Merge pull request #1187 from nrathaus/master

Some descriptions and references
patch-1
PD-Team 2021-04-02 02:13:46 +05:30 committed by GitHub
commit 6c582f7843
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 2 deletions

View File

@ -12,7 +12,7 @@ info:
a payload into the plugin settings, such as the
yuzo_related_post_css_and_style setting.
References:
reference: |
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
- https://wpscan.com/vulnerability/9254
tags: cve,cve2019,wordpress,wp-plugin,xss

View File

@ -4,6 +4,7 @@ info:
author: pikpikcu
severity: high
tags: cve,cve2019,wordpress,wp-plugin,lfi
description: A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
reference: https://github.com/security-kma/EXPLOITING-CVE-2019-14205
requests:

View File

@ -4,7 +4,8 @@ info:
name: Zabbix Authentication Bypass
author: Harsh Bothra
severity: critical
reference: https://nvd.nist.gov/vuln/detail/CVE-2019-17382
description: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
reference: https://www.exploit-db.com/exploits/47467
tags: cve,cve2019,zabbix
requests: