daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-11
ghost 2024-09-06 12:17:13 +00:00
parent 9d79677b84
commit 27f8361eaa
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@ -240,6 +240,7 @@
{"ID":"CVE-2014-4941","Info":{"Name":"Cross RSS 1.7 - Local File Inclusion","Severity":"medium","Description":"Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4941.yaml"}
{"ID":"CVE-2014-4942","Info":{"Name":"WordPress EasyCart \u003c2.0.6 - Information Disclosure","Severity":"medium","Description":"WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4942.yaml"}
{"ID":"CVE-2014-5111","Info":{"Name":"Fonality trixbox - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5111.yaml"}
{"ID":"CVE-2014-5181","Info":{"Name":"Last.fm Rotation 1.0 - Path Traversal","Severity":"medium","Description":"Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5181.yaml"}
{"ID":"CVE-2014-5187","Info":{"Name":"Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5187.yaml"}
{"ID":"CVE-2014-5258","Info":{"Name":"webEdition 6.3.8.0 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2014/CVE-2014-5258.yaml"}
{"ID":"CVE-2014-5368","Info":{"Name":"WordPress Plugin WP Content Source Control - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5368.yaml"}
@ -2582,6 +2583,7 @@
{"ID":"CVE-2024-6911","Info":{"Name":"PerkinElmer ProcessPlus \u003c= 1.11.6507.0 - Local File Inclusion","Severity":"high","Description":"Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0.\n","Classification":{"CVSSScore":"8.7"}},"file_path":"http/cves/2024/CVE-2024-6911.yaml"}
{"ID":"CVE-2024-6922","Info":{"Name":"Automation Anywhere Automation 360 - Server-Side Request Forgery","Severity":"high","Description":"Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6922.yaml"}
{"ID":"CVE-2024-7008","Info":{"Name":"Calibre \u003c= 7.15.0 - Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attackers JavaScript code in the context of the victims browser. If the Calibre server is running with authentication enabled and the victim is logged in at the time, this can be used to cause the victim to perform actions on the Calibre server on behalf of the attacker.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-7008.yaml"}
{"ID":"CVE-2024-7029","Info":{"Name":"AVTECH IP Camera - Command Injection","Severity":"high","Description":"The endpoint `/cgi-bin/supervisor/Factory.cgi` is vulnerable to command injection via the `action` parameter, allowing remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7029.yaml"}
{"ID":"CVE-2024-7120","Info":{"Name":"Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection","Severity":"medium","Description":"A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-7120.yaml"}
{"ID":"CVE-2024-7188","Info":{"Name":"Bylancer Quicklancer 2.4 G - SQL Injection","Severity":"high","Description":"A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-7188.yaml"}
{"ID":"CVE-2024-7332","Info":{"Name":"TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability","Severity":"critical","Description":"A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7332.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
e24cab5091cf75eded6fd5aeba9aa699
0e1a7f8b78751f90e98f76b29f8dd2d1