Auto Generated cves.json [Fri Mar 17 17:15:13 UTC 2023] 🤖
GitHub Action
parent
6388e9de4d
commit
663c30267a
86
cves.json
86
cves.json
|
|
@ -253,10 +253,10 @@
|
|||
{"ID":"CVE-2015-2068","Info":{"Name":"Magento Server Mass Importer - Cross-Site Scripting","Severity":"medium","Description":"Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2068.yaml"}
|
||||
{"ID":"CVE-2015-2080","Info":{"Name":"Eclipse Jetty \u003c9.2.9.v20150224 - Sensitive Information Leakage","Severity":"high","Description":"Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-2080.yaml"}
|
||||
{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"high","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2166.yaml"}
|
||||
{"ID":"CVE-2015-2755","Info":{"Name":"AB Google Map Travel (AB-MAP) Wordpress Plugin \u003c=3.4 - Stored XSS","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2755.yaml"}
|
||||
{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-2755.yaml"}
|
||||
{"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2807.yaml"}
|
||||
{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"low","Description":"Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-2863.yaml"}
|
||||
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Disclosure","Severity":"high","Description":"Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-2996.yaml"}
|
||||
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-2996.yaml"}
|
||||
{"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2015/CVE-2015-3035.yaml"}
|
||||
{"ID":"CVE-2015-3224","Info":{"Name":"Ruby on Rails Web Console - Remote Code Execution","Severity":"critical","Description":"Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-3224.yaml"}
|
||||
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"high","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-3306.yaml"}
|
||||
|
|
@ -264,8 +264,8 @@
|
|||
{"ID":"CVE-2015-3648","Info":{"Name":"ResourceSpace - Local File inclusion","Severity":"high","Description":"ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-3648.yaml"}
|
||||
{"ID":"CVE-2015-3897","Info":{"Name":"Bonita BPM Portal \u003c6.5.3 - Local File Inclusion","Severity":"high","Description":"Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-3897.yaml"}
|
||||
{"ID":"CVE-2015-4050","Info":{"Name":"Symfony - Authentication Bypass","Severity":"high","Description":"Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4050.yaml"}
|
||||
{"ID":"CVE-2015-4062","Info":{"Name":"NewStatPress 0.9.8 - SQL Injection","Severity":"critical","Description":"The NewStatPress WordPress plugin was affected by SQL Injection security vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2015/CVE-2015-4062.yaml"}
|
||||
{"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress 0.9.8 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4063.yaml"}
|
||||
{"ID":"CVE-2015-4062","Info":{"Name":"WordPress NewStatPress 0.9.8 - SQL Injection","Severity":"critical","Description":"WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2015/CVE-2015-4062.yaml"}
|
||||
{"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress \u003c0.9.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2015/CVE-2015-4063.yaml"}
|
||||
{"ID":"CVE-2015-4074","Info":{"Name":"Joomla! Helpdesk Pro plugin \u003c1.4.0 - Local File Inclusion","Severity":"high","Description":"Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-4074.yaml"}
|
||||
{"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4127.yaml"}
|
||||
{"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"high","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-4414.yaml"}
|
||||
|
|
@ -291,7 +291,7 @@
|
|||
{"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-8349.yaml"}
|
||||
{"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"cves/2015/CVE-2015-8399.yaml"}
|
||||
{"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"cves/2015/CVE-2015-8813.yaml"}
|
||||
{"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c= 1.0.4 - Cross Site Scripting","Severity":"medium","Description":"The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nsp_search.php’ several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9312.yaml"}
|
||||
{"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c= 1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nsp_search.php’ several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9312.yaml"}
|
||||
{"ID":"CVE-2015-9414","Info":{"Name":"WordPress Symposium \u003c=15.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9414.yaml"}
|
||||
{"ID":"CVE-2015-9480","Info":{"Name":"WordPress RobotCPA 5 - Directory Traversal","Severity":"high","Description":"The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-9480.yaml"}
|
||||
{"ID":"CVE-2016-0957","Info":{"Name":"Adobe AEM Dispatcher \u003c4.15 - Rules Bypass","Severity":"high","Description":"Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2016/CVE-2016-0957.yaml"}
|
||||
|
|
@ -375,7 +375,7 @@
|
|||
{"ID":"CVE-2017-14524","Info":{"Name":"OpenText Documentum Administrator 7.2.0180.0055 - Open redirect","Severity":"medium","Description":"Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-14524.yaml"}
|
||||
{"ID":"CVE-2017-14535","Info":{"Name":"Trixbox - 2.8.0.4 OS Command Injection","Severity":"high","Description":"Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2017/CVE-2017-14535.yaml"}
|
||||
{"ID":"CVE-2017-14537","Info":{"Name":"Trixbox 2.8.0 - Path Traversal","Severity":"medium","Description":"Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2017/CVE-2017-14537.yaml"}
|
||||
{"ID":"CVE-2017-14622","Info":{"Name":"2kb Amazon Affiliates Store plugin \u003c 2.1.1 - Reflected Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-14622.yaml"}
|
||||
{"ID":"CVE-2017-14622","Info":{"Name":"WordPress 2kb Amazon Affiliates Store \u003c2.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-14622.yaml"}
|
||||
{"ID":"CVE-2017-14651","Info":{"Name":"WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.","Classification":{"CVSSScore":"4.8"}},"file_path":"cves/2017/CVE-2017-14651.yaml"}
|
||||
{"ID":"CVE-2017-14849","Info":{"Name":"Node.js \u003c8.6.0 - Directory Traversal","Severity":"high","Description":"Node.js before 8.6.0 allows remote attackers to access unintended files because a change to \"..\" handling is incompatible with the pathname validation used by unspecified community modules.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-14849.yaml"}
|
||||
{"ID":"CVE-2017-15287","Info":{"Name":"Dreambox WebControl 2.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the \"Name des Bouquets\" field, or the file parameter to the /file URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-15287.yaml"}
