From 07d402ceb11e59d33d15292ee8140e1c7a8427c1 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 29 Sep 2023 16:59:32 +0000 Subject: [PATCH] Auto Generated cves.json [Fri Sep 29 16:59:32 UTC 2023] :robot: --- cves.json | 2 ++ cves.json-checksum.txt | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index 3b37efed3a..598eac4a86 100644 --- a/cves.json +++ b/cves.json @@ -246,6 +246,7 @@ {"ID":"CVE-2014-8799","Info":{"Name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-8799.yaml"} {"ID":"CVE-2014-9094","Info":{"Name":"WordPress DZS-VideoGallery Plugin Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9094.yaml"} {"ID":"CVE-2014-9119","Info":{"Name":"WordPress DB Backup \u003c=4.5 - Local File Inclusion","Severity":"medium","Description":"WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9119.yaml"} +{"ID":"CVE-2014-9180","Info":{"Name":"Eleanor CMS - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9180.yaml"} {"ID":"CVE-2014-9444","Info":{"Name":"Frontend Uploader \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9444.yaml"} {"ID":"CVE-2014-9606","Info":{"Name":"Netsweeper 4.0.8 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9606.yaml"} {"ID":"CVE-2014-9607","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9607.yaml"} @@ -1953,6 +1954,7 @@ {"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"} {"ID":"CVE-2023-29298","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29298.yaml"} {"ID":"CVE-2023-29300","Info":{"Name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29300.yaml"} +{"ID":"CVE-2023-29357","Info":{"Name":"Microsoft SharePoint - Authentication Bypass","Severity":"critical","Description":"Microsoft SharePoint Server Elevation of Privilege Vulnerability\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29357.yaml"} {"ID":"CVE-2023-29489","Info":{"Name":"cPanel - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29489.yaml"} {"ID":"CVE-2023-29622","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29622.yaml"} {"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 56e6bbb8f2..b71cb18692 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -5a85d5352421da476ffa2611a57b717f +cf00d3e1c6a26a5c5e737e17baa8955c