Merge branch 'main' into patch-2

patch-1
Dhiyaneshwaran 2023-06-29 13:33:30 +05:30 committed by GitHub
commit 09ce44df50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1445 changed files with 16690 additions and 6037 deletions

View File

@ -1,14 +1,14 @@
# Set to true to add reviewers to pull requests
addReviewers: true
addReviewers: false
# Set to true to add assignees to pull requests
addAssignees: true
addAssignees: false
# A list of reviewers to be added to pull requests (GitHub user name)
reviewers:
- ritikchaddha
- pussycat0x
- DhiyaneshGeek
- ritikchaddha
# A number of reviewers added to the pull request
# Set 0 to add all the reviewers (default: 0)
@ -16,9 +16,9 @@ numberOfReviewers: 1
# A list of assignees, overrides reviewers if set
assignees:
- pussycat0x
- ritikchaddha
- DhiyaneshGeek
- pussycat0x
# A number of assignees to add to the pull request
# Set to 0 to add all of the assignees.

139
.github/scripts/assign_tasks.py vendored Normal file
View File

@ -0,0 +1,139 @@
import requests
import sys
import json
# GitHub credentials
password = sys.argv[3]
repo_owner = "projectdiscovery"
repo_name = "nuclei-templates"
pr_user_list = ["DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
issue_user_list = ["princechaddha", "DhiyaneshGeek", "pussycat0x", "ritikchaddha"]
headers = {'Authorization': f'Bearer {password}',
'Accept': 'application/vnd.github+json',
'X-GitHub-Api-Version': '2022-11-28'}
def get_issue_assignee(issue_number):
issue_url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues?per_page=2"
response = requests.get(issue_url, headers=headers)
if response.status_code == 200:
issue_data = response.json()[1]
assignee = issue_data["assignee"]["login"] if issue_data["assignee"] else "None"
return assignee
else:
print(f"Failed to fetch assignee for issue #{issue_number}")
return None
def assign_issue_or_pr(user, issue_number):
url = f"https://api.github.com/repos/{repo_owner}/{repo_name}/issues/{issue_number}/assignees"
data = { "assignees": [user] }
response = requests.post(url, headers=headers, data=json.dumps(data))
if response.status_code == 201:
print(f"Assigned issue #{issue_number} to {user}")
else:
print(f"Failed to assign issue #{issue_number} to {user}. Status code: {response.status_code}")
def get_pr_assignee_and_reviewer(pull_request_number):
pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls?per_page=2'
response = requests.get(pull_url, headers=headers)
if response.status_code == 200:
pull_request_data = response.json()[1]
assignee = pull_request_data['assignee']['login'] if pull_request_data['assignee'] else None
reviewers = [reviewer['login'] for reviewer in pull_request_data['requested_reviewers']]
return assignee, reviewers
else:
print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
return None, None
def get_pr_author(pull_request_number):
pull_url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}'
response = requests.get(pull_url, headers=headers)
if response.status_code == 200:
pull_request_data = response.json()
author = pull_request_data['user']['login']
return author
else:
print(f"Failed to retrieve pull request #{pull_request_number}. Response: {response.text}")
return None
def review_pr(user, pull_request_number):
url = f'https://api.github.com/repos/{repo_owner}/{repo_name}/pulls/{pull_request_number}/requested_reviewers'
data = { 'reviewers': [user] }
response = requests.post(url, headers=headers, data=json.dumps(data))
if response.status_code == 201:
print(f"Review request for pull request #{pull_request_number} sent to {user} successfully.")
else:
print(f"Failed to send review request for pull request #{pull_request_number}. Response: {response.text}")
def main():
if len(sys.argv) != 4:
print("Usage: python assign_tasks.py <issue_number> <pr_or_issue> <token>")
sys.exit(1)
issue_number = int(sys.argv[1])
type_ = sys.argv[2]
if type_ == 'pr':
assignee, reviewers = get_pr_assignee_and_reviewer(issue_number - 1)
author = get_pr_author(issue_number)
if reviewers:
try:
index = pr_user_list.index(reviewers[0])
try:
reviewer = pr_user_list[index + 1]
except:
reviewer = pr_user_list[0]
if reviewer == author:
reviewer = pr_user_list(pr_user_list.index(reviewer) + 1)
review_pr(reviewer, issue_number)
else:
review_pr(reviewer, issue_number)
except Exception as e:
reviewer = pr_user_list[0]
review_pr(reviewer, issue_number)
else:
for user in pr_user_list:
if (user != author):
reviewer = user
review_pr(reviewer, issue_number)
break
if assignee:
try:
index = pr_user_list.index(assignee)
if (pr_user_list[index + 1] == reviewer):
assign_issue_or_pr(pr_user_list[index + 2], issue_number)
else:
assign_issue_or_pr(pr_user_list[index + 1], issue_number)
except Exception as e:
if (pr_user_list[0] == reviewer):
assign_issue_or_pr(pr_user_list[1], issue_number)
else:
assign_issue_or_pr(pr_user_list[0], issue_number)
else:
if (pr_user_list[0] == reviewer):
assign_issue_or_pr(pr_user_list[1], issue_number)
else:
assign_issue_or_pr(pr_user_list[0], issue_number)
elif type_ == 'issue':
assignee = get_issue_assignee(issue_number-1)
if assignee:
try:
index = issue_user_list.index(assignee)
assign_issue_or_pr(issue_user_list[index + 1], issue_number)
except Exception as e:
assign_issue_or_pr(issue_user_list[0], issue_number)
else:
assign_issue_or_pr(issue_user_list[0], issue_number)
main()

31
.github/workflows/autoassign.yml vendored Normal file
View File

@ -0,0 +1,31 @@
name: run assign_tasks.py
on:
pull_request:
types: [opened]
branches:
- main
issues:
types: [opened]
jobs:
build:
permissions: write-all
runs-on: ubuntu-latest
env:
ASSIGN_TASK_TOKEN: ${{ secrets.GITHUB_TOKEN }} # github personal token
steps:
- name: checkout repo content
uses: actions/checkout@v2 # checkout the repository content
- name: setup python
uses: actions/setup-python@v4
with:
python-version: '3.10' # install the python version needed
- name: install python packages
run: |
pip install requests
- name: execute python script on pr
if: ${{ github.event_name == 'pull_request' }}
run: python .github/scripts/assign_tasks.py ${{ github.event.pull_request.number }} pr ${{ secrets.GITHUB_TOKEN }}
- name: execute python script on issue opened
if: ${{ github.event_name == 'issues' }}
run: python .github/scripts/assign_tasks.py ${{ github.event.issue.number }} issue ${{ secrets.GITHUB_TOKEN }}

View File

@ -1,46 +0,0 @@
name: ✍🏻 CVE Annotate
on:
push:
branches:
- main
paths:
- '**/cves/**.yaml'
workflow_dispatch:
jobs:
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.19
- name: cve-annotate install
run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/cve-annotate@latest
- name: Generate CVE Annotations
id: cve-annotate
run: |
cve-annotate -i . -d .
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
- name: Commit files
if: steps.cve-annotate.outputs.CHANGES > 0
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add .
git commit -m "Auto Generated CVE annotations [$(date)] :robot:" -a
- name: Push changes
if: steps.cve-annotate.outputs.CHANGES > 0
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ github.ref }}

View File

@ -1,11 +1,11 @@
name: Generate JSON Metadata of CVE Templates
name: 📝 CVE JSON Metadata
on:
push:
branches:
- main
paths:
- '**/cves/'
- 'http/cves/'
workflow_dispatch: # allows manual triggering of the workflow
jobs:
@ -17,24 +17,28 @@ jobs:
uses: actions/setup-go@v4
with:
go-version: 1.19
check-latest: true
- name: Run yaml2json.go to generate cves.json
- name: Run YAML2JSON
id: cves
run: |
go env -w GO111MODULE=off
go get gopkg.in/yaml.v3
go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/ cves.json
md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
- name: Commit files
if: steps.cves.outputs.CHANGES > 0
run: |
git pull
git add cves.json cves.json-checksum.txt
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git add cves.json cves.json-checksum.txt
git commit -m "Auto Generated cves.json [$(date)] :robot:" -a
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
if: steps.checksum.outputs.CHANGES > 0
run: |
git pull --rebase
git push origin ${{ github.ref }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -9,7 +9,7 @@ on:
workflow_dispatch: # allows manual triggering of the workflow
jobs:
build:
checksum:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@ -19,7 +19,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.19
go-version: 1.20.x
- name: install checksum generator
run: |
@ -34,12 +34,15 @@ jobs:
- name: Commit files
if: steps.checksum.outputs.CHANGES > 0
run: |
git add templates-checksum.txt
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit -m "Auto Generated Templates Checksum [$(date)] :robot:" -a
git add templates-checksum.txt
git commit -am "Auto Generated Templates Checksum [$(date)] :robot:"
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
if: steps.checksum.outputs.CHANGES > 0
run: |
git pull --rebase
git push origin ${{ github.ref }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -17,7 +17,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.19
go-version: 1.20.x
- name: nuclei install
run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

48
.github/workflows/templateman.yml vendored Normal file
View File

@ -0,0 +1,48 @@
name: 🤖 TemplateMan
on:
push:
branches:
- main
paths:
- '**.yaml'
workflow_dispatch:
jobs:
templateman:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@master
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.20.x
- name: Install TemplateMan CLI Client
run: |
go install -v github.com/projectdiscovery/nuclei/v2/cmd/tmc@dev
- name: Run TemplateMan
id: tmc
run: |
tmc -i $GITHUB_WORKSPACE -mr
git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT
- name: Commit files
if: steps.tmc.outputs.CHANGES > 0
run: |
git config --local user.email "action@github.com"
git config --local user.name "GitHub Action"
git commit --allow-empty -m "TemplateMan Update [$(date)] :robot:" -a
- name: Push changes
if: steps.tmc.outputs.CHANGES > 0
run: |
git pull --rebase
git push origin ${{ github.ref }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -1 +1,39 @@
http/exposed-panels/repetier-server-panel.yaml
file/nodejs/admzip-path-overwrite.yaml
file/nodejs/express-lfr.yaml
file/nodejs/generic-path-traversal.yaml
file/nodejs/tar-path-overwrite.yaml
file/nodejs/xss-serialize-javascript.yaml
file/nodejs/zip-path-overwrite.yaml
http/cnvd/2020/CNVD-2020-63964.yaml
http/cves/2012/CVE-2012-6499.yaml
http/cves/2021/CVE-2021-46704.yaml
http/cves/2022/CVE-2022-40022.yaml
http/cves/2023/CVE-2023-0126.yaml
http/cves/2023/CVE-2023-0562.yaml
http/cves/2023/CVE-2023-0563.yaml
http/cves/2023/CVE-2023-1454.yaml
http/cves/2023/CVE-2023-20888.yaml
http/cves/2023/CVE-2023-20889.yaml
http/cves/2023/CVE-2023-25346.yaml
http/cves/2023/CVE-2023-26842.yaml
http/cves/2023/CVE-2023-26843.yaml
http/cves/2023/CVE-2023-27372.yaml
http/cves/2023/CVE-2023-31548.yaml
http/cves/2023/CVE-2023-33510.yaml
http/cves/2023/CVE-2023-34598.yaml
http/cves/2023/CVE-2023-34599.yaml
http/cves/2023/CVE-2023-34843.yaml
http/cves/2023/CVE-2023-35843.yaml
http/cves/2023/CVE-2023-35844.yaml
http/exposed-panels/axxon-client-panel.yaml
http/exposed-panels/openbullet2-panel.yaml
http/exposed-panels/syncserver-panel.yaml
http/exposed-panels/wd-mycloud-panel.yaml
http/exposures/configs/aws-config.yaml
http/exposures/configs/aws-credentials.yaml
http/misconfiguration/genieacs-default-jwt.yaml
http/misconfiguration/grav-register-admin.yaml
http/misconfiguration/installer/spip-install.yaml
http/misconfiguration/odoo-unprotected-database.yaml
http/vulnerabilities/hikvision-ivms-file-upload-rce.yaml
http/vulnerabilities/vbulletin/arcade-php-sqli.yaml

