commit
0d179ad2a2
|
@ -3,6 +3,7 @@ info:
|
|||
name: Openfire LFI
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
|
||||
reference: https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
tags: cve,cve2019,openfire,lfi
|
||||
|
||||
|
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: Openfire Full Read SSRF
|
||||
author: pdteam - nuclei.projectdiscovery.io
|
||||
severity: critical
|
||||
refrense: https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
description: A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
|
||||
refrense: |
|
||||
- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||
- https://github.com/igniterealtime/Openfire/pull/1497
|
||||
tags: cve,cve2019,ssrf
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
|
||||
reference: https://github.com/harshit-shukla/CVE-2019-19368/
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: phpMyChat-Plus XSS
|
||||
author: madrobot
|
||||
severity: medium
|
||||
description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
|
||||
reference: https://cinzinga.github.io/CVE-2019-19908/
|
||||
tags: cve,cve2019,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
|
||||
author: KBA@SOGETI_ESEC, madrobot & dwisiswant0
|
||||
severity: medium
|
||||
description: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure.
|
||||
refrense: https://www.exploit-db.com/exploits/48698
|
||||
tags: cve,cve2019,wordpress,wp-plugin
|
||||
|
||||
|
|
|
@ -5,15 +5,12 @@ info:
|
|||
author: dwisiswant0
|
||||
severity: critical
|
||||
tags: cve,cve2019,oracle,weblogic,rce
|
||||
|
||||
# Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
|
||||
# Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0.
|
||||
# Easily exploitable vulnerability allows unauthenticated attacker
|
||||
# with network access via HTTP to compromise Oracle WebLogic Server.
|
||||
# Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
|
||||
# --
|
||||
# References:
|
||||
# > https://paper.seebug.org/910/
|
||||
description: |
|
||||
Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
|
||||
reference: |
|
||||
- https://paper.seebug.org/910/
|
||||
- https://www.exploit-db.com/exploits/46780/
|
||||
- https://www.oracle.com/security-alerts/cpujan2020.html
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
|
|
@ -3,6 +3,10 @@ info:
|
|||
name: Spring-Cloud-Config-Server Directory Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
|
||||
reference: |
|
||||
- https://github.com/mpgn/CVE-2019-3799
|
||||
- https://pivotal.io/security/cve-2019-3799
|
||||
tags: cve,cve2019,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,7 +4,8 @@ info:
|
|||
name: YouPHPTube Encoder RCE
|
||||
author: pikpikcu
|
||||
severity: critical
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5127
|
||||
description: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
|
||||
reference: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917
|
||||
tags: cve,cve2019,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: File Content Disclosure on Rails
|
||||
author: omarkurt
|
||||
severity: medium
|
||||
reference: https://github.com/omarkurt/CVE-2019-5418
|
||||
description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
|
||||
reference: |
|
||||
- https://github.com/omarkurt/CVE-2019-5418
|
||||
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
|
||||
tags: cve,cve2019,rails,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,11 @@ info:
|
|||
name: Zarafa WebApp Reflected XSS
|
||||
author: pd-team
|
||||
severity: low
|
||||
description: |
|
||||
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
|
||||
reference: |
|
||||
- https://github.com/verifysecurity/CVE-2019-7219
|
||||
- https://stash.kopano.io/repos?visibility=public
|
||||
tags: cve,cve2019,zarafa,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: Kibana Timelion Arbitrary Code Execution
|
||||
author: dwisiswant0
|
||||
severity: critical
|
||||
reference: https://github.com/mpgn/CVE-2019-7609
|
||||
description: Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
|
||||
reference: |
|
||||
- https://github.com/mpgn/CVE-2019-7609
|
||||
- https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
|
||||
tags: cve,cve2019,kibana,rce
|
||||
|
||||
# Kibana versions before 5.6.15 and 6.6.1
|
||||
|
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: JIRA Unauthenticated Sensitive Information Disclosure
|
||||
author: Harsh Bothra
|
||||
severity: medium
|
||||
reference: https://www.doyler.net/security-not-included/more-jira-enumeration
|
||||
description: The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
|
||||
reference: |
|
||||
- https://www.doyler.net/security-not-included/more-jira-enumeration
|
||||
- https://jira.atlassian.com/browse/JRASERVER-69796
|
||||
tags: cve,cve2019,atlassian,jira
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: JIRA SSRF in the /plugins/servlet/gadgets/makeRequest resource
|
||||
author: TechbrunchFR
|
||||
severity: medium
|
||||
reference: https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
|
||||
description: The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
|
||||
reference: |
|
||||
- https://www.tenable.com/blog/cve-2019-8451-proof-of-concept-available-for-server-side-request-forgery-ssrf-vulnerability-in
|
||||
- https://jira.atlassian.com/browse/JRASERVER-69793
|
||||
tags: cve,cve2019,atlassian,jira,ssrf
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,11 @@ info:
|
|||
name: Totaljs - Unathenticated Directory Traversal
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: index.js in Total.js Platform before 3.2.3 allows path traversal.
|
||||
reference: |
|
||||
- https://blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903
|
||||
- https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7
|
||||
- https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b
|
||||
tags: cve,cve2019,totaljs,lfi
|
||||
|
||||
requests:
|
||||
|
|
|
@ -3,6 +3,8 @@ info:
|
|||
name: Wavemaker Studio 6.6 LFI/SSRF
|
||||
author: madrobot
|
||||
severity: high
|
||||
description: com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
|
||||
reference: https://www.exploit-db.com/exploits/45158
|
||||
tags: cve,cve2019,wavemaker,lfi,ssrf
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: ZZZCMS 1.6.1 RCE
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-9041
|
||||
description: An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
|
||||
reference: |
|
||||
- http://www.iwantacve.cn/index.php/archives/118/
|
||||
- https://www.exploit-db.com/exploits/46454/
|
||||
tags: cve,cve2019,zzzcms,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: WordPress social-warfare RFI
|
||||
author: madrobot & dwisiswant0
|
||||
severity: critical
|
||||
description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
|
||||
reference: https://github.com/mpgn/CVE-2019-9978
|
||||
tags: cve,cve2019,wordpress,wp-plugin,ssrf
|
||||
|
||||
|
|
Loading…
Reference in New Issue