daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2626 from projectdiscovery/cve-annotations 

Added cve annotations + severity adjustments
patch-1
Sandeep Singh 2021-09-10 22:49:50 +05:30 committed by GitHub
parent cf4ef2ac5a e9f728c321
commit 47cb6a7df0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
547 changed files with 2998 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2011/CVE-2011-4336.yaml
View File

@ -10,6 +10,11 @@ info:
- https://www.securityfocus.com/bid/48806/info
- https://seclists.org/bugtraq/2011/Nov/140
tags: cve,cve2011,xss,tikiwiki
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2011-4336
cwe-id: CWE-79
requests:
- method: GET

1
cves/2012/CVE-2012-4242.yaml
View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin
description: "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
requests:
- method: GET

1
cves/2013/CVE-2013-2287.yaml
View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter."
requests:
- method: GET

1
cves/2013/CVE-2013-3526.yaml
View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin
description: "Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."
requests:
- method: GET

5
cves/2014/CVE-2014-2323.yaml
View File

@ -7,6 +7,11 @@ info:
author: geeknik
severity: critical
tags: cve,cve2014,sqli,lighttpd
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2014-2323
cwe-id: CWE-89
requests:
- raw:

5
cves/2014/CVE-2014-3744.yaml
View File

@ -9,6 +9,11 @@ info:
- https://snyk.io/vuln/npm:st:20140206
severity: high
tags: cve,cve2014,lfi,nodejs,st
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2014-3744
cwe-id: CWE-22
requests:
- method: GET

1
cves/2014/CVE-2014-4210.yaml
View File

@ -8,6 +8,7 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-4210
- https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html
description: "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services."
requests:
- method: GET

6
cves/2014/CVE-2014-4535.yaml
View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
- https://nvd.nist.gov/vuln/detail/CVE-2014-4535
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4535
cwe-id: CWE-79
description: "Cross-site scripting (XSS) vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php."
requests:
- method: GET

6
cves/2014/CVE-2014-4536.yaml
View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
- https://nvd.nist.gov/vuln/detail/CVE-2014-4536
tags: cve,cve2014,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2014-4536
cwe-id: CWE-79
description: "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."
requests:
- method: GET

7
cves/2014/CVE-2014-6271.yaml
View File

@ -3,13 +3,18 @@ id: CVE-2014-6271
info:
name: Shellshock
author: pentest_swissky
severity: high
severity: critical
description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
reference:
- http://www.kb.cert.org/vuls/id/252743
- http://www.us-cert.gov/ncas/alerts/TA14-268A
tags: cve,cve2014,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2014-6271
cwe-id: CWE-78
requests:
- method: GET
path:

1
cves/2014/CVE-2014-6308.yaml
View File

@ -6,6 +6,7 @@ info:
severity: high
reference: https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
tags: cve,cve2014,lfi
description: "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
requests:
- method: GET

1
cves/2014/CVE-2014-9094.yaml
View File

@ -6,6 +6,7 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2014-9094
tags: cve,2014,wordpress,xss,wp-plugin
description: "Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter."
requests:
- method: GET

6
cves/2015/CVE-2015-1000012.yaml
View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012
tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-1000012
cwe-id: CWE-200
description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin"
requests:
- method: GET

7
cves/2015/CVE-2015-2080.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2015-2080
info:
name: Eclipse Jetty Remote Leakage
author: pikpikcu
severity: medium
severity: high
reference:
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
@ -11,6 +11,11 @@ info:
description: |
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
tags: cve,cve2015,jetty
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-2080
cwe-id: CWE-200
requests:
- method: POST

1
cves/2015/CVE-2015-2807.yaml
View File

@ -8,6 +8,7 @@ info:
- https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2807
tags: cve,cve2015,wordpress,wp-plugin,xss
description: "Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter."
requests:
- method: GET

5
cves/2015/CVE-2015-6544.yaml
View File

@ -8,6 +8,11 @@ info:
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-6544
tags: cve,cve2015,xss,itop
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-6544
cwe-id: CWE-79
requests:
- method: GET

