daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated 2020 CVEs

patch-1
Prince Chaddha 2023-09-06 17:52:36 +05:30
parent a09a0c8d7a
commit 7d9d59ab58
246 changed files with 857 additions and 421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http/cves/2020/CVE-2020-0618.yaml
View File

@ -5,6 +5,8 @@ info:
author: joeldeleep
severity: high
description: Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.
remediation: |
Apply the latest security updates provided by Microsoft to mitigate this vulnerability.
reference:
- https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
- https://github.com/euphrat1ca/CVE-2020-0618
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-0618
cwe-id: CWE-502
epss-score: 0.97329
cpe: cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*
epss-percentile: 0.99813
cpe: cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microsoft

4
http/cves/2020/CVE-2020-10148.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
remediation: |
Apply the necessary patches or updates provided by SolarWinds to fix the authentication bypass vulnerability.
reference:
- https://kb.cert.org/vuls/id/843464
- https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml
@ -18,8 +20,8 @@ info:
cve-id: CVE-2020-10148
cwe-id: CWE-287,CWE-288
epss-score: 0.97347
cpe: cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
epss-percentile: 0.99832
cpe: cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
metadata:
max-request: 2
vendor: solarwinds

4
http/cves/2020/CVE-2020-10199.yaml
View File

@ -5,6 +5,8 @@ info:
author: rootxharsh,iamnoooob,pdresearch
severity: high
description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection
remediation: |
Apply the latest security patches or upgrade to a non-vulnerable version of Sonatype Nexus Repository Manager 3.
reference:
- https://twitter.com/iamnoooob/status/1246182773427240967
- https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-10199
cwe-id: CWE-917
epss-score: 0.97217
cpe: cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*
epss-percentile: 0.99742
cpe: cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: sonatype

7
http/cves/2020/CVE-2020-10220.yaml
View File

@ -6,20 +6,21 @@ info:
severity: critical
description: |
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
remediation: |
Upgrade to a patched version of rConfig or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-10220
classification:
cve-id: CVE-2020-10220
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-10220
cwe-id: CWE-89
metadata:
max-request: 1
verified: true
max-request: 1
shodan-query: title:"rConfig"
tags: cve,cve2020,rconfig,sqli
variables:
num: "999999999"

4
http/cves/2020/CVE-2020-10546.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
remediation: |
Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability.
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-10546
cwe-id: CWE-89
epss-score: 0.4901
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
epss-percentile: 0.97048
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: rconfig

4
http/cves/2020/CVE-2020-10547.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
remediation: |
Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability.
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
- https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-10547
cwe-id: CWE-89
epss-score: 0.4901
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
epss-percentile: 0.97048
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: rconfig

4
http/cves/2020/CVE-2020-10548.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: critical
description: rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
remediation: |
Upgrade to a patched version of rConfig or apply the necessary security patches provided by the vendor.
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-10548
cwe-id: CWE-89
epss-score: 0.4901
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
epss-percentile: 0.97048
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: rconfig

4
http/cves/2020/CVE-2020-10549.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: critical
description: rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
remediation: |
Upgrade rConfig to version >3.9.4 or apply the provided patch to mitigate the SQL Injection vulnerability.
reference:
- https://github.com/theguly/exploits/blob/master/CVE-2020-10549.py
- https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-10549
cwe-id: CWE-89
epss-score: 0.4901
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
epss-percentile: 0.97048
cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: rconfig

4
http/cves/2020/CVE-2020-10770.yaml
View File

@ -5,6 +5,8 @@ info:
author: dhiyaneshDk
severity: medium
description: Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
remediation: |
Upgrade Keycloak to a version higher than 12.0.1 to mitigate this vulnerability.
reference:
- https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
- https://www.exploit-db.com/exploits/50405
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-10770
cwe-id: CWE-918
epss-score: 0.37441
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
epss-percentile: 0.9668
cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: redhat

8
http/cves/2020/CVE-2020-10973.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
remediation: |
Apply the latest firmware update provided by the vendor to fix the access control issue.
reference:
- https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973
- https://github.com/sudo-jtcsec/Nyra
@ -18,14 +20,14 @@ info:
cve-id: CVE-2020-10973
cwe-id: CWE-306
epss-score: 0.03878
cpe: cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*
epss-percentile: 0.90774
cpe: cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"Wavlink"
verified: true
max-request: 1
vendor: wavlink
product: wn530hg4_firmware
shodan-query: http.html:"Wavlink"
tags: cve,cve2020,exposure,wavlink
http:

