Merge pull request #1172 from nrathaus/master

Update description / reference

cves/2019/CVE-2019-18393.yaml

@@ -3,6 +3,7 @@ info:
   name: Openfire LFI
   author: pikpikcu
   severity: high
+  description: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
   reference: https://swarm.ptsecurity.com/openfire-admin-console/
   tags: cve,cve2019,openfire,lfi
 

cves/2019/CVE-2019-18394.yaml

@@ -4,7 +4,10 @@ info:
   name: Openfire Full Read SSRF
   author: pdteam - nuclei.projectdiscovery.io
   severity: critical
-  refrense: https://swarm.ptsecurity.com/openfire-admin-console/
+  description: A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
+  refrense: |
+    - https://swarm.ptsecurity.com/openfire-admin-console/
+    - https://github.com/igniterealtime/Openfire/pull/1497
   tags: cve,cve2019,ssrf
 
 requests:

cves/2019/CVE-2019-19368.yaml

@@ -4,6 +4,8 @@ info:
   name: Rumpus FTP Web File Manager 8.2.9.1 XSS
   author: madrobot
   severity: medium
+  description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
+  reference: https://github.com/harshit-shukla/CVE-2019-19368/
   tags: cve,cve2019,xss
 
 requests:

cves/2019/CVE-2019-19908.yaml

@@ -4,6 +4,8 @@ info:
   name: phpMyChat-Plus XSS
   author: madrobot
   severity: medium
+  description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
+  reference: https://cinzinga.github.io/CVE-2019-19908/
   tags: cve,cve2019,xss
 
 requests:

cves/2019/CVE-2019-19985.yaml

@@ -4,6 +4,7 @@ info:
   name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
   author: KBA@SOGETI_ESEC, madrobot & dwisiswant0
   severity: medium
+  description: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
   refrense: https://www.exploit-db.com/exploits/48698
   tags: cve,cve2019,wordpress,wp-plugin
 

cves/2019/CVE-2019-2725.yaml

@@ -5,15 +5,12 @@ info:
   author: dwisiswant0
   severity: critical
   tags: cve,cve2019,oracle,weblogic,rce
-
-  # Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
-  # Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.
-  # Easily exploitable vulnerability allows unauthenticated attacker
-  # with network access via HTTP to compromise Oracle WebLogic Server.
-  # Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
-  # --
-  # References:
-  # > https://paper.seebug.org/910/
+  description: |
+    Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
+  reference: |
+    - https://paper.seebug.org/910/
+    - https://www.exploit-db.com/exploits/46780/
+    - https://www.oracle.com/security-alerts/cpujan2020.html
 
 requests:
   - method: POST

cves/2019/CVE-2019-3799.yaml

@@ -3,6 +3,10 @@ info:
   name: Spring-Cloud-Config-Server Directory Traversal
   author: madrobot
   severity: high
+  description: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
+  reference: |
+    - https://github.com/mpgn/CVE-2019-3799
+    - https://pivotal.io/security/cve-2019-3799
   tags: cve,cve2019,lfi
 
 requests:

cves/2019/CVE-2019-5127.yaml

@@ -4,7 +4,8 @@ info:
   name: YouPHPTube Encoder RCE
   author: pikpikcu
   severity: critical
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5127
+  description: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
+  reference: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917
   tags: cve,cve2019,rce
 
 requests:

cves/2019/CVE-2019-5418.yaml

@@ -4,7 +4,10 @@ info:
   name: File Content Disclosure on Rails
   author: omarkurt
   severity: medium
-  reference: https://github.com/omarkurt/CVE-2019-5418
+  description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
+  reference: |
+    - https://github.com/omarkurt/CVE-2019-5418
+    - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
   tags: cve,cve2019,rails,lfi
 
 requests:

cves/2019/CVE-2019-7219.yaml

@@ -4,6 +4,11 @@ info:
   name: Zarafa WebApp Reflected XSS
   author: pd-team
   severity: low
+  description: |
+    Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
+  reference: |
+    - https://github.com/verifysecurity/CVE-2019-7219
+    - https://stash.kopano.io/repos?visibility=public
   tags: cve,cve2019,zarafa,xss
 
 requests:

cves/2019/CVE-2019-7609.yaml

@@ -4,7 +4,10 @@ info:
   name: Kibana Timelion Arbitrary Code Execution
   author: dwisiswant0
   severity: critical
-  reference: https://github.com/mpgn/CVE-2019-7609
+  description: Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
+  reference: |
+    - https://github.com/mpgn/CVE-2019-7609
+    - https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
   tags: cve,cve2019,kibana,rce
 
   # Kibana versions before 5.6.15 and 6.6.1

cves/2019/CVE-2019-8449.yaml

@@ -4,7 +4,10 @@ info:
   name: JIRA Unauthenticated Sensitive Information Disclosure
   author: Harsh Bothra
   severity: medium
-  reference: https://www.doyler.net/security-not-included/more-jira-enumeration
+  description: The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
+  reference: |
+    - https://www.doyler.net/security-not-included/more-jira-enumeration
+    - https://jira.atlassian.com/browse/JRASERVER-69796
   tags: cve,cve2019,atlassian,jira
 
 requests:

cves/2019/CVE-2019-8451.yaml

@@ -4,7 +4,10 @@ info:
   name: JIRA SSRF in the /plugins/servlet/gadgets/makeRequest resource
   author: TechbrunchFR
   severity: medium
-  reference: https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
+  description: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
+  reference: |
+    - https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
+    - https://jira.atlassian.com/browse/JRASERVER-69793
   tags: cve,cve2019,atlassian,jira,ssrf
 
 requests:

cves/2019/CVE-2019-8903.yaml

@@ -4,6 +4,11 @@ info:
   name: Totaljs - Unathenticated Directory Traversal
   author: madrobot
   severity: high
+  description: index.js in Total.js Platform before 3.2.3 allows path traversal.
+  reference: |
+    - https://blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903
+    - https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7
+    - https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b
   tags: cve,cve2019,totaljs,lfi
 
 requests:

cves/2019/CVE-2019-8982.yaml

@@ -3,6 +3,8 @@ info:
   name: Wavemaker Studio 6.6 LFI/SSRF
   author: madrobot
   severity: high
+  description: com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
+  reference: https://www.exploit-db.com/exploits/45158
   tags: cve,cve2019,wavemaker,lfi,ssrf
 
 requests:

cves/2019/CVE-2019-9041.yaml

@@ -4,7 +4,10 @@ info:
   name: ZZZCMS 1.6.1 RCE
   author: pikpikcu
   severity: high
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2019-9041
+  description: An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
+  reference: |
+    - http://www.iwantacve.cn/index.php/archives/118/
+    - https://www.exploit-db.com/exploits/46454/
   tags: cve,cve2019,zzzcms,rce
 
 requests:

cves/2019/CVE-2019-9978.yaml

@@ -4,6 +4,7 @@ info:
   name: WordPress social-warfare RFI
   author: madrobot & dwisiswant0
   severity: critical
+  description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
   reference: https://github.com/mpgn/CVE-2019-9978
   tags: cve,cve2019,wordpress,wp-plugin,ssrf