View File

@ -30,8 +30,8 @@ git remote add upstream https://github.com/projectdiscovery/nuclei-templates
```sh
git remote update
git checkout master
git rebase upstream/master
git checkout main
git rebase upstream/main
```
## Step 3 : Create your Template Branch

View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
| cve | 1805 | dhiyaneshdk | 815 | http | 5763 | info | 2830 | file | 118 |
| panel | 883 | dwisiswant0 | 794 | workflows | 190 | high | 1247 | dns | 18 |
| wordpress | 775 | daffainfo | 663 | file | 118 | medium | 1019 | | |
| wp-plugin | 666 | pikpikcu | 353 | network | 89 | critical | 671 | | |
| exposure | 661 | pdteam | 278 | dns | 18 | low | 215 | | |
| osint | 639 | pussycat0x | 237 | ssl | 11 | unknown | 26 | | |
| xss | 632 | geeknik | 220 | headless | 9 | | | | |
| tech | 602 | ricardomaia | 215 | cves.json | 1 | | | | |
| edb | 595 | ritikchaddha | 198 | contributors.json | 1 | | | | |
| lfi | 541 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | |
| cve | 1882 | dhiyaneshdk | 867 | http | 5927 | info | 2894 | file | 123 |
| panel | 904 | dwisiswant0 | 794 | workflows | 190 | high | 1282 | dns | 18 |
| wordpress | 785 | daffainfo | 664 | file | 123 | medium | 1063 | | |
| exposure | 689 | pikpikcu | 353 | network | 96 | critical | 710 | | |
| wp-plugin | 676 | pdteam | 278 | ssl | 24 | low | 221 | | |
| osint | 652 | pussycat0x | 255 | dns | 18 | unknown | 27 | | |
| xss | 648 | geeknik | 221 | headless | 9 | | | | |
| tech | 612 | ricardomaia | 219 | TEMPLATES-STATS.json | 1 | | | | |
| edb | 597 | ritikchaddha | 215 | cves.json | 1 | | | | |
| lfi | 551 | 0x_akoko | 179 | contributors.json | 1 | | | | |
**395 directories, 6435 files**.
**410 directories, 6626 files**.
</td>
</tr>

File diff suppressed because one or more lines are too long

File diff suppressed because it is too large Load Diff

View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
| cve | 1805 | dhiyaneshdk | 815 | http | 5763 | info | 2830 | file | 118 |
| panel | 883 | dwisiswant0 | 794 | workflows | 190 | high | 1247 | dns | 18 |
| wordpress | 775 | daffainfo | 663 | file | 118 | medium | 1019 | | |
| wp-plugin | 666 | pikpikcu | 353 | network | 89 | critical | 671 | | |
| exposure | 661 | pdteam | 278 | dns | 18 | low | 215 | | |
| osint | 639 | pussycat0x | 237 | ssl | 11 | unknown | 26 | | |
| xss | 632 | geeknik | 220 | headless | 9 | | | | |
| tech | 602 | ricardomaia | 215 | cves.json | 1 | | | | |
| edb | 595 | ritikchaddha | 198 | contributors.json | 1 | | | | |
| lfi | 541 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | |
| cve | 1882 | dhiyaneshdk | 867 | http | 5927 | info | 2894 | file | 123 |
| panel | 904 | dwisiswant0 | 794 | workflows | 190 | high | 1282 | dns | 18 |
| wordpress | 785 | daffainfo | 664 | file | 123 | medium | 1063 | | |
| exposure | 689 | pikpikcu | 353 | network | 96 | critical | 710 | | |
| wp-plugin | 676 | pdteam | 278 | ssl | 24 | low | 221 | | |
| osint | 652 | pussycat0x | 255 | dns | 18 | unknown | 27 | | |
| xss | 648 | geeknik | 221 | headless | 9 | | | | |
| tech | 612 | ricardomaia | 219 | TEMPLATES-STATS.json | 1 | | | | |
| edb | 597 | ritikchaddha | 215 | cves.json | 1 | | | | |
| lfi | 551 | 0x_akoko | 179 | contributors.json | 1 | | | | |

View File

@ -1378,6 +1378,16 @@
"website": "https://the-empire.systems",
"email": ""
}
},
{
"author": "mabdullah22",
"links": {
"github": "https://www.github.com/maabdullah22",
"twitter": "https://twitter.com/0x416264",
"linkedin": "",
"website": "",
"email": ""
}
}
]

126
cves.json
View File

@ -1,8 +1,11 @@
{"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"low","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"}
{"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration Arbitrary Administrative Access","Severity":"medium","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"}
{"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"}
{"ID":"CVE-2004-0519","Info":{"Name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2004/CVE-2004-0519.yaml"}
{"ID":"CVE-2004-1965","Info":{"Name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2004/CVE-2004-1965.yaml"}
{"ID":"CVE-2005-2428","Info":{"Name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","Severity":"medium","Description":"Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2005/CVE-2005-2428.yaml"}
{"ID":"CVE-2005-3344","Info":{"Name":"Horde Groupware Unauthenticated Admin Access","Severity":"critical","Description":"Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2005/CVE-2005-3344.yaml"}
{"ID":"CVE-2005-3634","Info":{"Name":"SAP Web Application Server 6.x/7.0 - Open Redirect","Severity":"medium","Description":"frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.\n","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2005/CVE-2005-3634.yaml"}
{"ID":"CVE-2005-4385","Info":{"Name":"Cofax \u003c=2.0RC3 - Cross-Site Scripting","Severity":"medium","Description":"Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2005/CVE-2005-4385.yaml"}
{"ID":"CVE-2006-1681","Info":{"Name":"Cherokee HTTPD \u003c=0.5 - Cross-Site Scripting","Severity":"medium","Description":"Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2006/CVE-2006-1681.yaml"}
{"ID":"CVE-2006-2842","Info":{"Name":"Squirrelmail \u003c=1.4.6 - Local File Inclusion","Severity":"high","Description":"SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2006/CVE-2006-2842.yaml"}
@ -12,6 +15,7 @@
{"ID":"CVE-2007-5728","Info":{"Name":"phpPgAdmin \u003c=4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2007/CVE-2007-5728.yaml"}
{"ID":"CVE-2008-1059","Info":{"Name":"WordPress Sniplets 1.1.2 - Local File Inclusion","Severity":"high","Description":"PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-1059.yaml"}
{"ID":"CVE-2008-1061","Info":{"Name":"WordPress Sniplets \u003c=1.2.2 - Cross-Site Scripting","Severity":"high","Description":"WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-1061.yaml"}
{"ID":"CVE-2008-1547","Info":{"Name":"Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection","Severity":"medium","Description":"Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-1547.yaml"}
{"ID":"CVE-2008-2398","Info":{"Name":"AppServ Open Project \u003c=2.5.10 - Cross-Site Scripting","Severity":"medium","Description":"AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-2398.yaml"}
{"ID":"CVE-2008-2650","Info":{"Name":"CMSimple 3.1 - Local File Inclusion","Severity":"high","Description":"CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-2650.yaml"}
{"ID":"CVE-2008-4668","Info":{"Name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","Severity":"high","Description":"Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2008/CVE-2008-4668.yaml"}
@ -23,6 +27,8 @@
{"ID":"CVE-2008-6465","Info":{"Name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2008/CVE-2008-6465.yaml"}
{"ID":"CVE-2008-6668","Info":{"Name":"nweb2fax \u003c=0.2.7 - Local File Inclusion","Severity":"high","Description":"nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6668.yaml"}
{"ID":"CVE-2008-6982","Info":{"Name":"Devalcms 1.4a - Cross-Site Scripting","Severity":"high","Description":"Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-6982.yaml"}
{"ID":"CVE-2008-7269","Info":{"Name":"UC Gateway Investment SiteEngine v5.0 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2008/CVE-2008-7269.yaml"}
{"ID":"CVE-2009-0347","Info":{"Name":"Autonomy Ultraseek - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-0347.yaml"}
{"ID":"CVE-2009-0545","Info":{"Name":"ZeroShell \u003c= 1.0beta11 Remote Code Execution","Severity":"critical","Description":"ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-0545.yaml"}
{"ID":"CVE-2009-0932","Info":{"Name":"Horde/Horde Groupware - Local File Inclusion","Severity":"high","Description":"Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-0932.yaml"}
{"ID":"CVE-2009-1151","Info":{"Name":"PhpMyAdmin Scripts - Remote Code Execution","Severity":"critical","Description":"PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-1151.yaml"}
@ -88,6 +94,7 @@
{"ID":"CVE-2010-1534","Info":{"Name":"Joomla! Component Shoutbox Pro - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1534.yaml"}
{"ID":"CVE-2010-1535","Info":{"Name":"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1535.yaml"}
{"ID":"CVE-2010-1540","Info":{"Name":"Joomla! Component com_blog - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1540.yaml"}
{"ID":"CVE-2010-1586","Info":{"Name":"HP System Management Homepage (SMH) v2.x.x.x - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1586.yaml"}
{"ID":"CVE-2010-1601","Info":{"Name":"Joomla! Component JA Comment - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1601.yaml"}
{"ID":"CVE-2010-1602","Info":{"Name":"Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1602.yaml"}
{"ID":"CVE-2010-1603","Info":{"Name":"Joomla! Component ZiMBCore 0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1603.yaml"}
@ -163,6 +170,7 @@
{"ID":"CVE-2011-5107","Info":{"Name":"Alert Before Your Post \u003c= 0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5107.yaml"}
{"ID":"CVE-2011-5179","Info":{"Name":"Skysa App Bar 1.04 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5179.yaml"}
{"ID":"CVE-2011-5181","Info":{"Name":"ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5181.yaml"}
{"ID":"CVE-2011-5252","Info":{"Name":"Orchard 'ReturnUrl' Parameter URI - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2011/CVE-2011-5252.yaml"}
{"ID":"CVE-2011-5265","Info":{"Name":"Featurific For WordPress 1.6.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5265.yaml"}
{"ID":"CVE-2012-0392","Info":{"Name":"Apache Struts2 S2-008 RCE","Severity":"critical","Description":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0392.yaml"}
{"ID":"CVE-2012-0394","Info":{"Name":"Apache Struts \u003c2.3.1.1 - Remote Code Execution","Severity":"critical","Description":"Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2012/CVE-2012-0394.yaml"}
@ -184,11 +192,13 @@
{"ID":"CVE-2012-4878","Info":{"Name":"FlatnuX CMS - Directory Traversal","Severity":"high","Description":"A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-4878.yaml"}
{"ID":"CVE-2012-4889","Info":{"Name":"ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4889.yaml"}
{"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"}
{"ID":"CVE-2012-4982","Info":{"Name":"Forescout CounterACT 6.3.4.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4982.yaml"}
{"ID":"CVE-2012-5913","Info":{"Name":"WordPress Integrator 1.32 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-5913.yaml"}
{"ID":"CVE-2013-1965","Info":{"Name":"Apache Struts2 S2-012 RCE","Severity":"critical","Description":"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-1965.yaml"}
{"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"}
{"ID":"CVE-2013-2251","Info":{"Name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","Severity":"critical","Description":"In Struts 2 before 2.3.15.1 the information following \"action:\", \"redirect:\", or \"redirectAction:\" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-2251.yaml"}
{"ID":"CVE-2013-2287","Info":{"Name":"WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-2287.yaml"}
{"ID":"CVE-2013-2621","Info":{"Name":"Telaen =\u003e v1.3.1 - Open Redirect","Severity":"medium","Description":"Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2621.yaml"}
{"ID":"CVE-2013-3526","Info":{"Name":"WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.\"","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-3526.yaml"}
{"ID":"CVE-2013-3827","Info":{"Name":"Javafaces LFI","Severity":"medium","Description":"An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-3827.yaml"}
{"ID":"CVE-2013-4117","Info":{"Name":"WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4117.yaml"}
@ -335,9 +345,11 @@
{"ID":"CVE-2016-3081","Info":{"Name":"Apache S2-032 Struts - Remote Code Execution","Severity":"high","Description":"Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2016/CVE-2016-3081.yaml"}
{"ID":"CVE-2016-3088","Info":{"Name":"Apache ActiveMQ Fileserver - Arbitrary File Write","Severity":"critical","Description":"Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-3088.yaml"}
{"ID":"CVE-2016-3978","Info":{"Name":"Fortinet FortiOS - Open Redirect/Cross-Site Scripting","Severity":"medium","Description":"FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the \"redirect\" parameter to \"login.\"","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-3978.yaml"}
{"ID":"CVE-2016-4437","Info":{"Name":"Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability","Severity":"high","Description":"Apache Shiro before 1.2.5, when a cipher key has not been configured for the \"remember me\" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2016/CVE-2016-4437.yaml"}
{"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"}
{"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"}
{"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"}
{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"high","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"}
{"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"}
{"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"}
{"ID":"CVE-2016-7552","Info":{"Name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","Severity":"critical","Description":"Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-7552.yaml"}
@ -366,6 +378,7 @@
{"ID":"CVE-2017-12583","Info":{"Name":"DokuWiki - Cross-Site Scripting","Severity":"medium","Description":"DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-12583.yaml"}
{"ID":"CVE-2017-12611","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12611.yaml"}
{"ID":"CVE-2017-12615","Info":{"Name":"Apache Tomcat Servers - Remote Code Execution","Severity":"high","Description":"Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12615.yaml"}
{"ID":"CVE-2017-12617","Info":{"Name":"Apache Tomcat - Remote Code Execution","Severity":"high","Description":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2017/CVE-2017-12617.yaml"}
{"ID":"CVE-2017-12629","Info":{"Name":"Apache Solr \u003c= 7.1 - XML Entity Injection","Severity":"critical","Description":"Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12629.yaml"}
{"ID":"CVE-2017-12635","Info":{"Name":"Apache CouchDB 1.7.0 / 2.x \u003c 2.1.1 - Remote Privilege Escalation","Severity":"critical","Description":"Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12635.yaml"}
{"ID":"CVE-2017-12637","Info":{"Name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","Severity":"high","Description":"SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-12637.yaml"}
@ -390,6 +403,7 @@
{"ID":"CVE-2017-17059","Info":{"Name":"WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-17059.yaml"}
{"ID":"CVE-2017-17451","Info":{"Name":"WordPress Mailster \u003c=1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-17451.yaml"}
{"ID":"CVE-2017-17562","Info":{"Name":"Embedthis GoAhead \u003c3.6.5 - Remote Code Execution","Severity":"high","Description":"description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-17562.yaml"}
{"ID":"CVE-2017-17731","Info":{"Name":"DedeCMS 5.7 - SQL Injection","Severity":"critical","Description":"DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17731.yaml"}
{"ID":"CVE-2017-17736","Info":{"Name":"Kentico - Installer Privilege Escalation","Severity":"critical","Description":"Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17736.yaml"}
{"ID":"CVE-2017-18024","Info":{"Name":"AvantFAX 3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18024.yaml"}
{"ID":"CVE-2017-18536","Info":{"Name":"WordPress Stop User Enumeration \u003c=1.3.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18536.yaml"}
@ -414,7 +428,7 @@
{"ID":"CVE-2017-9288","Info":{"Name":"WordPress Raygun4WP \u003c=1.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-9288.yaml"}
{"ID":"CVE-2017-9416","Info":{"Name":"Odoo 8.0/9.0/10.0 - Local File Inclusion","Severity":"medium","Description":"Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.file_open. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2017/CVE-2017-9416.yaml"}
{"ID":"CVE-2017-9506","Info":{"Name":"Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery","Severity":"medium","Description":"The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-9506.yaml"}
{"ID":"CVE-2017-9791","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-9791.yaml"}
{"ID":"CVE-2017-9791","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-9791.yaml"}
{"ID":"CVE-2017-9805","Info":{"Name":"Apache Struts2 S2-052 - Remote Code Execution","Severity":"high","Description":"The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-9805.yaml"}
{"ID":"CVE-2017-9822","Info":{"Name":"DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution","Severity":"high","Description":"DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-9822.yaml"}
{"ID":"CVE-2017-9833","Info":{"Name":"BOA Web Server 0.94.14 - Arbitrary File Access","Severity":"high","Description":"BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of \"../..\" using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-9833.yaml"}
@ -446,7 +460,7 @@
{"ID":"CVE-2018-11709","Info":{"Name":"WordPress wpForo Forum \u003c= 1.4.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-11709.yaml"}
{"ID":"CVE-2018-11759","Info":{"Name":"Apache Tomcat JK Connect \u003c=1.2.44 - Manager Access","Severity":"high","Description":"Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-11759.yaml"}
{"ID":"CVE-2018-11776","Info":{"Name":"Apache Struts2 S2-057 - Remote Code Execution","Severity":"high","Description":"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-11776.yaml"}
{"ID":"CVE-2018-11784","Info":{"Name":"Apache Tomcat - Open Redirect","Severity":"medium","Description":"Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2018/CVE-2018-11784.yaml"}
{"ID":"CVE-2018-11784","Info":{"Name":"Apache Tomcat - Open Redirect","Severity":"medium","Description":"Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2018/CVE-2018-11784.yaml"}
{"ID":"CVE-2018-12031","Info":{"Name":"Eaton Intelligent Power Manager 1.6 - Directory Traversal","Severity":"critical","Description":"Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-12031.yaml"}
{"ID":"CVE-2018-12054","Info":{"Name":"Schools Alert Management Script - Arbitrary File Read","Severity":"high","Description":"Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-12054.yaml"}
{"ID":"CVE-2018-1207","Info":{"Name":"Dell iDRAC7/8 Devices - Remote Code Injection","Severity":"critical","Description":"Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability\nwhich could be used to execute remote code. A remote unauthenticated attacker may\npotentially be able to use CGI variables to execute remote code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1207.yaml"}
@ -573,6 +587,7 @@
{"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"}
{"ID":"CVE-2019-10068","Info":{"Name":"Kentico CMS Insecure Deserialization Remote Code Execution","Severity":"critical","Description":"Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10068.yaml"}
{"ID":"CVE-2019-10092","Info":{"Name":"Apache HTTP Server \u003c=2.4.39 - HTML Injection/Partial Cross-Site Scripting","Severity":"medium","Description":"Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10092.yaml"}
{"ID":"CVE-2019-10098","Info":{"Name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","Severity":"medium","Description":"In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-10098.yaml"}
{"ID":"CVE-2019-1010287","Info":{"Name":"Timesheet Next Gen \u003c=1.5.3 - Cross-Site Scripting","Severity":"medium","Description":"Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a \"redirect\" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1010287.yaml"}
{"ID":"CVE-2019-1010290","Info":{"Name":"Babel - Open Redirect","Severity":"medium","Description":"Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1010290.yaml"}
{"ID":"CVE-2019-10232","Info":{"Name":"Teclib GLPI \u003c= 9.3.3 - Unauthenticated SQL Injection","Severity":"critical","Description":"Teclib GLPI \u003c= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-10232.yaml"}
@ -655,6 +670,7 @@
{"ID":"CVE-2019-18957","Info":{"Name":"MicroStrategy Library \u003c11.1.3 - Cross-Site Scripting","Severity":"medium","Description":"MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-18957.yaml"}
{"ID":"CVE-2019-19134","Info":{"Name":"WordPress Hero Maps Premium \u003c=2.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19134.yaml"}
{"ID":"CVE-2019-19368","Info":{"Name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19368.yaml"}
{"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"}
{"ID":"CVE-2019-19781","Info":{"Name":"Citrix ADC and Gateway - Directory Traversal","Severity":"critical","Description":"Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-19781.yaml"}
{"ID":"CVE-2019-19824","Info":{"Name":"TOTOLINK Realtek SD Routers - Remote Command Injection","Severity":"high","Description":"TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-19824.yaml"}
{"ID":"CVE-2019-19908","Info":{"Name":"phpMyChat-Plus 1.98 - Cross-Site Scripting","Severity":"medium","Description":"phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19908.yaml"}
@ -673,6 +689,7 @@
{"ID":"CVE-2019-2729","Info":{"Name":"Oracle WebLogic Server Administration Console - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-2729.yaml"}
{"ID":"CVE-2019-2767","Info":{"Name":"Oracle Business Intelligence Publisher - XML External Entity Injection","Severity":"high","Description":"Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-2767.yaml"}
{"ID":"CVE-2019-3396","Info":{"Name":"Atlassian Confluence Server - Path Traversal","Severity":"critical","Description":"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-3396.yaml"}
{"ID":"CVE-2019-3398","Info":{"Name":"Atlassian Confluence Download Attachments - Remote Code Execution","Severity":"high","Description":"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2019/CVE-2019-3398.yaml"}
{"ID":"CVE-2019-3401","Info":{"Name":"Atlassian Jira \u003c7.13.3/8.0.0-8.1.1 - Incorrect Authorization","Severity":"medium","Description":"Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3401.yaml"}
{"ID":"CVE-2019-3402","Info":{"Name":"Jira \u003c 8.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-3402.yaml"}
{"ID":"CVE-2019-3403","Info":{"Name":"Jira - Incorrect Authorization","Severity":"medium","Description":"Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3403.yaml"}
@ -692,7 +709,7 @@
{"ID":"CVE-2019-7238","Info":{"Name":"Sonatype Nexus Repository Manager \u003c3.15.0 - Remote Code Execution","Severity":"critical","Description":"Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7238.yaml"}
{"ID":"CVE-2019-7254","Info":{"Name":"eMerge E3 1.00-06 - Local File Inclusion","Severity":"high","Description":"Linear eMerge E3-Series devices are vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7254.yaml"}
{"ID":"CVE-2019-7255","Info":{"Name":"Linear eMerge E3 - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7255.yaml"}
{"ID":"CVE-2019-7256","Info":{"Name":"eMerge E3 1.00-06 - Remote Code Execution","Severity":"critical","Description":"Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-7256.yaml"}
{"ID":"CVE-2019-7256","Info":{"Name":"eMerge E3 1.00-06 - Remote Code Execution","Severity":"critical","Description":"Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-7256.yaml"}
{"ID":"CVE-2019-7275","Info":{"Name":"Optergy Proton/Enterprise Building Management System - Open Redirect","Severity":"medium","Description":"Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7275.yaml"}
{"ID":"CVE-2019-7315","Info":{"Name":"Genie Access WIP3BVAF IP Camera - Local File Inclusion","Severity":"high","Description":"Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to local file inclusion via the web interface, as demonstrated by reading /etc/shadow.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7315.yaml"}
{"ID":"CVE-2019-7481","Info":{"Name":"SonicWall SRA 4600 VPN - SQL Injection","Severity":"high","Description":"The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authentication SQL injection vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7481.yaml"}
@ -731,6 +748,7 @@
{"ID":"CVE-2020-11529","Info":{"Name":"Grav \u003c1.7 - Open Redirect","Severity":"medium","Description":"Grav before 1.7 has an open redirect vulnerability via common/Grav.php. This is partially fixed in 1.6.23 and still present in 1.6.x.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-11529.yaml"}
{"ID":"CVE-2020-11530","Info":{"Name":"WordPress Chop Slider 3 - Blind SQL Injection","Severity":"critical","Description":"WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11530.yaml"}
{"ID":"CVE-2020-11546","Info":{"Name":"SuperWebmailer 7.21.0.01526 - Remote Code Execution","Severity":"critical","Description":"SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11546.yaml"}
{"ID":"CVE-2020-11547","Info":{"Name":"PRTG Network Monitor \u003c20.1.57.1745 - Information Disclosure","Severity":"medium","Description":"PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-11547.yaml"}
{"ID":"CVE-2020-11710","Info":{"Name":"Kong Admin \u003c=2.03 - Admin API Access","Severity":"critical","Description":"Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11710.yaml"}
{"ID":"CVE-2020-11738","Info":{"Name":"WordPress Duplicator 1.3.24 \u0026 1.3.26 - Local File Inclusion","Severity":"high","Description":"WordPress Duplicator 1.3.24 \u0026 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two\nversions v1.3.24 and v1.3.26, the vulnerability wasn't\npresent in versions 1.3.22 and before.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-11738.yaml"}
{"ID":"CVE-2020-11853","Info":{"Name":"Micro Focus Operations Bridge Manager \u003c=2020.05 - Remote Code Execution","Severity":"high","Description":"Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-11853.yaml"}
@ -746,7 +764,7 @@
{"ID":"CVE-2020-12720","Info":{"Name":"vBulletin SQL Injection","Severity":"critical","Description":"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12720.yaml"}
{"ID":"CVE-2020-12800","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.3.3 - Remote Code Execution","Severity":"critical","Description":"WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12800.yaml"}
{"ID":"CVE-2020-13117","Info":{"Name":"Wavlink Multiple AP - Remote Command Injection","Severity":"critical","Description":"Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the \"key\" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13117.yaml"}
{"ID":"CVE-2020-13121","Info":{"Name":"Submitty \u003c= 20.04.01 - Open Redirect","Severity":"medium","Description":"Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.10"}},"file_path":"http/cves/2020/CVE-2020-13121.yaml"}
{"ID":"CVE-2020-13121","Info":{"Name":"Submitty \u003c= 20.04.01 - Open Redirect","Severity":"medium","Description":"Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13121.yaml"}
{"ID":"CVE-2020-13158","Info":{"Name":"Artica Proxy Community Edition \u003c4.30.000000 - Local File Inclusion","Severity":"high","Description":"Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13158.yaml"}
{"ID":"CVE-2020-13167","Info":{"Name":"Netsweeper \u003c=6.4.3 - Python Code Injection","Severity":"critical","Description":"Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13167.yaml"}
{"ID":"CVE-2020-13258","Info":{"Name":"Contentful \u003c=2020-05-21 - Cross-Site Scripting","Severity":"medium","Description":"Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13258.yaml"}
@ -768,7 +786,7 @@
{"ID":"CVE-2020-14750","Info":{"Name":"Oracle WebLogic Server - Remote Command Execution","Severity":"critical","Description":"Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-14750.yaml"}
{"ID":"CVE-2020-14864","Info":{"Name":"Oracle Fusion - Directory Traversal/Local File Inclusion","Severity":"high","Description":"Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via \"getPreviewImage.\"","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-14864.yaml"}
{"ID":"CVE-2020-14882","Info":{"Name":"Oracle Weblogic Server - Remote Command Execution","Severity":"critical","Description":"Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-14882.yaml"}
{"ID":"CVE-2020-14883","Info":{"Name":"Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution","Severity":"high","Description":"The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2020/CVE-2020-14883.yaml"}
{"ID":"CVE-2020-14883","Info":{"Name":"Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution","Severity":"high","Description":"The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2020/CVE-2020-14883.yaml"}
{"ID":"CVE-2020-15050","Info":{"Name":"Suprema BioStar \u003c2.8.2 - Local File Inclusion","Severity":"high","Description":"Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-15050.yaml"}
{"ID":"CVE-2020-15129","Info":{"Name":"Traefik - Open Redirect","Severity":"medium","Description":"Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2020/CVE-2020-15129.yaml"}
{"ID":"CVE-2020-15148","Info":{"Name":"Yii 2 \u003c 2.0.38 - Remote Code Execution","Severity":"critical","Description":"Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-15148.yaml"}
@ -798,6 +816,7 @@
{"ID":"CVE-2020-19295","Info":{"Name":"Jeesns 1.4.2 - Cross-Site Scripting","Severity":"medium","Description":"Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-19295.yaml"}
{"ID":"CVE-2020-19360","Info":{"Name":"FHEM 6.0 - Local File Inclusion","Severity":"high","Description":"FHEM version 6.0 suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-19360.yaml"}
{"ID":"CVE-2020-1943","Info":{"Name":"Apache OFBiz \u003c=16.11.07 - Cross-Site Scripting","Severity":"medium","Description":"Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-1943.yaml"}
{"ID":"CVE-2020-1956","Info":{"Name":"Apache Kylin 3.0.1 - Command Injection Vulnerability","Severity":"high","Description":"Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-1956.yaml"}
{"ID":"CVE-2020-19625","Info":{"Name":"Gridx 1.3 - Remote Code Execution","Severity":"critical","Description":"Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-19625.yaml"}
{"ID":"CVE-2020-20285","Info":{"Name":"ZZcms - Cross-Site Scripting","Severity":"medium","Description":"ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-20285.yaml"}
{"ID":"CVE-2020-20300","Info":{"Name":"WeiPHP 5.0 - SQL Injection","Severity":"critical","Description":"WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-20300.yaml"}
@ -870,6 +889,7 @@
{"ID":"CVE-2020-29284","Info":{"Name":"Sourcecodester Multi Restaurant Table Reservation System 1.0 - SQL Injection","Severity":"critical","Description":"Sourcecodester Multi Restaurant Table Reservation System 1.0 contains a SQL injection vulnerability via the file view-chair-list.php. It does not perform input validation on the table_id parameter, which allows unauthenticated SQL injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-29284.yaml"}
{"ID":"CVE-2020-29395","Info":{"Name":"Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-29395.yaml"}
{"ID":"CVE-2020-29453","Info":{"Name":"Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)","Severity":"medium","Description":"The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-29453.yaml"}
{"ID":"CVE-2020-29583","Info":{"Name":"ZyXel USG - Hardcoded Credentials","Severity":"critical","Description":"A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-29583.yaml"}
{"ID":"CVE-2020-29597","Info":{"Name":"IncomCMS 2.0 - Arbitrary File Upload","Severity":"critical","Description":"IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-29597.yaml"}
{"ID":"CVE-2020-3187","Info":{"Name":"Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal","Severity":"critical","Description":"Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are susceptible to directory traversal vulnerabilities that could allow an unauthenticated, remote attacker to obtain read and delete access to sensitive files on a targeted system.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2020/CVE-2020-3187.yaml"}
{"ID":"CVE-2020-3452","Info":{"Name":"Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion","Severity":"high","Description":"Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-3452.yaml"}
@ -886,13 +906,13 @@
{"ID":"CVE-2020-35774","Info":{"Name":"twitter-server Cross-Site Scripting","Severity":"medium","Description":"twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35774.yaml"}
{"ID":"CVE-2020-3580","Info":{"Name":"Cisco ASA/FTD Software - Cross-Site Scripting","Severity":"medium","Description":"Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the reference links.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-3580.yaml"}
{"ID":"CVE-2020-35846","Info":{"Name":"Agentejo Cockpit \u003c 0.11.2 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35846.yaml"}
{"ID":"CVE-2020-35847","Info":{"Name":"Agentejo Cockpit \u003c0.11.2 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35847.yaml"}
{"ID":"CVE-2020-35847","Info":{"Name":"Agentejo Cockpit \u003c0.11.2 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35847.yaml"}
{"ID":"CVE-2020-35848","Info":{"Name":"Agentejo Cockpit \u003c0.12.0 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35848.yaml"}
{"ID":"CVE-2020-35951","Info":{"Name":"Wordpress Quiz and Survey Master \u003c7.0.1 - Arbitrary File Deletion","Severity":"critical","Description":"Wordpress Quiz and Survey Master \u003c7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2020/CVE-2020-35951.yaml"}
{"ID":"CVE-2020-36112","Info":{"Name":"CSE Bookstore 1.0 - SQL Injection","Severity":"critical","Description":"CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-36112.yaml"}
{"ID":"CVE-2020-36289","Info":{"Name":"Jira Server and Data Center - Information Disclosure","Severity":"medium","Description":"Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-36289.yaml"}
{"ID":"CVE-2020-36365","Info":{"Name":"Smartstore \u003c4.1.0 - Open Redirect","Severity":"medium","Description":"Smartstore (aka \"SmartStoreNET\") before 4.1.0 contains an open redirect vulnerability via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-36365.yaml"}
{"ID":"CVE-2020-36510","Info":{"Name":"WordPress 15Zine \u003c3.3.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action.\n","Classification":{"CVSSScore":"6.10"}},"file_path":"http/cves/2020/CVE-2020-36510.yaml"}
{"ID":"CVE-2020-36510","Info":{"Name":"WordPress 15Zine \u003c3.3.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-36510.yaml"}
{"ID":"CVE-2020-4463","Info":{"Name":"IBM Maximo Asset Management Information Disclosure - XML External Entity Injection","Severity":"high","Description":"IBM Maximo Asset Management is vulnerable to an\nXML external entity injection (XXE) attack when processing XML data.\nA remote attacker could exploit this vulnerability to expose\nsensitive information or consume memory resources.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2020/CVE-2020-4463.yaml"}
{"ID":"CVE-2020-5191","Info":{"Name":"PHPGurukul Hospital Management System - Cross-Site Scripting","Severity":"medium","Description":"PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-5191.yaml"}
{"ID":"CVE-2020-5192","Info":{"Name":"Hospital Management System 4.0 - SQL Injection","Severity":"high","Description":"Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-5192.yaml"}
@ -1045,6 +1065,7 @@
{"ID":"CVE-2021-24389","Info":{"Name":"WordPress FoodBakery \u003c2.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24389.yaml"}
{"ID":"CVE-2021-24406","Info":{"Name":"WordPress wpForo Forum \u003c 1.9.7 - Open Redirect","Severity":"medium","Description":"WordPress wpForo Forum \u003c 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24406.yaml"}
{"ID":"CVE-2021-24407","Info":{"Name":"WordPress Jannah Theme \u003c5.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24407.yaml"}
{"ID":"CVE-2021-24435","Info":{"Name":"WordPress Titan Framework plugin \u003c= 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24435.yaml"}
{"ID":"CVE-2021-24436","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24436.yaml"}
{"ID":"CVE-2021-24452","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24452.yaml"}
{"ID":"CVE-2021-24472","Info":{"Name":"Onair2 \u003c 3.9.9.2 \u0026 KenthaRadio \u003c 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"Onair2 \u003c 3.9.9.2 and KenthaRadio \u003c 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24472.yaml"}
@ -1054,7 +1075,9 @@
{"ID":"CVE-2021-24499","Info":{"Name":"WordPress Workreap - Remote Code Execution","Severity":"critical","Description":"WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24499.yaml"}
{"ID":"CVE-2021-24510","Info":{"Name":"WordPress MF Gig Calendar \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24510.yaml"}
{"ID":"CVE-2021-24554","Info":{"Name":"WordPress Paytm Donation \u003c=1.3.2 - Authenticated SQL Injection","Severity":"high","Description":"WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24554.yaml"}
{"ID":"CVE-2021-24647","Info":{"Name":"Pie Register \u003c 3.7.1.6 - Unauthenticated Arbitrary Login","Severity":"high","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-24647.yaml"}
{"ID":"CVE-2021-24666","Info":{"Name":"WordPress Podlove Podcast Publisher \u003c3.5.6 - SQL Injection","Severity":"critical","Description":"WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social \u0026 Donations module, not activated by default, adds the REST route /services/contributor/(?P\u003cid\u003e[\\d]+) and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24666.yaml"}
{"ID":"CVE-2021-24731","Info":{"Name":"Pie Register \u003c 3.7.1.6 - SQL Injection","Severity":"critical","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24731.yaml"}
{"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24746.yaml"}
{"ID":"CVE-2021-24750","Info":{"Name":"WordPress Visitor Statistics (Real Time Traffic) \u003c4.8 -SQL Injection","Severity":"high","Description":"WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-24750.yaml"}
{"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey\u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24762.yaml"}
@ -1088,7 +1111,7 @@
{"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25085.yaml"}
{"ID":"CVE-2021-25099","Info":{"Name":"WordPress GiveWP \u003c2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25099.yaml"}
{"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25104.yaml"}
{"ID":"CVE-2021-25111","Info":{"Name":"WordPress English Admin \u003c1.5.2 - Open Redirect","Severity":"medium","Description":"WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.10"}},"file_path":"http/cves/2021/CVE-2021-25111.yaml"}
{"ID":"CVE-2021-25111","Info":{"Name":"WordPress English Admin \u003c1.5.2 - Open Redirect","Severity":"medium","Description":"WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25111.yaml"}
{"ID":"CVE-2021-25112","Info":{"Name":"WordPress WHMCS Bridge \u003c6.4b - Cross-Site Scripting","Severity":"medium","Description":"WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25112.yaml"}
{"ID":"CVE-2021-25114","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.6.7 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discount_code in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25114.yaml"}