5
cves/2015/CVE-2015-8349.yaml
View File

@ -7,6 +7,11 @@ info:
description: Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2015-8349
tags: cve,cve2015,xss,sourcebans
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-8349
cwe-id: CWE-79
requests:
- method: GET

5
cves/2015/CVE-2015-8399.yaml
View File

@ -6,6 +6,11 @@ info:
description: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
reference: https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro
tags: cve,cve2015,atlassian,confluence
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cvss-score: 4.30
cve-id: CVE-2015-8399
cwe-id: CWE-200
requests:
- method: GET

5
cves/2015/CVE-2015-8813.yaml
View File

@ -9,6 +9,11 @@ info:
- https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
- https://nvd.nist.gov/vuln/detail/CVE-2015-8813
tags: cve,cve2015,ssrf,oob
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
cvss-score: 8.20
cve-id: CVE-2015-8813
cwe-id: CWE-918
requests:
- method: GET

6
cves/2015/CVE-2015-9414.yaml
View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
- https://nvd.nist.gov/vuln/detail/CVE-2015-9414
tags: cve,cve2015,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2015-9414
cwe-id: CWE-79
description: "The wp-symposium plugin through 15.8.1 for WordPress has XSS via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter."
requests:
- method: GET

6
cves/2015/CVE-2015-9480.yaml
View File

@ -8,6 +8,12 @@ info:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9480
- https://www.exploit-db.com/exploits/37252
tags: cve,cve2015,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2015-9480
cwe-id: CWE-22
description: "The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter."
requests:
- method: GET

4
cves/2016/CVE-2016-0957.yaml
View File

@ -7,6 +7,10 @@ info:
reference: https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
severity: high
tags: cve,cve2016,adobe,aem
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-0957
requests:
- method: GET

6
cves/2016/CVE-2016-1000126.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000126
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000126
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin admin-font-editor v1.8"
requests:
- method: GET

5
cves/2016/CVE-2016-1000127.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin ajax-random-post v2.00
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000127
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000127
cwe-id: CWE-79
requests:
- method: GET

5
cves/2016/CVE-2016-1000128.yaml
View File

@ -9,6 +9,11 @@ info:
- http://www.vapidlabs.com/wp/wp_advisory.php?v=161
- https://wordpress.org/plugins/anti-plagiarism
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000128
cwe-id: CWE-79
requests:
- method: GET

5
cves/2016/CVE-2016-1000129.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin defa-online-image-protector v3.3
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000129
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000129
cwe-id: CWE-79
requests:
- method: GET

5
cves/2016/CVE-2016-1000130.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin e-search v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000130
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000130
cwe-id: CWE-79
requests:
- method: GET

6
cves/2016/CVE-2016-1000131.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000131
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000131
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin e-search v1.0"
requests:
- method: GET

5
cves/2016/CVE-2016-1000132.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000132
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000132
cwe-id: CWE-79
requests:
- method: GET

5
cves/2016/CVE-2016-1000133.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000133
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000133
cwe-id: CWE-79
requests:
- method: GET

5
cves/2016/CVE-2016-1000134.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000134
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000134
cwe-id: CWE-79
requests:
- method: GET

5
cves/2016/CVE-2016-1000135.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin hdw-tube v1.2
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000135
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000135
cwe-id: CWE-79
requests:
- method: GET

6
cves/2016/CVE-2016-1000137.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=658
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000137
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin hero-maps-pro v2.1.0"
requests:
- method: GET

6
cves/2016/CVE-2016-1000138.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: http://www.vapidlabs.com/wp/wp_advisory.php?v=38
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000138
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin indexisto v1.0.5"
requests:
- method: GET

6
cves/2016/CVE-2016-1000139.yaml
View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000139
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin infusionsoft v1.5.11"
requests:
- method: GET

6
cves/2016/CVE-2016-1000140.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000140
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000140
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin new-year-firework v1.1.9"
requests:
- method: GET

6
cves/2016/CVE-2016-1000146.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000146
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000146
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin pondol-formmail v1.1"
requests:
- method: GET

