parent
433dda4ae5
commit
51db5ea193
|
@ -9,7 +9,7 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 1
|
max-request: 1
|
||||||
tags: cloud,enum,cloud-enum,azure,dns
|
tags: cloud,enum,cloud-enum,azure
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,7 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 1
|
max-request: 1
|
||||||
tags: cloud,cloud-enum,azure,fuzz,enum,dns
|
tags: cloud,cloud-enum,azure,fuzz,enum
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ info:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: sudo_project
|
vendor: sudo_project
|
||||||
product: sudo
|
product: sudo
|
||||||
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical,sudo_project
|
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
|
|
|
@ -24,7 +24,7 @@ info:
|
||||||
verified: true
|
verified: true
|
||||||
vendor: sudo_project
|
vendor: sudo_project
|
||||||
product: sudo
|
product: sudo
|
||||||
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev,sudo_project
|
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
|
|
|
@ -24,7 +24,7 @@ info:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: gnu
|
vendor: gnu
|
||||||
product: glibc
|
product: glibc
|
||||||
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev,gnu
|
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
|
|
|
@ -18,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2023-6246
|
cve-id: CVE-2023-6246
|
||||||
cwe-id: CWE-787,CWE-122
|
cwe-id: CWE-787,CWE-122
|
||||||
epss-score: 0.0077
|
epss-score: 0.0077
|
||||||
epss-percentile: 0.80911
|
epss-percentile: 0.80859
|
||||||
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: gnu
|
vendor: gnu
|
||||||
product: glibc
|
product: glibc
|
||||||
tags: cve,cve2023,code,glibc,linux,privesc,local,gnu
|
tags: cve,cve2023,code,glibc,linux,privesc,local
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
|
|
|
@ -11,7 +11,7 @@ info:
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 3
|
max-request: 3
|
||||||
tags: code,linux,sqlite3,privesc,local,sqli
|
tags: code,linux,sqlite3,privesc,local
|
||||||
|
|
||||||
self-contained: true
|
self-contained: true
|
||||||
code:
|
code:
|
||||||
|
|
|
@ -17,7 +17,6 @@ info:
|
||||||
cve-id: CVE-2018-19518
|
cve-id: CVE-2018-19518
|
||||||
cwe-id: CWE-88
|
cwe-id: CWE-88
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
confidence: tenative
|
confidence: tenative
|
||||||
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php
|
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,6 @@ info:
|
||||||
cve-id: CVE-2021-45046
|
cve-id: CVE-2021-45046
|
||||||
cwe-id: CWE-502
|
cwe-id: CWE-502
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
confidence: tenative
|
confidence: tenative
|
||||||
tags: cve,cve2021,rce,oast,log4j,injection,dast
|
tags: cve,cve2021,rce,oast,log4j,injection,dast
|
||||||
|
|
||||||
|
|
|
@ -6,20 +6,19 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
|
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
|
||||||
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
|
|
||||||
reference:
|
reference:
|
||||||
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
|
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
|
||||||
- http://www.openwall.com/lists/oss-security/2022/10/13/4
|
- http://www.openwall.com/lists/oss-security/2022/10/13/4
|
||||||
- http://www.openwall.com/lists/oss-security/2022/10/18/1
|
- http://www.openwall.com/lists/oss-security/2022/10/18/1
|
||||||
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
|
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
|
||||||
- https://github.com/silentsignal/burp-text4shell
|
- https://github.com/silentsignal/burp-text4shell
|
||||||
|
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2022-42889
|
cve-id: CVE-2022-42889
|
||||||
cwe-id: CWE-94
|
cwe-id: CWE-94
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
confidence: tenative
|
confidence: tenative
|
||||||
tags: cve,cve2022,rce,oast,text4shell,dast
|
tags: cve,cve2022,rce,oast,text4shell,dast
|
||||||
|
|
||||||
|
|
|
@ -5,13 +5,11 @@ info:
|
||||||
author: pdteam,geeknik
|
author: pdteam,geeknik
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
|
Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
|
||||||
Successful exploitation could lead to arbitrary command execution on the system.
|
Successful exploitation could lead to arbitrary command execution on the system.
|
||||||
reference:
|
reference:
|
||||||
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities
|
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities
|
||||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
|
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
|
||||||
metadata:
|
|
||||||
max-request: 4
|
|
||||||
tags: cmdi,oast,dast,blind,polyglot
|
tags: cmdi,oast,dast,blind,polyglot
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -5,12 +5,10 @@ info:
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
|
Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
|
||||||
reference:
|
reference:
|
||||||
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits
|
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits
|
||||||
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
|
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
tags: cmdi,oast,dast,blind,ruby,rce
|
tags: cmdi,oast,dast,blind,ruby,rce
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -7,8 +7,6 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
|
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
|
||||||
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
|
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
tags: reflected,dast,cookie,injection
|
tags: reflected,dast,cookie,injection
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -4,8 +4,6 @@ info:
|
||||||
name: CRLF Injection
|
name: CRLF Injection
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: low
|
severity: low
|
||||||
metadata:
|
|
||||||
max-request: 41
|
|
||||||
tags: crlf,dast
|
tags: crlf,dast
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -6,8 +6,6 @@ info:
|
||||||
severity: unknown
|
severity: unknown
|
||||||
reference:
|
reference:
|
||||||
- https://owasp.org/www-community/attacks/Unicode_Encoding
|
- https://owasp.org/www-community/attacks/Unicode_Encoding
|
||||||
metadata:
|
|
||||||
max-request: 25
|
|
||||||
tags: dast,pathtraversal,lfi
|
tags: dast,pathtraversal,lfi
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -7,8 +7,6 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
|
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
|
||||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
|
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
|
||||||
metadata:
|
|
||||||
max-request: 46
|
|
||||||
tags: lfi,dast,linux
|
tags: lfi,dast,linux
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -4,8 +4,6 @@ info:
|
||||||
name: Local File Inclusion - Windows
|
name: Local File Inclusion - Windows
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: high
|
severity: high
|
||||||
metadata:
|
|
||||||
max-request: 39
|
|
||||||
tags: lfi,windows,dast
|
tags: lfi,windows,dast
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -4,8 +4,6 @@ info:
|
||||||
name: Open Redirect Detection
|
name: Open Redirect Detection
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: medium
|
severity: medium
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
tags: redirect,dast
|
tags: redirect,dast
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -6,8 +6,6 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://www.invicti.com/learn/remote-file-inclusion-rfi/
|
- https://www.invicti.com/learn/remote-file-inclusion-rfi/
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
tags: rfi,dast,oast
|
tags: rfi,dast,oast
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -8,8 +8,6 @@ info:
|
||||||
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
|
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
|
||||||
or to override valuable ones, or even to execute dangerous system level commands on the database host.
