nvdcve - NVD/CVE as JSON files

  •        3

Important: this repository is now partially redundant with the CVEProject/cvelist project that allows to explore the CVE®/NVD modification history using git as well as submitting new vulnerabilities using GitHub pull requests. However, this repository is still synchronized with the dictionaries to allow to fetch each vulnerability in JSON format. This repository contains JSON files describing vulnerabilities from the NVD and CVE® dictionaries.

https://olbat.github.io/nvdcve/CVE-YYYY-NNNN.json
https://github.com/olbat/nvdcve

Tags
Implementation
License
Platform

   




Related Projects

spectre-meltdown-checker - Spectre & Meltdown vulnerability/mitigation checker for Linux

  •    Shell

A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018. For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.

vulscan - Advanced vulnerability scanning with Nmap NSE

  •    Lua

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of VulDB. Just execute vulscan like you would by refering to one of the pre-delivered databases. Feel free to share your own database and vulnerability connection with me, to add it to the official repository.

CVE-2015-1701 - Win32k LPE vulnerability used in APT attack

  •    C

Win32k LPE vulnerability used in APT attack

h4cker - This repository is primarily maintained by Omar Santos and includes resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more

  •    Java

This repository includes thousands of cybersecurity-related references and resources and it is maintained by Omar Santos. This GitHub repository has been created to provide supplemental material to several books, video courses, and live training created by Omar Santos and other co-authors. It provides over 6,000 references, scripts, tools, code, and other resources that help offensive and defensive security professionals learn and develop new skills. This GitHub repository provides guidance on how build your own hacking environment, learn about offensive security (ethical hacking) techniques, vulnerability research, exploit development, reverse engineering, malware analysis, threat intelligence, threat hunting, digital forensics and incident response (DFIR), includes examples of real-life penetration testing reports, and more. These courses serve as comprehensive guide for any network and security professional who is starting a career in ethical hacking and penetration testing. It also can help individuals preparing for the Offensive Security Certified Professional (OSCP), the Certified Ethical Hacker (CEH), CompTIA PenTest+ and any other ethical hacking certification. This course helps any cyber security professional that want to learn the skills required to becoming a professional ethical hacker or that want to learn more about general hacking methodologies and concepts.

CVE-2018-8897 - Arbitrary code execution with kernel privileges using CVE-2018-8897.

  •    C++

Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.


heartbleeder - OpenSSL CVE-2014-0160 Heartbleed vulnerability test

  •    Go

Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed. WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.

Bad-Pdf - Steal Net-NTLM Hash using Bad-PDF

  •    Python

Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readers(Any version) and java scripts are not required for this attack, most of the EDR/Endpoint solution fail to detect this attack.

Pseudo ICS daemon

  •    C

Really sorry, everyone. This project contains serious vulnerability. Please stop using. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4504 --------------------------------------- UPnP IGD (Internet Gateway Device).This emulates Microsoft ICS service. This is for Kernel 2.2. If you looking for 2.4 version, I gave my all result to quot;Linux-IGDquot; project. I am thankful to them who translated my project into mainstream kernel.

pcileech - Direct Memory Access (DMA) Attack Software

  •    C

PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. PCILeech works without hardware together with memory dump files and the Windows 7/2008R2 x64 Total Meltdown / CVE-2018-1038 vulnerability.

js-vuln-db - A collection of JavaScript engine CVEs with PoCs

  •    

A collection of JavaScript engine CVEs with PoCs

SpecuCheck - SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)

  •    C

SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4). It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and reports the data as seen by the Windows Kernel. An official Microsoft Powershell Cmdlet Module now exists as well, which is the recommended and supported way to get this information.

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

awesome-cve-poc - ✍️ A curated list of CVE PoCs.

  •    

✍️ A curated list of CVE PoCs.Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you might also want to check out awesome-web-security.

tpwn - xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10

  •    Objective-C

xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10.10.5, 0day at the time | poc or gtfo

CVE-2018-7600 - 💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

  •    Python

IMPORTANT: Is provided only for educational or information purposes. CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

CVE-2018-8120 - CVE-2018-8120 Windows LPE exploit

  •    C++

Supports both x32 and x64. Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64.