|
||||
|
|
@ -479,7 +479,7 @@
|
|||
{"ID":"CVE-2018-16059","Info":{"Name":"WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion","Severity":"medium","Description":"WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2018/CVE-2018-16059.yaml"}
|
||||
{"ID":"CVE-2018-16133","Info":{"Name":"Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion","Severity":"medium","Description":"Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2018/CVE-2018-16133.yaml"}
|
||||
{"ID":"CVE-2018-16139","Info":{"Name":"BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting","Severity":"medium","Description":"BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-16139.yaml"}
|
||||
{"ID":"CVE-2018-16159","Info":{"Name":"Gift Voucher \u003c 4.1.8 - Unauthenticated Blind SQL Injection","Severity":"critical","Description":"The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16159.yaml"}
|
||||
{"ID":"CVE-2018-16159","Info":{"Name":"WordPress Gift Voucher \u003c4.1.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16159.yaml"}
|
||||
{"ID":"CVE-2018-16167","Info":{"Name":"LogonTracer \u003c=1.2.0 - Remote Command Injection","Severity":"critical","Description":"LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16167.yaml"}
|
||||
{"ID":"CVE-2018-16283","Info":{"Name":"WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion","Severity":"critical","Description":"WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-16283.yaml"}
|
||||
{"ID":"CVE-2018-16288","Info":{"Name":"LG SuperSign EZ CMS 2.5 - Local File Inclusion","Severity":"high","Description":"LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2018/CVE-2018-16288.yaml"}
|
||||
|
|
@ -546,7 +546,7 @@
|
|||
{"ID":"CVE-2018-5316","Info":{"Name":"WordPress SagePay Server Gateway for WooCommerce \u003c1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-5316.yaml"}
|
||||
{"ID":"CVE-2018-5715","Info":{"Name":"SugarCRM 3.5.1 - Cross-Site Scripting","Severity":"medium","Description":"SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-5715.yaml"}
|
||||
{"ID":"CVE-2018-6008","Info":{"Name":"Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion","Severity":"high","Description":"Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-6008.yaml"}
|
||||
{"ID":"CVE-2018-6184","Info":{"Name":"ZEIT Next.js Framework Path Traversal","Severity":"high","Description":"ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-6184.yaml"}
|
||||
{"ID":"CVE-2018-6184","Info":{"Name":"Zeit Next.js \u003c4.2.3 - Local File Inclusion","Severity":"high","Description":"Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-6184.yaml"}
|
||||
{"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-6200.yaml"}
|
||||
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-6910.yaml"}
|
||||
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-7251.yaml"}
|
||||
|
|
@ -677,7 +677,7 @@
|
|||
{"ID":"CVE-2019-3929","Info":{"Name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","Severity":"critical","Description":"The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-3929.yaml"}
|
||||
{"ID":"CVE-2019-5127","Info":{"Name":"YouPHPTube Encoder 2.3 - Remote Command Injection","Severity":"critical","Description":"YouPHPTube Encoder 2.3 is susceptible to a command injection vulnerability which could allow an attacker to compromise the server. These exploitable unauthenticated command injections exist via the parameter base64Url in /objects/getImage.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5127.yaml"}
|
||||
{"ID":"CVE-2019-5418","Info":{"Name":"Rails File Content Disclosure","Severity":"high","Description":"Rails \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-5418.yaml"}
|
||||
{"ID":"CVE-2019-5434","Info":{"Name":"Revive Adserver 4.2 - Remote Code Execution","Severity":"critical","Description":"An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5434.yaml"}
|
||||
{"ID":"CVE-2019-5434","Info":{"Name":"Revive Adserver 4.2 - Remote Code Execution","Severity":"critical","Description":"Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the \"what\" parameter in the \"openads.spc\" RPC method. This can be exploited to perform various types of attacks, e.g. serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third-party websites.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-5434.yaml"}
|
||||
{"ID":"CVE-2019-6112","Info":{"Name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-6112.yaml"}
|
||||
{"ID":"CVE-2019-6340","Info":{"Name":"Drupal - Remote Code Execution","Severity":"high","Description":"Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases.","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2019/CVE-2019-6340.yaml"}
|
||||
{"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-6715.yaml"}
|
||||
|
|
@ -768,7 +768,7 @@
|
|||
{"ID":"CVE-2020-15500","Info":{"Name":"TileServer GL \u003c=3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-15500.yaml"}
|
||||
{"ID":"CVE-2020-15505","Info":{"Name":"MobileIron Core \u0026 Connector \u003c= v10.6 \u0026 Sentry \u003c= v9.8 - Remote Code Execution","Severity":"critical","Description":"A remote code execution vulnerability in MobileIron Core \u0026 Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15505.yaml"}
|
||||
{"ID":"CVE-2020-15568","Info":{"Name":"TerraMaster TOS \u003c.1.29 - Remote Code Execution","Severity":"critical","Description":"TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15568.yaml"}
|
||||
{"ID":"CVE-2020-15895","Info":{"Name":"D-Link DIR-816L - Cross Site Scripting","Severity":"medium","Description":"An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-15895.yaml"}
|
||||
{"ID":"CVE-2020-15895","Info":{"Name":"D-Link DIR-816L 2.x - Cross-Site Scripting","Severity":"medium","Description":"D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2020/CVE-2020-15895.yaml"}
|
||||
{"ID":"CVE-2020-15920","Info":{"Name":"Mida eFramework \u003c=2.9.0 - Remote Command Execution","Severity":"critical","Description":"Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-15920.yaml"}
|
||||
{"ID":"CVE-2020-16139","Info":{"Name":"Cisco Unified IP Conference Station 7937G - Denial-of-Service","Severity":"high","Description":"Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2020/CVE-2020-16139.yaml"}
|
||||
{"ID":"CVE-2020-16846","Info":{"Name":"SaltStack \u003c=3002 - Shell Injection","Severity":"critical","Description":"SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2020/CVE-2020-16846.yaml"}
|
||||
|
|
@ -960,7 +960,7 @@
|
|||
{"ID":"CVE-2021-21234","Info":{"Name":"Spring Boot Actuator Logview Directory Traversal","Severity":"high","Description":"spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package \"eu.hinsch:spring-boot-actuator-logview\".\n","Classification":{"CVSSScore":"7.7"}},"file_path":"cves/2021/CVE-2021-21234.yaml"}
|
||||
{"ID":"CVE-2021-21287","Info":{"Name":"MinIO Browser API - Server-Side Request Forgery","Severity":"high","Description":"MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.","Classification":{"CVSSScore":"7.7"}},"file_path":"cves/2021/CVE-2021-21287.yaml"}
|
||||
{"ID":"CVE-2021-21307","Info":{"Name":"Lucee Admin - Remote Code Execution","Severity":"critical","Description":"Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-21307.yaml"}
|
||||
{"ID":"CVE-2021-21311","Info":{"Name":"Adminer \u003c4.7.9 - Server-Side Request Forgery","Severity":"high","Description":"Adminer from version 4.0.0 through 4.7.8 is susceptible to server-side request forgery due to its use of verbose error messages. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-21311.yaml"}
|
||||
{"ID":"CVE-2021-21311","Info":{"Name":"Adminer \u003c4.7.9 - Server-Side Request Forgery","Severity":"high","Description":"Adminer before 4.7.9 is susceptible to server-side request forgery due to exposure of sensitive information in error messages. Users of Adminer versions bundling all drivers, e.g. adminer.php, are affected. An attacker can possibly obtain this information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-21311.yaml"}
|
||||
{"ID":"CVE-2021-21315","Info":{"Name":"Node.JS System Information Library \u003c5.3.1 - Remote Command Injection","Severity":"high","Description":"Node.JS System Information Library System before version 5.3.1 is susceptible to remote command injection. Node.JS (npm package \"systeminformation\") is an open source collection of functions to retrieve detailed hardware, system and OS information.","Classification":{"CVSSScore":"7.8"}},"file_path":"cves/2021/CVE-2021-21315.yaml"}
|
||||
{"ID":"CVE-2021-21389","Info":{"Name":"BuddyPress REST API \u003c7.2.1 - Privilege Escalation/Remote Code Execution","Severity":"high","Description":"WordPress BuddyPress before version 7.2.1 is susceptible to a privilege escalation vulnerability that can be leveraged to perform remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-21389.yaml"}
|
||||
{"ID":"CVE-2021-21402","Info":{"Name":"Jellyfin \u003c10.7.0 - Local File Inclusion","Severity":"medium","Description":"Jellyfin before 10.7.0 is vulnerable to local file inclusion. This issue is more prevalent when Windows is used as the host OS. Servers exposed to public Internet are potentially at risk.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-21402.yaml"}
|
||||
|
|
@ -995,7 +995,7 @@
|
|||
{"ID":"CVE-2021-24150","Info":{"Name":"Like Button Rating \u003c 2.6.32 - Unauthenticated Full-Read SSRF","Severity":"high","Description":"The LikeBtn WordPress plugin was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24150.yaml"}
|
||||
{"ID":"CVE-2021-24155","Info":{"Name":"Backup Guard \u003c 1.6.0 - Authenticated Arbitrary File Upload","Severity":"high","Description":"The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24155.yaml"}
|
||||
{"ID":"CVE-2021-24165","Info":{"Name":"WordPress Ninja Forms \u003c3.4.34 - Open Redirect","Severity":"medium","Description":"WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24165.yaml"}
|
||||
{"ID":"CVE-2021-24169","Info":{"Name":"Advanced Order Export For WooCommerce \u003c 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24169.yaml"}
|
||||
{"ID":"CVE-2021-24169","Info":{"Name":"WordPress Advanced Order Export For WooCommerce \u003c3.1.8 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24169.yaml"}
|
||||
{"ID":"CVE-2021-24176","Info":{"Name":"WordPress JH 404 Logger \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-24176.yaml"}
|
||||
{"ID":"CVE-2021-24210","Info":{"Name":"WordPress PhastPress \u003c1.111 - Open Redirect","Severity":"medium","Description":"WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24210.yaml"}
|
||||
{"ID":"CVE-2021-24214","Info":{"Name":"WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24214.yaml"}
|
||||
|
|
@ -1011,7 +1011,7 @@
|
|||
{"ID":"CVE-2021-24278","Info":{"Name":"WordPress Contact Form 7 \u003c2.3.4 - Arbitrary Nonce Generation","Severity":"high","Description":"WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24278.yaml"}
|
||||
{"ID":"CVE-2021-24284","Info":{"Name":"WordPress Kaswara Modern VC Addons \u003c=3.0.1 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24284.yaml"}
|
||||
{"ID":"CVE-2021-24285","Info":{"Name":"WordPress Car Seller - Auto Classifieds Script - SQL Injection","Severity":"critical","Description":"The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL injection issue.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24285.yaml"}
|
||||
{"ID":"CVE-2021-24287","Info":{"Name":"Select All Categories and Taxonomies \u003c 1.3.2 - Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24287.yaml"}
|
||||
{"ID":"CVE-2021-24287","Info":{"Name":"WordPress Select All Categories and Taxonomies \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24287.yaml"}
|
||||
{"ID":"CVE-2021-24288","Info":{"Name":"WordPress AcyMailing \u003c7.5.0 - Open Redirect","Severity":"medium","Description":"WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24288.yaml"}
|
||||
{"ID":"CVE-2021-24291","Info":{"Name":"WordPress Photo Gallery by 10Web \u003c1.5.69 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action, available to both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24291.yaml"}
|
||||
{"ID":"CVE-2021-24298","Info":{"Name":"WordPress Simple Giveaways \u003c2.36.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24298.yaml"}
|
||||
|
|
@ -1035,18 +1035,18 @@
|
|||
{"ID":"CVE-2021-24498","Info":{"Name":"WordPress Calendar Event Multi View \u003c1.4.01 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24498.yaml"}
|
||||
{"ID":"CVE-2021-24499","Info":{"Name":"WordPress Workreap - Remote Code Execution","Severity":"critical","Description":"WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24499.yaml"}
|
||||
{"ID":"CVE-2021-24510","Info":{"Name":"WordPress MF Gig Calendar \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24510.yaml"}
|
||||
{"ID":"CVE-2021-24554","Info":{"Name":"Paytm - Donation Plugin \u003c= 1.3.2 - Authenticated (admin+) SQL Injection","Severity":"high","Description":"The Paytm Donation Plugin WordPress plugin through 1.3.2 does not sanitise, validate or escape the id GET parameter before using it in a SQL statement when deleting donations, leading to an authenticated SQL injection issue.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24554.yaml"}
|
||||
{"ID":"CVE-2021-24554","Info":{"Name":"WordPress Paytm Donation \u003c=1.3.2 - Authenticated SQL Injection","Severity":"high","Description":"WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24554.yaml"}
|
||||
{"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24746.yaml"}
|
||||
{"ID":"CVE-2021-24750","Info":{"Name":"WordPress Visitor Statistics (Real Time Traffic) \u003c4.8 -SQL Injection","Severity":"high","Description":"WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-24750.yaml"}
|
||||
{"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey\u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24762.yaml"}
|
||||
{"ID":"CVE-2021-24827","Info":{"Name":"WordPress Asgaros Forum \u003c1.15.13 - SQL Injection","Severity":"critical","Description":"WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24827.yaml"}
|
||||
{"ID":"CVE-2021-24838","Info":{"Name":"WordPress AnyComment \u003c0.3.5 - Open Redirect","Severity":"medium","Description":"WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24838.yaml"}
|
||||
{"ID":"CVE-2021-24875","Info":{"Name":"eCommerce Product Catalog for WordPress \u003c 3.0.39 - Reflected Cross-Site Scripting","Severity":"medium","Description":"The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24875.yaml"}
|
||||
{"ID":"CVE-2021-24875","Info":{"Name":"WordPress eCommerce Product Catalog \u003c3.0.39 - Cross-Site Scripting","Severity":"medium","Description":"WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24875.yaml"}
|
||||
{"ID":"CVE-2021-24891","Info":{"Name":"WordPress Elementor Website Builder \u003c3.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24891.yaml"}
|
||||
{"ID":"CVE-2021-24910","Info":{"Name":"WordPress Transposh Translation \u003c1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24910.yaml"}
|
||||
{"ID":"CVE-2021-24917","Info":{"Name":"WPS Hide Login \u003c 1.9.1 - Protection Bypass with Referer-Header","Severity":"high","Description":"The plugin has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24917.yaml"}
|
||||
{"ID":"CVE-2021-24926","Info":{"Name":"WordPress Domain Check \u003c1.0.17 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24926.yaml"}
|
||||
{"ID":"CVE-2021-24931","Info":{"Name":"Secure Copy Content Protection and Content Locking \u003c 2.8.2 - Unauthenticated SQL Injection","Severity":"critical","Description":"The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24931.yaml"}
|
||||
{"ID":"CVE-2021-24931","Info":{"Name":"WordPress Secure Copy Content Protection and Content Locking \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24931.yaml"}
|
||||
{"ID":"CVE-2021-24940","Info":{"Name":"WordPress Persian Woocommerce \u003c=5.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24940.yaml"}
|
||||
{"ID":"CVE-2021-24946","Info":{"Name":"WordPress Modern Events Calendar \u003c6.1.5 - Blind SQL Injection","Severity":"critical","Description":"WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24946.yaml"}
|
||||
{"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-24947.yaml"}
|
||||
|
|
@ -1068,17 +1068,17 @@
|
|||
{"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25104.yaml"}
|
||||
{"ID":"CVE-2021-25111","Info":{"Name":"WordPress English Admin \u003c1.5.2 - Open Redirect","Severity":"medium","Description":"WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin does not validate the admin_custom_language_return_url before redirecting users to it. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.10"}},"file_path":"cves/2021/CVE-2021-25111.yaml"}
|
||||
{"ID":"CVE-2021-25112","Info":{"Name":"WordPress WHMCS Bridge \u003c6.4b - Cross-Site Scripting","Severity":"medium","Description":"WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25112.yaml"}
|
||||
{"ID":"CVE-2021-25114","Info":{"Name":"Paid Memberships Pro \u003c 2.6.7 - Unauthenticated Blind SQL Injection","Severity":"critical","Description":"The plugin does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25114.yaml"}
|
||||
{"ID":"CVE-2021-25114","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.6.7 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.6.7 is susceptible to blind SQL injection. The plugin does not escape the discount_code in one of its REST routes before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25114.yaml"}
|
||||
{"ID":"CVE-2021-25118","Info":{"Name":"Yoast SEO \u003c 17.3 - Path Disclosure","Severity":"medium","Description":"The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-25118.yaml"}
|
||||
{"ID":"CVE-2021-25120","Info":{"Name":"Easy Social Feed \u003c 6.2.7 - Cross-Site Scripting","Severity":"medium","Description":"Easy Social Feed \u003c 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25120.yaml"}
|
||||
{"ID":"CVE-2021-25281","Info":{"Name":"SaltStack Salt \u003c3002.5 - Auth Bypass","Severity":"critical","Description":"SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25281.yaml"}
|
||||
{"ID":"CVE-2021-25296","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25296.yaml"}
|
||||
{"ID":"CVE-2021-25297","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25297.yaml"}
|
||||
{"ID":"CVE-2021-25298","Info":{"Name":"Nagios XI 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25298.yaml"}
|
||||
{"ID":"CVE-2021-25299","Info":{"Name":"Nagios XI 5.7.5 - Cross-Site Scripting","Severity":"medium","Description":"Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25299.yaml"}
|
||||
{"ID":"CVE-2021-25299","Info":{"Name":"Nagios XI 5.7.5 - Cross-Site Scripting","Severity":"medium","Description":"Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with the previous bugs to get one-click remote command execution on the Nagios XI server.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25299.yaml"}
|
||||
{"ID":"CVE-2021-25646","Info":{"Name":"Apache Druid - Remote Code Execution","Severity":"high","Description":"Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25646.yaml"}
|
||||
{"ID":"CVE-2021-25864","Info":{"Name":"Hue Magic 3.0.0 - Local File Inclusion","Severity":"high","Description":"Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-25864.yaml"}
|
||||
{"ID":"CVE-2021-25899","Info":{"Name":"Void Aural Rec Monitor 9.0.0.1 - SQL Injection","Severity":"high","Description":"An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-25899.yaml"}
|
||||
{"ID":"CVE-2021-25899","Info":{"Name":"Void Aural Rec Monitor 9.0.0.1 - SQL Injection","Severity":"high","Description":"Void Aural Rec Monitor 9.0.0.1 contains a SQL injection vulnerability in svc-login.php. An attacker can send a crafted HTTP request to perform a blind time-based SQL injection via the param1 parameter and thus possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-25899.yaml"}
|
||||
{"ID":"CVE-2021-26084","Info":{"Name":"Confluence Server - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG \u003e User Management \u003e User Signup Options.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-26084.yaml"}
|
||||
{"ID":"CVE-2021-26085","Info":{"Name":"Atlassian Confluence Server - Local File Inclusion","Severity":"medium","Description":"Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-26085.yaml"}
|
||||
{"ID":"CVE-2021-26086","Info":{"Name":"Atlassian Jira Limited - Local File Inclusion","Severity":"medium","Description":"Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-26086.yaml"}
|
||||
|
|
@ -1097,7 +1097,7 @@
|
|||
{"ID":"CVE-2021-27330","Info":{"Name":"Triconsole Datepicker Calendar \u003c3.77 - Cross-Site Scripting","Severity":"medium","Description":"Triconsole Datepicker Calendar before 3.77 contains a cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-27330.yaml"}
|
||||
{"ID":"CVE-2021-27358","Info":{"Name":"Grafana Unauthenticated Snapshot Creation","Severity":"high","Description":"Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-27358.yaml"}
|
||||
{"ID":"CVE-2021-27519","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability which allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-27519.yaml"}
|
||||
{"ID":"CVE-2021-27520","Info":{"Name":"FUDForum 3.1.0 - Cross Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-27520.yaml"}
|
||||
{"ID":"CVE-2021-27520","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-27520.yaml"}
|
||||
{"ID":"CVE-2021-27561","Info":{"Name":"YeaLink DM 3.6.0.20 - Remote Command Injection","Severity":"critical","Description":"Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-27561.yaml"}
|
||||
{"ID":"CVE-2021-27651","Info":{"Name":"Pega Infinity - Authentication Bypass","Severity":"critical","Description":"Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-27651.yaml"}
|
||||
{"ID":"CVE-2021-27748","Info":{"Name":"IBM WebSphere HCL Digital Experience - Server-Side Request Forgery","Severity":"high","Description":"IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-27748.yaml"}
|
||||
|
|
@ -1126,7 +1126,7 @@
|
|||
{"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3002.yaml"}
|
||||
{"ID":"CVE-2021-30049","Info":{"Name":"SysAid Technologies 20.3.64 b14 - Cross-Site Scripting","Severity":"medium","Description":"SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30049.yaml"}
|
||||
{"ID":"CVE-2021-30128","Info":{"Name":"Apache OFBiz \u003c17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-30128.yaml"}
|
||||
{"ID":"CVE-2021-30134","Info":{"Name":"php-mod/curl Library - Cross-Site Scripting","Severity":"medium","Description":"php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30134.yaml"}
|
||||
{"ID":"CVE-2021-30134","Info":{"Name":"Php-mod/curl Library \u003c2.3.2 - Cross-Site Scripting","Severity":"medium","Description":"Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30134.yaml"}
|
||||
{"ID":"CVE-2021-30151","Info":{"Name":"Sidekiq \u003c=6.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30151.yaml"}
|
||||
{"ID":"CVE-2021-3017","Info":{"Name":"Intelbras WIN 300/WRN 342 - Credentials Disclosure","Severity":"high","Description":"Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3017.yaml"}
|
||||
{"ID":"CVE-2021-3019","Info":{"Name":"ffay lanproxy Directory Traversal","Severity":"high","Description":"ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3019.yaml"}
|
||||
|
|
@ -1189,7 +1189,7 @@
|
|||
{"ID":"CVE-2021-36380","Info":{"Name":"Sunhillo SureLine \u003c8.7.0.1.1 - Unauthenticated OS Command Injection","Severity":"critical","Description":"Sunhillo SureLine \u003c8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-36380.yaml"}
|
||||
{"ID":"CVE-2021-36450","Info":{"Name":"Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting","Severity":"medium","Description":"Verint Workforce Optimization 15.2.8.10048 contains a cross-site scripting vulnerability via the control/my_notifications NEWUINAV parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-36450.yaml"}
|
||||
{"ID":"CVE-2021-3654","Info":{"Name":"Nova noVNC - Open Redirect","Severity":"medium","Description":"Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3654.yaml"}
|
||||
{"ID":"CVE-2021-36580","Info":{"Name":"IceWarp Open Redirect","Severity":"medium","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-36580.yaml"}
|
||||
{"ID":"CVE-2021-36580","Info":{"Name":"IceWarp Mail Server - Open Redirect","Severity":"medium","Description":"IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-36580.yaml"}
|
||||
{"ID":"CVE-2021-36748","Info":{"Name":"PrestaHome Blog for PrestaShop \u003c1.7.8 - SQL Injection","Severity":"high","Description":"PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection (blind) via the sb_category parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-36748.yaml"}
|
||||
{"ID":"CVE-2021-36749","Info":{"Name":"Apache Druid - Local File Inclusion","Severity":"medium","Description":"Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-36749.yaml"}
|
||||
{"ID":"CVE-2021-36873","Info":{"Name":"WordPress iQ Block Country \u003c=1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-36873.yaml"}
|
||||
|
|
@ -1348,9 +1348,9 @@
|
|||
{"ID":"CVE-2022-0678","Info":{"Name":"Packagist \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0678.yaml"}
|
||||
{"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0679.yaml"}
|
||||
{"ID":"CVE-2022-0692","Info":{"Name":"Rudloff alltube prior to 3.0.1 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-0692.yaml"}
|
||||
{"ID":"CVE-2022-0693","Info":{"Name":"Master Elements \u003c= 8.0 - Unauthenticated SQLi","Severity":"critical","Description":"The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0693.yaml"}
|
||||
{"ID":"CVE-2022-0693","Info":{"Name":"WordPress Master Elements \u003c=8.0 - SQL Injection","Severity":"critical","Description":"WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0693.yaml"}
|
||||
{"ID":"CVE-2022-0735","Info":{"Name":"GitLab CE/EE - Runner Registration Token Disclosure","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0735.yaml"}
|
||||
{"ID":"CVE-2022-0760","Info":{"Name":"Simple Link Directory \u003c 7.7.2 - Unauthenticated SQL injection","Severity":"critical","Description":"The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0760.yaml"}
|
||||
{"ID":"CVE-2022-0760","Info":{"Name":"WordPress Simple Link Directory \u003c7.7.2 - SQL injection","Severity":"critical","Description":"WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0760.yaml"}
|
||||
{"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"high","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-0776.yaml"}
|
||||
{"ID":"CVE-2022-0781","Info":{"Name":"WordPress Nirweb Support \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0781.yaml"}
|
||||
{"ID":"CVE-2022-0784","Info":{"Name":"WordPress Title Experiments Free \u003c9.0.1 - SQL Injection","Severity":"critical","Description":"WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0784.yaml"}
|
||||
|
|
@ -1365,13 +1365,13 @@
|
|||
{"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c= 1.0.9 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0885.yaml"}
|
||||
{"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0928.yaml"}
|
||||
{"ID":"CVE-2022-0948","Info":{"Name":"WordPress Order Listener for WooCommerce \u003c3.2.2 - SQL Injection","Severity":"critical","Description":"WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0948.yaml"}
|
||||
{"ID":"CVE-2022-0949","Info":{"Name":"WP Block and Stop Bad Bots \u003c 6.930 - Unauthenticated SQLi","Severity":"critical","Description":"The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0949.yaml"}
|
||||
{"ID":"CVE-2022-0949","Info":{"Name":"WordPress Stop Bad Bots \u003c6.930 - SQL Injection","Severity":"critical","Description":"WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0949.yaml"}
|
||||
{"ID":"CVE-2022-0952","Info":{"Name":"Sitemap by click5 \u003c 1.0.36 - Unauthenticated Arbitrary Options Update","Severity":"high","Description":"The plugin does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-0952.yaml"}
|
||||
{"ID":"CVE-2022-0954","Info":{"Name":"Microweber \u003c1.2.11 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber before 1.2.1 contains multiple stored cross-site scripting vulnerabilities in Shop's Other Settings, Autorespond E-mail Settings, and Payment Methods.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0954.yaml"}
|
||||
{"ID":"CVE-2022-0963","Info":{"Name":"Microweber \u003c1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0963.yaml"}
|
||||
{"ID":"CVE-2022-0968","Info":{"Name":"Microweber \u003c 1.2.12 - Integer Overflow (DOS)","Severity":"medium","Description":"The microweber application allows large characters to insert in the input field \"first \u0026 last name\" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. The first name \u0026 last name input should be limited to 50 characters or max 100 characters.\n","Classification":{"CVSSScore":"5.5"}},"file_path":"cves/2022/CVE-2022-0968.yaml"}
|
||||
{"ID":"CVE-2022-1007","Info":{"Name":"WordPress Advanced Booking Calendar \u003c1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Advanced Booking Calendar plugin before 1.7.1 contains a cross-site scripting vulnerability. It does not sanitize and escape the room parameter before outputting it back in an admin page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-1007.yaml"}
|
||||
{"ID":"CVE-2022-1013","Info":{"Name":"Personal Dictionary \u003c 1.3.4 - Unauthenticated SQLi","Severity":"critical","Description":"The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1013.yaml"}
|
||||
{"ID":"CVE-2022-1013","Info":{"Name":"WordPress Personal Dictionary \u003c1.3.4 - Blind SQL Injection","Severity":"critical","Description":"WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1013.yaml"}
|
||||
{"ID":"CVE-2022-1020","Info":{"Name":"WordPress WooCommerce \u003c3.1.2 - Arbitrary Function Call","Severity":"critical","Description":"WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or one user controlled argument.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1020.yaml"}
|
||||
{"ID":"CVE-2022-1040","Info":{"Name":"Sophos Firewall \u003c=18.5 MR3 - Remote Code Execution","Severity":"critical","Description":"Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-1040.yaml"}
|
||||
{"ID":"CVE-2022-1054","Info":{"Name":"RSVP and Event Management \u003c 2.7.8 - Unauthenticated Entries Export","Severity":"medium","Description":"The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-1054.yaml"}
|
||||
|
|
@ -1460,7 +1460,7 @@
|
|||
{"ID":"CVE-2022-2546","Info":{"Name":"WordPress All-in-One WP Migration \u003c=7.62 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"cves/2022/CVE-2022-2546.yaml"}
|
||||
{"ID":"CVE-2022-25481","Info":{"Name":"ThinkPHP 5.0.24 - Information Disclosure","Severity":"high","Description":"ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-25481.yaml"}
|
||||
{"ID":"CVE-2022-2551","Info":{"Name":"Duplicator \u003c 1.4.7 - Unauthenticated Backup Download","Severity":"high","Description":"The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-2551.yaml"}
|
||||
{"ID":"CVE-2022-2599","Info":{"Name":"Anti-Malware Security and Brute-Force Firewall \u003c 4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2599.yaml"}
|
||||
{"ID":"CVE-2022-2599","Info":{"Name":"WordPress Anti-Malware Security and Brute-Force Firewall \u003c4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2599.yaml"}
|
||||
{"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26134.yaml"}
|
||||
{"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26138.yaml"}
|
||||
{"ID":"CVE-2022-26148","Info":{"Name":"Grafana \u0026 Zabbix Integration - Credentials Disclosure","Severity":"critical","Description":"Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26148.yaml"}
|
||||
|
|
@ -1482,7 +1482,7 @@
|
|||
{"ID":"CVE-2022-28363","Info":{"Name":"Reprise License Manager 14.2 - Cross-Site Scripting","Severity":"medium","Description":"Reprise License Manager 14.2 contains a reflected cross-site scripting vulnerability in the /goform/login_process 'username' parameter via GET, whereby no authentication is required.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-28363.yaml"}
|
||||
{"ID":"CVE-2022-28365","Info":{"Name":"Reprise License Manager 14.2 - Information Disclosure","Severity":"medium","Description":"Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information. An attacker can possibly obtain further sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-28365.yaml"}
|
||||
{"ID":"CVE-2022-2863","Info":{"Name":"WordPress WPvivid Backup \u003c0.9.76 - Local File Inclusion","Severity":"medium","Description":"WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.","Classification":{"CVSSScore":"4.9"}},"file_path":"cves/2022/CVE-2022-2863.yaml"}
|
||||
{"ID":"CVE-2022-28923","Info":{"Name":"Caddy 2.4.6 Open Redirect","Severity":"medium","Description":"Caddy version 2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-28923.yaml"}
|
||||
{"ID":"CVE-2022-28923","Info":{"Name":"Caddy 2.4.6 - Open Redirect","Severity":"medium","Description":"Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-28923.yaml"}
|
||||
{"ID":"CVE-2022-28955","Info":{"Name":"D-Link DIR-816L - Improper Access Control","Severity":"high","Description":"D-Link DIR-816L_FW206b01 is susceptible to improper access control. An attacker can access folders folder_view.php and category_view.php and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-28955.yaml"}
|
||||
{"ID":"CVE-2022-29004","Info":{"Name":"Diary Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in search-result.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-29004.yaml"}
|
||||
{"ID":"CVE-2022-29005","Info":{"Name":"Online Birth Certificate System 1.2 - Stored Cross-Site Scripting","Severity":"medium","Description":"Online Birth Certificate System 1.2 contains multiple stored cross-site scripting vulnerabilities in the component /obcs/user/profile.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload injected into the fname or lname parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-29005.yaml"}
|
||||
|
|
@ -1565,7 +1565,7 @@
|
|||
{"ID":"CVE-2022-35493","Info":{"Name":"eShop 3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"eShop 3.0.4 contains a reflected cross-site scripting vulnerability in json search parse and json response in wrteam.in.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-35493.yaml"}
|
||||
{"ID":"CVE-2022-3578","Info":{"Name":"WordPress ProfileGrid \u003c5.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-3578.yaml"}
|
||||
{"ID":"CVE-2022-35914","Info":{"Name":"GLPI \u003c=10.0.2 - Remote Command Execution","Severity":"critical","Description":"GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-35914.yaml"}
|
||||
{"ID":"CVE-2022-36446","Info":{"Name":"Webmin - Remote Code Execution (Authenticated)","Severity":"critical","Description":"Webmin before 1.997 is vulnerable to RCE exploits. an authenticated, remote attacker to perform command injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-36446.yaml"}
|
||||
{"ID":"CVE-2022-36446","Info":{"Name":"Webmin \u003c1.997 - Authenticated Remote Code Execution","Severity":"critical","Description":"Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-36446.yaml"}
|
||||
{"ID":"CVE-2022-36537","Info":{"Name":"ZK Framework - Information Disclosure","Severity":"high","Description":"ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-36537.yaml"}
|
||||
{"ID":"CVE-2022-36642","Info":{"Name":"Omnia MPX 1.5.0+r1 - Local File Inclusion","Severity":"critical","Description":"Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-36642.yaml"}
|
||||
{"ID":"CVE-2022-36804","Info":{"Name":"Atlassian Bitbucket Command Injection Vulnerability","Severity":"high","Description":"Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-36804.yaml"}
|
||||
|
|
@ -1581,14 +1581,14 @@
|
|||
{"ID":"CVE-2022-38817","Info":{"Name":"Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control","Severity":"high","Description":"Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38817.yaml"}
|
||||
{"ID":"CVE-2022-38870","Info":{"Name":"Free5gc 3.2.1 - Information Disclosure","Severity":"high","Description":"Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-38870.yaml"}
|
||||
{"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-39195.yaml"}
|
||||
{"ID":"CVE-2022-3934","Info":{"Name":"Flat PM \u003c 3.0.13 - Reflected Cross-Site Scripting","Severity":"medium","Description":"The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3934.yaml"}
|
||||
{"ID":"CVE-2022-3934","Info":{"Name":"WordPress FlatPM \u003c3.0.13 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3934.yaml"}
|
||||
{"ID":"CVE-2022-39952","Info":{"Name":"FortiNAC Unauthenticated Arbitrary File Write","Severity":"critical","Description":"A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-39952.yaml"}
|
||||
{"ID":"CVE-2022-39960","Info":{"Name":"Atlassian Jira addon Netic Group Export \u003c 1.0.3 - Unauthenticated Access","Severity":"medium","Description":"The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-39960.yaml"}
|
||||
{"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"cves/2022/CVE-2022-40083.yaml"}
|
||||
{"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40359.yaml"}
|
||||
{"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4050.yaml"}
|
||||
{"ID":"CVE-2022-4060","Info":{"Name":"User Post Gallery \u003c= 2.19 - Unauthenticated RCE","Severity":"critical","Description":"The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4060.yaml"}
|
||||
{"ID":"CVE-2022-4063","Info":{"Name":"InPost Gallery \u003c 2.1.4.1 - Unauthenticated LFI to RCE","Severity":"critical","Description":"The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files \u0026 URLs, which may enable them to run code on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4063.yaml"}
|
||||
{"ID":"CVE-2022-4063","Info":{"Name":"WordPress InPost Gallery \u003c2.1.4.1 - Local File Inclusion","Severity":"critical","Description":"WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4063.yaml"}
|
||||
{"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-40684.yaml"}
|
||||
{"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-40734.yaml"}
|
||||
{"ID":"CVE-2022-40879","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40879.yaml"}
|
||||
|
|
@ -1601,35 +1601,35 @@
|
|||
{"ID":"CVE-2022-42747","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42747.yaml"}
|
||||
{"ID":"CVE-2022-42748","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42748.yaml"}
|
||||
{"ID":"CVE-2022-42749","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-42749.yaml"}
|
||||
{"ID":"CVE-2022-4301","Info":{"Name":"Sunshine Photo Cart \u003c 2.9.15 - Cross Site Scripting","Severity":"medium","Description":"The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4301.yaml"}
|
||||
{"ID":"CVE-2022-4301","Info":{"Name":"WordPress Sunshine Photo Cart \u003c2.9.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4301.yaml"}
|
||||
{"ID":"CVE-2022-43014","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43014.yaml"}
|
||||
{"ID":"CVE-2022-43015","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43015.yaml"}
|
||||
{"ID":"CVE-2022-43016","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43016.yaml"}
|
||||
{"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43017.yaml"}
|
||||
{"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-43018.yaml"}
|
||||
{"ID":"CVE-2022-4306","Info":{"Name":"Panda Pods Repeater Field \u003c 1.5.4 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-4306.yaml"}
|
||||
{"ID":"CVE-2022-4447","Info":{"Name":"Fontsy \u003c= 1.8.6 - Unauthenticated SQLi","Severity":"critical","Description":"The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4447.yaml"}
|
||||
{"ID":"CVE-2022-4306","Info":{"Name":"WordPress Panda Pods Repeater Field \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-4306.yaml"}
|
||||
{"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4447.yaml"}
|
||||
{"ID":"CVE-2022-44877","Info":{"Name":"Centos Web Panel - Unauthenticated Remote Code Execution","Severity":"critical","Description":"RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-44877.yaml"}
|
||||
{"ID":"CVE-2022-45362","Info":{"Name":"Paytm Payment Gateway Plugin \u003c= 2.7.0 Server Side Request Forgery (SSRF)","Severity":"high","Description":"Server Side Request Forgery (SSRF) vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-45362.yaml"}
|
||||
{"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway Plugin \u003c= 2.7.3 - SQL Injection","Severity":"high","Description":"SQL Injection vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information and creating new administrator accounts. This vulnerability has been fixed in version 2.7.7.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"cves/2022/CVE-2022-45805.yaml"}
|
||||
{"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.3 - SQL Injection","Severity":"critical","Description":"WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-45805.yaml"}
|
||||
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-45917.yaml"}
|
||||
{"ID":"CVE-2022-45933","Info":{"Name":"KubeView \u003c=0.1.31 - Information Disclosure","Severity":"critical","Description":"KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-45933.yaml"}
|
||||
{"ID":"CVE-2022-46169","Info":{"Name":"Cacti \u003c= 1.2.22 Unauthenticated Command Injection","Severity":"critical","Description":"The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-46169.yaml"}
|
||||
{"ID":"CVE-2022-46381","Info":{"Name":"Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46381.yaml"}
|
||||
{"ID":"CVE-2022-46888","Info":{"Name":"NexusPHP - Cross-Site Scripting","Severity":"medium","Description":"NexusPHPbefore 1.7.33 allow remote attackers to inject arbitrary web script or HTML via the secret parameter in /login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46888.yaml"}
|
||||
{"ID":"CVE-2022-46888","Info":{"Name":"NexusPHP \u003c1.7.33 - Cross-Site Scripting","Severity":"medium","Description":"NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can inject arbitrary web script or HTML, which can allow theft of cookie-based authentication credentials and launch of other attacks..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-46888.yaml"}
|
||||
{"ID":"CVE-2022-47002","Info":{"Name":"Masa CMS - Authentication Bypass","Severity":"critical","Description":"A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47002.yaml"}
|
||||
{"ID":"CVE-2022-47003","Info":{"Name":"Mura CMS - Authentication Bypass","Severity":"critical","Description":"A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47003.yaml"}
|
||||
{"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47945.yaml"}
|
||||
{"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47966.yaml"}
|
||||
{"ID":"CVE-2022-47986","Info":{"Name":"Pre-Auth RCE in Aspera Faspex","Severity":"critical","Description":"IBM Aspera Faspex could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-47986.yaml"}
|
||||
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Configuration Exposure","Severity":"high","Description":"An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-48165.yaml"}
|
||||
{"ID":"CVE-2022-4897","Info":{"Name":"BackupBuddy \u003c 8.8.3 - Cross Site Scripting","Severity":"medium","Description":"The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4897.yaml"}
|
||||
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4897.yaml"}
|
||||
{"ID":"CVE-2023-0669","Info":{"Name":"GoAnywhere MFT - Remote Code Execution (ZeroDay)","Severity":"high","Description":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2023/CVE-2023-0669.yaml"}
|
||||
{"ID":"CVE-2023-23488","Info":{"Name":"Paid Memberships Pro \u003c 2.9.8 - Unauthenticated Blind SQLi","Severity":"critical","Description":"The Paid Memberships Pro WordPress Plugin, version \u003c 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23488.yaml"}
|
||||
{"ID":"CVE-2023-23489","Info":{"Name":"Easy Digital Downloads 3.1.0.2 \u0026 3.1.0.3 - Unauthenticated SQLi","Severity":"critical","Description":"The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 \u0026 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23489.yaml"}
|
||||
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2023/CVE-2023-23492.yaml"}
|
||||
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla Improper AccessCheck in WebService Endpoint","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2023/CVE-2023-23752.yaml"}
|
||||
{"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23488.yaml"}
|
||||
{"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23489.yaml"}
|
||||
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"medium","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n\nNote that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2023/CVE-2023-23492.yaml"}
|
||||
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2023/CVE-2023-23752.yaml"}
|
||||
{"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian - Host Header Injection","Severity":"medium","Description":"A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24044.yaml"}
|
||||
{"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24322.yaml"}
|
||||
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira - Menu \u0026 Themes - Local File Inclusion","Severity":"high","Description":"An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu \u0026 Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2023/CVE-2023-26255.yaml"}
|
||||
{"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24322.yaml"}
|
||||
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira - Menu \u0026 Themes - Local File Inclusion","Severity":"high","Description":"An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu \u0026 Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26255.yaml"}
|
||||
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira - Menu \u0026 Themes - Local File Inclusion","Severity":"high","Description":"An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu \u0026 Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26256.yaml"}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
20c79240d730d56503179dda7a411392
|
||||
8f4e69a7c44a699a3b9ae2b2cdac5241
|
||||
|
|
|
|||
Loading…
Reference in New Issue