daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from projectdiscovery/master 

updation
patch-1
Dhiyaneshwaran 2022-06-08 23:09:56 +01:00 committed by GitHub
parent 2373a4e299 fa4dad88dd
commit 74b0b16efc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
280 changed files with 735 additions and 568 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.new-additions
View File

@ -1,7 +1,18 @@
cves/2018/CVE-2018-14474.yaml
cves/2018/CVE-2018-16761.yaml
cves/2020/CVE-2020-29597.yaml
cves/2021/CVE-2021-27748.yaml
cves/2021/CVE-2021-39211.yaml
cves/2021/CVE-2021-40149.yaml
cves/2021/CVE-2021-40150.yaml
cves/2022/CVE-2022-29383.yaml
cves/2022/CVE-2022-31268.yaml
exposed-panels/eventum-panel.yaml
exposed-panels/flip-cms-panel.yaml
exposures/files/appsettings-file-disclosure.yaml
exposures/files/django-secret-key.yaml
exposures/files/ftpconfig.yaml
exposures/files/git-mailmap.yaml
exposures/files/php-ini.yaml
misconfiguration/jupyter-notebooks-exposed.yaml
vulnerabilities/other/phpok-sqli.yaml

4
cves/2002/CVE-2002-1131.yaml
View File

@ -7,9 +7,9 @@ info:
description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
reference:
- https://www.exploit-db.com/exploits/21811
- https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
- http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
- http://www.securityfocus.com/bid/5763
- http://www.iss.net/security_center/static/10145.php
classification:
cve-id: CVE-2002-1131
tags: xss,squirrelmail,cve,cve2002

2
cves/2004/CVE-2004-0519.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/24068
- ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc
- http://security.gentoo.org/glsa/glsa-200405-16.xml
- http://www.securityfocus.com/archive/1/361857
- http://web.archive.org/web/20210209233941/https://www.securityfocus.com/archive/1/361857
remediation: Upgrade to the latest version.
classification:
cve-id: CVE-2004-0519

2
cves/2005/CVE-2005-3344.yaml
View File

@ -9,7 +9,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2005-3344
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3344
- http://www.debian.org/security/2005/dsa-884
- http://www.securityfocus.com/bid/15337/
- http://web.archive.org/web/20210206055804/https://www.securityfocus.com/bid/15337
classification:
cve-id: CVE-2005-3344
tags: horde,unauth

2
cves/2005/CVE-2005-4385.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
- https://nvd.nist.gov/vuln/detail/CVE-2005-4385
- http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/
- http://www.securityfocus.com/bid/15940
- http://www.osvdb.org/21850
classification:
cve-id: CVE-2005-4385
tags: cofax,xss,cve,cve2005

2
cves/2006/CVE-2006-1681.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
reference:
- https://www.securityfocus.com/bid/17408
- http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/
- https://nvd.nist.gov/vuln/detail/CVE-2006-1681
- http://secunia.com/advisories/19587
- http://www.securityfocus.com/bid/17408

6
cves/2007/CVE-2007-0885.yaml
View File

@ -6,10 +6,10 @@ info:
severity: medium
description: Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
reference:
- https://www.securityfocus.com/archive/1/459590/100/0/threaded
- http://www.securityfocus.com/bid/22503
- http://osvdb.org/33683
- http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded
- https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32418
- http://www.securityfocus.com/bid/22503
classification:
cve-id: CVE-2007-0885
tags: cve,cve2007,jira,xss

2
cves/2007/CVE-2007-5728.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/30090
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html
- http://www.securityfocus.com/bid/24182
- http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/
- http://secunia.com/advisories/25446
classification:
cve-id: CVE-2007-5728

2
cves/2008/CVE-2008-2398.yaml
View File

@ -7,7 +7,7 @@ info:
description: Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
reference:
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42546
- http://www.securityfocus.com/bid/29291
- http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/
- http://secunia.com/advisories/30333
- http://securityreason.com/securityalert/3896
classification:

3
cves/2008/CVE-2008-2650.yaml
View File

@ -8,9 +8,8 @@ info:
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.
reference:
- http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
- http://www.securityfocus.com/bid/29450
- http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/
- http://secunia.com/advisories/30463
- http://osvdb.org/45881
classification:
cve-id: CVE-2008-2650
tags: cve,cve2008,lfi

