daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated cves.json [Thu Apr 20 19:29:45 UTC 2023] 🤖

patch-1
GitHub Action 2023-04-20 19:29:45 +00:00
parent 3c331837b3
commit 1198c067ab
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -723,6 +723,7 @@
{"ID":"CVE-2019-9978","Info":{"Name":"WordPress Social Warfare \u003c3.5.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-9978.yaml"}
{"ID":"CVE-2020-0618","Info":{"Name":"Microsoft SQL Server Reporting Services - Remote Code Execution","Severity":"high","Description":"Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2020/CVE-2020-0618.yaml"}
{"ID":"CVE-2020-10148","Info":{"Name":"SolarWinds Orion API - Auth Bypass","Severity":"critical","Description":"SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-10148.yaml"}
{"ID":"CVE-2020-10199","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Remote Code Execution","Severity":"high","Description":"Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2020/CVE-2020-10199.yaml"}
{"ID":"CVE-2020-10546","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-10546.yaml"}
{"ID":"CVE-2020-10547","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-10547.yaml"}
{"ID":"CVE-2020-10548","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-10548.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
2e7bcb9cd409c607f539296c3fef7fd9
2b05f42a236c59c53bf387eb491f9455