6
cves/2016/CVE-2016-1000148.yaml
View File

@ -8,6 +8,12 @@ info:
- https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
tags: cve,cve2016,wordpress,wp-plugin,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000148
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin s3-video v0.983"
requests:
- method: GET

6
cves/2016/CVE-2016-1000149.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000149
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000149
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin simpel-reserveren v3.5.2"
requests:
- method: GET

5
cves/2016/CVE-2016-1000152.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin tidio-form v1.0
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000152
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000152
cwe-id: CWE-79
requests:
- method: GET

6
cves/2016/CVE-2016-1000153.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000153
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000153
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin tidio-gallery v1.1"
requests:
- method: GET

5
cves/2016/CVE-2016-1000154.yaml
View File

@ -7,6 +7,11 @@ info:
description: Reflected XSS in wordpress plugin whizz v1.0.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000154
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000154
cwe-id: CWE-79
requests:
- method: GET

6
cves/2016/CVE-2016-1000155.yaml
View File

@ -6,6 +6,12 @@ info:
severity: medium
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000155
tags: cve,cve2016,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-1000155
cwe-id: CWE-79
description: "Reflected XSS in wordpress plugin wpsolr-search-engine v7.6"
requests:
- method: GET

7
cves/2016/CVE-2016-10033.yaml
View File

@ -2,10 +2,15 @@ id: CVE-2016-10033
info:
name: Wordpress 4.6 Remote Code Execution
author: princechaddha
severity: high
severity: critical
description: The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
reference: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html
tags: wordpress,cve,cve2016,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-10033
cwe-id: CWE-77
requests:
- raw:

5
cves/2016/CVE-2016-10956.yaml
View File

@ -9,6 +9,11 @@ info:
- https://cxsecurity.com/issue/WLB-2016080220
- https://wpvulndb.com/vulnerabilities/8609
tags: cve,cve2016,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-10956
cwe-id: CWE-20
requests:
- method: GET

7
cves/2016/CVE-2016-10960.yaml
View File

@ -3,13 +3,18 @@ id: CVE-2016-10960
info:
name: wSecure Lite < 2.4 - Remote Code Execution (RCE)
author: daffainfo
severity: critical
severity: high
description: The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.
reference:
- https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10960
tags: cve,cve2016,wordpress,wp-plugin,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2016-10960
cwe-id: CWE-20
requests:
- method: POST

6
cves/2016/CVE-2016-10993.yaml
View File

@ -8,6 +8,12 @@ info:
- https://www.vulnerability-lab.com/get_content.php?id=1808
- https://nvd.nist.gov/vuln/detail/CVE-2016-10993
tags: cve,cve2016,wordpress,wp-theme,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.40
cve-id: CVE-2016-10993
cwe-id: CWE-79
description: "The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter."
requests:
- method: GET

5
cves/2016/CVE-2016-2004.yaml
View File

@ -9,6 +9,11 @@ info:
reference:
- https://www.exploit-db.com/exploits/39858
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-2004
cwe-id: CWE-306
network:
- inputs:

5
cves/2016/CVE-2016-2389.yaml
View File

@ -9,6 +9,11 @@ info:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389
tags: cve,cve2016,lfi,sap
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2016-2389
cwe-id: CWE-22
requests:
- method: GET

5
cves/2016/CVE-2016-3081.yaml
View File

@ -10,6 +10,11 @@ info:
- https://cwiki.apache.org/confluence/display/WW/S2-032
- https://struts.apache.org/docs/s2-032.html
tags: cve,cve2016,struts,rce,apache
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2016-3081
cwe-id: CWE-77
requests:
- raw:

5
cves/2016/CVE-2016-5649.yaml
View File

@ -7,6 +7,11 @@ info:
description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
tags: cve,cve2016,iot,netgear,router
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-5649
cwe-id: CWE-200
requests:
- raw:

7
cves/2016/CVE-2016-6277.yaml
View File

@ -3,12 +3,17 @@ id: CVE-2016-6277
info:
name: NETGEAR routers (including R6400, R7000, R8000 and similar) RCE
author: pikpikcu
severity: critical
severity: high
description: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
tags: cve,cves2016,netgear,rce,iot
reference:
- https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
- https://nvd.nist.gov/vuln/detail/CVE-2016-6277
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2016-6277
cwe-id: CWE-352
requests:
- method: GET

5
cves/2016/CVE-2016-7552.yaml
View File

@ -7,6 +7,11 @@ info:
description: On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
reference: https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4
tags: cve,cve2016,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2016-7552
cwe-id: CWE-22
requests:
- method: GET

5
cves/2016/CVE-2016-7981.yaml
View File

@ -8,6 +8,11 @@ info:
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-7981
tags: cve,cve2016,xss,spip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2016-7981
cwe-id: CWE-79
requests:
- method: GET

5
cves/2017/CVE-2017-1000028.yaml
View File

@ -7,6 +7,11 @@ info:
description: Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
reference: https://www.exploit-db.com/exploits/45196
tags: cve,cve2017,oracle,glassfish,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-1000028
cwe-id: CWE-22
requests:
- method: GET

5
cves/2017/CVE-2017-1000170.yaml
View File

@ -7,6 +7,11 @@ info:
reference: https://www.exploit-db.com/exploits/49693
description: jqueryFileTree 2.1.5 and older Directory Traversal
tags: cve,cve2017,wordpress,wp-plugin,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-1000170
cwe-id: CWE-22
requests:
- method: POST

5
cves/2017/CVE-2017-1000486.yaml
View File

@ -11,6 +11,11 @@ info:
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
tags: cve,cve2017,primetek,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-1000486
cwe-id: CWE-326
requests:
- raw:

6
cves/2017/CVE-2017-10075.yaml
View File

@ -3,10 +3,14 @@ id: CVE-2017-10075
info:
name: Oracle Content Server XSS
author: madrobot
severity: medium
severity: high
description: The vulnerability can be used to include HTML or JavaScript code to the affected web page. The code is executed in the browser of users if they visit the manipulated site.
reference: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
tags: cve,cve2017,xss,oracle
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
cvss-score: 8.20
cve-id: CVE-2017-10075
requests:
- method: GET

4
cves/2017/CVE-2017-10271.yaml
View File

@ -9,6 +9,10 @@ info:
- https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271
- https://github.com/SuperHacker-liuan/cve-2017-10271-poc
tags: cve,cve2017,rce,oracle,weblogic
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.50
cve-id: CVE-2017-10271
requests:
- raw:

7
cves/2017/CVE-2017-11444.yaml
View File

@ -3,12 +3,17 @@ id: CVE-2017-11444
info:
name: Subrion CMS SQL Injection
author: dwisiswant0
severity: high
severity: critical
description: Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
reference:
- https://github.com/intelliants/subrion/issues/479
- https://mp.weixin.qq.com/s/89mCnjUCvmptLsKaeVlC9Q
tags: cve,cve2017,sqli,subrion
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-11444
cwe-id: CWE-89
requests:
- method: GET

5
cves/2017/CVE-2017-12149.yaml
View File

@ -10,6 +10,11 @@ info:
- https://chowdera.com/2020/12/20201229190934023w.html
- https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149
tags: cve,cve2017,java,rce,deserialization
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12149
cwe-id: CWE-502
requests:
- raw:

4
cves/2017/CVE-2017-12542.yaml
View File

@ -9,6 +9,10 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-12542
- https://www.exploit-db.com/exploits/44005
tags: cve,cve2017,ilo4,hpe
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-12542
requests:
- method: GET

5
cves/2017/CVE-2017-12611.yaml
View File

@ -7,6 +7,11 @@ info:
description: In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
reference: https://struts.apache.org/docs/s2-053.html
tags: cve,cve2017,apache,rce,struts
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12611
cwe-id: CWE-20
requests:
- method: POST

7
cves/2017/CVE-2017-12615.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2017-12615
info:
name: Apache Tomcat RCE
author: pikpikcu
severity: critical
severity: high
tags: cve,cve2017,apache,rce
reference: https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615
description: |
@ -11,6 +11,11 @@ info:
This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server.
However, due to the insufficient checks, an attacker could gain remote code execution on 7.0.{0 to 79}
Tomcat servers that has enabled PUT by requesting PUT method on the Tomcat server using a specially crafted HTTP request.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-12615
cwe-id: CWE-434
requests:
- method: PUT

6
cves/2017/CVE-2017-12629.yaml
View File

@ -10,6 +10,12 @@ info:
- https://twitter.com/honoki/status/1298636315613974532
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12629
cwe-id: CWE-611
description: "Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr."
requests:
- raw:

7
cves/2017/CVE-2017-12635.yaml
View File

@ -3,10 +3,15 @@ id: CVE-2017-12635
info:
name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 Remote Privilege Escalation
author: pikpikcu
severity: high
severity: critical
description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
reference: https://github.com/assalielmehdi/CVE-2017-12635
tags: cve,cve2017,couchdb
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-12635
cwe-id: CWE-269
requests:
- raw:

5
cves/2017/CVE-2017-12637.yaml
View File

@ -10,6 +10,11 @@ info:
- https://www.cvedetails.com/cve/CVE-2017-12637/
- https://nvd.nist.gov/vuln/detail/CVE-2017-12637
- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-12637
cwe-id: CWE-22
requests:
- method: GET

5
cves/2017/CVE-2017-12794.yaml
View File

@ -10,6 +10,11 @@ info:
description: |
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.
tags: xss,django,cve,cve2017
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-12794
cwe-id: CWE-79
requests:
- method: GET

6
cves/2017/CVE-2017-14535.yaml
View File

@ -8,6 +8,12 @@ info:
- https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/
- https://www.exploit-db.com/exploits/49913
tags: cve,cve2017,trixbox,rce
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-14535
cwe-id: CWE-78
description: "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php."
requests:
- raw:

5
cves/2017/CVE-2017-14537.yaml
View File

@ -10,6 +10,11 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2017-14537
- https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/
- https://sourceforge.net/projects/asteriskathome/ # vendor homepage
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.50
cve-id: CVE-2017-14537
cwe-id: CWE-22
requests:
- raw:

9
cves/2017/CVE-2017-14651.yaml
View File

@ -6,6 +6,15 @@ info:
severity: medium
description: WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
tags: cve,cve2017,wso2,xss
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.80
cve-id: CVE-2017-14651
cwe-id: CWE-79
reference:
- https://github.com/cybersecurityworks/Disclosed/issues/15
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
- https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
requests:
- method: GET

9
cves/2017/CVE-2017-14849.yaml
View File

@ -6,6 +6,15 @@ info:
severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
tags: cve,cve2017,nodejs,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-14849
cwe-id: CWE-22
reference:
- https://twitter.com/nodejs/status/913131152868876288
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
- http://www.securityfocus.com/bid/101056
requests:
- method: GET

7
cves/2017/CVE-2017-15647.yaml
View File

@ -3,12 +3,17 @@ id: CVE-2017-15647
info:
name: FiberHome - Directory Traversal
author: daffainfo
severity: medium
severity: high
description: On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
reference:
- https://www.exploit-db.com/exploits/44054
- https://www.cvedetails.com/cve/CVE-2017-15647
tags: cve,cve2017,lfi,router
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-15647
cwe-id: CWE-22
requests:
- method: GET

5
cves/2017/CVE-2017-15715.yaml
View File

@ -7,6 +7,11 @@ info:
reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
severity: high
tags: cve,cve2017,apache,httpd,fileupload
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-15715
cwe-id: CWE-20
requests:
- raw:

6
cves/2017/CVE-2017-15944.yaml
View File

@ -7,8 +7,12 @@ info:
reference:
- https://www.exploit-db.com/exploits/43342
- http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
severity: high
severity: critical
tags: cve,cve2017,rce,vpn,paloalto,globalprotect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-15944
requests:
- raw:

6
cves/2017/CVE-2017-16806.yaml
View File

@ -6,6 +6,12 @@ info:
reference: https://www.exploit-db.com/exploits/43141
severity: high
tags: cve,cve2017,ulterius,traversal
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-16806
cwe-id: CWE-22
description: "The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal."
requests:
- method: GET

5
cves/2017/CVE-2017-16877.yaml
View File

@ -7,6 +7,11 @@ info:
description: ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
reference: https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9
tags: cve,cve2017,nextjs,lfi
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-16877
cwe-id: CWE-22
requests:
- method: GET

5
cves/2017/CVE-2017-17043.yaml
View File

@ -7,6 +7,11 @@ info:
description: The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17043
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17043
cwe-id: CWE-79
requests:
- method: GET

5
cves/2017/CVE-2017-17059.yaml
View File

@ -9,6 +9,11 @@ info:
- https://github.com/NaturalIntelligence/wp-thumb-post/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2017-17059
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17059
cwe-id: CWE-79
requests:
- method: POST

5
cves/2017/CVE-2017-17451.yaml
View File

@ -7,6 +7,11 @@ info:
description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-17451
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-17451
cwe-id: CWE-79
requests:
- method: GET

5
cves/2017/CVE-2017-17562.yaml
View File

@ -10,6 +10,11 @@ info:
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
severity: high
tags: cve,cve2017,rce,embedthis,goahead,fuzz
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-17562
cwe-id: CWE-20
requests:
- raw:

5
cves/2017/CVE-2017-18024.yaml
View File

@ -11,6 +11,11 @@ info:
description: |
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
tags: cve,cve2017,xss,avantfax
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-18024
cwe-id: CWE-79
requests:
- raw:

5
cves/2017/CVE-2017-18536.yaml
View File

@ -7,6 +7,11 @@ info:
description: The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
reference: https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-18536
cwe-id: CWE-79
requests:
- method: GET

5
cves/2017/CVE-2017-18638.yaml
View File

@ -11,6 +11,11 @@ info:
- https://github.com/advisories/GHSA-vfj6-275q-4pvm
- https://nvd.nist.gov/vuln/detail/CVE-2017-18638
tags: cve,cve2017,graphite,ssrf,oob
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2017-18638
cwe-id: CWE-918
requests:
- method: GET

4
cves/2017/CVE-2017-3506.yaml
View File

@ -9,6 +9,10 @@ info:
reference:
- https://hackerone.com/reports/810778
- https://nvd.nist.gov/vuln/detail/CVE-2017-3506
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 7.40
cve-id: CVE-2017-3506
requests:
- raw:

8
cves/2017/CVE-2017-3528.yaml
View File

@ -3,11 +3,17 @@ id: CVE-2017-3528
info:
name: Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
author: 0x_Akoko
severity: low
severity: medium
reference:
- https://blog.zsec.uk/cve-2017-3528/
- https://www.exploit-db.com/exploits/43592
tags: oracle,redirect
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
cvss-score: 5.40
cve-id: CVE-2017-3528
cwe-id: CWE-601
description: "Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)."
requests:
- method: GET

5
cves/2017/CVE-2017-3881.yaml
View File

@ -10,6 +10,11 @@ info:
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
description: RCE exploit code is available for Cisco Catalyst 2960 switch model. This exploit is firmware dependent.
tags: cve,cve2017,cisco,rce,network
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-3881
cwe-id: CWE-20
network:
- inputs:

5
cves/2017/CVE-2017-4011.yaml
View File

@ -10,6 +10,11 @@ info:
- https://kc.mcafee.com/corporate/index?page=content&id=SB10198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-4011
tags: cve,cve2017,mcafee,xss
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-4011
cwe-id: CWE-79
requests:
- method: GET

7
cves/2017/CVE-2017-5487.yaml
View File

@ -3,12 +3,17 @@ id: CVE-2017-5487
info:
name: WordPress Core < 4.7.1 - Username Enumeration
author: Manas_Harsh,daffainfo,geeknik
severity: info
severity: medium
description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
tags: cve,cve2017,wordpress
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2017-5487
- https://www.exploit-db.com/exploits/41497
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2017-5487
cwe-id: CWE-200
requests:
- method: GET

7
cves/2017/CVE-2017-5521.yaml
View File

@ -2,12 +2,17 @@ id: CVE-2017-5521
info:
name: Bypassing Authentication on NETGEAR Routers
author: princechaddha
severity: medium
severity: high
description: An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices.They are prone to password disclosure via simple crafted requests to the web management server.
reference:
- https://www.cvedetails.com/cve/CVE-2017-5521/
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/
tags: cve,cve2017,auth-bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.10
cve-id: CVE-2017-5521
cwe-id: CWE-200
requests:
- method: GET