{"ID":"CVE-2021-25118","Info":{"Name":"Yoast SEO 16.7-17.2 - Information Disclosure","Severity":"medium","Description":"Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-25118.yaml"}
@ -1113,9 +1136,15 @@
{"ID":"CVE-2021-26723","Info":{"Name":"Jenzabar 9.2x-9.2.2 - Cross-Site Scripting","Severity":"medium","Description":"Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search\u0026query.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26723.yaml"}
{"ID":"CVE-2021-26812","Info":{"Name":"Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting","Severity":"medium","Description":"Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the \"sessionpriv.php\" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-26812.yaml"}
{"ID":"CVE-2021-26855","Info":{"Name":"Microsoft Exchange Server SSRF Vulnerability","Severity":"critical","Description":"This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-26855.yaml"}
{"ID":"CVE-2021-27124","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"medium","Description":"SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-27124.yaml"}
{"ID":"CVE-2021-27132","Info":{"Name":"Sercomm VD625 Smart Modems - CRLF Injection","Severity":"critical","Description":"Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to Carriage Return Line Feed (CRLF) injection via the Content-Disposition header.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27132.yaml"}
{"ID":"CVE-2021-27309","Info":{"Name":"Clansphere CMS 2011.4 - Cross-Site Scripting","Severity":"medium","Description":"Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the \"module\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27309.yaml"}
{"ID":"CVE-2021-27310","Info":{"Name":"Clansphere CMS 2011.4 - Cross-Site Scripting","Severity":"medium","Description":"Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the \"language\" parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27310.yaml"}
{"ID":"CVE-2021-27314","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"critical","Description":"SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27314.yaml"}
{"ID":"CVE-2021-27315","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27315.yaml"}
{"ID":"CVE-2021-27316","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27316.yaml"}
{"ID":"CVE-2021-27319","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27319.yaml"}
{"ID":"CVE-2021-27320","Info":{"Name":"Doctor Appointment System 1.0 - SQL Injection","Severity":"high","Description":"Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27320.yaml"}
{"ID":"CVE-2021-27330","Info":{"Name":"Triconsole Datepicker Calendar \u003c3.77 - Cross-Site Scripting","Severity":"medium","Description":"Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27330.yaml"}
{"ID":"CVE-2021-27358","Info":{"Name":"Grafana Unauthenticated Snapshot Creation","Severity":"high","Description":"Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-27358.yaml"}
{"ID":"CVE-2021-27519","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27519.yaml"}
@ -1220,6 +1249,8 @@
{"ID":"CVE-2021-36749","Info":{"Name":"Apache Druid - Local File Inclusion","Severity":"medium","Description":"Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-36749.yaml"}
{"ID":"CVE-2021-36873","Info":{"Name":"WordPress iQ Block Country \u003c=1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-36873.yaml"}
{"ID":"CVE-2021-37216","Info":{"Name":"QSAN Storage Manager \u003c3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37216.yaml"}
{"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"}
{"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"}
{"ID":"CVE-2021-37416","Info":{"Name":"Zoho ManageEngine ADSelfService Plus \u003c=6103 - Cross-Site Scripting","Severity":"medium","Description":"Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37416.yaml"}
{"ID":"CVE-2021-37538","Info":{"Name":"PrestaShop SmartBlog \u003c4.0.6- SQL Injection","Severity":"critical","Description":"PrestaShop SmartBlog by SmartDataSoft \u003c 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37538.yaml"}
{"ID":"CVE-2021-37573","Info":{"Name":"Tiny Java Web Server - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) \u003c=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37573.yaml"}
@ -1237,6 +1268,7 @@
{"ID":"CVE-2021-39144","Info":{"Name":"XStream 1.4.18 - Remote Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39144.yaml"}
{"ID":"CVE-2021-39146","Info":{"Name":"XStream 1.4.18 - Arbitrary Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39146.yaml"}
{"ID":"CVE-2021-39152","Info":{"Name":"XStream \u003c1.4.18 - Server-Side Request Forgery","Severity":"high","Description":"XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39152.yaml"}
{"ID":"CVE-2021-39165","Info":{"Name":"Cachet \u003c=2.3.18 - SQL Injection","Severity":"high","Description":"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet \u003chttps://github.com/CachetHQ/Cachet\u003e is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-39165.yaml"}
{"ID":"CVE-2021-39211","Info":{"Name":"GLPI 9.2/\u003c9.5.6 - Information Disclosure","Severity":"medium","Description":"GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-39211.yaml"}
{"ID":"CVE-2021-39226","Info":{"Name":"Grafana Snapshot - Authentication Bypass","Severity":"high","Description":"Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2021/CVE-2021-39226.yaml"}
{"ID":"CVE-2021-39312","Info":{"Name":"WordPress True Ranker \u003c2.2.4 - Local File Inclusion","Severity":"high","Description":"WordPress True Ranker before version 2.2.4 allows sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-39312.yaml"}
@ -1258,9 +1290,16 @@
{"ID":"CVE-2021-40856","Info":{"Name":"Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass","Severity":"high","Description":"Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix \"/about/../\" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40856.yaml"}
{"ID":"CVE-2021-40859","Info":{"Name":"Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor","Severity":"critical","Description":"Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint (\"https://192.168.1[.]2/about_state\"), enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40859.yaml"}
{"ID":"CVE-2021-40868","Info":{"Name":"Cloudron 6.2 Cross-Site Scripting","Severity":"medium","Description":"In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40868.yaml"}
{"ID":"CVE-2021-40870","Info":{"Name":"Aviatrix Controller 6.x before 6.5-1804.1922 Remote Command Execution","Severity":"critical","Description":"Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40870.yaml"}
{"ID":"CVE-2021-40870","Info":{"Name":"Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution","Severity":"critical","Description":"Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40870.yaml"}
{"ID":"CVE-2021-40875","Info":{"Name":"Gurock TestRail Application files.md5 Exposure","Severity":"high","Description":"Improper access control in Gurock TestRail versions \u003c 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40875.yaml"}
{"ID":"CVE-2021-40908","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40908.yaml"}
{"ID":"CVE-2021-40960","Info":{"Name":"Galera WebTemplate 1.0 Directory Traversal","Severity":"critical","Description":"Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-40960.yaml"}
{"ID":"CVE-2021-40968","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40968.yaml"}
{"ID":"CVE-2021-40969","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40969.yaml"}
{"ID":"CVE-2021-40970","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40970.yaml"}
{"ID":"CVE-2021-40971","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40971.yaml"}
{"ID":"CVE-2021-40972","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40972.yaml"}
{"ID":"CVE-2021-40973","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-40973.yaml"}
{"ID":"CVE-2021-40978","Info":{"Name":"MKdocs 1.2.2 - Directory Traversal","Severity":"high","Description":"The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-40978.yaml"}
{"ID":"CVE-2021-41174","Info":{"Name":"Grafana 8.0.0 \u003c= v.8.2.2 - Angularjs Rendering Cross-Site Scripting","Severity":"medium","Description":"Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41174.yaml"}
{"ID":"CVE-2021-41192","Info":{"Name":"Redash Setup Configuration - Default Secrets Disclosure","Severity":"medium","Description":"Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions \u003c=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41192.yaml"}
@ -1304,11 +1343,13 @@
{"ID":"CVE-2021-43496","Info":{"Name":"Clustering Local File Inclusion","Severity":"high","Description":"Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43496.yaml"}
{"ID":"CVE-2021-43510","Info":{"Name":"Sourcecodester Simple Client Management System 1.0 - SQL Injection","Severity":"critical","Description":"Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-43510.yaml"}
{"ID":"CVE-2021-43574","Info":{"Name":"Atmail 6.5.0 - Cross-Site Scripting","Severity":"medium","Description":"Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43574.yaml"}
{"ID":"CVE-2021-43725","Info":{"Name":"Spotweb \u003c= 1.5.1 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43725.yaml"}
{"ID":"CVE-2021-43734","Info":{"Name":"kkFileview v4.0.0 - Local File Inclusion","Severity":"high","Description":"kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43734.yaml"}
{"ID":"CVE-2021-43778","Info":{"Name":"GLPI plugin Barcode \u003c 2.6.1 - Path Traversal Vulnerability.","Severity":"high","Description":"Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43778.yaml"}
{"ID":"CVE-2021-43798","Info":{"Name":"Grafana v8.x - Arbitrary File Read","Severity":"high","Description":"Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `\u003cgrafana_host_url\u003e/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-43798.yaml"}
{"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43810.yaml"}
{"ID":"CVE-2021-44077","Info":{"Name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44077.yaml"}
{"ID":"CVE-2021-44138","Info":{"Name":"Caucho Resin \u003e=4.0.52 \u003c=4.0.56 - Directory traversal","Severity":"high","Description":"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44138.yaml"}
{"ID":"CVE-2021-44152","Info":{"Name":"Reprise License Manager 14.2 - Authentication Bypass","Severity":"critical","Description":"Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44152.yaml"}
{"ID":"CVE-2021-44228","Info":{"Name":"Apache Log4j2 Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 \u003c=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-44228.yaml"}
{"ID":"CVE-2021-44427","Info":{"Name":"Rosario Student Information System Unauthenticated SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44427.yaml"}
@ -1369,14 +1410,14 @@
{"ID":"CVE-2022-0482","Info":{"Name":"Easy!Appointments \u003c1.4.3 - Broken Access Control","Severity":"critical","Description":"Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0482.yaml"}
{"ID":"CVE-2022-0535","Info":{"Name":"WordPress E2Pdf \u003c1.16.45 - Cross-Site Scripting","Severity":"medium","Description":"WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-0535.yaml"}
{"ID":"CVE-2022-0540","Info":{"Name":"Atlassian Jira Seraph - Authentication Bypass","Severity":"critical","Description":"Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0540.yaml"}
{"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.","Classification":{"CVSSScore":"9.10"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"}
{"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"}
{"ID":"CVE-2022-0594","Info":{"Name":"WordPress Shareaholic \u003c9.7.6 - Information Disclosure","Severity":"medium","Description":"WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0594.yaml"}
{"ID":"CVE-2022-0595","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.6.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0595.yaml"}
{"ID":"CVE-2022-0599","Info":{"Name":"WordPress Mapping Multiple URLs Redirect Same Page \u003c=5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0599.yaml"}
{"ID":"CVE-2022-0653","Info":{"Name":"Wordpress Profile Builder Plugin Cross-Site Scripting","Severity":"medium","Description":"The Profile Builder User Profile \u0026 User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0653.yaml"}
{"ID":"CVE-2022-0656","Info":{"Name":"uDraw \u003c3.3.3 - Local File Inclusion","Severity":"high","Description":"uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0656.yaml"}
{"ID":"CVE-2022-0660","Info":{"Name":"Microweber \u003c1.2.11 - Information Disclosure","Severity":"high","Description":"Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0660.yaml"}
{"ID":"CVE-2022-0678","Info":{"Name":"Packagist \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0678.yaml"}
{"ID":"CVE-2022-0678","Info":{"Name":"Microweber \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0678.yaml"}
{"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0679.yaml"}
{"ID":"CVE-2022-0692","Info":{"Name":"Rudloff alltube prior to 3.0.1 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0692.yaml"}
{"ID":"CVE-2022-0693","Info":{"Name":"WordPress Master Elements \u003c=8.0 - SQL Injection","Severity":"critical","Description":"WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0693.yaml"}
@ -1398,6 +1439,7 @@
{"ID":"CVE-2022-0846","Info":{"Name":"SpeakOut Email Petitions \u003c 2.14.15.1 - SQL Injection","Severity":"critical","Description":"The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0846.yaml"}
{"ID":"CVE-2022-0864","Info":{"Name":"UpdraftPlus \u003c 1.22.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0864.yaml"}
{"ID":"CVE-2022-0867","Info":{"Name":"WordPress ARPrice \u003c3.6.1 - SQL Injection","Severity":"critical","Description":"WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0867.yaml"}
{"ID":"CVE-2022-0869","Info":{"Name":"nitely/spirit 0.12.3 - Open Redirect","Severity":"medium","Description":"Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0869.yaml"}
{"ID":"CVE-2022-0870","Info":{"Name":"Gogs \u003c0.12.5 - Server-Side Request Forgery","Severity":"medium","Description":"Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0870.yaml"}
{"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c=1.0.9 - Remote Code Execution","Severity":"critical","Description":"WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0885.yaml"}
{"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0928.yaml"}
@ -1457,6 +1499,7 @@
{"ID":"CVE-2022-2219","Info":{"Name":"Unyson \u003c 2.7.27 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-2219.yaml"}
{"ID":"CVE-2022-22242","Info":{"Name":"Juniper Web Device Manager - Cross-Site Scripting","Severity":"medium","Description":"Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-22242.yaml"}
{"ID":"CVE-2022-22536","Info":{"Name":"SAP Memory Pipes (MPI) Desynchronization","Severity":"critical","Description":"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22536.yaml"}
{"ID":"CVE-2022-22733","Info":{"Name":"Apache ShardingSphere ElasticJob-UI privilege escalation","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-22733.yaml"}
{"ID":"CVE-2022-2290","Info":{"Name":"Trilium \u003c0.52.4 - Cross-Site Scripting","Severity":"medium","Description":"Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2290.yaml"}
{"ID":"CVE-2022-22947","Info":{"Name":"Spring Cloud Gateway Code Injection","Severity":"critical","Description":"Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22947.yaml"}
{"ID":"CVE-2022-22954","Info":{"Name":"VMware Workspace ONE Access - Server-Side Template Injection","Severity":"critical","Description":"VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22954.yaml"}
@ -1469,6 +1512,7 @@
{"ID":"CVE-2022-23178","Info":{"Name":"Crestron Device - Credentials Disclosure","Severity":"critical","Description":"An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-23178.yaml"}
{"ID":"CVE-2022-23347","Info":{"Name":"BigAnt Server v5.6.06 - Local File Inclusion","Severity":"high","Description":"BigAnt Server v5.6.06 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-23347.yaml"}
{"ID":"CVE-2022-23348","Info":{"Name":"BigAnt Server 5.6.06 - Improper Access Control","Severity":"medium","Description":"BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23348.yaml"}
{"ID":"CVE-2022-23544","Info":{"Name":"MeterSphere \u003c 2.5.0 SSRF","Severity":"medium","Description":"MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-23544.yaml"}
{"ID":"CVE-2022-2373","Info":{"Name":"WordPress Simply Schedule Appointments \u003c1.5.7.7 - Information Disclosure","Severity":"medium","Description":"WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2373.yaml"}
{"ID":"CVE-2022-2376","Info":{"Name":"WordPress Directorist \u003c7.3.1 - Information Disclosure","Severity":"medium","Description":"WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2376.yaml"}
{"ID":"CVE-2022-23779","Info":{"Name":"Zoho ManageEngine - Internal Hostname Disclosure","Severity":"medium","Description":"Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23779.yaml"}
@ -1485,10 +1529,14 @@
{"ID":"CVE-2022-24181","Info":{"Name":"PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting","Severity":"medium","Description":"PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24181.yaml"}
{"ID":"CVE-2022-24223","Info":{"Name":"Atom CMS v2.0 - SQL Injection","Severity":"critical","Description":"AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24223.yaml"}
{"ID":"CVE-2022-24260","Info":{"Name":"VoipMonitor - Pre-Auth SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24260.yaml"}
{"ID":"CVE-2022-24264","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24264.yaml"}
{"ID":"CVE-2022-24265","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/\u0026menu_filter=3 parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24265.yaml"}
