,5 +13,6 @@ Multiple format string vulnerabilities in the dispatch_command function in libmy
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/tomwillfixit/alpine-cvecheck
 

2009/CVE-2009-2699.md

@@ -14,6 +14,7 @@ The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/GiJ03/ReconScan
 - https://github.com/Live-Hack-CVE/CVE-2009-2699
 - https://github.com/RoliSoft/ReconScan

2009/CVE-2009-3094.md

@@ -13,5 +13,6 @@ The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/Live-Hack-CVE/CVE-2009-3094
 

2009/CVE-2009-3095.md

@@ -13,5 +13,6 @@ The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to by
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/Live-Hack-CVE/CVE-2009-3095
 

2009/CVE-2009-3229.md

@@ -0,0 +1,17 @@
+### [CVE-2009-3229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3229)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2009/CVE-2009-3230.md

@@ -0,0 +1,17 @@
+### [CVE-2009-3230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3230)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges.  NOTE: this is due to an incomplete fix for CVE-2007-6600.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2009/CVE-2009-3231.md

@@ -0,0 +1,17 @@
+### [CVE-2009-3231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3231)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2009/CVE-2009-3555.md

@@ -26,6 +26,7 @@ The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Micr
 
 #### Github
 - https://github.com/ADesprets/DPSSLClientProfile
+- https://github.com/DButter/whitehat_public
 - https://github.com/GiJ03/ReconScan
 - https://github.com/RedHatProductSecurity/CVE-HOWTO
 - https://github.com/RoliSoft/ReconScan

2009/CVE-2009-3559.md

@@ -0,0 +1,17 @@
+### [CVE-2009-3559](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3559)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+** DISPUTED ** main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Live-Hack-CVE/CVE-2009-3559
+

2009/CVE-2009-3639.md

@@ -14,5 +14,6 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/DButter/whitehat_public
 - https://github.com/firatesatoglu/shodanSearch
 

2009/CVE-2009-4019.md

@@ -13,5 +13,6 @@ mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properl
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/tomwillfixit/alpine-cvecheck
 

2009/CVE-2009-4022.md

@@ -0,0 +1,17 @@
+### [CVE-2009-4022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+

2009/CVE-2009-4028.md

@@ -13,5 +13,6 @@ The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.
 No PoCs from references.
 
 #### Github
+- https://github.com/DButter/whitehat_public
 - https://github.com/tomwillfixit/alpine-cvecheck
 

2009/CVE-2009-4034.md

@@ -0,0 +1,17 @@
+### [CVE-2009-4034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/DButter/whitehat_public
+