parent
58de44b9d4
commit
03b7a5f0fe
|
@ -1,19 +1,21 @@
|
|||
id: CVE-2021-34473
|
||||
|
||||
info:
|
||||
name: Exchange Server SSRF (ProxyShell)
|
||||
name: Exchange Server - Remote Code Execution
|
||||
author: arcc,intx0x80,dwisiswant0,r3dg33k
|
||||
severity: critical
|
||||
description: |
|
||||
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
|
||||
Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
|
||||
reference:
|
||||
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
|
||||
- https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
|
||||
- https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-34473
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-34473
|
||||
remediation: Apply Microsoft Exchange Server 2019 Cumulative Update 9 or upgrade to the latest version.
|
||||
tags: cve,cve2021,ssrf,rce,exchange
|
||||
|
||||
requests:
|
||||
|
@ -29,3 +31,5 @@ requests:
|
|||
words:
|
||||
- "Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException"
|
||||
- "Exchange MAPI/HTTP Connectivity Endpoint"
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-34621
|
||||
|
||||
info:
|
||||
name: WordPress ProfilePress wp-user-avatar plugin make admin users
|
||||
name: WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
|
||||
author: 0xsapra
|
||||
severity: critical
|
||||
description: A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator.
|
||||
This issue affects versions 3.0.0 - 3.1.3. .
|
||||
description: ProfilePress WordPress plugin is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator.
|
||||
reference:
|
||||
- https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-34621
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -106,3 +106,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-35336
|
||||
|
||||
info:
|
||||
name: Unauthorised Remote Access of Internal Panel
|
||||
name: Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access
|
||||
author: Pratik Khalane
|
||||
severity: critical
|
||||
description: Finding the Tieline Admin Panels with default credentials.
|
||||
description: Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.
|
||||
reference:
|
||||
- https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-35336
|
||||
|
@ -40,3 +40,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
id: CVE-2021-35464
|
||||
|
||||
info:
|
||||
name: Pre-auth RCE in ForgeRock OpenAM
|
||||
name: ForgeRock OpenAM <7.0 - Remote Code Execution
|
||||
author: madrobot
|
||||
severity: critical
|
||||
description: |
|
||||
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.
|
||||
The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted
|
||||
/ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)
|
||||
found in versions of Java 8 or earlier
|
||||
found in versions of Java 8 or earlier.
|
||||
reference:
|
||||
- https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35464
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -43,3 +44,5 @@ requests:
|
|||
- "openam/ccversion/Masthead.jsp"
|
||||
part: body
|
||||
condition: or
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
id: CVE-2021-35587
|
||||
|
||||
info:
|
||||
name: Pre-auth RCE in Oracle Access Manager
|
||||
name: Oracle Access Manager - Remote Code Execution
|
||||
author: cckuailong
|
||||
severity: critical
|
||||
description: |
|
||||
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.
|
||||
The Oracle Access Manager portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager.
|
||||
reference:
|
||||
- https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-35587
|
||||
|
@ -41,3 +41,5 @@ requests:
|
|||
part: body
|
||||
words:
|
||||
- "/oam/pages/css/general.css"
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-3577
|
||||
|
||||
info:
|
||||
name: Motorola Baby Monitors Unauthenticated RCE
|
||||
name: Motorola Baby Monitors - Remote Command Execution
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: Vulnerabilities in the interface of Motorola Baby Monitors could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
description: Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
|
||||
reference:
|
||||
- https://randywestergren.com/unauthenticated-remote-code-execution-in-motorola-baby-monitors/
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3577
|
||||
|
@ -36,3 +36,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- "set_city_timezone"
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
id: CVE-2021-36260
|
||||
|
||||
info:
|
||||
name: Hikvision IP camera/NVR - Unauthenticated RCE
|
||||
name: Hikvision IP camera/NVR - Remote Command Execution
|
||||
author: pdteam,gy741
|
||||
severity: critical
|
||||
description: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack
|
||||
by sending some messages with malicious commands.
|
||||
description: Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
|
||||
reference:
|
||||
- https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
|
||||
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
|
||||
|
@ -45,3 +44,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- "(u|g)id=.*"
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
id: CVE-2021-36380
|
||||
|
||||
info:
|
||||
name: Sunhillo SureLine - Unauthenticated OS Command Injection
|
||||
name: Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection
|
||||
author: gy741
|
||||
severity: critical
|
||||
description: The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input.
|
||||
The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
|
||||
description: "Sunhillo SureLine <8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session."
|
||||
reference:
|
||||
- https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-36380
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
|
@ -28,3 +28,5 @@ requests:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,19 +1,18 @@
|
|||
id: CVE-2021-37538
|
||||
|
||||
info:
|
||||
name: PrestaShop SmartBlog SQL Injection
|
||||
name: PrestaShop SmartBlog <4.0.6- SQL Injection
|
||||
author: whoever
|
||||
severity: critical
|
||||
description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37538
|
||||
- https://blog.sorcery.ie/posts/smartblog_sqli/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-37538
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-37538
|
||||
cwe-id: CWE-89
|
||||
remediation: Apply the fix.
|
||||
tags: cve,cve2021,prestashop,smartblog,sqli
|
||||
|
||||
requests:
|
||||
|
@ -32,4 +31,4 @@ requests:
|
|||
- "c5fe25896e49ddfe996db7508cf00534"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/02/08
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-37580
|
||||
|
||||
info:
|
||||
name: Apache ShenYu Admin JWT authentication bypass
|
||||
name: Apache ShenYu Admin JWT - Authentication Bypass
|
||||
author: pdteam
|
||||
severity: critical
|
||||
description: A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
|
||||
description: Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-37580
|
||||
- https://github.com/fengwenhua/CVE-2021-37580
|
||||
|
@ -34,3 +34,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-38647
|
||||
|
||||
info:
|
||||
name: Microsoft Open Management Infrastructure Remote Code Execution
|
||||
name: Microsoft Open Management Infrastructure - Remote Code Execution
|
||||
author: daffainfo,xstp
|
||||
severity: critical
|
||||
description: Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).
|
||||
|
@ -68,4 +68,4 @@ requests:
|
|||
- 'uid=0(root) gid=0(root) groups=0'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/03/28
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
id: CVE-2021-39226
|
||||
|
||||
info:
|
||||
name: Grafana Snapshot Authentication Bypass
|
||||
name: Grafana Snapshot - Authentication Bypass
|
||||
author: Evan Rubinstein
|
||||
severity: critical
|
||||
description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key.
|
||||
description: "Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key.
|
||||
If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints
|
||||
/api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).
|
||||
/api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default)."
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-69j6-29vr-p3j9
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-39226
|
||||
|
@ -15,8 +15,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-39226
|
||||
cwe-id: CWE-200
|
||||
remediation: 'This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key,
|
||||
and /api/snapshots/:key. They have no normal function and can be disabled without side effects.'
|
||||
remediation: "This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key,
|
||||
and /api/snapshots/:key. They have no normal function and can be disabled without side effects."
|
||||
tags: cve,cve2021,grafana
|
||||
|
||||
requests:
|
||||
|
@ -34,4 +34,4 @@ requests:
|
|||
words:
|
||||
- '"isSnapshot":true'
|
||||
|
||||
# Enhanced by cs on 2022/02/22
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-40323
|
||||
|
||||
info:
|
||||
name: Cobbler <3.3.0 Remote Code Execution
|
||||
name: Cobbler <3.3.0 - Remote Code Execution
|
||||
author: c-sh0
|
||||
severity: critical
|
||||
description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method.
|
||||
|
@ -96,4 +96,4 @@ requests:
|
|||
- "nobody:.*:99"
|
||||
condition: or
|
||||
|
||||
# Enhanced by mp on 2022/03/16
|
||||
# Enhanced by mp on 2022/05/02
|
||||
|
|
Loading…
Reference in New Issue