|
or to override valuable ones, or even to execute dangerous system level commands on the database host.
|
||||||
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
|
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
|
||||||
metadata:
|
|
||||||
max-request: 3
|
|
||||||
tags: sqli,error,dast
|
tags: sqli,error,dast
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -4,8 +4,6 @@ info:
|
||||||
name: Blind SSRF OAST Detection
|
name: Blind SSRF OAST Detection
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: medium
|
severity: medium
|
||||||
metadata:
|
|
||||||
max-request: 3
|
|
||||||
tags: ssrf,dast,oast
|
tags: ssrf,dast,oast
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -6,8 +6,6 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
|
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
|
||||||
metadata:
|
|
||||||
max-request: 12
|
|
||||||
tags: ssrf,dast
|
tags: ssrf,dast
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -7,8 +7,6 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
|
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
|
||||||
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
|
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
|
||||||
metadata:
|
|
||||||
max-request: 14
|
|
||||||
tags: ssti,dast
|
tags: ssti,dast
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -4,8 +4,6 @@ info:
|
||||||
name: Reflected Cross Site Scripting
|
name: Reflected Cross Site Scripting
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: medium
|
severity: medium
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
tags: xss,rxss,dast
|
tags: xss,rxss,dast
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -6,8 +6,6 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
|
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
|
||||||
metadata:
|
|
||||||
max-request: 2
|
|
||||||
tags: dast,xxe
|
tags: dast,xxe
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -5,7 +5,7 @@ info:
|
||||||
author: Sy3Omda,geeknik,forgedhallpass,ayadi
|
author: Sy3Omda,geeknik,forgedhallpass,ayadi
|
||||||
severity: unknown
|
severity: unknown
|
||||||
description: Check for multiple keys/tokens/passwords hidden inside of files.
|
description: Check for multiple keys/tokens/passwords hidden inside of files.
|
||||||
tags: exposure,token,file,disclosure,keys
|
tags: exposure,token,file,disclosure
|
||||||
# Extract secrets regex like api keys, password, token, etc ... for different services.
|
# Extract secrets regex like api keys, password, token, etc ... for different services.
|
||||||
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
|
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
|
||||||
# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.
|
# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2000-0114
|
cve-id: CVE-2000-0114
|
||||||
cwe-id: NVD-CWE-Other
|
cwe-id: NVD-CWE-Other
|
||||||
epss-score: 0.15958
|
epss-score: 0.15958
|
||||||
epss-percentile: 0.95841
|
epss-percentile: 0.95829
|
||||||
cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -23,7 +23,7 @@ info:
|
||||||
cve-id: CVE-2005-3634
|
cve-id: CVE-2005-3634
|
||||||
cwe-id: NVD-CWE-Other
|
cwe-id: NVD-CWE-Other
|
||||||
epss-score: 0.02843
|
epss-score: 0.02843
|
||||||
epss-percentile: 0.90511
|
epss-percentile: 0.897
|
||||||
cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -22,7 +22,7 @@ info:
|
||||||
cve-id: CVE-2007-3010
|
cve-id: CVE-2007-3010
|
||||||
cwe-id: CWE-20
|
cwe-id: CWE-20
|
||||||
epss-score: 0.97317
|
epss-score: 0.97317
|
||||||
epss-percentile: 0.99867
|
epss-percentile: 0.99868
|
||||||
cpe: cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:*
|
cpe: cpe:2.3:a:alcatel-lucent:omnipcx:7.1:*:enterprise:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
@ -31,7 +31,7 @@ info:
|
||||||
product: omnipcx
|
product: omnipcx
|
||||||
shodan-query: title:"OmniPCX for Enterprise"
|
shodan-query: title:"OmniPCX for Enterprise"
|
||||||
fofa-query: app="Alcatel_Lucent-OmniPCX-Enterprise"
|
fofa-query: app="Alcatel_Lucent-OmniPCX-Enterprise"
|
||||||
tags: cve,cve2007,kev,rce,alcatel,alcatel-lucent
|
tags: cve,cve2007,kev,rce,alcatel
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
|
@ -22,7 +22,7 @@ info:
|
||||||
cve-id: CVE-2008-1059
|
cve-id: CVE-2008-1059
|
||||||
cwe-id: CWE-94
|
cwe-id: CWE-94
|
||||||
epss-score: 0.01493
|
epss-score: 0.01493
|
||||||
epss-percentile: 0.86593
|
epss-percentile: 0.86573
|
||||||
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -25,10 +25,11 @@ info:
|
||||||
epss-percentile: 0.77516
|
epss-percentile: 0.77516
|
||||||
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: wordpress
|
vendor: wordpress
|
||||||
product: "sniplets_plugin"
|
product: sniplets_plugin
|
||||||
tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets
|
tags: cve2008,cve,xss,wp-plugin,wp,edb,wpscan,wordpress,sniplets
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -22,7 +22,7 @@ info:
|
||||||
cve-id: CVE-2008-1547
|
cve-id: CVE-2008-1547
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
epss-score: 0.03875
|
epss-score: 0.03875
|
||||||
epss-percentile: 0.91757
|
epss-percentile: 0.9108
|
||||||
cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
|
cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
|
|
|
@ -22,7 +22,7 @@ info:
|
||||||
cve-id: CVE-2008-2650
|
cve-id: CVE-2008-2650
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.06344
|
epss-score: 0.06344
|
||||||
epss-percentile: 0.93508
|
epss-percentile: 0.93486
|
||||||
cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2008-5587
|
cve-id: CVE-2008-5587
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.02331
|
epss-score: 0.02331
|
||||||
epss-percentile: 0.89531
|
epss-percentile: 0.88625
|
||||||
cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2008-6080
|
cve-id: CVE-2008-6080
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.03314
|
epss-score: 0.03314
|
||||||
epss-percentile: 0.91148
|
epss-percentile: 0.90395
|
||||||
cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -13,14 +13,13 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/6980
|
- https://www.exploit-db.com/exploits/6980
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-6222
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46356
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46356
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
||||||
cvss-score: 5
|
cvss-score: 5
|
||||||
cve-id: CVE-2008-6222
|
cve-id: CVE-2008-6222
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01302
|
epss-score: 0.01029
|
||||||
epss-percentile: 0.85607
|
epss-percentile: 0.82175
|
||||||
cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -15,14 +15,13 @@ info:
|
||||||
- http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
|
- http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2008-6982
|
- https://nvd.nist.gov/vuln/detail/CVE-2008-6982
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44940
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44940
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
|
||||||
cvss-score: 4.3
|
cvss-score: 4.3
|
||||||
cve-id: CVE-2008-6982
|
cve-id: CVE-2008-6982
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.0038
|
epss-score: 0.0038
|
||||||
epss-percentile: 0.72554
|
epss-percentile: 0.70097
|
||||||
cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -18,7 +18,7 @@ info:
|
||||||
cve-id: CVE-2008-7269
|
cve-id: CVE-2008-7269
|
||||||
cwe-id: CWE-20
|
cwe-id: CWE-20
|
||||||
epss-score: 0.01425
|
epss-score: 0.01425
|
||||||
epss-percentile: 0.86272
|
epss-percentile: 0.86241
|
||||||
cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
verified: "true"
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2009-0932
|
cve-id: CVE-2009-0932
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.04048
|
epss-score: 0.04048
|
||||||
epss-percentile: 0.91931
|
epss-percentile: 0.919
|
||||||
cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,8 +20,8 @@ info:
|
||||||
cvss-score: 4.3
|
cvss-score: 4.3
|
||||||
cve-id: CVE-2009-1872
|
cve-id: CVE-2009-1872
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.32712
|
epss-score: 0.37553
|
||||||
epss-percentile: 0.96936
|
epss-percentile: 0.97102
|
||||||
cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
|
|
|
@ -19,7 +19,7 @@ info:
|
||||||
cve-id: CVE-2009-2100
|
cve-id: CVE-2009-2100
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00779
|
epss-score: 0.00779
|
||||||
epss-percentile: 0.8102
|
epss-percentile: 0.80973
|
||||||
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -14,14 +14,13 @@ info:
|
||||||
- http://www.vupen.com/english/advisories/2009/1494
|
- http://www.vupen.com/english/advisories/2009/1494
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
|
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
|
||||||
- http://www.exploit-db.com/exploits/8870
|
- http://www.exploit-db.com/exploits/8870
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
|
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2009-4202
|
cve-id: CVE-2009-4202
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01956
|
epss-score: 0.01956
|
||||||
epss-percentile: 0.88476
|
epss-percentile: 0.87449
|
||||||
cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2010-0219
|
cve-id: CVE-2010-0219
|
||||||
cwe-id: CWE-255
|
cwe-id: CWE-255
|
||||||
epss-score: 0.97509
|
epss-score: 0.97509
|
||||||
epss-percentile: 0.99982
|
epss-percentile: 0.99981
|
||||||
cpe: cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-0696
|
cve-id: CVE-2010-0696
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.57303
|
epss-score: 0.57303
|
||||||
epss-percentile: 0.97645
|
epss-percentile: 0.97418
|
||||||
cpe: cpe:2.3:a:joomlaworks:jw_allvideos:3.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomlaworks:jw_allvideos:3.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-0759
|
cve-id: CVE-2010-0759
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01569
|
epss-score: 0.01569
|
||||||
epss-percentile: 0.86988
|
epss-percentile: 0.86974
|
||||||
cpe: cpe:2.3:a:greatjoomla:scriptegrator_plugin:1.4.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:greatjoomla:scriptegrator_plugin:1.4.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-0943
|
cve-id: CVE-2010-0943
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01155
|
epss-score: 0.01155
|
||||||
epss-percentile: 0.84586
|
epss-percentile: 0.83338
|
||||||
cpe: cpe:2.3:a:joomlart:com_jashowcase:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomlart:com_jashowcase:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-0972
|
cve-id: CVE-2010-0972
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00813
|
epss-score: 0.00813
|
||||||
epss-percentile: 0.8146
|
epss-percentile: 0.81406
|
||||||
cpe: cpe:2.3:a:g4j.laoneo:com_gcalendar:2.1.5:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:g4j.laoneo:com_gcalendar:2.1.5:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -11,14 +11,13 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/10942
|
- https://www.exploit-db.com/exploits/10942
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-0982
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-0982
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N
|
||||||
cvss-score: 4.3
|
cvss-score: 4.3
|
||||||
cve-id: CVE-2010-0982
|
cve-id: CVE-2010-0982
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.19302
|
epss-score: 0.0087
|
||||||
epss-percentile: 0.96179
|
epss-percentile: 0.80553
|
||||||
cpe: cpe:2.3:a:joomlamo:com_cartweberp:1.56.75:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomlamo:com_cartweberp:1.56.75:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -12,14 +12,13 @@ info:
|
||||||
- https://www.exploit-db.com/exploits/11511
|
- https://www.exploit-db.com/exploits/11511
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1081
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-1081
|
||||||
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
|
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
||||||
cvss-score: 5
|
cvss-score: 5
|
||||||
cve-id: CVE-2010-1081
|
cve-id: CVE-2010-1081
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.36214
|
epss-score: 0.0168
|
||||||
epss-percentile: 0.97067
|
epss-percentile: 0.8632
|
||||||
cpe: cpe:2.3:a:corejoomla:com_communitypolls:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:corejoomla:com_communitypolls:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -19,7 +19,7 @@ info:
|
||||||
cve-id: CVE-2010-1219
|
cve-id: CVE-2010-1219
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00813
|
epss-score: 0.00813
|
||||||
epss-percentile: 0.8146
|
epss-percentile: 0.81406
|
||||||
cpe: cpe:2.3:a:com_janews:com_janews:1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:com_janews:com_janews:1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1305
|
cve-id: CVE-2010-1305
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.03203
|
epss-score: 0.03203
|
||||||
epss-percentile: 0.91022
|
epss-percentile: 0.90236
|
||||||
cpe: cpe:2.3:a:joomlamo:com_jinventory:1.23.02:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomlamo:com_jinventory:1.23.02:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -13,14 +13,13 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1307
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-1307
|
||||||
- http://www.vupen.com/english/advisories/2010/0806
|
- http://www.vupen.com/english/advisories/2010/0806
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57531
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57531
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
||||||
cvss-score: 5
|
cvss-score: 5
|
||||||
cve-id: CVE-2010-1307
|
cve-id: CVE-2010-1307
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01751
|
epss-score: 0.01751
|
||||||
epss-percentile: 0.87711
|
epss-percentile: 0.86604
|
||||||
cpe: cpe:2.3:a:software.realtyna:com_joomlaupdater:1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:software.realtyna:com_joomlaupdater:1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -19,7 +19,7 @@ info:
|
||||||
cve-id: CVE-2010-1308
|
cve-id: CVE-2010-1308
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01334
|
epss-score: 0.01334
|
||||||
epss-percentile: 0.85783
|
epss-percentile: 0.85765
|
||||||
cpe: cpe:2.3:a:la-souris-verte:com_svmap:1.1.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:la-souris-verte:com_svmap:1.1.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1315
|
cve-id: CVE-2010-1315
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.0087
|
epss-score: 0.0087
|
||||||
epss-percentile: 0.82084
|
epss-percentile: 0.82023
|
||||||
cpe: cpe:2.3:a:joomlamo:com_weberpcustomer:1.2.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomlamo:com_weberpcustomer:1.2.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -19,7 +19,7 @@ info:
|
||||||
cve-id: CVE-2010-1345
|
cve-id: CVE-2010-1345
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00477
|
epss-score: 0.00477
|
||||||
epss-percentile: 0.75338
|
epss-percentile: 0.75244
|
||||||
cpe: cpe:2.3:a:cookex:com_ckforms:1.3.3:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:cookex:com_ckforms:1.3.3:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -19,7 +19,7 @@ info:
|
||||||
cve-id: CVE-2010-1352
|
cve-id: CVE-2010-1352
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00477
|
epss-score: 0.00477
|
||||||
epss-percentile: 0.75338
|
epss-percentile: 0.75244
|
||||||
cpe: cpe:2.3:a:jooforge:com_jukebox:1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:jooforge:com_jukebox:1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1470
|
cve-id: CVE-2010-1470
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.04616
|
epss-score: 0.04616
|
||||||
epss-percentile: 0.92396
|
epss-percentile: 0.92373
|
||||||
cpe: cpe:2.3:a:dev.pucit.edu.pk:com_webtv:1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:dev.pucit.edu.pk:com_webtv:1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1471
|
cve-id: CVE-2010-1471
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.05684
|
epss-score: 0.05684
|
||||||
epss-percentile: 0.9319
|
epss-percentile: 0.93171
|
||||||
cpe: cpe:2.3:a:b-elektro:com_addressbook:1.5.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:b-elektro:com_addressbook:1.5.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1472
|
cve-id: CVE-2010-1472
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.05684
|
epss-score: 0.05684
|
||||||
epss-percentile: 0.9319
|
epss-percentile: 0.93171
|
||||||
cpe: cpe:2.3:a:kazulah:com_horoscope:1.5.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:kazulah:com_horoscope:1.5.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1531
|
cve-id: CVE-2010-1531
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01815
|
epss-score: 0.01815
|
||||||
epss-percentile: 0.87938
|
epss-percentile: 0.86892
|
||||||
cpe: cpe:2.3:a:redcomponent:com_redshop:1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:redcomponent:com_redshop:1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -18,7 +18,7 @@ info:
|
||||||
cve-id: CVE-2010-1534
|
cve-id: CVE-2010-1534
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01385
|
epss-score: 0.01385
|
||||||
epss-percentile: 0.86077
|
epss-percentile: 0.86058
|
||||||
cpe: cpe:2.3:a:joomla.batjo:com_shoutbox:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joomla.batjo:com_shoutbox:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -12,14 +12,13 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/11625
|
- https://www.exploit-db.com/exploits/11625
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1540
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-1540
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
|
||||||
cvss-score: 5
|
cvss-score: 5
|
||||||
cve-id: CVE-2010-1540
|
cve-id: CVE-2010-1540
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.0045
|
epss-score: 0.0045
|
||||||
epss-percentile: 0.74677
|
epss-percentile: 0.72402
|
||||||
cpe: cpe:2.3:a:myblog:com_myblog:3.0.329:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:myblog:com_myblog:3.0.329:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2010-1602
|
cve-id: CVE-2010-1602
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.03451
|
epss-score: 0.03451
|
||||||
epss-percentile: 0.91313
|
epss-percentile: 0.91267
|
||||||
cpe: cpe:2.3:a:zimbllc:com_zimbcomment:0.8.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:zimbllc:com_zimbcomment:0.8.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -19,7 +19,7 @@ info:
|
||||||
cve-id: CVE-2010-1603
|
cve-id: CVE-2010-1603
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.03451
|
epss-score: 0.03451
|
||||||
epss-percentile: 0.91313
|
epss-percentile: 0.91267
|
||||||
cpe: cpe:2.3:a:zimbllc:com_zimbcore:0.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:zimbllc:com_zimbcore:0.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1607
|
cve-id: CVE-2010-1607
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01726
|
epss-score: 0.01726
|
||||||
epss-percentile: 0.87631
|
epss-percentile: 0.87577
|
||||||
cpe: cpe:2.3:a:paysyspro:com_wmi:1.5.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:paysyspro:com_wmi:1.5.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2010-1653
|
cve-id: CVE-2010-1653
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.03527
|
epss-score: 0.03527
|
||||||
epss-percentile: 0.91392
|
epss-percentile: 0.91355
|
||||||
cpe: cpe:2.3:a:htmlcoderhelper:com_graphics:1.0.6:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:htmlcoderhelper:com_graphics:1.0.6:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -12,14 +12,13 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1715
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-1715
|
||||||
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
|
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57677
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57677
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
||||||
cvss-score: 6.8
|
cvss-score: 6.8
|
||||||
cve-id: CVE-2010-1715
|
cve-id: CVE-2010-1715
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01242
|
epss-score: 0.01242
|
||||||
epss-percentile: 0.85229
|
epss-percentile: 0.83996
|
||||||
cpe: cpe:2.3:a:pucit.edu:com_onlineexam:1.5.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:pucit.edu:com_onlineexam:1.5.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -14,14 +14,13 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1722
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-1722
|
||||||
- http://www.exploit-db.com/exploits/12177
|
- http://www.exploit-db.com/exploits/12177
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57674
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57674
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
||||||
cvss-score: 6.8
|
cvss-score: 6.8
|
||||||
cve-id: CVE-2010-1722
|
cve-id: CVE-2010-1722
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01242
|
epss-score: 0.01242
|
||||||
epss-percentile: 0.85229
|
epss-percentile: 0.83996
|
||||||
cpe: cpe:2.3:a:dev.pucit.edu.pk:com_market:2.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:dev.pucit.edu.pk:com_market:2.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2010-1870
|
cve-id: CVE-2010-1870
|
||||||
cwe-id: CWE-917
|
cwe-id: CWE-917
|
||||||
epss-score: 0.06174
|
epss-score: 0.06174
|
||||||
epss-percentile: 0.93421
|
epss-percentile: 0.92842
|
||||||
cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2010-1878
|
cve-id: CVE-2010-1878
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00826
|
epss-score: 0.00826
|
||||||
epss-percentile: 0.81631
|
epss-percentile: 0.81565
|
||||||
cpe: cpe:2.3:a:blueflyingfish.no-ip:com_orgchart:1.0.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:blueflyingfish.no-ip:com_orgchart:1.0.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1956
|
cve-id: CVE-2010-1956
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.06055
|
epss-score: 0.06055
|
||||||
epss-percentile: 0.93366
|
epss-percentile: 0.92761
|
||||||
cpe: cpe:2.3:a:thefactory:com_gadgetfactory:1.0.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:thefactory:com_gadgetfactory:1.0.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1957
|
cve-id: CVE-2010-1957
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01671
|
epss-score: 0.01671
|
||||||
epss-percentile: 0.87414
|
epss-percentile: 0.87378
|
||||||
cpe: cpe:2.3:a:thefactory:com_lovefactory:1.3.4:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:thefactory:com_lovefactory:1.3.4:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1979
|
cve-id: CVE-2010-1979
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00826
|
epss-score: 0.00826
|
||||||
epss-percentile: 0.81631
|
epss-percentile: 0.81565
|
||||||
cpe: cpe:2.3:a:affiliatefeeds:com_datafeeds:build_880:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:affiliatefeeds:com_datafeeds:build_880:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1981
|
cve-id: CVE-2010-1981
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00656
|
epss-score: 0.00656
|
||||||
epss-percentile: 0.79117
|
epss-percentile: 0.77311
|
||||||
cpe: cpe:2.3:a:fabrikar:fabrik:2.0:*:*:*:*:joomla\!:*:*
|
cpe: cpe:2.3:a:fabrikar:fabrik:2.0:*:*:*:*:joomla\!:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-1983
|
cve-id: CVE-2010-1983
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01815
|
epss-score: 0.01815
|
||||||
epss-percentile: 0.87938
|
epss-percentile: 0.87898
|
||||||
cpe: cpe:2.3:a:redcomponent:com_redtwitter:1.0b8:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:redcomponent:com_redtwitter:1.0b8:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -18,8 +18,8 @@ info:
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2010-2034
|
cve-id: CVE-2010-2034
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.07071
|
epss-score: 0.00718
|
||||||
epss-percentile: 0.93866
|
epss-percentile: 0.7851
|
||||||
cpe: cpe:2.3:a:percha:com_perchaimageattach:1.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:percha:com_perchaimageattach:1.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-2122
|
cve-id: CVE-2010-2122
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01806
|
epss-score: 0.01806
|
||||||
epss-percentile: 0.87908
|
epss-percentile: 0.87868
|
||||||
cpe: cpe:2.3:a:joelrowley:com_simpledownload:0.9.5:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:joelrowley:com_simpledownload:0.9.5:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-2507
|
cve-id: CVE-2010-2507
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01671
|
epss-score: 0.01671
|
||||||
epss-percentile: 0.87414
|
epss-percentile: 0.87378
|
||||||
cpe: cpe:2.3:a:masselink:com_picasa2gallery:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:masselink:com_picasa2gallery:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -11,14 +11,13 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-2680
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-2680
|
||||||
- http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt
|
- http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59796
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59796
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
||||||
cvss-score: 6.8
|
cvss-score: 6.8
|
||||||
cve-id: CVE-2010-2680
|
cve-id: CVE-2010-2680
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00826
|
epss-score: 0.00826
|
||||||
epss-percentile: 0.81631
|
epss-percentile: 0.80059
|
||||||
cpe: cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -11,14 +11,13 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-2920
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-2920
|
||||||
- http://www.vupen.com/english/advisories/2010/1844
|
- http://www.vupen.com/english/advisories/2010/1844
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57660
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57660
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
|
||||||
cvss-score: 6.8
|
cvss-score: 6.8
|
||||||
cve-id: CVE-2010-2920
|
cve-id: CVE-2010-2920
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.03527
|
epss-score: 0.03527
|
||||||
epss-percentile: 0.91392
|
epss-percentile: 0.90637
|
||||||
cpe: cpe:2.3:a:foobla:com_foobla_suggestions:1.5.1.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:foobla:com_foobla_suggestions:1.5.1.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2010-3426
|
cve-id: CVE-2010-3426
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00826
|
epss-score: 0.00826
|
||||||
epss-percentile: 0.81631
|
epss-percentile: 0.81565
|
||||||
cpe: cpe:2.3:a:4you-studio:com_jphone:1.0:alpha3:*:*:*:*:*:*
|
cpe: cpe:2.3:a:4you-studio:com_jphone:1.0:alpha3:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -11,14 +11,13 @@ info:
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/15585
|
- https://www.exploit-db.com/exploits/15585
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-4769
|
- https://nvd.nist.gov/vuln/detail/CVE-2010-4769
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
|
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2010-4769
|
cve-id: CVE-2010-4769
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.22222
|
epss-score: 0.00826
|
||||||
epss-percentile: 0.96389
|
epss-percentile: 0.80059
|
||||||
cpe: cpe:2.3:a:janguo:com_jimtawl:1.0.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:janguo:com_jimtawl:1.0.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -19,8 +19,8 @@ info:
|
||||||
cvss-score: 5
|
cvss-score: 5
|
||||||
cve-id: CVE-2011-0049
|
cve-id: CVE-2011-0049
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.8814
|
epss-score: 0.96615
|
||||||
epss-percentile: 0.98619
|
epss-percentile: 0.99548
|
||||||
cpe: cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -21,7 +21,7 @@ info:
|
||||||
cve-id: CVE-2011-2780
|
cve-id: CVE-2011-2780
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.03327
|
epss-score: 0.03327
|
||||||
epss-percentile: 0.91171
|
epss-percentile: 0.91127
|
||||||
cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -18,7 +18,7 @@ info:
|
||||||
cve-id: CVE-2011-4336
|
cve-id: CVE-2011-4336
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00255
|
epss-score: 0.00255
|
||||||
epss-percentile: 0.6488
|
epss-percentile: 0.64746
|
||||||
cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -20,15 +20,16 @@ info:
|
||||||
cve-id: CVE-2011-4624
|
cve-id: CVE-2011-4624
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00431
|
epss-score: 0.00431
|
||||||
epss-percentile: 0.7409
|
epss-percentile: 0.74018
|
||||||
cpe: cpe:2.3:a:codeasily:grand_flagallery:*:*:*:*:*:wordpress:*:*
|
cpe: cpe:2.3:a:codeasily:grand_flagallery:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: codeasily
|
vendor: codeasily
|
||||||
product: "grand_flagallery"
|
product: grand_flagallery
|
||||||
framework: wordpress
|
framework: wordpress
|
||||||
google-query: "inurl:\"/wp-content/plugins/flash-album-gallery\""
|
google-query: inurl:"/wp-content/plugins/flash-album-gallery"
|
||||||
tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily
|
tags: cve,cve2011,wordpress,xss,wp-plugin,codeasily
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -14,13 +14,11 @@ info:
|
||||||
cvss-score: 4
|
cvss-score: 4
|
||||||
cve-id: CVE-2011-4640
|
cve-id: CVE-2011-4640
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.02569
|
cpe: cpe:2.3:a:spamtitan:spamtitan:*:*:*:*:*:*:*:*
|
||||||
epss-percentile: 0.90017
|
|
||||||
cpe: cpe:2.3:a:spamtitan:webtitan:*:*:*:*:*:*:*:*
|
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 3
|
max-request: 3
|
||||||
|
product: spamtitan
|
||||||
vendor: spamtitan
|
vendor: spamtitan
|
||||||
product: webtitan
|
|
||||||
shodan-query: title:"WebTitan"
|
shodan-query: title:"WebTitan"
|
||||||
tags: cve,cve2011,lfi,spamtitan,webtitan,authenticated
|
tags: cve,cve2011,lfi,spamtitan,webtitan,authenticated
|
||||||
|
|
||||||
|
|
|
@ -21,14 +21,15 @@ info:
|
||||||
cve-id: CVE-2011-4926
|
cve-id: CVE-2011-4926
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.01792
|
epss-score: 0.01792
|
||||||
epss-percentile: 0.87857
|
epss-percentile: 0.86796
|
||||||
cpe: cpe:2.3:a:bueltge:adminimize:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:bueltge:adminimize:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: bueltge
|
vendor: bueltge
|
||||||
product: adminimize
|
product: adminimize
|
||||||
google-query: "inurl:\"/wp-content/plugins/adminimize/\""
|
google-query: inurl:"/wp-content/plugins/adminimize/"
|
||||||
tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge
|
tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -19,15 +19,16 @@ info:
|
||||||
cvss-score: 4.3
|
cvss-score: 4.3
|
||||||
cve-id: CVE-2011-5107
|
cve-id: CVE-2011-5107
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00231
|
epss-score: 0.00232
|
||||||
epss-percentile: 0.6067
|
epss-percentile: 0.6058
|
||||||
cpe: cpe:2.3:a:wordpress:alert_before_you_post:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:wordpress:alert_before_you_post:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: wordpress
|
vendor: wordpress
|
||||||
product: "alert_before_you_post"
|
product: alert_before_you_post
|
||||||
google-query: "inurl:\"/wp-content/plugins/alert-before-your-post\""
|
google-query: inurl:"/wp-content/plugins/alert-before-your-post"
|
||||||
tags: cve,cve2011,wordpress,xss,wp-plugin
|
tags: cve,cve2011,wordpress,xss,wp-plugin
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -22,11 +22,12 @@ info:
|
||||||
epss-percentile: 0.61346
|
epss-percentile: 0.61346
|
||||||
cpe: cpe:2.3:a:skysa:skysa_app_bar_integration_plugin:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:skysa:skysa_app_bar_integration_plugin:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: skysa
|
vendor: skysa
|
||||||
product: "skysa_app_bar_integration_plugin"
|
product: skysa_app_bar_integration_plugin
|
||||||
google-query: "inurl:\"/wp-content/plugins/skysa-official/\""
|
google-query: inurl:"/wp-content/plugins/skysa-official/"
|
||||||
tags: cve,cve2011,wordpress,xss,wp-plugin,skysa
|
tags: cve,cve2011,wordpress,xss,wp-plugin,skysa
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -22,11 +22,12 @@ info:
|
||||||
epss-percentile: 0.71803
|
epss-percentile: 0.71803
|
||||||
cpe: cpe:2.3:a:clickdesk:clickdesk_live_support-live_chat_plugin:2.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:clickdesk:clickdesk_live_support-live_chat_plugin:2.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: clickdesk
|
vendor: clickdesk
|
||||||
product: "clickdesk_live_support-live_chat_plugin"
|
product: clickdesk_live_support-live_chat_plugin
|
||||||
google-query: "inurl:\"/wp-content/plugins/clickdesk-live-support-chat/\""
|
google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/"
|
||||||
tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk
|
tags: cve2011,cve,wordpress,xss,wp-plugin,clickdesk
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -23,11 +23,12 @@ info:
|
||||||
epss-percentile: 0.75288
|
epss-percentile: 0.75288
|
||||||
cpe: cpe:2.3:a:featurific_for_wordpress_project:featurific-for-wordpress:1.6.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:featurific_for_wordpress_project:featurific-for-wordpress:1.6.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: "featurific_for_wordpress_project"
|
vendor: featurific_for_wordpress_project
|
||||||
product: "featurific-for-wordpress"
|
product: featurific-for-wordpress
|
||||||
google-query: "inurl:\"/wp-content/plugins/featurific-for-wordpress\""
|
google-query: inurl:"/wp-content/plugins/featurific-for-wordpress"
|
||||||
tags: cve2011,cve,wordpress,xss,wp-plugin,featurific_for_wordpress_project
|
tags: cve2011,cve,wordpress,xss,wp-plugin,featurific_for_wordpress_project
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -20,7 +20,7 @@ info:
|
||||||
cve-id: CVE-2012-0392
|
cve-id: CVE-2012-0392
|
||||||
cwe-id: NVD-CWE-noinfo
|
cwe-id: NVD-CWE-noinfo
|
||||||
epss-score: 0.9496
|
epss-score: 0.9496
|
||||||
epss-percentile: 0.99258
|
epss-percentile: 0.99239
|
||||||
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -14,21 +14,21 @@ info:
|
||||||
- http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt
|
- http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt
|
||||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72271
|
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72271
|
||||||
- https://github.com/ARPSyndicate/kenzer-templates
|
- https://github.com/ARPSyndicate/kenzer-templates
|
||||||
- https://github.com/d4n-sec/d4n-sec.github.io
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
|
cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
|
||||||
cvss-score: 4.3
|
cvss-score: 4.3
|
||||||
cve-id: CVE-2012-0901
|
cve-id: CVE-2012-0901
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00223
|
epss-score: 0.00216
|
||||||
epss-percentile: 0.60018
|
epss-percentile: 0.59612
|
||||||
cpe: cpe:2.3:a:attenzione:yousaytoo:1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:attenzione:yousaytoo:1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: attenzione
|
vendor: attenzione
|
||||||
product: yousaytoo
|
product: yousaytoo
|
||||||
google-query: "inurl:\"/wp-content/plugins/yousaytoo-auto-publishing-plugin\""
|
google-query: inurl:"/wp-content/plugins/yousaytoo-auto-publishing-plugin"
|
||||||
tags: cve,cve2012,wp-plugin,packetstorm,wordpress,xss,attenzione
|
tags: cve,cve2012,wp-plugin,packetstorm,wordpress,xss,attenzione
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -20,8 +20,8 @@ info:
|
||||||
cvss-score: 3.5
|
cvss-score: 3.5
|
||||||
cve-id: CVE-2012-0991
|
cve-id: CVE-2012-0991
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.72743
|
epss-score: 0.81788
|
||||||
epss-percentile: 0.98029
|
epss-percentile: 0.98116
|
||||||
cpe: cpe:2.3:a:openemr:openemr:4.1.0:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:openemr:openemr:4.1.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -19,14 +19,15 @@ info:
|
||||||
cve-id: CVE-2012-1835
|
cve-id: CVE-2012-1835
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.01124
|
epss-score: 0.01124
|
||||||
epss-percentile: 0.84355
|
epss-percentile: 0.84313
|
||||||
cpe: cpe:2.3:a:timely:all-in-one_event_calendar:1.4:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:timely:all-in-one_event_calendar:1.4:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: timely
|
vendor: timely
|
||||||
product: "all-in-one_event_calendar"
|
product: all-in-one_event_calendar
|
||||||
google-query: "inurl:\"/wp-content/plugins/all-in-one-event-calendar\""
|
google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar"
|
||||||
tags: cve,cve2012,wordpress,xss,wp-plugin,timely
|
tags: cve,cve2012,wordpress,xss,wp-plugin,timely
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -24,10 +24,11 @@ info:
|
||||||
epss-percentile: 0.85828
|
epss-percentile: 0.85828
|
||||||
cpe: cpe:2.3:a:mnt-tech:wp-facethumb:0.1:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:mnt-tech:wp-facethumb:0.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: "mnt-tech"
|
vendor: mnt-tech
|
||||||
product: "wp-facethumb"
|
product: wp-facethumb
|
||||||
tags: cve,cve2012,packetstorm,wordpress,xss,wp-plugin,mnt-tech
|
tags: cve,cve2012,packetstorm,wordpress,xss,wp-plugin,mnt-tech
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -21,8 +21,8 @@ info:
|
||||||
cvss-score: 5.8
|
cvss-score: 5.8
|
||||||
cve-id: CVE-2012-4032
|
cve-id: CVE-2012-4032
|
||||||
cwe-id: CWE-20
|
cwe-id: CWE-20
|
||||||
epss-score: 0.00842
|
epss-score: 0.00951
|
||||||
epss-percentile: 0.818
|
epss-percentile: 0.81499
|
||||||
cpe: cpe:2.3:a:websitepanel:websitepanel:*:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:websitepanel:websitepanel:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
|
|
|
@ -21,10 +21,11 @@ info:
|
||||||
epss-percentile: 0.59546
|
epss-percentile: 0.59546
|
||||||
cpe: cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:0.9.2:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:0.9.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 1
|
||||||
vendor: "mf_gig_calendar_project"
|
vendor: mf_gig_calendar_project
|
||||||
product: "mf_gig_calendar"
|
product: mf_gig_calendar
|
||||||
tags: cve,cve2012,wordpress,xss,wp-plugin,mf_gig_calendar_project
|
tags: cve,cve2012,wordpress,xss,wp-plugin,mf_gig_calendar_project
|
||||||
|
|
||||||
flow: http(1) && http(2)
|
flow: http(1) && http(2)
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -21,13 +21,13 @@ info:
|
||||||
cve-id: CVE-2012-4253
|
cve-id: CVE-2012-4253
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.0179
|
epss-score: 0.0179
|
||||||
epss-percentile: 0.87848
|
epss-percentile: 0.87805
|
||||||
cpe: cpe:2.3:a:mysqldumper:mysqldumper:1.24.4:*:*:*:*:*:*:*
|
cpe: cpe:2.3:a:mysqldumper:mysqldumper:1.24.4:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: mysqldumper
|
vendor: mysqldumper
|
||||||
product: mysqldumper
|
product: mysqldumper
|
||||||
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper,xss
|
tags: cve2012,cve,packetstorm,lfi,edb,mysqldumper
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue