Auto Generated cves.json [Tue Apr 4 08:44:27 UTC 2023] 🤖

patch-1
GitHub Action 2023-04-04 08:44:27 +00:00
parent 8701bff749
commit 392073b77b
2 changed files with 3 additions and 2 deletions

View File

@ -227,6 +227,7 @@
{"ID":"CVE-2014-5258","Info":{"Name":"webEdition 6.3.8.0 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2014/CVE-2014-5258.yaml"}
{"ID":"CVE-2014-5368","Info":{"Name":"WordPress Plugin WP Content Source Control - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2014/CVE-2014-5368.yaml"}
{"ID":"CVE-2014-6271","Info":{"Name":"ShellShock - Remote Code Execution","Severity":"critical","Description":"GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2014/CVE-2014-6271.yaml"}
{"ID":"CVE-2014-6287","Info":{"Name":"HFS \u003c 2.3c Remote Command Execution","Severity":"critical","Description":"The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2014/CVE-2014-6287.yaml"}
{"ID":"CVE-2014-6308","Info":{"Name":"Osclass Security Advisory 3.4.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2014/CVE-2014-6308.yaml"}
{"ID":"CVE-2014-8676","Info":{"Name":"Simple Online Planning Tool \u003c1.3.2 - Local File Inclusion","Severity":"medium","Description":"SOPlanning \u003c1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2014/CVE-2014-8676.yaml"}
{"ID":"CVE-2014-8682","Info":{"Name":"Gogs (Go Git Service) - SQL Injection","Severity":"critical","Description":"Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.","Classification":{"CVSSScore":"10"}},"file_path":"cves/2014/CVE-2014-8682.yaml"}
@ -1494,7 +1495,7 @@
{"ID":"CVE-2022-24900","Info":{"Name":"Piano LED Visualizer 1.3 - Local File Inclusion","Severity":"high","Description":"Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2022/CVE-2022-24900.yaml"}
{"ID":"CVE-2022-24990","Info":{"Name":"TerraMaster TOS \u003c 4.2.30 Server Information Disclosure","Severity":"high","Description":"TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-24990.yaml"}
{"ID":"CVE-2022-25082","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-25082.yaml"}
{"ID":"CVE-2022-25125","Info":{"Name":"MCMS v5.2.4 /mdiy/dict/listExcludeApp - SQL Injection","Severity":"high","Description":"MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-25125.yaml"}
{"ID":"CVE-2022-25125","Info":{"Name":"MCMS v5.2.4 /mdiy/dict/listExcludeApp - SQL Injection","Severity":"critical","Description":"MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-25125.yaml"}
{"ID":"CVE-2022-25216","Info":{"Name":"DVDFab 12 Player/PlayerFab - Local File Inclusion","Severity":"high","Description":"DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-25216.yaml"}
{"ID":"CVE-2022-25323","Info":{"Name":"ZEROF Web Server 2.0 - Cross-Site Scripting","Severity":"medium","Description":"ZEROF Web Server 2.0 allows /admin.back cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-25323.yaml"}
{"ID":"CVE-2022-25356","Info":{"Name":"Alt-N MDaemon Security Gateway - XML Injection","Severity":"medium","Description":"In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-25356.yaml"}

View File

@ -1 +1 @@
86ecfb5f0cefa9b2a1ee358c2e283af0
f5d5568de7618e69673e975f644eb505