diff --git a/cves/2002/CVE-2002-1131.yaml b/cves/2002/CVE-2002-1131.yaml index f5b97cea43..984305784f 100644 --- a/cves/2002/CVE-2002-1131.yaml +++ b/cves/2002/CVE-2002-1131.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/21811 - https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html - http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/ + - http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html classification: cve-id: CVE-2002-1131 tags: xss,squirrelmail,cve,cve2002 diff --git a/cves/2005/CVE-2005-4385.yaml b/cves/2005/CVE-2005-4385.yaml index 5f5db6ae6f..6a9a9b678f 100644 --- a/cves/2005/CVE-2005-4385.yaml +++ b/cves/2005/CVE-2005-4385.yaml @@ -9,6 +9,7 @@ info: - http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html - https://nvd.nist.gov/vuln/detail/CVE-2005-4385 - http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/ + - http://www.securityfocus.com/bid/15940 classification: cve-id: CVE-2005-4385 tags: cofax,xss,cve,cve2005 diff --git a/cves/2006/CVE-2006-1681.yaml b/cves/2006/CVE-2006-1681.yaml index 29dc17389b..305fd6a305 100644 --- a/cves/2006/CVE-2006-1681.yaml +++ b/cves/2006/CVE-2006-1681.yaml @@ -9,7 +9,6 @@ info: - http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/ - https://nvd.nist.gov/vuln/detail/CVE-2006-1681 - http://secunia.com/advisories/19587 - - http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/ classification: cve-id: CVE-2006-1681 tags: cherokee,httpd,xss,cve,cve2006 diff --git a/cves/2007/CVE-2007-0885.yaml b/cves/2007/CVE-2007-0885.yaml index 275c87fe70..bb54d1e81c 100644 --- a/cves/2007/CVE-2007-0885.yaml +++ b/cves/2007/CVE-2007-0885.yaml @@ -9,6 +9,7 @@ info: - http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded - https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503 - https://exchange.xforce.ibmcloud.com/vulnerabilities/32418 + - http://www.securityfocus.com/bid/22503 classification: cve-id: CVE-2007-0885 tags: cve,cve2007,jira,xss diff --git a/cves/2009/CVE-2009-1496.yaml b/cves/2009/CVE-2009-1496.yaml index 43075ef122..51ca80e5ee 100644 --- a/cves/2009/CVE-2009-1496.yaml +++ b/cves/2009/CVE-2009-1496.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/8367 - https://www.cvedetails.com/cve/CVE-2009-1496 - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ + - http://www.securityfocus.com/bid/34431 classification: cve-id: CVE-2009-1496 tags: cve,cve2009,joomla,lfi diff --git a/cves/2009/CVE-2009-2100.yaml b/cves/2009/CVE-2009-2100.yaml index 8521b7a1f5..71625701ca 100644 --- a/cves/2009/CVE-2009-2100.yaml +++ b/cves/2009/CVE-2009-2100.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/8946 - https://www.cvedetails.com/cve/CVE-2009-2100 - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ + - http://www.securityfocus.com/bid/35378 classification: cve-id: CVE-2009-2100 tags: cve,cve2009,joomla,lfi diff --git a/cves/2009/CVE-2009-3318.yaml b/cves/2009/CVE-2009-3318.yaml index b4a3b73cf6..423f01145b 100644 --- a/cves/2009/CVE-2009-3318.yaml +++ b/cves/2009/CVE-2009-3318.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/9706 - https://www.cvedetails.com/cve/CVE-2009-3318 - https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/ + - http://www.securityfocus.com/bid/36441 classification: cve-id: CVE-2009-3318 tags: cve,cve2009,joomla,lfi diff --git a/cves/2010/CVE-2010-0985.yaml b/cves/2010/CVE-2010-0985.yaml index 9115ee3b66..27a096d30e 100644 --- a/cves/2010/CVE-2010-0985.yaml +++ b/cves/2010/CVE-2010-0985.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/10948 - https://www.cvedetails.com/cve/CVE-2010-0985 - http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560 + - http://www.securityfocus.com/bid/37560 remediation: Apply all relevant security patches and product upgrades. classification: cve-id: CVE-2010-0985 diff --git a/cves/2010/CVE-2010-1081.yaml b/cves/2010/CVE-2010-1081.yaml index 7ab93f6096..8b0eedcbd2 100644 --- a/cves/2010/CVE-2010-1081.yaml +++ b/cves/2010/CVE-2010-1081.