daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

main
ghost 2024-08-14 04:19:04 +00:00
parent de16618220
commit 74ae2366b3
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cves.json
View File

@ -2478,6 +2478,7 @@
{"ID":"CVE-2024-3495","Info":{"Name":"Wordpress Country State City Dropdown \u003c=2.7.2 - SQL Injection","Severity":"critical","Description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the cnt and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3495.yaml"}
{"ID":"CVE-2024-34982","Info":{"Name":"LyLme-Spage - Arbitary File Upload","Severity":"high","Description":"An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-34982.yaml"}
{"ID":"CVE-2024-3552","Info":{"Name":"Web Directory Free \u003c 1.7.0 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-3552.yaml"}
{"ID":"CVE-2024-36104","Info":{"Name":"Apache OFBiz - Path Traversal","Severity":"critical","Description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-36104.yaml"}
{"ID":"CVE-2024-36401","Info":{"Name":"GeoServer RCE in Evaluating Property Name Expressions","Severity":"critical","Description":"In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36401.yaml"}
{"ID":"CVE-2024-36412","Info":{"Name":"SuiteCRM - SQL Injection","Severity":"critical","Description":"SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-36412.yaml"}
{"ID":"CVE-2024-36527","Info":{"Name":"Puppeteer Renderer - Directory Traversal","Severity":"medium","Description":"puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-36527.yaml"}
@ -2491,6 +2492,7 @@
{"ID":"CVE-2024-37881","Info":{"Name":"SiteGuard WP Plugin \u003c= 1.7.6 - Login Page Disclosure","Severity":"medium","Description":"The SiteGuard WP Plugin plugin for WordPress is vulnerable to protection mechanism bypass in all versions up to, and including, 1.7.6. This is due to the plugin not restricting redirects from wp-register.php which may disclose the login page URL. This makes it possible for unauthenticated attackers to gain access to the login page.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-37881.yaml"}
{"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"}
{"ID":"CVE-2024-38289","Info":{"Name":"TurboMeeting - Boolean-based SQL Injection","Severity":"critical","Description":"A Boolean-based SQL injection vulnerability in the \"RHUB TurboMeeting\" web application. This vulnerability could allow an attacker to execute arbitrary SQL commands on the database server, potentially allowing them to access sensitive data or compromise the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38289.yaml"}
{"ID":"CVE-2024-38856","Info":{"Name":"Apache OFBiz - Remote Code Execution","Severity":"critical","Description":"Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-38856.yaml"}
{"ID":"CVE-2024-3922","Info":{"Name":"Dokan Pro \u003c= 3.10.3 - SQL Injection","Severity":"critical","Description":"The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-3922.yaml"}
{"ID":"CVE-2024-39250","Info":{"Name":"EfroTech Timetrax v8.3 - Sql Injection","Severity":"high","Description":"EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-39250.yaml"}
{"ID":"CVE-2024-39903","Info":{"Name":"Solara \u003c1.35.1 - Local File Inclusion","Severity":"high","Description":"A Local File Inclusion (LFI) vulnerability was identified in widgetti/solara, in version \u003c1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-39903.yaml"}
@ -2498,6 +2500,9 @@
{"ID":"CVE-2024-39914","Info":{"Name":"FOG Project \u003c 1.5.10.34 - Remote Command Execution","Severity":"critical","Description":"FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-39914.yaml"}
{"ID":"CVE-2024-40348","Info":{"Name":"Bazarr \u003c 1.4.3 - Arbitrary File Read","Severity":"high","Description":"Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-40348.yaml"}
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
{"ID":"CVE-2024-40422","Info":{"Name":"Devika v1 - Path Traversal","Severity":"critical","Description":"The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-40422.yaml"}
{"ID":"CVE-2024-41107","Info":{"Name":"Apache CloudStack - SAML Signature Exclusion","Severity":"critical","Description":"The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-41107.yaml"}
{"ID":"CVE-2024-41628","Info":{"Name":"Cluster Control CMON API - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-41628.yaml"}
{"ID":"CVE-2024-4257","Info":{"Name":"BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection","Severity":"medium","Description":"A vulnerability was found in BlueNet Technology Clinical Browsing System 1.2.1. It has been classified as critical. This affects an unknown part of the file /xds/deleteStudy.php. The manipulation of the argument documentUniqueId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-4257.yaml"}
{"ID":"CVE-2024-4295","Info":{"Name":"Email Subscribers by Icegram Express \u003c= 5.7.20 - Unauthenticated SQL Injection via Hash","Severity":"critical","Description":"Email Subscribers by Icegram Express \u003c= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4295.yaml"}
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
@ -2515,6 +2520,7 @@
{"ID":"CVE-2024-5315","Info":{"Name":"Dolibarr ERP CMS `list.php` - SQL Injection","Severity":"critical","Description":"Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-5315.yaml"}
{"ID":"CVE-2024-5522","Info":{"Name":"WordPress HTML5 Video Player \u003c 2.5.27 - SQL Injection","Severity":"critical","Description":"The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-5522.yaml"}
{"ID":"CVE-2024-5947","Info":{"Name":"Deep Sea Electronics DSE855 - Authentication Bypass","Severity":"medium","Description":"Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web-based UI. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22679.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-5947.yaml"}
{"ID":"CVE-2024-5975","Info":{"Name":"CZ Loan Management \u003c= 1.1 - SQL Injection","Severity":"critical","Description":"The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-5975.yaml"}
{"ID":"CVE-2024-6028","Info":{"Name":"Quiz Maker \u003c= 6.5.8.3 - SQL Injection","Severity":"critical","Description":"The Quiz Maker plugin for WordPress is vulnerable to time-based SQL Injection via the 'ays_questions' parameter in all versions up to, and including, 6.5.8.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6028.yaml"}
{"ID":"CVE-2024-6188","Info":{"Name":"TrakSYS 11.x.x - Sensitive Data Exposure","Severity":"medium","Description":"A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6188.yaml"}
{"ID":"CVE-2024-6205","Info":{"Name":"PayPlus Payment Gateway \u003c 6.6.9 - SQL Injection","Severity":"critical","Description":"The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6205.yaml"}
@ -2524,9 +2530,14 @@
{"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"}
{"ID":"CVE-2024-6646","Info":{"Name":"Netgear-WN604 downloadFile.php - Information Disclosure","Severity":"medium","Description":"There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be controlled. The attacker can initiate damage to the wireless network or further threaten it.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-6646.yaml"}
{"ID":"CVE-2024-6746","Info":{"Name":"EasySpider 0.6.2 - Arbitrary File Read","Severity":"medium","Description":"A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \\EasySpider\\resources\\app\\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-6746.yaml"}
{"ID":"CVE-2024-6781","Info":{"Name":"Calibre \u003c= 7.14.0 Arbitrary File Read","Severity":"high","Description":"Arbitrary file read via Calibres content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6781.yaml"}
{"ID":"CVE-2024-6782","Info":{"Name":"Calibre \u003c= 7.14.0 Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution via Calibres content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6782.yaml"}
{"ID":"CVE-2024-6922","Info":{"Name":"Automation Anywhere Automation 360 - Server-Side Request Forgery","Severity":"high","Description":"Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6922.yaml"}
{"ID":"CVE-2024-7008","Info":{"Name":"Calibre \u003c= 7.15.0 - Reflected Cross-Site Scripting (XSS)","Severity":"medium","Description":"It is possible to inject arbitrary JavaScript code into the /browse endpoint of the Calibre content server, allowing an attacker to craft a URL that when clicked by a victim, will execute the attackers JavaScript code in the context of the victims browser. If the Calibre server is running with authentication enabled and the victim is logged in at the time, this can be used to cause the victim to perform actions on the Calibre server on behalf of the attacker.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-7008.yaml"}
{"ID":"CVE-2024-7120","Info":{"Name":"Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection","Severity":"medium","Description":"A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451.\n","Classification":{"CVSSScore":"6.3"}},"file_path":"http/cves/2024/CVE-2024-7120.yaml"}
{"ID":"CVE-2024-7188","Info":{"Name":"Bylancer Quicklancer 2.4 G - SQL Injection","Severity":"high","Description":"A SQL injection vulnerability exists in the Quicklancer 2.4, GET parameter 'range2', that has time-based blind SQL injection and a boolean-based blind SQL injection, which can be exploited remotely by unauthenticated attacker to execute arbitrary SQL queries in the database.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-7188.yaml"}
{"ID":"CVE-2024-7332","Info":{"Name":"TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability","Severity":"critical","Description":"A critical vulnerability has been discovered in TOTOLINK CP450 version 4.1.0cu.747_B20191224. This vulnerability affects an unknown part of the file /web_cste/cgi-bin/product.ini of the Telnet Service component. The issue stems from the use of a hard-coded password, which can be exploited remotely without any user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-7332.yaml"}
{"ID":"CVE-2024-7340","Info":{"Name":"W\u0026B Weave Server - Remote Arbitrary File Leak","Severity":"high","Description":"The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-7340.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
734828cf4c7ab354d5a5ccb1fed89917
4db8631d573fdfb874f5f868bf15925f