From f3348fa612655903df468d584ba315f45bbd3910 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Mon, 30 Aug 2021 12:53:22 +0300 Subject: [PATCH 1/9] Updated --- cves/2019/CVE-2019-14470.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2019/CVE-2019-14470.yaml b/cves/2019/CVE-2019-14470.yaml index 05400bc1a4..82704b61f3 100644 --- a/cves/2019/CVE-2019-14470.yaml +++ b/cves/2019/CVE-2019-14470.yaml @@ -4,6 +4,7 @@ info: name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium + description: cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. reference: - https://wpscan.com/vulnerability/9815 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470 From 896343be128678e07d0c2166d7444d906a0f4f55 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:41:33 +0300 Subject: [PATCH 2/9] Clarify description --- vulnerabilities/oscommerce/oscommerce-rce.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/oscommerce/oscommerce-rce.yaml b/vulnerabilities/oscommerce/oscommerce-rce.yaml index 5f888337fc..f359c42b11 100644 --- a/vulnerabilities/oscommerce/oscommerce-rce.yaml +++ b/vulnerabilities/oscommerce/oscommerce-rce.yaml @@ -3,7 +3,7 @@ id: oscommerce-rce info: author: Suman_Kar name: osCommerce 2.3.4.1 - Remote Code Execution - description: Exploiting the install.php finish process by injecting php payload into the db_database parameter & read the system command output from configure.php + description: A vulnerability in osCommerce's install.php allows remote unauthenticated attackers to injecting PHP code into the db_database parameter, and subsequently use the configure.php page to to read the command's executed output reference: https://www.exploit-db.com/exploits/50128 severity: high tags: rce,oscommerce From 624162cca79ad4aa06f205869262c44e9633c30a Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:50:53 +0300 Subject: [PATCH 3/9] Working reference --- vulnerabilities/wordpress/wp-custom-tables-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-custom-tables-xss.yaml b/vulnerabilities/wordpress/wp-custom-tables-xss.yaml index c0918d72c5..958241da6b 100644 --- a/vulnerabilities/wordpress/wp-custom-tables-xss.yaml +++ b/vulnerabilities/wordpress/wp-custom-tables-xss.yaml @@ -5,7 +5,7 @@ info: author: daffainfo severity: medium description: WordPress custom tables Plugin 'key' Parameter Cross Site Scripting Vulnerability - reference: https://www.securityfocus.com/bid/54326/info + reference: https://wpscan.com/vulnerability/211a4286-4747-4b62-acc3-fd9a57b06252 tags: wordpress,xss,wp-plugin requests: From fb2f89bc867e272a0eb77331ef73c891ae1969d0 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:58:43 +0300 Subject: [PATCH 4/9] References --- vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml index 7075c485bf..dfb6f028d4 100644 --- a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml +++ b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml @@ -5,6 +5,9 @@ info: author: madrobot severity: high tags: wordpress,rce,ssrf + reference: + - https://www.exploit-db.com/exploits/49327 + - https://wpscan.com/vulnerability/10417 requests: - raw: From e602575ae0cc3fd849742cdf401f709050d3e616 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 12:58:48 +0300 Subject: [PATCH 5/9] Working reference --- vulnerabilities/wordpress/wp-church-admin-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-church-admin-xss.yaml b/vulnerabilities/wordpress/wp-church-admin-xss.yaml index f5c5957b97..089b607075 100644 --- a/vulnerabilities/wordpress/wp-church-admin-xss.yaml +++ b/vulnerabilities/wordpress/wp-church-admin-xss.yaml @@ -4,7 +4,7 @@ info: name: WordPress Plugin church_admin - 'id' Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - reference: https://www.securityfocus.com/bid/54329/info + reference: https://packetstormsecurity.com/files/132034/WordPress-Church-Admin-0.800-Cross-Site-Scripting.html tags: wordpress,xss,wp-plugin requests: From 59525a5846f37fd5eca99aff887d5db16abd564a Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 13:02:41 +0300 Subject: [PATCH 6/9] Working reference --- vulnerabilities/wordpress/wp-finder-xss.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-finder-xss.yaml b/vulnerabilities/wordpress/wp-finder-xss.yaml index 1bbd46235e..d9dd3851bf 100644 --- a/vulnerabilities/wordpress/wp-finder-xss.yaml +++ b/vulnerabilities/wordpress/wp-finder-xss.yaml @@ -4,7 +4,7 @@ info: name: WordPress Plugin Finder - 'order' Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - reference: https://www.securityfocus.com/bid/55217/info + reference: https://packetstormsecurity.com/files/115902/WordPress-Finder-Cross-Site-Scripting.html tags: wordpress,xss,wp-plugin requests: From 46b16bcfa2960e2d80e4bd22c2c00a4e6d324017 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 12 Sep 2021 14:16:01 +0300 Subject: [PATCH 7/9] Incomplete title --- vulnerabilities/wordpress/wp-super-forms.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/wordpress/wp-super-forms.yaml b/vulnerabilities/wordpress/wp-super-forms.yaml index 7b1c01e7ad..1d3a407ad9 100644 --- a/vulnerabilities/wordpress/wp-super-forms.yaml +++ b/vulnerabilities/wordpress/wp-super-forms.yaml @@ -1,6 +1,6 @@ id: wordpress-super-forms info: - name: WordPress super-forms + name: WordPress super-forms Plugin Directory Listing author: pussycat0x severity: low description: Searches for sensitive directories present in the wordpress-plugins plugin. From 34bba4e794f0251dc84cf0670e6c7e585c27ea81 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 17:10:52 +0530 Subject: [PATCH 8/9] misc update --- cves/2019/CVE-2019-14470.yaml | 1 - cves/2021/CVE-2021-26295.yaml | 6 ++---- vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/cves/2019/CVE-2019-14470.yaml b/cves/2019/CVE-2019-14470.yaml index 82fc91e2cf..d956d7190a 100644 --- a/cves/2019/CVE-2019-14470.yaml +++ b/cves/2019/CVE-2019-14470.yaml @@ -4,7 +4,6 @@ info: name: WordPress Plugin UserPro 4.9.32 - Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium - description: cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. reference: - https://wpscan.com/vulnerability/9815 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470 diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index ab08b76304..42481137f2 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -9,15 +9,13 @@ info: - https://github.com/yumusb/CVE-2021-26295-POC - https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E - https://lists.apache.org/thread.html/r6e4579c4ebf7efeb462962e359501c6ca4045687f12212551df2d607@%3Cnotifications.ofbiz.apache.org%3E - -# Note:- This is detection template, To perform deserializes do as below -# java.exe -jar .\ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn/ > mad.ot -# `cat mad.ot | hex` and replace in along with the url in std-String value classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2021-26295 cwe-id: CWE-502 + additional-fileds: + ysoserial-payload: 'java -jar ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn | hex' requests: - raw: diff --git a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml index dfb6f028d4..4fe1fb2f7a 100644 --- a/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml +++ b/vulnerabilities/wordpress/wp-multiple-theme-ssrf.yaml @@ -5,7 +5,7 @@ info: author: madrobot severity: high tags: wordpress,rce,ssrf - reference: + reference: - https://www.exploit-db.com/exploits/49327 - https://wpscan.com/vulnerability/10417 From 162928ed27111f31c14fc011c730e4f503a238c0 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 12 Sep 2021 17:16:47 +0530 Subject: [PATCH 9/9] Update CVE-2021-26295.yaml --- cves/2021/CVE-2021-26295.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-26295.yaml b/cves/2021/CVE-2021-26295.yaml index 42481137f2..fa1a549e53 100644 --- a/cves/2021/CVE-2021-26295.yaml +++ b/cves/2021/CVE-2021-26295.yaml @@ -14,7 +14,7 @@ info: cvss-score: 9.80 cve-id: CVE-2021-26295 cwe-id: CWE-502 - additional-fileds: + additional-fields: ysoserial-payload: 'java -jar ysoserial-master-d367e379d9-1.jar URLDNS http://t53lq9.dnslog.cn | hex' requests: