daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-11
ghost 2024-08-29 04:03:56 +00:00
parent 99dc463d89
commit 28aec96e2e
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2449,6 +2449,7 @@
{"ID":"CVE-2024-28995","Info":{"Name":"SolarWinds Serv-U - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-28995.yaml"}
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
{"ID":"CVE-2024-29272","Info":{"Name":"VvvebJs \u003c 1.7.5 - Arbitrary File Upload","Severity":"medium","Description":"Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-29272.yaml"}
{"ID":"CVE-2024-29824","Info":{"Name":"Ivanti EPM - Remote Code Execution","Severity":"critical","Description":"An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2024/CVE-2024-29824.yaml"}
{"ID":"CVE-2024-29868","Info":{"Name":"Apache StreamPipes \u003c= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation","Severity":"critical","Description":"Apache StreamPipes from version 0.69.0 through 0.93.0 uses a cryptographically weak Pseudo-Random Number Generator (PRNG) in the recovery token generation mechanism. Given a valid token it's possible to predict all past and future generated tokens.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-29868.yaml"}
{"ID":"CVE-2024-29895","Info":{"Name":"Cacti cmd_realtime.php - Command Injection","Severity":"critical","Description":"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-29895.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
c51ee8e99d241a91c6d965df52179750
4d967124e1fe579767801a480dbb8e0a