{"ID":"CVE-2022-24266","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24266.yaml"}
{"ID":"CVE-2022-24288","Info":{"Name":"Apache Airflow OS Command Injection","Severity":"high","Description":"Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-24288.yaml"}
{"ID":"CVE-2022-2462","Info":{"Name":"WordPress Transposh \u003c=1.0.8.1 - Information Disclosure","Severity":"medium","Description":"WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2462.yaml"}
{"ID":"CVE-2022-2467","Info":{"Name":"Garage Management System 1.0 - SQL Injection","Severity":"critical","Description":"Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2467.yaml"}
{"ID":"CVE-2022-24681","Info":{"Name":"ManageEngine ADSelfService Plus \u003c6121 - Stored Cross-Site Scripting","Severity":"medium","Description":"ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24681.yaml"}
{"ID":"CVE-2022-24716","Info":{"Name":"Icinga Web 2 - Arbitrary File Disclosure","Severity":"high","Description":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-24716.yaml"}
{"ID":"CVE-2022-24816","Info":{"Name":"GeoServer \u003c1.2.2 - Remote Code Execution","Severity":"critical","Description":"Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24816.yaml"}
{"ID":"CVE-2022-24856","Info":{"Name":"Flyte Console \u003c0.52.0 - Server-Side Request Forgery","Severity":"high","Description":"FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24856.yaml"}
{"ID":"CVE-2022-2486","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2486.yaml"}
@ -1526,11 +1574,16 @@
{"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26564.yaml"}
{"ID":"CVE-2022-26833","Info":{"Name":"Open Automation Software OAS Platform V16.00.0121 - Missing Authentication","Severity":"critical","Description":"An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26833.yaml"}
{"ID":"CVE-2022-26960","Info":{"Name":"elFinder \u003c=2.1.60 - Local File Inclusion","Severity":"critical","Description":"elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-26960.yaml"}
{"ID":"CVE-2022-2733","Info":{"Name":"Openemr \u003c 7.0.0.1 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2733.yaml"}
{"ID":"CVE-2022-2756","Info":{"Name":"Kavita \u003c0.5.4.1 - Server-Side Request Forgery","Severity":"medium","Description":"Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-2756.yaml"}
{"ID":"CVE-2022-27593","Info":{"Name":"QNAP QTS Photo Station External Reference - Local File Inclusion","Severity":"critical","Description":"QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-27593.yaml"}
{"ID":"CVE-2022-27849","Info":{"Name":"WordPress Simple Ajax Chat \u003c20220116 - Sensitive Information Disclosure vulnerability","Severity":"high","Description":"WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-27849.yaml"}
{"ID":"CVE-2022-27926","Info":{"Name":"Zimbra Collaboration (ZCS) - Cross Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-27926.yaml"}
{"ID":"CVE-2022-27927","Info":{"Name":"Microfinance Management System 1.0 - SQL Injection","Severity":"critical","Description":"Microfinance Management System 1.0 is susceptible to SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-27927.yaml"}
{"ID":"CVE-2022-27984","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"critical","Description":"CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-27984.yaml"}
{"ID":"CVE-2022-27985","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"critical","Description":"CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-27985.yaml"}
{"ID":"CVE-2022-28022","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-28022.yaml"}
{"ID":"CVE-2022-28023","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-28023.yaml"}
{"ID":"CVE-2022-28032","Info":{"Name":"Atom CMS v2.0 - SQL Injection","Severity":"critical","Description":"AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-28032.yaml"}
{"ID":"CVE-2022-28079","Info":{"Name":"College Management System 1.0 - SQL Injection","Severity":"high","Description":"College Management System 1.0 contains a SQL injection vulnerability via the course code parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-28079.yaml"}
{"ID":"CVE-2022-28080","Info":{"Name":"Royal Event - SQL Injection","Severity":"high","Description":"Royal Event is vulnerable to a SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-28080.yaml"}
@ -1584,6 +1637,17 @@
{"ID":"CVE-2022-31846","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31846.yaml"}
{"ID":"CVE-2022-31847","Info":{"Name":"WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure","Severity":"high","Description":"WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31847.yaml"}
{"ID":"CVE-2022-31854","Info":{"Name":"Codoforum 5.1 - Arbitrary File Upload","Severity":"high","Description":"Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31854.yaml"}
{"ID":"CVE-2022-31879","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-31879.yaml"}
{"ID":"CVE-2022-31974","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports\u0026date=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31974.yaml"}
{"ID":"CVE-2022-31975","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31975.yaml"}
{"ID":"CVE-2022-31976","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31976.yaml"}
{"ID":"CVE-2022-31977","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31977.yaml"}
{"ID":"CVE-2022-31978","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31978.yaml"}
{"ID":"CVE-2022-31980","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31980.yaml"}
{"ID":"CVE-2022-31981","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31981.yaml"}
{"ID":"CVE-2022-31982","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31982.yaml"}
{"ID":"CVE-2022-31983","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31983.yaml"}
{"ID":"CVE-2022-31984","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31984.yaml"}
{"ID":"CVE-2022-32007","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit\u0026id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32007.yaml"}
{"ID":"CVE-2022-32015","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category\u0026search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32015.yaml"}
{"ID":"CVE-2022-32018","Info":{"Name":"Complete Online Job Search System 1.0 - SQL Injection","Severity":"high","Description":"Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring\u0026search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-32018.yaml"}
@ -1649,6 +1713,7 @@
{"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-39195.yaml"}
{"ID":"CVE-2022-3933","Info":{"Name":"WordPress Essential Real Estate \u003c3.9.6 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-3933.yaml"}
{"ID":"CVE-2022-3934","Info":{"Name":"WordPress FlatPM \u003c3.0.13 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-3934.yaml"}
{"ID":"CVE-2022-3980","Info":{"Name":"Sophos Mobile managed on-premises - XML External Entity Injection","Severity":"critical","Description":"An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3980.yaml"}
{"ID":"CVE-2022-3982","Info":{"Name":"WordPress Booking Calendar \u003c3.2.2 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3982.yaml"}
{"ID":"CVE-2022-39952","Info":{"Name":"Fortinet FortiNAC - Arbitrary File Write","Severity":"critical","Description":"Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39952.yaml"}
{"ID":"CVE-2022-39960","Info":{"Name":"Jira Netic Group Export \u003c1.0.3 - Missing Authorization","Severity":"medium","Description":"Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-39960.yaml"}
@ -1667,6 +1732,8 @@
{"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41473.yaml"}
{"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-41840.yaml"}
{"ID":"CVE-2022-42094","Info":{"Name":"Backdrop CMS version 1.23.0 - Stored Cross Site Scripting","Severity":"medium","Description":"Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-42094.yaml"}
{"ID":"CVE-2022-42095","Info":{"Name":"Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)","Severity":"medium","Description":"Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-42095.yaml"}
{"ID":"CVE-2022-42096","Info":{"Name":"Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)","Severity":"medium","Description":"Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-42096.yaml"}
{"ID":"CVE-2022-42233","Info":{"Name":"Tenda 11N - Authentication Bypass","Severity":"critical","Description":"Tenda 11N with firmware version V5.07.33_cn contains an authentication bypass vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-42233.yaml"}
{"ID":"CVE-2022-4260","Info":{"Name":"WordPress WP-Ban \u003c1.69.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-4260.yaml"}
{"ID":"CVE-2022-42746","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42746.yaml"}
@ -1684,14 +1751,18 @@
{"ID":"CVE-2022-4320","Info":{"Name":"WordPress Events Calendar \u003c1.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4320.yaml"}
{"ID":"CVE-2022-4321","Info":{"Name":"PDF Generator for WordPress \u003c 1.1.2 - Cross Site Scripting","Severity":"medium","Description":"The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-4321.yaml"}
{"ID":"CVE-2022-4325","Info":{"Name":"WordPress Post Status Notifier Lite \u003c1.10.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4325.yaml"}
{"ID":"CVE-2022-4328","Info":{"Name":"WooCommerce Checkout Field Manager \u003c 18.0 - Arbitrary File Upload","Severity":"critical","Description":"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4328.yaml"}
{"ID":"CVE-2022-43769","Info":{"Name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","Severity":"high","Description":"Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-43769.yaml"}
{"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4447.yaml"}
{"ID":"CVE-2022-44877","Info":{"Name":"CentOS Web Panel 7 \u003c0.9.8.1147 - Remote Code Execution","Severity":"critical","Description":"CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44877.yaml"}
{"ID":"CVE-2022-45037","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45037.yaml"}
{"ID":"CVE-2022-45038","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45038.yaml"}
{"ID":"CVE-2022-45362","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-45362.yaml"}
{"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.3 - SQL Injection","Severity":"critical","Description":"WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45805.yaml"}
{"ID":"CVE-2022-45835","Info":{"Name":"WordPress PhonePe Payment Solutions \u003c=1.0.15 - Server-Side Request Forgery","Severity":"medium","Description":"WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-45835.yaml"}
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-45917.yaml"}
{"ID":"CVE-2022-45933","Info":{"Name":"KubeView \u003c=0.1.31 - Information Disclosure","Severity":"critical","Description":"KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45933.yaml"}
{"ID":"CVE-2022-46020","Info":{"Name":"WBCE CMS v1.5.4 - Remote Code Execution","Severity":"critical","Description":"WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46020.yaml"}
{"ID":"CVE-2022-46169","Info":{"Name":"Cacti \u003c=1.2.22 - Remote Command Injection","Severity":"critical","Description":"Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46169.yaml"}
{"ID":"CVE-2022-46381","Info":{"Name":"Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46381.yaml"}
{"ID":"CVE-2022-46888","Info":{"Name":"NexusPHP \u003c1.7.33 - Cross-Site Scripting","Severity":"medium","Description":"NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can inject arbitrary web script or HTML, which can allow theft of cookie-based authentication credentials and launch of other attacks..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46888.yaml"}
@ -1708,20 +1779,31 @@
{"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"}
{"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"}
{"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"}
{"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"}
{"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"}
{"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"}
{"ID":"CVE-2023-0948","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0948.yaml"}
{"ID":"CVE-2023-0968","Info":{"Name":"WordPress Watu Quiz \u003c3.3.9.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0968.yaml"}
{"ID":"CVE-2023-1020","Info":{"Name":"Steveas WP Live Chat Shoutbox \u003c= 1.4.2 - SQL Injection","Severity":"critical","Description":"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1020.yaml"}
{"ID":"CVE-2023-1080","Info":{"Name":"WordPress GN Publisher \u003c1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1080.yaml"}
{"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"}
{"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"}
{"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"}
{"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"}
{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
{"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"}
{"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
{"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
{"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"}
{"ID":"CVE-2023-23333","Info":{"Name":"SolarView Compact 6.00 - OS Command Injection","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23333.yaml"}
{"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23488.yaml"}
{"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23489.yaml"}
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n\nNote that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492.yaml"}
{"ID":"CVE-2023-2356","Info":{"Name":"Mlflow \u003c2.3.0 - Local File Inclusion","Severity":"high","Description":"Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2356.yaml"}
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-23752.yaml"}
{"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian \u003c=18.0.49 - Open Redirect","Severity":"medium","Description":"Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is \"the ability to use arbitrary domain names to access the panel is an intended feature.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24044.yaml"}
{"ID":"CVE-2023-24243","Info":{"Name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","Severity":"high","Description":"CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-24243.yaml"}
{"ID":"CVE-2023-24278","Info":{"Name":"Squidex \u003c7.4.0 - Cross-Site Scripting","Severity":"medium","Description":"Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24278.yaml"}
{"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24322.yaml"}
{"ID":"CVE-2023-24367","Info":{"Name":"Temenos T24 R20 - Cross-Site Scripting","Severity":"medium","Description":"Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24367.yaml"}
@ -1729,17 +1811,37 @@
{"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"}
{"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"}
{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"}
{"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"}
{"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"}
{"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"}
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"}
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"}
{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"critical","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"}
{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"}
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"medium","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"}
{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"critical","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"}
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"}
{"ID":"CVE-2023-2732","Info":{"Name":"MStore API \u003c= 3.9.2 - Authentication Bypass","Severity":"critical","Description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2732.yaml"}
{"ID":"CVE-2023-27350","Info":{"Name":"PaperCut - Unauthenticated Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27350.yaml"}
{"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"}
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"high","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"}
{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"}
{"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","Severity":"critical","Description":"Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28343.yaml"}
{"ID":"CVE-2023-28432","Info":{"Name":"MinIO Cluster Deployment - Information Disclosure","Severity":"high","Description":"MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-28432.yaml"}
{"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"}
{"ID":"CVE-2023-29489","Info":{"Name":"cPanel - Cross-Site Scripting","Severity":"medium","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29489.yaml"}
{"ID":"CVE-2023-29489","Info":{"Name":"cPanel - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29489.yaml"}
{"ID":"CVE-2023-29622","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29622.yaml"}
{"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"}
{"ID":"CVE-2023-29887","Info":{"Name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","Severity":"high","Description":"A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29887.yaml"}
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"high","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"high","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"}
{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"}
{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
{"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"}
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"medium","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
{"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"}
{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"}
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}

View File

@ -1 +1 @@
007505eab9adec1b628522c2675730ee
6a8d52a6e0f4ae54ace3ababe34a2385

View File

@ -29,5 +29,3 @@ dns:
- 'issue "(.*)"'
- 'issuewild "(.*)"'
- 'iodef "(.*)"'
# Enhanced by mp on 2022/03/22

View File

@ -28,5 +28,3 @@ dns:
group: 1
regex:
- "IN\tCNAME\t(.+)"
# Enhanced by mp on 2022/03/13

View File

@ -43,5 +43,3 @@ dns:
name: salesforce-community
words:
- "live.siteforce.com"
# Enhanced by mp on 2022/03/13

View File

@ -9,7 +9,7 @@ info:
- https://www.geeksforgeeks.org/deep-linking-in-android-with-example/
- https://medium.com/@muratcanbur/intro-to-deep-linking-on-android-1b9fe9e38abd
metadata:
verified: "true"
verified: true
tags: android,file,deeplink
file:

View File

@ -7,7 +7,7 @@ info:
description: |
This process involves extracting tokens, endpoints, URIs, and variable names from the JS file and analyzing them for any potential weaknesses that could be exploited. By extracting and analyzing these elements, potential security threats can be identified, allowing for proactive measures to be taken to mitigate any risks associated with the application. This process can be used as part of a comprehensive bug-hunting strategy to ensure the security of an application.
metadata:
verified: "true"
verified: true
tags: file,js-analyse,js,javascript
file:

View File

@ -10,7 +10,7 @@ info:
- https://developer.adobe.com/developer-console/docs/guides/authentication/OAuthIntegration/
- https://developer.adobe.com/developer-console/docs/guides/authentication/OAuth/
metadata:
verified: "true"
verified: true
tags: adobe,oauth,file,token
file:

View File

@ -9,7 +9,7 @@ info:
- https://github.com/FiloSottile/age/blob/main/doc/age.1.html
- https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type
metadata:
verified: "true"
verified: true
tags: age-encryption,file,token
file:

View File

@ -9,7 +9,7 @@ info:
- https://github.com/FiloSottile/age/blob/main/doc/age.1.html
- https://github.com/C2SP/C2SP/blob/8b6a842e0360d35111c46be2a8019b2276295914/age.md#the-x25519-recipient-type
metadata:
verified: "true"
verified: true
tags: age-encryption,file,token
file:

View File

@ -7,7 +7,7 @@ info:
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml
metadata:
verified: "true"
verified: true
tags: aws,amazon,token,file
file:

View File

@ -7,7 +7,7 @@ info:
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml
metadata:
verified: "true"
verified: true
tags: aws,amazon,token,file,session
file:

View File

@ -0,0 +1,23 @@
id: azure-connection-string
info:
name: Azure Connection String
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/azure.yml
- https://azure.microsoft.com/en-us/blog/windows-azure-web-sites-how-application-strings-and-connection-strings-work/
- https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string
metadata:
verified: true
tags: azure,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)(?:AccountName|SharedAccessKeyName|SharedSecretIssuer)\s*=\s*([^;]{1,80})\s*;\s*.{0,10}\s*(?:AccountKey|SharedAccessKey|SharedSecretValue)\s*=\s*([^;]{1,100})(?:;|$)

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/codeclimate.yml
- https://github.com/codeclimate/ruby-test-reporter/issues/34
metadata:
verified: "true"
verified: true
tags: codeclimate,token,file
file:

View File

@ -9,7 +9,7 @@ info:
- https://crates.io/data-access
- https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs
metadata:
verified: "true"
verified: true
tags: crates,token,file
file:

View File

@ -0,0 +1,22 @@
id: digitalocean-personal-token
info:
name: DigitalOcean Personal Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/digitalocean.yml
- https://docs.digitalocean.com/reference/api/
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(doo_v1_[a-f0-9]{64})\b

View File

@ -0,0 +1,22 @@
id: digitalocean-personal-access
info:
name: DigitalOcean Personal Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/digitalocean.yml
- https://docs.digitalocean.com/reference/api/
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(dop_v1_[a-f0-9]{64})\b

View File

@ -0,0 +1,22 @@
id: digitalocean-refresh-token
info:
name: DigitalOcean Refresh Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/digitalocean.yml
- https://docs.digitalocean.com/reference/api/
metadata:
verified: true
tags: digitalocean,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)\b(dor_v1_[a-f0-9]{64})\b

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/facebook.yml
- https://developers.facebook.com/docs/facebook-login/access-tokens/
metadata:
verified: "true"
verified: true
tags: facebook,token,file
file:

View File

@ -0,0 +1,22 @@
id: figma-access-token
info:
name: Figma Personal Access Token
author: DhiyaneshDK
severity: info
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/figma.yml
- https://www.figma.com/developers/api
metadata:
verified: true
tags: figma,file,token
file:
- extensions:
- all
extractors:
- type: regex
part: body
regex:
- (?i)figma.{0,20}\b([0-9a-f]{4}-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b

View File

@ -10,7 +10,7 @@ info:
- https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
- https://web.archive.org/web/20230316194229/https://docs.github.com/en/enterprise-cloud@latest/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
metadata:
verified: "true"
verified: true
tags: file,github,ssh,rsa
file:

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/gitlab.yml
- https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
metadata:
verified: "true"
verified: true
tags: gitlab,token,file
file:

View File

@ -10,7 +10,7 @@ info:
- https://gitlab.com/gitlab-org/gitlab/-/issues/371396
- https://gitlab.com/gitlab-org/gitlab/-/issues/388379
metadata:
verified: "true"
verified: true
tags: gitlab,token,file
file:

View File

@ -10,7 +10,7 @@ info:
- https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens-deprecated
- https://docs.gitlab.com/ee/security/token_overview.html#security-considerations
metadata:
verified: "true"
verified: true
tags: gitlab,runner,token,file
file:

View File

@ -7,7 +7,7 @@ info:
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/google.yml
metadata:
verified: "true"
verified: true
tags: google,token,file
file:

View File

@ -7,7 +7,7 @@ info:
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/google.yml
metadata:
verified: "true"
verified: true
tags: google,token,file
file:

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/heroku.yml
- https://devcenter.heroku.com/articles/authentication
metadata:
verified: "true"
verified: true
tags: heroku,token,file
file:

View File

@ -9,7 +9,7 @@ info:
- https://www.jenkins.io/blog/2018/07/02/new-api-token-system/
- https://www.jenkins.io/doc/book/security/csrf-protection/
metadata:
verified: "true"
verified: true
tags: jenkins,crumb,token,file
file:

View File

@ -8,7 +8,7 @@ info:
- https://docs.gitguardian.com/secrets-detection/detectors/specifics/mapbox_token
- https://github.com/zricethezav/gitleaks/blob/master/cmd/generate/config/rules/mapbox.go
metadata:
verified: "true"
verified: true
tags: token,file,mapbox
file:

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/newrelic.yml
- https://docs.px.dev/reference/admin/api-keys/
metadata:
verified: "true"
verified: true
tags: newrelic,pixie,token,file
file:

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/newrelic.yml
- https://docs.px.dev/reference/admin/api-keys/
metadata:
verified: "true"
verified: true
tags: newrelic,pixie,token,file
file:

View File

@ -10,7 +10,7 @@ info:
- https://github.com/github/roadmap/issues/557
- https://github.blog/changelog/2022-12-06-limit-scope-of-npm-tokens-with-the-new-granular-access-tokens/
metadata:
verified: "true"
verified: true
tags: npm,token,file
file:

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/nuget.yml
- https://docs.microsoft.com/en-us/nuget/nuget-org/publish-a-package#create-api-keys
metadata:
verified: "true"
verified: true
tags: nuget,token,file
file:

View File

@ -9,7 +9,7 @@ info:
- https://platform.openai.com/docs/api-reference
- https://platform.openai.com/docs/api-reference/authentication
metadata:
verified: "true"
verified: true
tags: openai,token,file
file:

View File

@ -8,7 +8,7 @@ info:
- https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/postman.yml
- https://learning.postman.com/docs/developer/intro-api/
metadata:
verified: "true"
verified: true
tags: postman,keys,file,token
file:

View File

@ -9,7 +9,7 @@ info:
- https://github.com/pypa/warehouse/issues/6051
- https://pypi.org/project/pypitoken/
metadata:
verified: "true"
verified: true
tags: pypi,token,file
file:

View File

@ -9,7 +9,7 @@ info:
- https://guides.rubygems.org/rubygems-org-api/
- https://guides.rubygems.org/api-key-scopes/
metadata:
verified: "true"
verified: true
tags: rubygems,token,file,ruby
file:

View File

@ -7,7 +7,7 @@ info:
reference:
- https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/sauce.yml
metadata:
verified: "true"
verified: true
tags: sauce,token,file
file:

View File

@ -9,7 +9,7 @@ info:
- https://segment.com/docs/api/public-api/
- https://segment.com/blog/how-segment-proactively-protects-customer-api-tokens/
metadata:
verified: "true"
verified: true
tags: segment,token,file
file:

View File

@ -9,7 +9,7 @@ info:
- https://shopify.dev/apps/auth
- https://shopify.dev/changelog/app-secret-key-length-has-increased
metadata:
verified: "true"
verified: true
tags: shopify,token,file
file:

View File

@ -7,7 +7,7 @@ info:
reference:
- https://docs.stackhawk.com/apidocs.html
metadata:
verified: "true"
verified: true
tags: token,file
file:

View File

@ -9,7 +9,7 @@ info:
- https://core.telegram.org/bots/api
- https://core.telegram.org/bots/features#botfather
metadata:
verified: "true"
verified: true
tags: telegram,token,file
file:

View File

@ -0,0 +1,22 @@
id: admzip-path-overwrite
info:
name: Admzip Path Overwrite
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure ZIP archive extraction using adm-zip can result in arbitrary path over write and can result in code injection.
tags: file,nodejs,admzip
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\\\('adm-zip'\\\\)"
- "\\.forEach\\(function .*\\(.*, \\.\\*\\) \\{"
- "\\.createWriteStream\\(.*\\) \\}, \\.\\*\\)"
- "\\.writeFile\\(.*\\)"
- "\\.writeFileSync\\(.*\\) \\}, \\.\\*\\)"
condition: or

View File

@ -0,0 +1,20 @@
id: express-lfr
info:
name: Express LFR
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used.
tags: file,nodejs,express,lfr
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "(\\$[\\w\\W]+?)\\.render\\(\\$[\\w\\W]+?, <[\\w\\W]+? \\\\$[\\w\\W]+? [\\w\\W]+? >\\)"
- "(\\$[\\w\\W]+?)\\.render\\(\\$[\\w\\W]+?, <[\\w\\W]+? \\\\$[\\w\\W]+?\\.\\$[\\w\\W]+? [\\w\\W]+? >\\)"
- "(\\$[\\w\\W]+?)\\.render\\(\\$[\\w\\W]+?, <[\\w\\W]+? \\\\$[\\w\\W]+? [\\w\\W]+? >\\)"
condition: or

View File

@ -0,0 +1,21 @@
id: generic-path-traversal
info:
name: Generic Path Traversal
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
tags: file,nodejs
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "[^\\.]*\\.createReadStream\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
- "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)"
condition: or

View File

@ -0,0 +1,21 @@
id: tar-path-overwrite
info:
name: Tar Path Overwrite
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
tags: file,nodejs
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\('tar-stream'\\)"
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
condition: or

View File

@ -0,0 +1,17 @@
id: xss-disable-mustache-escape
info:
name: XSS Disable Mustache Escape
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
tags: file,nodejs,mustache,xss
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "[\\w\\W]+?\\.escapeMarkup = false"

View File

@ -0,0 +1,26 @@
id: xss-serialize-javascript
info:
name: XSS Serialize Javascript
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Untrusted user input reaching `serialize-javascript` with `unsafe` attribute can cause Cross Site Scripting (XSS).
tags: file,nodejs,serialize,xss
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\('serialize-javascript'\\)"
- "\\$S\\(\\.\\*?, \\{unsafe: true\\}\\)"
condition: or
- type: regex
negative: true
regex:
- "escape\\(.*?\\)"
- "encodeURI\\(.*?\\)"
condition: or

View File

@ -0,0 +1,28 @@
id: zip-path-overwrite
info:
name: Zip Path Overwrite
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure ZIP archive extraction can result in arbitrary path overwrite and can result in code injection.
tags: file,nodejs
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\('unzip'\\)"
- "require\\('unzipper'\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.Parse\\([\\w\\W]*?\\)\\)\\.on\\('entry', function [\\w\\W]*?\\([\\w\\W]*?\\) \\{"
- "[\\w\\W]+? = [\\w\\W]+?\\.indexOf\\([\\w\\W]*?\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\)\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\)\\)"
- "[\\w\\W]+?\\.pipe\\([\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\)\\)"
- "[\\w\\W]+?\\.Parse\\([\\w\\W]*?\\)\\.on\\('entry', function [\\w\\W]*?\\([\\w\\W]*?\\) \\{"
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\)"
condition: or

View File

@ -1 +1 @@
2.7.28
2.7.29

View File

@ -1 +1 @@
6.1.6
6.1.7

View File

@ -1 +1 @@
5.1
5.2

View File

@ -1 +1 @@
4.3.7
4.4.0.1

View File

@ -1 +1 @@
7.74
7.76

View File

@ -1 +1 @@
3.2.1
3.2.6

View File

@ -1 +1 @@
3.1.7
3.1.8.1

View File

@ -0,0 +1 @@
2.0.26

View File

@ -1 +1 @@
2.0.0
2.2.0

View File

@ -1 +1 @@
3.27.2
3.29

View File

@ -1 +1 @@
4.11.0
4.12.0

View File

@ -1 +1 @@
3.0.3
3.0.4

View File

@ -1 +1 @@
3.3.0
3.4.0

View File

@ -1 +1 @@
6.4.5
6.4.7

View File

@ -1 +1 @@
5.7.6
5.7.7

View File

@ -1 +1 @@
3.0.9
3.1.0

View File

@ -1 +1 @@
2.4.8
2.4.9

View File

@ -1 +1 @@
3.43
3.44

View File

@ -1 +1 @@
1.3.7
2.0.0

View File

@ -1 +1 @@
1.13.5
1.13.6

View File

@ -1 +1 @@
2.4.3
2.4.4

View File

@ -1 +1 @@
1.5.4
1.5.5

View File

@ -1 +1 @@
3.13.2
3.14.1

View File

@ -1 +1 @@
7.0.0
7.0.2

View File

@ -1 +1 @@
3.0.23
3.0.26

View File

@ -0,0 +1 @@
1.1.17

View File

@ -1 +1 @@
2.3
2.4

View File

@ -1 +1 @@
4.3.25
5.0.4

View File

@ -1 +1 @@
6.3
6.3.2

View File

@ -1 +1 @@
1.23.3
1.24.1

View File

@ -1 +1 @@
4.12.2
4.12.3

View File

@ -1 +1 @@
2.4.5
2.4.10

Some files were not shown because too many files have changed in this diff Show More