daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-14
ghost 2024-11-18 03:12:46 +00:00
parent c818533fac
commit 3abaf6211c
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves.json
View File

@ -458,6 +458,7 @@
{"ID":"CVE-2017-18564","Info":{"Name":"Sender by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The sender plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18564.yaml"}
{"ID":"CVE-2017-18565","Info":{"Name":"Updater by BestWebSoft \u003c 1.35 - Cross-Site Scripting","Severity":"medium","Description":"The updater plugin before 1.35 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18565.yaml"}
{"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"}
{"ID":"CVE-2017-18590","Info":{"Name":"Timesheet Plugin \u003c 0.1.5 - Cross-Site Scripting","Severity":"medium","Description":"The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18590.yaml"}
{"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"}
{"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"}
{"ID":"CVE-2017-3131","Info":{"Name":"FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in \"Applications\" under FortiView.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3131.yaml"}
@ -2734,6 +2735,7 @@
{"ID":"CVE-2024-8503","Info":{"Name":"VICIdial - SQL Injection","Severity":"critical","Description":"An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8503.yaml"}
{"ID":"CVE-2024-8517","Info":{"Name":"SPIP BigUp Plugin - Remote Code Execution","Severity":"critical","Description":"SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8517.yaml"}
{"ID":"CVE-2024-8522","Info":{"Name":"LearnPress WordPress LMS - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8522.yaml"}
{"ID":"CVE-2024-8673","Info":{"Name":"Z-Downloads \u003c 1.11.7 - Cross-Site Scripting","Severity":"low","Description":"The plugin does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2024/CVE-2024-8673.yaml"}
{"ID":"CVE-2024-8698","Info":{"Name":"Keycloak - SAML Core Package Signature Validation Flaw","Severity":"high","Description":"A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2024/CVE-2024-8698.yaml"}
{"ID":"CVE-2024-8752","Info":{"Name":"WebIQ 2.15.9 - Directory Traversal","Severity":"high","Description":"The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-8752.yaml"}
{"ID":"CVE-2024-8877","Info":{"Name":"Riello Netman 204 - SQL Injection","Severity":"critical","Description":"The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-8877.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
9b31431e84d455a78bf28dddcd0e1504
87909c0dad787be2b50d3692d9da3b95