misc changes
team-projectdiscovery
parent
7ed987a29e
commit
6cc3f88a5d
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-0618
|
id: CVE-2020-0618
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: RCE in SQL Server Reporting Services
|
name: RCE in SQL Server Reporting Services
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-10148
|
id: CVE-2020-10148
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: SolarWinds Orion API Auth Bypass Leads to RCE (SUPERNOVA)
|
name: SolarWinds Orion API Auth Bypass Leads to RCE (SUPERNOVA)
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-10199
|
id: CVE-2020-10199
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Nexus Repository Manager 3 RCE
|
name: Nexus Repository Manager 3 RCE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-10204
|
id: CVE-2020-10204
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Sonatype Nexus Repository RCE
|
name: Sonatype Nexus Repository RCE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-11034
|
id: CVE-2020-11034
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: GLPI v.9.4.6 - Open redirect
|
name: GLPI v.9.4.6 - Open redirect
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-1147
|
id: CVE-2020-1147
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: RCE at SharePoint Server (.NET Framework & Visual Studio) detection
|
name: RCE at SharePoint Server (.NET Framework & Visual Studio) detection
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-11738
|
id: CVE-2020-11738
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress Duplicator plugin Directory Traversal
|
name: WordPress Duplicator plugin Directory Traversal
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-12116
|
id: CVE-2020-12116
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Unauthenticated Zoho ManageEngine OpManger Arbitrary File Read
|
name: Unauthenticated Zoho ManageEngine OpManger Arbitrary File Read
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-12720
|
id: CVE-2020-12720
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: CVE-2020-12720 vBulletin SQLI
|
name: CVE-2020-12720 vBulletin SQLI
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-13167
|
id: CVE-2020-13167
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Netsweeper WebAdmin unixlogin.php Python Code Injection
|
name: Netsweeper WebAdmin unixlogin.php Python Code Injection
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-13942
|
id: CVE-2020-13942
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Apache Unomi Remote Code Execution
|
name: Apache Unomi Remote Code Execution
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-14179
|
id: CVE-2020-14179
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Sensitive data exposure via insecure Jira endpoint
|
name: Sensitive data exposure via insecure Jira endpoint
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-14181
|
id: CVE-2020-14181
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: User enumeration via insecure Jira endpoint
|
name: User enumeration via insecure Jira endpoint
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-14882
|
id: CVE-2020-14882
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Oracle WebLogic Server Unauthenticated RCE (and Patch Bypass)
|
name: Oracle WebLogic Server Unauthenticated RCE (and Patch Bypass)
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-15129
|
id: CVE-2020-15129
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Open-redirect in Traefik
|
name: Open-redirect in Traefik
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-15505
|
id: CVE-2020-15505
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: RCE in MobileIron Core & Connector <= v10.6 & Sentry <= v9.8
|
name: RCE in MobileIron Core & Connector <= v10.6 & Sentry <= v9.8
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-15920
|
id: CVE-2020-15920
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Unauthenticated RCE at Mida eFramework on 'PDC/ajaxreq.php'
|
name: Unauthenticated RCE at Mida eFramework on 'PDC/ajaxreq.php'
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-16139
|
id: CVE-2020-16139
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Cisco 7937G Denial-of-Service Reboot Attack
|
name: Cisco 7937G Denial-of-Service Reboot Attack
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-16846
|
id: CVE-2020-16846
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: SaltStack Shell Injection
|
name: SaltStack Shell Injection
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-16952
|
id: CVE-2020-16952
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
|
name: Microsoft SharePoint Server-Side Include (SSI) and ViewState RCE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-17505
|
id: CVE-2020-17505
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Artica Web Proxy 4.30 OS Command Injection
|
name: Artica Web Proxy 4.30 OS Command Injection
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-17506
|
id: CVE-2020-17506
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Artica Web Proxy 4.30 Authentication Bypass
|
name: Artica Web Proxy 4.30 Authentication Bypass
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-2096
|
id: CVE-2020-2096
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Jenkins Gitlab Hook XSS
|
name: Jenkins Gitlab Hook XSS
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-2140
|
id: CVE-2020-2140
|
||||||
info:
|
info:
|
||||||
author: j3ssie/geraldino2
|
author: j3ssie/geraldino2
|
||||||
name: Jenkin AuditTrailPlugin XSS
|
name: Jenkin AuditTrailPlugin XSS
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-23972
|
id: CVE-2020-23972
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
|
name: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-24223
|
id: CVE-2020-24223
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Mara CMS 7.5 - Reflective Cross-Site Scripting
|
name: Mara CMS 7.5 - Reflective Cross-Site Scripting
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-24312
|
id: CVE-2020-24312
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
|
name: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-2551
|
id: CVE-2020-2551
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Unauthenticated Oracle WebLogic Server RCE
|
name: Unauthenticated Oracle WebLogic Server RCE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-25540
|
id: CVE-2020-25540
|
||||||
info:
|
info:
|
||||||
|
|
||||||
name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540)
|
name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540)
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-26214
|
id: CVE-2020-26214
|
||||||
info:
|
info:
|
||||||
|
|
||||||
name: Alerta Authentication Bypass (CVE-2020-26214)
|
name: Alerta Authentication Bypass (CVE-2020-26214)
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-3187
|
id: CVE-2020-3187
|
||||||
|
|
||||||
# Reference: https://twitter.com/aboul3la/status/1286809567989575685
|
# Reference: https://twitter.com/aboul3la/status/1286809567989575685
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-3452
|
id: CVE-2020-3452
|
||||||
|
|
||||||
# Source: https://twitter.com/aboul3la/status/1286012324722155525
|
# Source: https://twitter.com/aboul3la/status/1286012324722155525
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-4463
|
id: CVE-2020-4463
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: IBM Maximo Asset Management Information Disclosure via XXE
|
name: IBM Maximo Asset Management Information Disclosure via XXE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-5284
|
id: CVE-2020-5284
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Next.js .next/ limited path traversal
|
name: Next.js .next/ limited path traversal
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-5405
|
id: CVE-2020-5405
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Spring Cloud Directory Traversal
|
name: Spring Cloud Directory Traversal
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-5410
|
id: CVE-2020-5410
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Directory Traversal in Spring Cloud Config Server
|
name: Directory Traversal in Spring Cloud Config Server
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-5412
|
id: CVE-2020-5412
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)
|
name: Full-read SSRF in Spring Cloud Netflix (Hystrix Dashboard)
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-5776
|
id: CVE-2020-5776
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Cross Site Request Forgery (CSRF) in MAGMI (Magento Mass Importer) Plugin
|
name: Cross Site Request Forgery (CSRF) in MAGMI (Magento Mass Importer) Plugin
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-5777
|
id: CVE-2020-5777
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: "Remote Auth Bypass in MAGMI (Magento Mass Importer) Plugin <= v0.7.23"
|
name: "Remote Auth Bypass in MAGMI (Magento Mass Importer) Plugin <= v0.7.23"
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-5902
|
id: CVE-2020-5902
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: F5 BIG-IP TMUI RCE
|
name: F5 BIG-IP TMUI RCE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-6287
|
id: CVE-2020-6287
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard)
|
name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard)
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-7209
|
id: CVE-2020-7209
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: LinuxKI Toolset 6.01 Remote Command Execution
|
name: LinuxKI Toolset 6.01 Remote Command Execution
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-7318
|
id: CVE-2020-7318
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: McAfee ePolicy Orchestrator Reflected XSS
|
name: McAfee ePolicy Orchestrator Reflected XSS
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-7961
|
id: CVE-2020-7961
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Liferay Portal Unauthenticated RCE
|
name: Liferay Portal Unauthenticated RCE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8091
|
id: CVE-2020-8091
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: TYPO3 Cross-Site Scripting Vulnerability
|
name: TYPO3 Cross-Site Scripting Vulnerability
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8115
|
id: CVE-2020-8115
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Revive Adserver XSS
|
name: Revive Adserver XSS
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8163
|
id: CVE-2020-8163
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Potential Remote Code Execution on Rails
|
name: Potential Remote Code Execution on Rails
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8191
|
id: CVE-2020-8191
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Citrix ADC & NetScaler Gateway Reflected XSS
|
name: Citrix ADC & NetScaler Gateway Reflected XSS
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8193
|
id: CVE-2020-8193
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Citrix unauthenticated LFI
|
name: Citrix unauthenticated LFI
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8194
|
id: CVE-2020-8194
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Citrix ADC & NetScaler Gateway Reflected Code Injection
|
name: Citrix ADC & NetScaler Gateway Reflected Code Injection
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8209
|
id: CVE-2020-8209
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Citrix XenMobile Server Path Traversal
|
name: Citrix XenMobile Server Path Traversal
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8512
|
id: CVE-2020-8512
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: IceWarp WebMail XSS
|
name: IceWarp WebMail XSS
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-8982
|
id: CVE-2020-8982
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read
|
name: Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-9047
|
id: CVE-2020-9047
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: exacqVision Web Service RCE
|
name: exacqVision Web Service RCE
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-9344
|
id: CVE-2020-9344
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Jira Subversion ALM for enterprise XSS
|
name: Jira Subversion ALM for enterprise XSS
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-9484
|
id: CVE-2020-9484
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Apache Tomcat RCE by deserialization
|
name: Apache Tomcat RCE by deserialization
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-9496
|
id: CVE-2020-9496
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Apache OFBiz XML-RPC Java Deserialization
|
name: Apache OFBiz XML-RPC Java Deserialization
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
id: cve-2020-9757
|
id: CVE-2020-9757
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: SEOmatic < 3.3.0 Server-Side Template Injection
|
name: SEOmatic < 3.3.0 Server-Side Template Injection
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue