Merge pull request #2509 from nrathaus/master

Multiple template fixes
2021-08-29 14:45:55 +05:30 · 2021-08-29 14:45:55 +05:30 · 461cca5fdc
parent 9a44f17217 ac68ef0e9a
commit 461cca5fdc
16 changed files with 47 additions and 14 deletions
--- a/cves/2016/CVE-2016-10956.yaml
+++ b/cves/2016/CVE-2016-10956.yaml
@ -5,7 +5,9 @@ info:
  author: daffainfo,0x240x23elu
  severity: high
  description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
-  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10956
+  reference:
+    - https://cxsecurity.com/issue/WLB-2016080220
+    - https://wpvulndb.com/vulnerabilities/8609
  tags: cve,cve2016,wordpress,wp-plugin,lfi

 requests:
--- a/cves/2016/CVE-2016-5649.yaml
+++ b/cves/2016/CVE-2016-5649.yaml
@ -1,7 +1,7 @@
 id: CVE-2016-5649

 info:
-  name: Netgear DGN2200 / DGND3700 - Admin Password Disclosure
+  name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
  author: suman_kar
  severity: critical
  description: Vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. Attacker can use this password to gain administrator access of the targeted routers web interface.
--- a/cves/2017/CVE-2017-15944.yaml
+++ b/cves/2017/CVE-2017-15944.yaml
@ -3,6 +3,7 @@ id: CVE-2017-15944
 info:
  name: PreAuth RCE on Palo Alto GlobalProtect
  author: emadshanab,milo2012
+  description: Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
  reference:
    - https://www.exploit-db.com/exploits/43342
    - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
--- a/cves/2018/CVE-2018-17254.yaml
+++ b/cves/2018/CVE-2018-17254.yaml
@ -6,6 +6,9 @@ info:
  description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
  severity: high
  tags: joomla,sqli,cve,cve2018
+  reference:
+    - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html
+    - https://www.exploit-db.com/exploits/45423/

 requests:
  - raw:
--- a/cves/2018/CVE-2018-18777.yaml
+++ b/cves/2018/CVE-2018-18777.yaml
@ -4,6 +4,10 @@ info:
  name: Path traversal vulnerability in Microstrategy Web version 7
  author: 0x_Akoko
  severity: high
+  description: |
+    Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage)
+    allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..
+    (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
  reference: https://www.exploit-db.com/exploits/45755
  tags: microstrategy,lfi

--- a/cves/2018/CVE-2018-9995.yaml
+++ b/cves/2018/CVE-2018-9995.yaml
@ -3,7 +3,16 @@ info:
  name: DVR Authentication Bypass
  author: princechaddha
  severity: high
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-9995
+  description: |
+    TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and
+    MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass
+    authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides
+    credentials within JSON data in a response.
+  reference:
+    - http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html
+    - http://misteralfa-hack.blogspot.cl/2018/04/update-dvr-login-bypass-cve-2018-9995.html
+    - https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/
+    - https://www.exploit-db.com/exploits/44577/
  tags: cve,cve2018,auth-bypass

 requests:
--- a/cves/2019/CVE-2019-15713.yaml
+++ b/cves/2019/CVE-2019-15713.yaml
@ -4,7 +4,7 @@ info:
  name: My Calendar <= 3.1.9 - Reflected Cross-Site Scripting (XSS)
  author: daffainfo,dhiyaneshDk
  severity: medium
-  description: Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
+  description: The my-calendar plugin before 3.1.10 for WordPress has XSS. Triggered via unescaped usage of URL parameters in multiple locations presented in the public view of a site.
  reference:
    - https://wpscan.com/vulnerability/9267
    - https://nvd.nist.gov/vuln/detail/CVE-2019-15713
--- a/cves/2020/CVE-2020-26919.yaml
+++ b/cves/2020/CVE-2020-26919.yaml
@ -1,7 +1,7 @@
 id: CVE-2020-26919

 info:
-  name: Netgear ProSAFE Plus - Unauthenticated Remote Code Execution
+  name: NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
  author: gy741
  severity: critical
  description: It was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands.
--- a/cves/2020/CVE-2020-27866.yaml
+++ b/cves/2020/CVE-2020-27866.yaml
@ -1,7 +1,7 @@
 id: CVE-2020-27866

 info:
-  name: Netgear Authentication Bypass vulnerability
+  name: NETGEAR Authentication Bypass vulnerability
  author: gy741
  severity: high
  description: This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this vulnerability.
@ -10,6 +10,7 @@ info:
    - https://wzt.ac.cn/2021/01/13/AC2400_vuln/
    - https://www.zerodayinitiative.com/advisories/ZDI-20-1451/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866
+    - https://kb.netgear.com/000062641/Security-Advisory-for-Password-Recovery-Vulnerabilities-on-Some-Routers

 requests:
  - raw:
--- a/cves/2021/CVE-2021-24210.yaml
+++ b/cves/2021/CVE-2021-24210.yaml
@ -3,7 +3,11 @@ id: CVE-2021-24210
 info:
  name: PhastPress < 1.111 - Open Redirect
  author: 0x_Akoko
-  description: There is an open redirect in the plugin that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page.
+  description: |
+    There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page
+    with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year
+    ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only
+    go to whitelisted pages but it's possible to redirect the victim to any domain.
  reference: https://wpscan.com/vulnerability/9b3c5412-8699-49e8-b60c-20d2085857fb
  severity: low
  tags: wordpress,cve,cve2021,redirect
--- a/cves/2021/CVE-2021-24387.yaml
+++ b/cves/2021/CVE-2021-24387.yaml
@ -3,7 +3,10 @@ id: CVE-2021-24387
 info:
  name: Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
  author: suman_kar
-  description: XSS in wordpress via ct_community parameter
+  description: |
+    The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter
+    in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which
+    can be triggered in both unauthenticated or authenticated user context
  severity: medium
  tags: cve,cve2021,xss,wordpress
  reference: https://cxsecurity.com/issue/WLB-2021070041
--- a/cves/2021/CVE-2021-35464.yaml
+++ b/cves/2021/CVE-2021-35464.yaml
@ -3,7 +3,11 @@ id: CVE-2021-35464
 info:
  author: madrobot
  name: Pre-auth RCE in ForgeRock OpenAM
-  description: ForgeRock OpenAM unsafe Java deserialization RCE.
+  description: |
+    ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.
+    The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted
+    /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)
+    found in versions of Java 8 or earlier
  severity: critical
  tags: cve,cve2021,openam,rce,java
  reference:
--- a/vulnerabilities/other/netgear-router-auth-bypass.yaml
+++ b/vulnerabilities/other/netgear-router-auth-bypass.yaml
@ -1,7 +1,7 @@
 id: netgear-router-auth-bypass

 info:
-  name: Netgear DGN2200v1 Router Authentication Bypass
+  name: NETGEAR DGN2200v1 Router Authentication Bypass
  author: gy741
  severity: high
  description: NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”).
--- a/vulnerabilities/other/netgear-router-exposure.yaml
+++ b/vulnerabilities/other/netgear-router-exposure.yaml
@ -1,8 +1,8 @@
 id: netgear-router-exposure

 info:
-  name: Netgear Router S/N Disclosure
-  description: Multiple Netgear router models disclose their serial number which can be used to obtain the admin password if password recovery is enabled.
+  name: NETGEAR Router S/N Disclosure
+  description: Multiple NETGEAR router models disclose their serial number which can be used to obtain the admin password if password recovery is enabled.
  reference:
    - https://www.exploit-db.com/exploits/47117
    - https://www.exploit-db.com/exploits/45741
--- a/vulnerabilities/other/netgear-wnap320-rce.yaml
+++ b/vulnerabilities/other/netgear-wnap320-rce.yaml
@ -1,10 +1,10 @@
 id: netgear-wnap320-rce

 info:
-  name: Netgear WNAP320 Access Point - Remote Code Execution (Unauthenticated)
+  name: NETGEAR WNAP320 Access Point - Remote Code Execution (Unauthenticated)
  author: gy741
  severity: critical
-  description: vulnerabilities in the web-based management interface of Netgear WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
+  description: vulnerabilities in the web-based management interface of NETGEAR WNAP320 Access Point could allow an authenticated, remote attacker to perform command injection attacks against an affected device.
  reference:
    - https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE
  tags: netgear,rce,oob,router
--- a/vulnerabilities/other/resin-inputfile-fileread.yaml
+++ b/vulnerabilities/other/resin-inputfile-fileread.yaml
@ -3,7 +3,9 @@ info:
  name: Caucho Resin LFR
  author: princechaddha
  severity: high
+  description: A vulnerability in Caucho Resin allows remote unauthenticated users to utilize the 'inputFile' variable to include the content of locally stored files and disclose their content.
  tags: resin,caucho,lfr
+  reference: https://blkstone.github.io/2017/10/30/resin-attack-vectors/

 requests:
  - method: GET