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/11511 - https://www.cvedetails.com/cve/CVE-2010-1081 - http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html + - http://osvdb.org/62506 remediation: Apply all relevant security patches and product upgrades. classification: cve-id: CVE-2010-1081 diff --git a/cves/2010/CVE-2010-1304.yaml b/cves/2010/CVE-2010-1304.yaml index cc6b67f677..5501798d92 100644 --- a/cves/2010/CVE-2010-1304.yaml +++ b/cves/2010/CVE-2010-1304.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/11998 - https://www.cvedetails.com/cve/CVE-2010-1304 - http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174 + - http://www.securityfocus.com/bid/39174 remediation: Upgrade to a supported version. classification: cve-id: CVE-2010-1304 diff --git a/cves/2010/CVE-2010-1313.yaml b/cves/2010/CVE-2010-1313.yaml index 0705f12df2..57e5496cfa 100644 --- a/cves/2010/CVE-2010-1313.yaml +++ b/cves/2010/CVE-2010-1313.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/12082 - https://www.cvedetails.com/cve/CVE-2010-1313 - http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/ + - http://www.securityfocus.com/bid/39237 remediation: Upgrade to a supported version. classification: cve-id: CVE-2010-1313 diff --git a/cves/2010/CVE-2010-1461.yaml b/cves/2010/CVE-2010-1461.yaml index 0614d88947..27d8fa1ccb 100644 --- a/cves/2010/CVE-2010-1461.yaml +++ b/cves/2010/CVE-2010-1461.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/12232 - https://www.cvedetails.com/cve/CVE-2010-1461 - http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504 + - http://www.securityfocus.com/bid/39504 remediation: Upgrade to a supported version. classification: cve-id: CVE-2010-1461 diff --git a/cves/2010/CVE-2010-1715.yaml b/cves/2010/CVE-2010-1715.yaml index fef2f5715f..54a29f73dd 100644 --- a/cves/2010/CVE-2010-1715.yaml +++ b/cves/2010/CVE-2010-1715.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/12174 - https://www.cvedetails.com/cve/CVE-2010-1715 - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt + - http://www.osvdb.org/63659 classification: cve-id: CVE-2010-1715 tags: cve,cve2010,joomla,lfi diff --git a/cves/2010/CVE-2010-2307.yaml b/cves/2010/CVE-2010-2307.yaml index 43b312676d..ccfbac47a7 100644 --- a/cves/2010/CVE-2010-2307.yaml +++ b/cves/2010/CVE-2010-2307.yaml @@ -9,6 +9,7 @@ info: - http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info - https://nvd.nist.gov/vuln/detail/CVE-2010-2307 - https://www.exploit-db.com/exploits/12865 + - http://www.osvdb.org/65249 remediation: Upgrade to a supported product version. classification: cve-id: CVE-2010-2307 diff --git a/cves/2010/CVE-2010-2507.yaml b/cves/2010/CVE-2010-2507.yaml index f5a27209a7..8e300a62be 100644 --- a/cves/2010/CVE-2010-2507.yaml +++ b/cves/2010/CVE-2010-2507.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/13981 - https://www.cvedetails.com/cve/CVE-2010-2507 - http://secunia.com/advisories/40297 + - http://osvdb.org/65674 remediation: Upgrade to a supported version. classification: cve-id: CVE-2010-2507 diff --git a/cves/2011/CVE-2011-1669.yaml b/cves/2011/CVE-2011-1669.yaml index 3c5cd03b8e..709b2ef38d 100644 --- a/cves/2011/CVE-2011-1669.yaml +++ b/cves/2011/CVE-2011-1669.yaml @@ -9,6 +9,7 @@ info: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669 - https://www.exploit-db.com/exploits/17119 - http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/ + - http://www.securityfocus.com/bid/47146 remediation: Upgrade to a supported version. classification: cve-id: CVE-2011-1669 diff --git a/cves/2011/CVE-2011-2780.yaml b/cves/2011/CVE-2011-2780.yaml index 388692dd68..28591895f0 100644 --- a/cves/2011/CVE-2011-2780.yaml +++ b/cves/2011/CVE-2011-2780.yaml @@ -15,9 +15,9 @@ info: - http://securityreason.com/securityalert/8312 - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 - http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded + remediation: Upgrade to a supported version. classification: cve-id: CVE-2011-2780 - remediation: Upgrade to a supported version. tags: cve,cve2011,lfi,chyrp requests: diff --git a/cves/2011/CVE-2011-4336.yaml b/cves/2011/CVE-2011-4336.yaml index 6e31070ae3..3f7e60cb18 100644 --- a/cves/2011/CVE-2011-4336.yaml +++ b/cves/2011/CVE-2011-4336.yaml @@ -9,12 +9,13 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 - http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info - https://seclists.org/bugtraq/2011/Nov/140 + - https://www.securityfocus.com/bid/48806/info + remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2011-4336 cwe-id: CWE-79 - remediation: Upgrade to a supported version. tags: cve,cve2011,xss,tikiwiki requests: diff --git a/cves/2011/CVE-2011-4618.yaml b/cves/2011/CVE-2011-4618.yaml index 8b03bd5fa1..133b6c12d3 100644 --- a/cves/2011/CVE-2011-4618.yaml +++ b/cves/2011/CVE-2011-4618.yaml @@ -9,6 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-4618 - http://web.archive.org/web/20210121070605/https://www.securityfocus.com/archive/1/520589 - http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities + - http://www.securityfocus.com/archive/1/520589 remediation: Upgrade to a supported version. classification: cve-id: CVE-2011-4618 diff --git a/cves/2011/CVE-2011-4624.yaml b/cves/2011/CVE-2011-4624.yaml index 6a890d4173..dfdc3068a1 100644 --- a/cves/2011/CVE-2011-4624.yaml +++ b/cves/2011/CVE-2011-4624.yaml @@ -9,6 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-4624 - http://www.openwall.com/lists/oss-security/2011/12/23/2 - http://plugins.trac.wordpress.org/changeset/469785 + - http://archives.neohapsis.com/archives/bugtraq/2011-12/0180.html remediation: Upgrade to a supported version. classification: cve-id: CVE-2011-4624 diff --git a/cves/2011/CVE-2011-5181.yaml b/cves/2011/CVE-2011-5181.yaml index 461e650979..74adde35d9 100644 --- a/cves/2011/CVE-2011-5181.yaml +++ b/cves/2011/CVE-2011-5181.yaml @@ -9,6 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2011-5181 - http://web.archive.org/web/20210123155244/https://www.securityfocus.com/bid/50778/ - http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/ + - http://www.securityfocus.com/bid/50778 classification: cve-id: CVE-2011-5181 tags: cve,cve2011,wordpress,xss,wp-plugin diff --git a/cves/2011/CVE-2011-5265.yaml b/cves/2011/CVE-2011-5265.yaml index 7e473504bd..19e7c452a0 100644 --- a/cves/2011/CVE-2011-5265.yaml +++ b/cves/2011/CVE-2011-5265.yaml @@ -8,6 +8,8 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5265 - http://web.archive.org/web/20210123103000/https://www.securityfocus.com/bid/50779/ + - http://osvdb.org/77337 + - http://www.securityfocus.com/bid/50779 classification: cve-id: CVE-2011-5265 tags: cve,cve2011,wordpress,xss,wp-plugin diff --git a/cves/2012/CVE-2012-0991.yaml b/cves/2012/CVE-2012-0991.yaml index 58a78321f9..35255af754 100644 --- a/cves/2012/CVE-2012-0991.yaml +++ b/cves/2012/CVE-2012-0991.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/36650 - https://www.cvedetails.com/cve/CVE-2012-0991 - http://web.archive.org/web/20210121221715/https://www.securityfocus.com/bid/51788/ + - http://osvdb.org/78729 classification: cve-id: CVE-2012-0991 tags: cve,cve2012,lfi,openemr,traversal diff --git a/cves/2012/CVE-2012-4253.yaml b/cves/2012/CVE-2012-4253.yaml index b085d1ae97..e9211386c2 100644 --- a/cves/2012/CVE-2012-4253.yaml +++ b/cves/2012/CVE-2012-4253.yaml @@ -8,6 +8,8 @@ info: reference: - https://www.exploit-db.com/exploits/37129 - https://www.cvedetails.com/cve/CVE-2012-4253 + - http://www.osvdb.org/81609 + - http://www.osvdb.org/81615 classification: cve-id: CVE-2012-4253 tags: cve,cve2012,lfi diff --git a/cves/2012/CVE-2012-4889.yaml b/cves/2012/CVE-2012-4889.yaml index 92db173544..822bdd4a50 100644 --- a/cves/2012/CVE-2012-4889.yaml +++ b/cves/2012/CVE-2012-4889.yaml @@ -8,6 +8,8 @@ info: reference: - http://web.archive.org/web/20210121082432/https://www.securityfocus.com/bid/52841/info - https://nvd.nist.gov/vuln/detail/CVE-2012-4889 + - http://osvdb.org/80873 + - http://osvdb.org/80872 classification: cve-id: CVE-2012-4889 tags: cve,cve2012,xss,manageengine diff --git a/cves/2013/CVE-2013-2287.yaml b/cves/2013/CVE-2013-2287.yaml index e62688b1eb..53312074c8 100644 --- a/cves/2013/CVE-2013-2287.yaml +++ b/cves/2013/CVE-2013-2287.yaml @@ -8,6 +8,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-2287 - https://www.dognaedis.com/vulns/DGS-SEC-16.html + - http://osvdb.org/90840 classification: cve-id: CVE-2013-2287 tags: cve,cve2013,wordpress,xss,wp-plugin diff --git a/cves/2013/CVE-2013-4625.yaml b/cves/2013/CVE-2013-4625.yaml index a5edba8734..72681d4d01 100644 --- a/cves/2013/CVE-2013-4625.yaml +++ b/cves/2013/CVE-2013-4625.yaml @@ -9,6 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2013-4625 - https://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html - https://seclists.org/bugtraq/2013/Jul/160 + - http://osvdb.org/95627 remediation: Upgrade to Duplicator 0.4.5 or later. classification: cve-id: CVE-2013-4625 diff --git a/cves/2013/CVE-2013-7091.yaml b/cves/2013/CVE-2013-7091.yaml index 2a81348200..ae2e8ddeea 100644 --- a/cves/2013/CVE-2013-7091.yaml +++ b/cves/2013/CVE-2013-7091.yaml @@ -9,6 +9,7 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2013-7091 - https://www.exploit-db.com/exploits/30085 - https://www.exploit-db.com/exploits/30472 + - http://osvdb.org/100747 classification: cve-id: CVE-2013-7091 tags: cve,cve2013,zimbra,lfi diff --git a/cves/2014/CVE-2014-10037.yaml b/cves/2014/CVE-2014-10037.yaml index fc7bb4f818..35aa39b4b4 100644 --- a/cves/2014/CVE-2014-10037.yaml +++ b/cves/2014/CVE-2014-10037.yaml @@ -9,6 +9,7 @@ info: - https://www.exploit-db.com/exploits/30865 - https://www.cvedetails.com/cve/CVE-2014-10037 - https://nvd.nist.gov/vuln/detail/CVE-2014-10037 + - http://osvdb.org/show/osvdb/102204 classification: cve-id: CVE-2014-10037 tags: cve,cve2014,lfi diff --git a/cves/2017/CVE-2017-11512.yaml b/cves/2017/CVE-2017-11512.yaml index 7423bc1c0b..70c1c42984 100644 --- a/cves/2017/CVE-2017-11512.yaml +++ b/cves/2017/CVE-2017-11512.yaml @@ -18,7 +18,7 @@ info: cwe-id: CWE-22 metadata: shodan-query: http.title:"ManageEngine" - verified: true + verified: "true" tags: cve,cve2017,manageengine,lfr,unauth requests: diff --git a/cves/2018/CVE-2018-19439.yaml b/cves/2018/CVE-2018-19439.yaml index 5b82c57b63..746f98a78c 100644 --- a/cves/2018/CVE-2018-19439.yaml +++ b/cves/2018/CVE-2018-19439.yaml @@ -9,6 +9,7 @@ info: - http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/ - http://seclists.org/fulldisclosure/2018/Nov/58 - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html + - http://www.securityfocus.com/bid/106006 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 diff --git a/cves/2018/CVE-2018-2791.yaml b/cves/2018/CVE-2018-2791.yaml index a2b656b70b..9d8f79ca17 100644 --- a/cves/2018/CVE-2018-2791.yaml +++ b/cves/2018/CVE-2018-2791.yaml @@ -4,10 +4,7 @@ info: name: Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting author: madrobot,leovalcante severity: high - description: The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP - to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Successful attacks require human interaction from a person other than the attacker and while - the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access - to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. + description: The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. reference: - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html - http://www.securitytracker.com/id/1040695 diff --git a/cves/2019/CVE-2019-8442.yaml b/cves/2019/CVE-2019-8442.yaml index 14562a36e5..1f754024b1 100644 --- a/cves/2019/CVE-2019-8442.yaml +++ b/cves/2019/CVE-2019-8442.yaml @@ -8,6 +8,7 @@ info: reference: - https://jira.atlassian.com/browse/JRASERVER-69241 - http://web.archive.org/web/20210125215006/https://www.securityfocus.com/bid/108460/ + - http://www.securityfocus.com/bid/108460 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5