2
cves/2008/CVE-2008-4668.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/6618
- https://www.cvedetails.com/cve/CVE-2008-4668
- http://www.securityfocus.com/bid/31458
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
- http://securityreason.com/securityalert/4464
classification:
cve-id: CVE-2008-4668

2
cves/2008/CVE-2008-4764.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/5435
- https://www.cvedetails.com/cve/CVE-2008-4764
- http://www.securityfocus.com/bid/28764
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
classification:
cve-id: CVE-2008-4764

2
cves/2008/CVE-2008-5587.yaml
View File

@ -7,7 +7,7 @@ info:
description: Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/7363
- http://www.securityfocus.com/bid/32670
- http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/
- http://secunia.com/advisories/33014
- http://secunia.com/advisories/33263
classification:

2
cves/2008/CVE-2008-6080.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/6809
- https://www.cvedetails.com/cve/CVE-2008-6080
- http://secunia.com/advisories/32377
- http://www.securityfocus.com/bid/31877
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
classification:
cve-id: CVE-2008-6080
tags: cve,cve2008,joomla,lfi

2
cves/2008/CVE-2008-6172.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/6817
- https://www.cvedetails.com/cve/CVE-2008-6172
- http://secunia.com/advisories/32367
- http://www.securityfocus.com/bid/31892
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
classification:
cve-id: CVE-2008-6172
tags: cve,cve2008,joomla,lfi

2
cves/2008/CVE-2008-6222.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/6980
- https://www.cvedetails.com/cve/CVE-2008-6222
- http://secunia.com/advisories/32523
- http://www.securityfocus.com/bid/32113
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
classification:
cve-id: CVE-2008-6222
tags: cve,cve2008,joomla,lfi

2
cves/2008/CVE-2008-6668.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/5856
- https://nvd.nist.gov/vuln/detail/CVE-2008-6668
- http://www.securityfocus.com/bid/29804
- http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43173
classification:
cve-id: CVE-2008-6668

1
cves/2009/CVE-2009-1496.yaml
View File

@ -8,6 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/8367
- https://www.cvedetails.com/cve/CVE-2009-1496
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
- http://www.securityfocus.com/bid/34431
classification:
cve-id: CVE-2009-1496

2
cves/2009/CVE-2009-1558.yaml
View File

@ -7,7 +7,7 @@ info:
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
reference:
- https://www.exploit-db.com/exploits/32954
- http://www.securityfocus.com/bid/34713
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
- http://www.vupen.com/english/advisories/2009/1173
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
classification:

2
cves/2009/CVE-2009-1872.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
reference:
- https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://web.archive.org/web/20201208121904/https://www.securityfocus.com/archive/1/505803/100/0/threaded
- https://www.tenable.com/cve/CVE-2009-1872
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
- http://www.dsecrg.com/pages/vul/show.php?id=122

2
cves/2009/CVE-2009-2015.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/8898
- https://www.cvedetails.com/cve/CVE-2009-2015
- http://www.securityfocus.com/bid/35259
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
- http://www.vupen.com/english/advisories/2009/1530
classification:
cve-id: CVE-2009-2015

2
cves/2009/CVE-2009-2100.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/8946
- https://www.cvedetails.com/cve/CVE-2009-2100
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
- http://www.securityfocus.com/bid/35378
- http://osvdb.org/55176
classification:
cve-id: CVE-2009-2100
tags: cve,cve2009,joomla,lfi

2
cves/2009/CVE-2009-3053.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/9564
- https://www.cvedetails.com/cve/CVE-2009-3053
- http://www.securityfocus.com/bid/36207
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
classification:
cve-id: CVE-2009-3053

1
cves/2009/CVE-2009-3318.yaml
View File

@ -8,6 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/9706
- https://www.cvedetails.com/cve/CVE-2009-3318
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
- http://www.securityfocus.com/bid/36441
classification:
cve-id: CVE-2009-3318

2
cves/2009/CVE-2009-4202.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/8870
- https://www.cvedetails.com/cve/CVE-2009-4202
- http://www.vupen.com/english/advisories/2009/1494
- http://www.securityfocus.com/bid/35201
- http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/
classification:
cve-id: CVE-2009-4202
tags: cve,cve2009,joomla,lfi,photo

1
cves/2009/CVE-2009-4679.yaml
View File

@ -9,7 +9,6 @@ info:
- https://www.exploit-db.com/exploits/33440
- https://www.cvedetails.com/cve/CVE-2009-4679
- http://secunia.com/advisories/37760
- http://www.osvdb.org/61382
classification:
cve-id: CVE-2009-4679
tags: cve,cve2009,joomla,lfi,nexus

6
cves/2009/CVE-2009-5020.yaml
View File

@ -19,13 +19,13 @@ info:
requests:
- method: GET
path:
- '{{BaseURL}}/awstats/awredir.pl?url=example.com'
- '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=example.com'
- '{{BaseURL}}/awstats/awredir.pl?url=interact.sh'
- '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh'
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by mp on 2022/02/13

2
cves/2010/CVE-2010-0467.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11282
- https://www.cvedetails.com/cve/CVE-2010-0467
- http://www.securityfocus.com/bid/37987
- http://web.archive.org/web/20210121194037/https://www.securityfocus.com/bid/37987/
- http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html
remediation: Apply all relevant security patches and upgrades.
classification:

2
cves/2010/CVE-2010-0759.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11498
- https://www.cvedetails.com/cve/CVE-2010-0759
- http://secunia.com/advisories/38637
- http://www.securityfocus.com/bid/38296
- http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-0759

2
cves/2010/CVE-2010-0943.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11090
- https://www.cvedetails.com/cve/CVE-2010-0943
- http://www.securityfocus.com/bid/37692
- http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/
- http://secunia.com/advisories/33486
classification:
cve-id: CVE-2010-0943

2
cves/2010/CVE-2010-0982.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/10942
- https://www.cvedetails.com/cve/CVE-2010-0982
- http://www.securityfocus.com/bid/37581
- http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/
- http://secunia.com/advisories/37917
remediation: Apply all relevant security patches and product upgrades.
classification:

2
cves/2010/CVE-2010-0985.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/10948
- https://www.cvedetails.com/cve/CVE-2010-0985
- http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560
- http://www.securityfocus.com/bid/37560
- http://osvdb.org/61458
remediation: Apply all relevant security patches and product upgrades.
classification:
cve-id: CVE-2010-0985

2
cves/2010/CVE-2010-1056.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11760
- https://www.cvedetails.com/cve/CVE-2010-1056
- http://www.securityfocus.com/bid/38741
- http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/
- http://secunia.com/advisories/38982
remediation: Apply all relevant security patches and product upgrades.
classification:

2
cves/2010/CVE-2010-1081.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/11511
- https://www.cvedetails.com/cve/CVE-2010-1081
- http://osvdb.org/62506
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
- http://osvdb.org/62506
remediation: Apply all relevant security patches and product upgrades.
classification:
cve-id: CVE-2010-1081

2
cves/2010/CVE-2010-1217.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11814
- https://www.cvedetails.com/cve/CVE-2010-1217
- http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt
- http://www.securityfocus.com/bid/38866
- http://web.archive.org/web/20210624111408/https://www.securityfocus.com/bid/38866
remediation: Apply all relevant security patches and product upgrades.
classification:
cve-id: CVE-2010-1217

2
cves/2010/CVE-2010-1219.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11757
- https://www.cvedetails.com/cve/CVE-2010-1219
- http://secunia.com/advisories/38952
- http://www.securityfocus.com/bid/38746
- http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1219

2
cves/2010/CVE-2010-1302.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11978
- https://www.cvedetails.com/cve/CVE-2010-1302
- http://www.securityfocus.com/bid/39108
- http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/
- http://secunia.com/advisories/39200
remediation: Upgrade to a supported version.
classification:

1
cves/2010/CVE-2010-1304.yaml
View File

@ -8,6 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11998
- https://www.cvedetails.com/cve/CVE-2010-1304
- http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174
- http://www.securityfocus.com/bid/39174
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1306.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12058
- https://www.cvedetails.com/cve/CVE-2010-1306
- http://secunia.com/advisories/39338
- http://www.securityfocus.com/bid/39200
- http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1306

1
cves/2010/CVE-2010-1313.yaml
View File

@ -8,6 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12082
- https://www.cvedetails.com/cve/CVE-2010-1313
- http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
- http://www.securityfocus.com/bid/39237
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1340.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/33797
- https://www.cvedetails.com/cve/CVE-2010-1340
- http://www.securityfocus.com/bid/38917
- http://web.archive.org/web/20210121195000/https://www.securityfocus.com/bid/38917/
- http://packetstormsecurity.org/1003-exploits/joomlajresearch-lfi.txt
remediation: Upgrade to a supported version.
classification:

1
cves/2010/CVE-2010-1345.yaml
View File

@ -9,7 +9,6 @@ info:
- https://www.exploit-db.com/exploits/15453
- https://www.cvedetails.com/cve/CVE-2010-1345
- http://www.exploit-db.com/exploits/11785
- http://www.osvdb.org/63031
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1345

2
cves/2010/CVE-2010-1353.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12068
- https://www.cvedetails.com/cve/CVE-2010-1353
- http://www.securityfocus.com/bid/39212
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39212/
- http://www.vupen.com/english/advisories/2010/0808
classification:
cve-id: CVE-2010-1353

1
cves/2010/CVE-2010-1461.yaml
View File

@ -8,6 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12232
- https://www.cvedetails.com/cve/CVE-2010-1461
- http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504
- http://www.securityfocus.com/bid/39504
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1478.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12145
- https://www.cvedetails.com/cve/CVE-2010-1478
- http://secunia.com/advisories/39262
- http://www.securityfocus.com/bid/39390
- http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1478

1
cves/2010/CVE-2010-1494.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://www.exploit-db.com/exploits/12113
- https://www.cvedetails.com/cve/CVE-2010-1494
- http://www.osvdb.org/63943
- http://www.exploit-db.com/exploits/12113
remediation: Upgrade to a supported version.
classification:

1
cves/2010/CVE-2010-1531.yaml
View File

@ -9,7 +9,6 @@ info:
- https://www.exploit-db.com/exploits/12054
- https://www.cvedetails.com/cve/CVE-2010-1531
- http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt
- http://www.osvdb.org/63535
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1531

2
cves/2010/CVE-2010-1532.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12118
- https://www.cvedetails.com/cve/CVE-2010-1532
- http://packetstormsecurity.org/1004-exploits/joomlapowermail-lfi.txt
- http://www.securityfocus.com/bid/39348
- http://web.archive.org/web/20210127202836/https://www.securityfocus.com/bid/39348/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1532

2
cves/2010/CVE-2010-1534.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12067
- https://www.cvedetails.com/cve/CVE-2010-1534
- http://www.securityfocus.com/bid/39213
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/
- http://secunia.com/advisories/39352
remediation: Upgrade to a supported version
classification:

2
cves/2010/CVE-2010-1540.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11625
- https://www.cvedetails.com/cve/CVE-2010-1540
- http://secunia.com/advisories/38777
- http://www.securityfocus.com/bid/38530
- http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/
classification:
cve-id: CVE-2010-1540
tags: cve,cve2010,joomla,lfi

2
cves/2010/CVE-2010-1603.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12284
- https://www.cvedetails.com/cve/CVE-2010-1603
- http://www.securityfocus.com/bid/39546
- http://web.archive.org/web/20210518112730/https://www.securityfocus.com/bid/39546
- http://www.vupen.com/english/advisories/2010/0931
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1607.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12316
- https://www.cvedetails.com/cve/CVE-2010-1607
- http://www.securityfocus.com/bid/39608
- http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/
- http://secunia.com/advisories/39539
classification:
cve-id: CVE-2010-1607

2
cves/2010/CVE-2010-1653.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12430
- https://www.cvedetails.com/cve/CVE-2010-1653
- http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt
- http://www.securityfocus.com/bid/39743
- http://web.archive.org/web/20210121195909/https://www.securityfocus.com/bid/39743/
classification:
cve-id: CVE-2010-1653
tags: cve,cve2010,joomla,lfi

2
cves/2010/CVE-2010-1657.yaml
View File

@ -9,7 +9,7 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2010-1657
- https://www.exploit-db.com/exploits/12428
- http://www.vupen.com/english/advisories/2010/1006
- http://www.securityfocus.com/bid/39740
- http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39740/
classification:
cve-id: CVE-2010-1657
tags: cve,cve2010,joomla,lfi

2
cves/2010/CVE-2010-1659.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12426
- https://nvd.nist.gov/vuln/detail/CVE-2010-1659
- http://www.securityfocus.com/bid/39739
- http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39739/
- http://www.exploit-db.com/exploits/12426
classification:
cve-id: CVE-2010-1659

2
cves/2010/CVE-2010-1715.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/12174
- https://www.cvedetails.com/cve/CVE-2010-1715
- http://www.osvdb.org/63659
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
- http://www.osvdb.org/63659
classification:
cve-id: CVE-2010-1715
tags: cve,cve2010,joomla,lfi

2
cves/2010/CVE-2010-1718.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12282
- https://www.cvedetails.com/cve/CVE-2010-1718
- http://secunia.com/advisories/39521
- http://www.securityfocus.com/bid/39545
- http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/
classification:
cve-id: CVE-2010-1718
tags: cve,cve2010,joomla,lfi

1
cves/2010/CVE-2010-1719.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://www.exploit-db.com/exploits/12233
- https://www.cvedetails.com/cve/CVE-2010-1719
- http://osvdb.org/63806
- http://www.exploit-db.com/exploits/12233
classification:
cve-id: CVE-2010-1719

2
cves/2010/CVE-2010-1858.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/11853
- https://www.cvedetails.com/cve/CVE-2010-1858
- http://www.securityfocus.com/bid/38911
- http://web.archive.org/web/20210121194940/https://www.securityfocus.com/bid/38911/
- http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1875.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/11851
- https://www.cvedetails.com/cve/CVE-2010-1875
- http://secunia.com/advisories/39074
- http://www.securityfocus.com/bid/38912
- http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/
classification:
cve-id: CVE-2010-1875
tags: cve,cve2010,joomla,lfi

2
cves/2010/CVE-2010-1878.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12317
- https://www.cvedetails.com/cve/CVE-2010-1878
- http://www.securityfocus.com/bid/39606
- http://web.archive.org/web/20210121195712/https://www.securityfocus.com/bid/39606/
- http://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt
classification:
cve-id: CVE-2010-1878

2
cves/2010/CVE-2010-1954.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12287
- https://www.cvedetails.com/cve/CVE-2010-1954
- http://www.securityfocus.com/bid/39552
- http://web.archive.org/web/20210121195625/https://www.securityfocus.com/bid/39552/
- http://www.exploit-db.com/exploits/12287
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1955.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12238
- https://www.cvedetails.com/cve/CVE-2010-1955
- http://www.securityfocus.com/bid/39508
- http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/
- http://secunia.com/advisories/39473
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1977.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12083
- https://www.cvedetails.com/cve/CVE-2010-1977
- http://www.securityfocus.com/bid/39243
- http://web.archive.org/web/20210121195306/https://www.securityfocus.com/bid/39243/
- http://secunia.com/advisories/39356
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-1982.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12121
- https://www.cvedetails.com/cve/CVE-2010-1982
- http://secunia.com/advisories/39202
- http://www.securityfocus.com/bid/39343
- http://web.archive.org/web/20210121195400/https://www.securityfocus.com/bid/39343/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-1982

2
cves/2010/CVE-2010-2033.yaml
View File

@ -9,7 +9,7 @@ info:
- https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
- https://www.cvedetails.com/cve/CVE-2010-2033
- http://secunia.com/advisories/39873
- http://www.securityfocus.com/bid/40244
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2033

2
cves/2010/CVE-2010-2034.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/34003
- https://www.cvedetails.com/cve/CVE-2010-2034
- http://packetstormsecurity.org/1005-exploits/joomlaperchaia-lfi.txt
- http://www.securityfocus.com/bid/40244
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2034

2
cves/2010/CVE-2010-2035.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/34006
- https://www.cvedetails.com/cve/CVE-2010-2035
- http://www.securityfocus.com/bid/40244
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
- http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-2036.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/34004
- https://www.cvedetails.com/cve/CVE-2010-2036
- http://packetstormsecurity.org/1005-exploits/joomlaperchafa-lfi.txt
- http://www.securityfocus.com/bid/40244
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2036

2
cves/2010/CVE-2010-2037.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/34005
- https://www.cvedetails.com/cve/CVE-2010-2037
- http://www.securityfocus.com/bid/40244
- http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244
- http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-2050.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/12611
- https://www.cvedetails.com/cve/CVE-2010-2050
- http://www.securityfocus.com/bid/40185
- http://web.archive.org/web/20210121200643/https://www.securityfocus.com/bid/40185/
- http://packetstormsecurity.org/1005-exploits/joomlamscomment-lfi.txt
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-2122.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12623
- https://www.cvedetails.com/cve/CVE-2010-2122
- https://www.exploit-db.com/exploits/12618
- http://www.securityfocus.com/bid/40192
- http://web.archive.org/web/20210624180854/https://www.securityfocus.com/bid/40192
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2122

4
cves/2010/CVE-2010-2307.yaml
View File

@ -6,10 +6,10 @@ info:
severity: high
description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
reference:
- https://www.securityfocus.com/bid/40550/info
- http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info
- https://nvd.nist.gov/vuln/detail/CVE-2010-2307
- http://www.osvdb.org/65249
- https://www.exploit-db.com/exploits/12865
- http://www.osvdb.org/65249
remediation: Upgrade to a supported product version.
classification:
cve-id: CVE-2010-2307

2
cves/2010/CVE-2010-2507.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/13981
- https://www.cvedetails.com/cve/CVE-2010-2507
- http://osvdb.org/65674
- http://secunia.com/advisories/40297
- http://osvdb.org/65674
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2507

2
cves/2010/CVE-2010-2680.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/14064
- https://www.cvedetails.com/cve/CVE-2010-2680
- http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt
- http://www.securityfocus.com/bid/41163
- http://web.archive.org/web/20210121201853/https://www.securityfocus.com/bid/41163/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-2680

2
cves/2010/CVE-2010-2857.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/14274
- https://www.cvedetails.com/cve/CVE-2010-2857
- http://www.securityfocus.com/bid/41485
- http://web.archive.org/web/20210121202225/https://www.securityfocus.com/bid/41485/
- http://www.exploit-db.com/exploits/14274
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-2918.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/31708
- https://www.cvedetails.com/cve/CVE-2010-2918
- http://www.securityfocus.com/bid/28942
- http://web.archive.org/web/20210127190100/https://www.securityfocus.com/bid/28942/
- https://www.exploit-db.com/exploits/14476
remediation: Upgrade to a supported version.
classification:

2
cves/2010/CVE-2010-4769.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/15585
- https://www.cvedetails.com/cve/CVE-2010-4769
- http://secunia.com/advisories/42324
- http://www.securityfocus.com/bid/44992
- http://web.archive.org/web/20210121210048/https://www.securityfocus.com/bid/44992/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-4769

2
cves/2010/CVE-2010-5028.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/12601
- https://www.cvedetails.com/cve/CVE-2010-5028
- http://www.vupen.com/english/advisories/2010/1269
- http://www.securityfocus.com/bid/40193
- http://web.archive.org/web/20210126225410/https://www.securityfocus.com/bid/40193/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2010-5028

2
cves/2010/CVE-2010-5286.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/34837
- https://www.cvedetails.com/cve/CVE-2010-5286
- http://www.securityfocus.com/bid/44053
- http://web.archive.org/web/20210123122507/https://www.securityfocus.com/bid/44053/
- http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt
remediation: Upgrade to a supported version.
classification:

1
cves/2011/CVE-2011-1669.yaml
View File

@ -8,6 +8,7 @@ info:
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669
- https://www.exploit-db.com/exploits/17119
- http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/
- http://www.securityfocus.com/bid/47146
remediation: Upgrade to a supported version.
classification:

7
cves/2011/CVE-2011-2780.yaml
View File

@ -10,15 +10,14 @@ info:
- http://www.openwall.com/lists/oss-security/2011/07/13/5
- http://www.ocert.org/advisories/ocert-2011-001.html
- http://www.openwall.com/lists/oss-security/2011/07/13/6
- http://www.securityfocus.com/bid/48672
- http://web.archive.org/web/20210121214023/https://www.securityfocus.com/bid/48672/
- http://secunia.com/advisories/45184
- http://osvdb.org/73891
- http://securityreason.com/securityalert/8312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68565
- http://www.securityfocus.com/archive/1/518890/100/0/threaded
- http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2011-2780
remediation: Upgrade to a supported version.
tags: cve,cve2011,lfi,chyrp
requests:

5
cves/2011/CVE-2011-4336.yaml
View File

@ -7,14 +7,15 @@ info:
description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4336
- https://www.securityfocus.com/bid/48806/info
- http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info
- https://seclists.org/bugtraq/2011/Nov/140
- https://www.securityfocus.com/bid/48806/info
remediation: Upgrade to a supported version.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2011-4336
cwe-id: CWE-79
remediation: Upgrade to a supported version.
tags: cve,cve2011,xss,tikiwiki
requests:

4
cves/2011/CVE-2011-4618.yaml
View File

@ -7,9 +7,9 @@ info:
description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4618
- http://www.securityfocus.com/archive/1/520589
- http://web.archive.org/web/20210121070605/https://www.securityfocus.com/archive/1/520589
- http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html
- http://www.securityfocus.com/archive/1/520589
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2011-4618

2
cves/2011/CVE-2011-4624.yaml
View File

@ -7,9 +7,9 @@ info:
description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4624
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0180.html
- http://www.openwall.com/lists/oss-security/2011/12/23/2
- http://plugins.trac.wordpress.org/changeset/469785
- http://archives.neohapsis.com/archives/bugtraq/2011-12/0180.html
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2011-4624

2
cves/2011/CVE-2011-4804.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/36598
- https://www.cvedetails.com/cve/CVE-2011-4804
- http://secunia.com/advisories/46844
- http://www.securityfocus.com/bid/48944
- http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2011-4804

4
cves/2011/CVE-2011-5107.yaml
View File

@ -7,9 +7,9 @@ info:
description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-5107 https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-alert-before-your-post-cross-site-scripting-0-1-1/
- http://www.securityfocus.com/bid/50743
- http://web.archive.org/web/20210121220155/https://www.securityfocus.com/bid/50743/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71413
- http://www.securityfocus.com/archive/1/520590/100/0/threaded
- http://web.archive.org/web/20201208110708/https://www.securityfocus.com/archive/1/520590/100/0/threaded
classification:
cve-id: CVE-2011-5107
tags: cve,cve2011,wordpress,xss,wp-plugin

4
cves/2011/CVE-2011-5179.yaml
View File

@ -7,9 +7,9 @@ info:
description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-5179
- http://www.securityfocus.com/bid/50824
- http://web.archive.org/web/20210615122339/https://www.securityfocus.com/bid/50824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71486
- http://www.securityfocus.com/archive/1/520662/100/0/threaded
- http://web.archive.org/web/20210614205347/https://www.securityfocus.com/archive/1/520662/100/0/threaded
classification:
cve-id: CVE-2011-5179
tags: cve,cve2011,wordpress,xss,wp-plugin

4
cves/2011/CVE-2011-5181.yaml
View File

@ -7,9 +7,9 @@ info:
description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-5181
- http://www.securityfocus.com/bid/50778
- http://web.archive.org/web/20210123155244/https://www.securityfocus.com/bid/50778/
- http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/
- http://osvdb.org/77338
- http://www.securityfocus.com/bid/50778
classification:
cve-id: CVE-2011-5181
tags: cve,cve2011,wordpress,xss,wp-plugin

2
cves/2011/CVE-2011-5265.yaml
View File

@ -7,9 +7,9 @@ info:
description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2011-5265
- http://web.archive.org/web/20210123103000/https://www.securityfocus.com/bid/50779/
- http://osvdb.org/77337
- http://www.securityfocus.com/bid/50779
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0120.html
classification:
cve-id: CVE-2011-5265
tags: cve,cve2011,wordpress,xss,wp-plugin

2
cves/2012/CVE-2012-0991.yaml
View File

@ -8,8 +8,8 @@ info:
reference:
- https://www.exploit-db.com/exploits/36650
- https://www.cvedetails.com/cve/CVE-2012-0991
- http://web.archive.org/web/20210121221715/https://www.securityfocus.com/bid/51788/
- http://osvdb.org/78729
- http://www.securityfocus.com/bid/51788
classification:
cve-id: CVE-2012-0991
tags: cve,cve2012,lfi,openemr,traversal

2
cves/2012/CVE-2012-1226.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://www.exploit-db.com/exploits/36873
- https://www.cvedetails.com/cve/CVE-2012-1226
- http://www.securityfocus.com/archive/1/521583
- http://web.archive.org/web/20210508221434/https://www.securityfocus.com/archive/1/521583
- http://www.vulnerability-lab.com/get_content.php?id=428
remediation: Upgrade to a supported version.
classification:

4
cves/2012/CVE-2012-1835.yaml
View File

@ -7,8 +7,8 @@ info:
description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-1835
- http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html
- http://www.securityfocus.com/bid/52986
- https://web.archive.org/web/20151001133311/http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html
- http://web.archive.org/web/20210615141436/https://www.securityfocus.com/bid/52986
- https://www.htbridge.com/advisory/HTB23082
classification:
cve-id: CVE-2012-1835

2
cves/2012/CVE-2012-4242.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-4242
- http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html
- http://www.securityfocus.com/bid/55622
- http://web.archive.org/web/20210121230717/https://www.securityfocus.com/bid/55622/
classification:
cve-id: CVE-2012-4242
tags: cve,cve2012,wordpress,xss,wp-plugin

1
cves/2012/CVE-2012-4768.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2012-4768
- http://packetstormsecurity.org/files/116408/wpdownloadmonitor3357-xss.txt
- http://osvdb.org/85319
- http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html
classification:
cve-id: CVE-2012-4768

2
cves/2012/CVE-2012-4889.yaml
View File

@ -6,7 +6,7 @@ info:
severity: medium
description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.
reference:
- https://www.securityfocus.com/bid/52841/info
- http://web.archive.org/web/20210121082432/https://www.securityfocus.com/bid/52841/info
- https://nvd.nist.gov/vuln/detail/CVE-2012-4889
- http://osvdb.org/80873
- http://osvdb.org/80872

2
cves/2012/CVE-2012-4940.yaml
View File

@ -9,7 +9,7 @@ info:
- https://www.exploit-db.com/exploits/37996
- https://nvd.nist.gov/vuln/detail/CVE-2012-4940
- http://www.kb.cert.org/vuls/id/586556
- http://www.securityfocus.com/bid/56343
- http://web.archive.org/web/20210121232008/https://www.securityfocus.com/bid/56343/
classification:
cve-id: CVE-2012-4940
tags: cve,cve2012,axigen,lfi,mail

4
cves/2013/CVE-2013-2248.yaml
View File

@ -18,12 +18,12 @@ info:
requests:
- method: GET
path:
- "{{BaseURL}}/index.action?redirect:http://www.example.com/"
- "{{BaseURL}}/index.action?redirect:http://www.interact.sh/"
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header
# Enhanced by mp on 2022/02/21

2
cves/2013/CVE-2013-2287.yaml
View File

@ -7,8 +7,8 @@ info:
description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-2287
- http://osvdb.org/90840
- https://www.dognaedis.com/vulns/DGS-SEC-16.html
- http://osvdb.org/90840
classification:
cve-id: CVE-2013-2287
tags: cve,cve2013,wordpress,xss,wp-plugin

3
cves/2013/CVE-2013-3526.yaml
View File

@ -8,8 +8,7 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2013-3526
- http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html
- http://osvdb.org/92197
- http://www.securityfocus.com/bid/58948
- http://web.archive.org/web/20210123051939/https://www.securityfocus.com/bid/58948/
classification:
cve-id: CVE-2013-3526
tags: cve,cve2013,wordpress,xss,wp-plugin

Some files were not shown because too many files have changed in this diff Show More