daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-12
ghost 2024-10-22 08:51:02 +00:00
parent 3ba106c208
commit 6334346758
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2295,6 +2295,7 @@
{"ID":"CVE-2023-40504","Info":{"Name":"LG Simple Editor \u003c= v3.21.0 - Command Injection","Severity":"critical","Description":"LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-40504.yaml"}
{"ID":"CVE-2023-40749","Info":{"Name":"PHPJabbers Food Delivery Script v3.0 - SQL Injection","Severity":"critical","Description":"PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the \"column\" parameter of index.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-40749.yaml"}
{"ID":"CVE-2023-40750","Info":{"Name":"PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in the \"action\" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40750.yaml"}
{"ID":"CVE-2023-40755","Info":{"Name":"PHPJabbers Callback Widget v1.0 - Cross-Site Scripting","Severity":"medium","Description":"There is a Cross Site Scripting (XSS) vulnerability in the \"theme\" parameter of preview.php in PHPJabbers Callback Widget v1.0.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40755.yaml"}
{"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"}
{"ID":"CVE-2023-4110","Info":{"Name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4110.yaml"}
{"ID":"CVE-2023-41109","Info":{"Name":"SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway - Command Injection","Severity":"critical","Description":"The SmartNode SN200 Analog Telephone Adapter (ATA) \u0026 VoIP Gateway is vulnerable to command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41109.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
0f6d0bd7b4ac6a609cd9ffc5769d50a7
d00101c2afe2922d27964e24564f8d15