Added Impact

http/cves/2000/CVE-2000-0114.yaml

@@ -5,6 +5,8 @@ info:
   author: r3naissance
   severity: medium
   description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
+  impact: |
+    High: Remote code execution or denial of service.
   remediation: Upgrade to the latest version.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2000-0114

http/cves/2001/CVE-2001-0537.yaml

@@ -6,6 +6,8 @@ info:
   severity: critical
   description: |
     HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
+  impact: |
+    Successful exploitation of this vulnerability could lead to unauthorized access to the affected device.
   remediation: |
     Apply the appropriate patch or upgrade to a fixed version of the Cisco IOS software.
   reference:

http/cves/2002/CVE-2002-1131.yaml

@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: high
   description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities.
   remediation: |
     Upgrade to a patched version of SquirrelMail or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:

http/cves/2004/CVE-2004-0519.yaml

@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: medium
   description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, phishing attacks, or defacement of the SquirrelMail interface.
   remediation: Upgrade to the latest version.
   reference:
     - https://www.exploit-db.com/exploits/24068

http/cves/2004/CVE-2004-1965.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.
+  impact: |
+    Successful exploitation of these vulnerabilities could lead to unauthorized access, phishing attacks, and potential data theft.
   remediation: |
     Upgrade to a patched version of Open Bulletin Board (OpenBB) or apply necessary security patches to mitigate the vulnerabilities.
   reference:

http/cves/2005/CVE-2005-2428.yaml

@@ -5,6 +5,8 @@ info:
   author: CasperGN
   severity: medium
   description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).
+  impact: |
+    The vulnerability can lead to the disclosure of sensitive information, potentially compromising user privacy and system security.
   remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files.
   reference:
     - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf

http/cves/2005/CVE-2005-3344.yaml

@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.
+  impact: |
+    An attacker can gain unauthorized access to sensitive administrative functions and potentially compromise the entire system.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Horde Groupware to fix the vulnerability.
   reference:

http/cves/2005/CVE-2005-3634.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks.
   remediation: |
     Apply the latest security patches and updates provided by SAP to fix the open redirect vulnerability.
   reference:

http/cves/2005/CVE-2005-4385.yaml

@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a version of Cofax that is not affected by this vulnerability or apply the necessary patches provided by the vendor.
   reference:

http/cves/2006/CVE-2006-1681.yaml

@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of Cherokee HTTPD or apply the necessary security patches to mitigate the XSS vulnerability.
   reference:

http/cves/2006/CVE-2006-2842.yaml

@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDk
   severity: high
   description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Upgrade Squirrelmail to a version higher than 1.4.6 or apply the necessary patches to fix the LFI vulnerability.
   reference:

http/cves/2007/CVE-2007-4504.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Upgrade to the latest version of Joomla! RSfiles or apply the necessary patches provided by the vendor.
   reference:

http/cves/2007/CVE-2007-4556.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character.
+  impact: |
+    Remote code execution
   remediation: |
     Update to the latest version of Apache Struts2
   reference:

http/cves/2007/CVE-2007-5728.yaml

@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to a patched version of phpPgAdmin or apply the necessary security patches provided by the vendor.
   reference:

http/cves/2008/CVE-2008-1059.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation.
   remediation: |
     Update WordPress Sniplets to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability.
   reference:

http/cves/2008/CVE-2008-1061.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Update WordPress Sniplets plugin to the latest version available, which addresses the XSS vulnerability.
   reference:

http/cves/2008/CVE-2008-1547.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
+  impact: |
+    An attacker can exploit this vulnerability to trick users into visiting malicious websites, leading to potential phishing attacks.
   remediation: |
     Apply the necessary security patches or upgrade to a newer version of Microsoft Exchange Server.
   reference:

http/cves/2008/CVE-2008-2398.yaml

@@ -5,6 +5,8 @@ info:
   author: unstabl3
   severity: medium
   description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
   remediation: |
     Upgrade to a patched version of AppServ Open Project (>=2.5.11) or apply the necessary security patches provided by the vendor.
   reference:

http/cves/2008/CVE-2008-2650.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system.
   remediation: |
     Upgrade CMSimple to a patched version or apply the necessary security patches provided by the vendor.
   reference:

http/cves/2008/CVE-2008-4668.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: critical
   description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Upgrade to a patched version of Joomla! Image Browser or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:

http/cves/2008/CVE-2008-5587.yaml

@@ -5,6 +5,8 @@ info:
   author: dhiyaneshDK
   severity: medium
   description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server and potentially execute arbitrary code.
   remediation: |
     Upgrade phpPgAdmin to a version higher than 4.2.1 or apply the necessary patches provided by the vendor.
   reference:

http/cves/2008/CVE-2008-6080.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Update Joomla! ionFiles to the latest version or apply the provided patch to mitigate the vulnerability.
   reference:

http/cves/2008/CVE-2008-6172.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Update Joomla! Component RWCards to the latest version to mitigate the vulnerability.
   reference:

http/cves/2008/CVE-2008-6222.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Joomla! ProDesk to mitigate the vulnerability.
   reference:

http/cves/2008/CVE-2008-6465.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Apply the latest security patches or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability.
   reference:

http/cves/2008/CVE-2008-6668.yaml

@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: medium
   description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data.
   remediation: |
     Upgrade to a patched version of nweb2fax or apply the necessary security patches provided by the vendor.
   reference:

http/cves/2008/CVE-2008-6982.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade to the latest version to mitigate this vulnerability.
   reference:

http/cves/2009/CVE-2009-0347.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.
+  impact: |
+    An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks.
   remediation: |
     Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability.
   reference:

http/cves/2009/CVE-2009-0545.yaml

@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: critical
   description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
+  impact: |
+    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system.
   remediation: |
     Upgrade to a patched version of ZeroShell.
   reference:

http/cves/2009/CVE-2009-0932.yaml

@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: medium
   description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the server.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Horde/Horde Groupware.
   reference:

http/cves/2009/CVE-2009-1151.yaml

@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: high
   description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system.
   remediation: |
     Update PhpMyAdmin to the latest version or apply the necessary patches.
   reference:

http/cves/2009/CVE-2009-1496.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Apply the latest patch or upgrade to a newer version of Joomla! Cmimarketplace to mitigate the vulnerability.
   reference:

http/cves/2009/CVE-2009-1558.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to read sensitive files on the device, potentially leading to unauthorized access or information disclosure.
   remediation: |
     Apply the latest firmware update provided by Cisco to fix the local file inclusion vulnerability.
   reference:

http/cves/2009/CVE-2009-1872.yaml

@@ -5,6 +5,8 @@ info:
   author: princechaddha
   severity: medium
   description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
   remediation: |
     Upgrade Adobe Coldfusion to a version higher than 8.0.1 or apply the necessary patches provided by the vendor.
   reference:

http/cves/2009/CVE-2009-2015.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).
+  impact: |
+    The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, information disclosure.
   remediation: |
     Update Joomla! MooFAQ to the latest version or apply the official patch provided by the vendor.
   reference:

http/cves/2009/CVE-2009-2100.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: |
     Upgrade to a patched version of JoomlaPraise Projectfork or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:

http/cves/2009/CVE-2009-3053.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Joomla! Agora to mitigate the vulnerability.
   reference:

http/cves/2009/CVE-2009-3318.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
+  impact: |
+    The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, data disclosure.
   remediation: |
     Update to the latest version of Joomla! Roland Breedveld Album and apply any available patches or security updates.
   reference:

http/cves/2009/CVE-2009-4202.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Upgrade to a patched version of Joomla! Omilen Photo Gallery or apply the necessary security patches to mitigate the LFI vulnerability.
   reference:

http/cves/2009/CVE-2009-4223.yaml

@@ -5,6 +5,8 @@ info:
   author: geeknik
   severity: high
   description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
+  impact: |
+    An attacker can exploit this vulnerability to include arbitrary files from remote servers, leading to remote code execution or information disclosure.
   remediation: |
     Upgrade to a patched version of KR-Web or apply the necessary security patches to fix the remote file inclusion vulnerability.
   reference:

http/cves/2009/CVE-2009-4679.yaml

@@ -6,6 +6,8 @@ info:
   severity: high
   description: |
     Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
   remediation: |
     Apply the latest security patches and updates provided by Joomla! to fix the Remote File Inclusion vulnerability.
   reference:

http/cves/2009/CVE-2009-5020.yaml

@@ -5,6 +5,8 @@ info:
   author: pdteam
   severity: medium
   description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
+  impact: |
+    Allows attackers to redirect users to malicious websites or phishing pages.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2009-5020

http/cves/2009/CVE-2009-5114.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
+  impact: |
+    An attacker can view, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/36994

http/cves/2010/CVE-2010-0157.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/10943

http/cves/2010/CVE-2010-0219.yaml

@@ -5,6 +5,8 @@ info:
   author: pikpikcu
   severity: critical
   description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or the ability to modify or delete data.
   remediation: |
     Disable or restrict access to the Axis2 web interface, or apply the necessary patches or updates provided by the vendor.
   reference:

http/cves/2010/CVE-2010-0467.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: Apply all relevant security patches and upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11282

http/cves/2010/CVE-2010-0696.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
+  impact: |
+    An attacker can exploit this vulnerability to retrieve arbitrary files from the server.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11447

http/cves/2010/CVE-2010-0759.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11498

http/cves/2010/CVE-2010-0942.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11089

http/cves/2010/CVE-2010-0943.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: |
     Update to the latest version of Joomla! Component com_jashowcase to fix the directory traversal vulnerability.
   reference:

http/cves/2010/CVE-2010-0944.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    An attacker can exploit this vulnerability to read arbitrary files on the server.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11088

http/cves/2010/CVE-2010-0972.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11738

http/cves/2010/CVE-2010-0982.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Allows an attacker to read arbitrary files on the server, leading to potential information disclosure and further exploitation.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/10942

http/cves/2010/CVE-2010-0985.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/10948

http/cves/2010/CVE-2010-1056.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11760

http/cves/2010/CVE-2010-1081.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11511

http/cves/2010/CVE-2010-1217.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Apply all relevant security patches and product upgrades.
   reference:
     - https://www.exploit-db.com/exploits/11814

http/cves/2010/CVE-2010-1219.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11757

http/cves/2010/CVE-2010-1302.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11978

http/cves/2010/CVE-2010-1305.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12065

http/cves/2010/CVE-2010-1306.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12058

http/cves/2010/CVE-2010-1307.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12070

http/cves/2010/CVE-2010-1308.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12066

http/cves/2010/CVE-2010-1312.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12077

http/cves/2010/CVE-2010-1313.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! CMS.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12082

http/cves/2010/CVE-2010-1314.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12086

http/cves/2010/CVE-2010-1315.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/11999

http/cves/2010/CVE-2010-1340.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The vulnerability allows an attacker to include arbitrary local files, leading to remote code execution or sensitive information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/33797

http/cves/2010/CVE-2010-1345.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/15453

http/cves/2010/CVE-2010-1352.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12084

http/cves/2010/CVE-2010-1353.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability in LoginBox component.
   reference:

http/cves/2010/CVE-2010-1354.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12102

http/cves/2010/CVE-2010-1429.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
+  impact: |
+    An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks.
   remediation: |
     Apply the necessary patches or updates provided by Red Hat to fix the vulnerability.
   reference:

http/cves/2010/CVE-2010-1461.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! application.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12232

http/cves/2010/CVE-2010-1469.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12146

http/cves/2010/CVE-2010-1470.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12166

http/cves/2010/CVE-2010-1471.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component Address Book or apply the necessary patches to fix the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1472.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potentially execute arbitrary code.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12167

http/cves/2010/CVE-2010-1473.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12171

http/cves/2010/CVE-2010-1474.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component Sweetykeeper or apply the necessary patches to fix the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1475.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can allow an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code.
   remediation: |
     Update to the latest version of Joomla! Component Preventive And Reservation and apply any available patches or fixes to mitigate the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1476.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12150

http/cves/2010/CVE-2010-1478.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12145

http/cves/2010/CVE-2010-1491.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! CMS.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12318

http/cves/2010/CVE-2010-1494.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12113

http/cves/2010/CVE-2010-1495.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12286

http/cves/2010/CVE-2010-1531.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12054

http/cves/2010/CVE-2010-1532.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12118

http/cves/2010/CVE-2010-1533.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12142

http/cves/2010/CVE-2010-1535.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component TRAVELbook or apply the necessary patches to fix the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1540.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
+  impact: |
+    An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information.
   remediation: |
     Apply the latest security patches or updates provided by Joomla! to fix the directory traversal vulnerability in com_blog component.
   reference:

http/cves/2010/CVE-2010-1586.yaml

@@ -6,6 +6,8 @@ info:
   severity: medium
   description: |
     Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.
+  impact: |
+    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of malware.
   remediation: |
     Apply the latest patches or updates provided by HP to fix the open redirect vulnerability.
   reference:

http/cves/2010/CVE-2010-1601.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to unauthorized access and potential data leakage.
   remediation: |
     Apply the latest security patches or upgrade to a patched version of Joomla! Component JA Comment to mitigate the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1602.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component ZiMB Comment or apply the provided patch to fix the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1603.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
   remediation: Upgrade to the latest version to mitigate this vulnerability.
   reference:
     - https://www.exploit-db.com/exploits/12284

http/cves/2010/CVE-2010-1607.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution.
   remediation: |
     Update Joomla! Component WMI to the latest version or apply the provided patch to fix the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1653.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the entire Joomla! installation.
   remediation: |
     Update Joomla! Component Graphics to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1657.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files.
   remediation: |
     Update to the latest version of Joomla! Component SmartSite or apply the necessary patches to fix the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1658.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can allow an attacker to read arbitrary files on the server, potentially leading to unauthorized access, sensitive information disclosure, or further attacks.
   remediation: |
     Update to the latest version of Joomla! Component NoticeBoard or apply the necessary patches to fix the LFI vulnerability.
   reference:

http/cves/2010/CVE-2010-1659.yaml

@@ -5,6 +5,8 @@ info:
   author: daffainfo
   severity: medium
   description: A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
+  impact: |
+    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation.
   remediation: |
     Apply the latest security patches or updates provided by the Joomla! project to fix the LFI vulnerability in Ultimate Portfolio 1.0 component.
   reference: