commit
7105ac9c46
|
@ -3,7 +3,10 @@ info:
|
|||
name: rConfig 3.9.4 SQLi
|
||||
author: madrobot
|
||||
severity: high
|
||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10547
|
||||
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
|
||||
reference:
|
||||
https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
|
||||
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
|
||||
tags: cve,cve2020,rconfig,sqli
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: GLPI v.9.4.6 - Open redirect
|
||||
author: pikpikcu
|
||||
severity: low
|
||||
description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
|
||||
reference: |
|
||||
- https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
|
||||
- https://github.com/glpi-project/glpi/archive/9.4.6.zip
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
A remote attacker could exploit this vulnerability to expose
|
||||
sensitive information or consume memory resources.
|
||||
|
||||
References:
|
||||
references: |
|
||||
- https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463
|
||||
- https://github.com/Ibonok/CVE-2020-4463
|
||||
tags: cve,cve2020,ibm,xxe
|
||||
|
|
|
@ -4,7 +4,11 @@ info:
|
|||
name: Next.js .next/ limited path traversal
|
||||
author: Harsh & Rahul & dwisiswant0
|
||||
severity: medium
|
||||
description: Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.
|
||||
tags: cve,cve2020,nextjs,lfi
|
||||
reference:
|
||||
https://github.com/zeit/next.js/releases/tag/v9.3.2
|
||||
https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Directory Traversal in Spring Cloud Config Server
|
||||
author: mavericknerd
|
||||
severity: high
|
||||
description: Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
|
||||
reference: https://tanzu.vmware.com/security/cve-2020-5410
|
||||
tags: cve,cve2020,lfi,springcloud
|
||||
|
||||
requests:
|
||||
|
|
|
@ -6,6 +6,7 @@ info:
|
|||
severity: medium
|
||||
description: Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.
|
||||
tags: cve,cve2020,ssrf,springcloud
|
||||
reference: https://tanzu.vmware.com/security/cve-2020-5412
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -16,8 +16,10 @@ info:
|
|||
download and run a malicious executable that
|
||||
could allow OS command injection on the system.
|
||||
|
||||
Source/References:
|
||||
reference: |
|
||||
- https://github.com/norrismw/CVE-2020-9047
|
||||
- https://www.johnsoncontrols.com/cyber-solutions/security-advisories
|
||||
- https://www.us-cert.gov/ics/advisories/ICSA-20-170-01
|
||||
tags: cve,cve2020,rce
|
||||
|
||||
requests:
|
||||
|
|
Loading…
Reference in New Issue