daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-10
ghost 2024-08-26 23:51:48 +00:00
parent 0e20b60d9b
commit 17e4561304
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2545,6 +2545,7 @@
{"ID":"CVE-2024-6746","Info":{"Name":"EasySpider 0.6.2 - Arbitrary File Read","Severity":"medium","Description":"A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \\EasySpider\\resources\\app\\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-6746.yaml"}
{"ID":"CVE-2024-6781","Info":{"Name":"Calibre \u003c= 7.14.0 Arbitrary File Read","Severity":"high","Description":"Arbitrary file read via Calibres content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6781.yaml"}
{"ID":"CVE-2024-6782","Info":{"Name":"Calibre \u003c= 7.14.0 Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution via Calibres content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6782.yaml"}
{"ID":"CVE-2024-6842","Info":{"Name":"AnythingLLM - Information Disclosure","Severity":"high","Description":"AnythingLLM suffers from an information disclosure vulnerability through the `/api/setup-complete` API endpoint. By accessing this endpoint, a remote and unauthenticated attacker can access sensitive configuration of the target AnythingLLM instance. This detection is included in the AI and LLM category.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-6842.yaml"}
{"ID":"CVE-2024-6893","Info":{"Name":"Journyx - XML External Entities Injection (XXE)","Severity":"high","Description":"The \"soap_cgi.pyc\" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-6893.yaml"}
{"ID":"CVE-2024-6922","Info":{"Name":"Automation Anywhere Automation 360 - Server-Side Request Forgery","Severity":"high","Description":"Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6922.yaml"}
{"ID":"CVE-2024-7008","Info":{"Name":"Calibre \u003c= 7.15.0 - Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attackers JavaScript code in the context of the victims browser. If the Calibre server is running with authentication enabled and the victim is logged in at the time, this can be used to cause the victim to perform actions on the Calibre server on behalf of the attacker.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-7008.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
3ba5c539e6ddfc765e24488013bee02e
39816ad2d1d93784353c6275c540594c