daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-11
ghost 2024-09-19 06:11:08 +00:00
parent 5240025058
commit 4176e632bc
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -1687,6 +1687,7 @@
{"ID":"CVE-2022-24384","Info":{"Name":"SmarterTools SmarterTrack - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24384.yaml"}
{"ID":"CVE-2022-2462","Info":{"Name":"WordPress Transposh \u003c=1.0.8.1 - Information Disclosure","Severity":"medium","Description":"WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2462.yaml"}
{"ID":"CVE-2022-24627","Info":{"Name":"AudioCodes Device Manager Express - SQL Injection","Severity":"critical","Description":"An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24627.yaml"}
{"ID":"CVE-2022-24637","Info":{"Name":"Open Web Analytics 1.7.3 - Remote Code Execution","Severity":"critical","Description":"Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '\u003c?php (instead of the intended \"\u003c?php sequence) aren't handled by the PHP interpreter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24637.yaml"}
{"ID":"CVE-2022-2467","Info":{"Name":"Garage Management System 1.0 - SQL Injection","Severity":"critical","Description":"Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2467.yaml"}
{"ID":"CVE-2022-24681","Info":{"Name":"ManageEngine ADSelfService Plus \u003c6121 - Stored Cross-Site Scripting","Severity":"medium","Description":"ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24681.yaml"}
{"ID":"CVE-2022-24716","Info":{"Name":"Icinga Web 2 - Arbitrary File Disclosure","Severity":"high","Description":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24716.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
06b317a97cb6e8c63b4fb0ccf5c2ad6b
b80c4bd4498f2850a084e03131c86f37