5
cves/2017/CVE-2017-5638.yaml
View File

@ -6,6 +6,11 @@ info:
description: Struts is vulnerable to remote command injection attacks through incorrectly parsing an attackers invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.
tags: cve,cve2017,struts,rce,apache
reference: https://github.com/mazen160/struts-pwn
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-5638
cwe-id: CWE-20
requests:
- raw:

8
cves/2017/CVE-2017-6090.yaml
View File

@ -3,9 +3,15 @@ id: CVE-2017-6090
info:
name: PhpCollab (unauthenticated) Arbitrary File Upload
author: pikpikcu
severity: critical
severity: high
tags: cve,cve2017,phpcollab,rce,fileupload
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-6090
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-6090
cwe-id: CWE-434
description: "Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/."
requests:
- raw:

5
cves/2017/CVE-2017-7269.yaml
View File

@ -9,6 +9,11 @@ info:
- https://blog.0patch.com/2017/03/0patching-immortal-cve-2017-7269.html
- https://github.com/danigargu/explodingcan/blob/master/explodingcan.py
tags: cve,cve2017,rce
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-7269
cwe-id: CWE-119
requests:
- method: OPTIONS

5
cves/2017/CVE-2017-7391.yaml
View File

@ -9,6 +9,11 @@ info:
reference:
- https://github.com/dweeves/magmi-git/issues/522
- https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-7391
cwe-id: CWE-79
requests:
- method: GET

5
cves/2017/CVE-2017-7615.yaml
View File

@ -15,6 +15,11 @@ info:
- https://sourceforge.net/projects/mantisbt/files/mantis-stable/
- http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt
- https://www.exploit-db.com/exploits/41890
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.80
cve-id: CVE-2017-7615
cwe-id: CWE-640
requests:
- method: GET

7
cves/2017/CVE-2017-7921.yaml
View File

@ -2,12 +2,17 @@ id: CVE-2017-7921
info:
name: Hikvision Authentication Bypass
author: princechaddha
severity: high
severity: critical
description: An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
reference:
- http://www.hikvision.com/us/about_10805.html
- https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
tags: cve,cve2017,auth-bypass
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.00
cve-id: CVE-2017-7921
cwe-id: CWE-287
requests:
- method: GET

7
cves/2017/CVE-2017-8917.yaml
View File

@ -2,10 +2,15 @@ id: CVE-2017-8917
info:
name: Joomla SQL Injection
author: princechaddha
severity: high
severity: critical
description: SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
reference: https://www.cvedetails.com/cve/CVE-2017-8917/
tags: cve,cve2017,joomla,sqli
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.80
cve-id: CVE-2017-8917
cwe-id: CWE-89
requests:
- method: GET

5
cves/2017/CVE-2017-9140.yaml
View File

@ -7,6 +7,11 @@ info:
tags: cve,cve2017,xss,telerik
description: Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.
reference: https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9140
cwe-id: CWE-79
requests:
- method: GET

5
cves/2017/CVE-2017-9288.yaml
View File

@ -7,6 +7,11 @@ info:
description: The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
reference: https://nvd.nist.gov/vuln/detail/CVE-2017-9288
tags: cve,cve2017,wordpress,xss,wp-plugin
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9288
cwe-id: CWE-79
requests:
- method: GET

7
cves/2017/CVE-2017-9506.yaml
View File

@ -3,13 +3,18 @@ id: CVE-2017-9506
info:
name: Jira IconURIServlet SSRF
author: pdteam
severity: high
severity: medium
description: The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF).
reference:
- http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html
- https://ecosystem.atlassian.net/browse/OAUTH-344
- https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-171018bca2c3
tags: cve,cve2017,atlassian,jira,ssrf,oob
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10
cve-id: CVE-2017-9506
cwe-id: CWE-918
requests:
- raw:

Some files were not shown because too many files have changed in this diff Show More