4
http/cves/2020/CVE-2020-11034.yaml
View File

@ -5,21 +5,21 @@ info:
author: pikpikcu
severity: medium
description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp.
remediation: Upgrade to version 9.4.6 or later.
reference:
- https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
- https://github.com/glpi-project/glpi/archive/9.4.6.zip
- https://nvd.nist.gov/vuln/detail/CVE-2020-11034
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/
remediation: Upgrade to version 9.4.6 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2020-11034
cwe-id: CWE-601,CWE-185
epss-score: 0.00396
cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
epss-percentile: 0.7014
cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: glpi-project

6
http/cves/2020/CVE-2020-11110.yaml
View File

@ -5,26 +5,26 @@ info:
author: emadshanab
severity: medium
description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
remediation: This issue can be resolved by updating Grafana to the latest version.
reference:
- https://github.com/grafana/grafana/pull/23254
- https://security.netapp.com/advisory/ntap-20200810-0002/
- https://nvd.nist.gov/vuln/detail/CVE-2020-11110
- https://hackerone.com/reports/1329433
- https://github.com/grafana/grafana/blob/master/CHANGELOG.md
remediation: This issue can be resolved by updating Grafana to the latest version.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2020-11110
cwe-id: CWE-79
epss-score: 0.00131
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
epss-percentile: 0.47313
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"Grafana"
vendor: grafana
product: grafana
shodan-query: title:"Grafana"
tags: cve,cve2020,xss,grafana,hackerone
http:

4
http/cves/2020/CVE-2020-11450.yaml
View File

@ -6,20 +6,20 @@ info:
severity: high
description: |
MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: Mitigated in all versions 11.0 and higher.
reference:
- http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11450
- https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
- https://nvd.nist.gov/vuln/detail/cve-2020-11450
- http://seclists.org/fulldisclosure/2020/Apr/1
remediation: Mitigated in all versions 11.0 and higher.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-11450
epss-score: 0.34975
cpe: cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*
epss-percentile: 0.96566
cpe: cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microstrategy

4
http/cves/2020/CVE-2020-11455.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: critical
description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
remediation: |
Upgrade to the latest version of LimeSurvey (4.1.12 or higher) which includes a fix for this vulnerability.
reference:
- https://www.exploit-db.com/exploits/48297
- https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-11455
cwe-id: CWE-22
epss-score: 0.5225
cpe: cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*
epss-percentile: 0.97134
cpe: cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: limesurvey

4
http/cves/2020/CVE-2020-11529.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: medium
description: Grav before 1.7 has an open redirect vulnerability via common/Grav.php. This is partially fixed in 1.6.23 and still present in 1.6.x.
remediation: |
Upgrade Grav CMS to version 1.7 or later to fix the open redirect vulnerability.
reference:
- https://github.com/getgrav/grav/issues/3134
- https://nvd.nist.gov/vuln/detail/CVE-2020-11529
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-11529
cwe-id: CWE-601
epss-score: 0.00349
cpe: cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*
epss-percentile: 0.68242
cpe: cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: getgrav

8
http/cves/2020/CVE-2020-11530.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the WordPress Chop Slider 3 plugin to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/f10cd7d7-6a31-48e5-994c-b100c846001a
- https://github.com/idangerous/plugins/tree/master/Chop%20Slider%203/Chop%20Slider%203%20Wordpress
@ -18,14 +20,14 @@ info:
cve-id: CVE-2020-11530
cwe-id: CWE-89
epss-score: 0.65013
cpe: cpe:2.3:a:idangero:chop_slider:3.0:*:*:*:*:wordpress:*:*
epss-percentile: 0.9744
cpe: cpe:2.3:a:idangero:chop_slider:3.0:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: idangero
product: chop_slider
framework: wordpress
tags: wpscan,seclists,cve,cve2020,sqli,wordpress,wp-plugin,wp,chopslider,unauth
http:

6
http/cves/2020/CVE-2020-11546.yaml
View File

@ -5,6 +5,8 @@ info:
author: Official_BlackHat13
severity: critical
description: SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.
remediation: |
Upgrade to the latest version of SuperWebmailer to mitigate this vulnerability.
reference:
- https://github.com/Official-BlackHat13/CVE-2020-11546/
- https://blog.to.com/advisory-superwebmailer-cve-2020-11546/
@ -15,13 +17,13 @@ info:
cve-id: CVE-2020-11546
cwe-id: CWE-94
epss-score: 0.96429
cpe: cpe:2.3:a:superwebmailer:superwebmailer:*:*:*:*:*:*:*:*
epss-percentile: 0.99376
cpe: cpe:2.3:a:superwebmailer:superwebmailer:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"SuperWebMailer"
vendor: superwebmailer
product: superwebmailer
shodan-query: title:"SuperWebMailer"
tags: cve,cve2020,rce,superwebmailer
http:

8
http/cves/2020/CVE-2020-11547.yaml
View File

@ -5,6 +5,8 @@ info:
author: x6263
severity: medium
description: PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Upgrade PRTG Network Monitor to version 20.1.57.1745 or higher to mitigate the information disclosure vulnerability.
reference:
- https://github.com/ch-rigu/CVE-2020-11547--PRTG-Network-Monitor-Information-Disclosure
- https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure
@ -15,14 +17,14 @@ info:
cve-id: CVE-2020-11547
cwe-id: CWE-306
epss-score: 0.0011
cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
epss-percentile: 0.43305
cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
metadata:
max-request: 3
verified: true
shodan-query: title:"prtg"
max-request: 3
vendor: paessler
product: "prtg_network_monitor"
shodan-query: title:"prtg"
tags: cve,cve2020,prtg,disclosure
http:

6
http/cves/2020/CVE-2020-11710.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: critical
description: Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.
remediation: |
Upgrade to Kong version 2.0.3 or later to fix the vulnerability and ensure proper authentication and access control mechanisms are in place.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-11710
- https://github.com/Kong/kong
@ -16,13 +18,13 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-11710
epss-score: 0.02084
cpe: cpe:2.3:a:konghq:docker-kong:*:*:*:*:*:kong:*:*
epss-percentile: 0.87657
cpe: cpe:2.3:a:konghq:docker-kong:*:*:*:*:*:kong:*:*
metadata:
max-request: 1
framework: kong
vendor: konghq
product: docker-kong
framework: kong
tags: cve,cve2020,kong
http:

6
http/cves/2020/CVE-2020-11738.yaml
View File

@ -8,6 +8,8 @@ info:
WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two
versions v1.3.24 and v1.3.26, the vulnerability wasn't
present in versions 1.3.22 and before.
remediation: |
Update the WordPress Duplicator plugin to the latest version (1.3.27 or higher) to mitigate the vulnerability.
reference:
- https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild
- https://snapcreek.com/duplicator/docs/changelog/?lite
@ -20,13 +22,13 @@ info:
cve-id: CVE-2020-11738
cwe-id: CWE-22
epss-score: 0.97273
cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
epss-percentile: 0.99776
cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: snapcreek
product: duplicator
framework: wordpress
tags: kev,tenable,packetstorm,cve,cve2020,wordpress,wp-plugin,lfi
http:

8
http/cves/2020/CVE-2020-11798.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
remediation: |
Apply the latest security patches or updates provided by Mitel to mitigate the vulnerability and prevent unauthorized access.
reference:
- https://packetstormsecurity.com/files/171751/mma913-traversallfi.txt
- https://nvd.nist.gov/vuln/detail/CVE-2020-11798
@ -18,14 +20,14 @@ info:
cve-id: CVE-2020-11798
cwe-id: CWE-22
epss-score: 0.75314
cpe: cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:*:*:*:*:*:*:*:*
epss-percentile: 0.97741
cpe: cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: html:"Mitel" html:"MiCollab"
max-request: 1
vendor: mitel
product: micollab_audio\,_web_\&_video_conferencing
shodan-query: html:"Mitel" html:"MiCollab"
tags: packetstorm,cve,cve2020,mitel,micollab,lfi
http:

4
http/cves/2020/CVE-2020-11853.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).
remediation: |
Apply the latest security patch or upgrade to a non-vulnerable version of Micro Focus Operations Bridge Manager.
reference:
- http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
- https://softwaresupport.softwaregrp.com/doc/KM03747658
@ -17,8 +19,8 @@ info:
cvss-score: 8.8
cve-id: CVE-2020-11853
epss-score: 0.94797
cpe: cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:*
epss-percentile: 0.98954
cpe: cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microfocus

4
http/cves/2020/CVE-2020-11854.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.
remediation: |
Apply the latest security patches or updates provided by Micro Focus to fix this vulnerability.
reference:
- http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
- https://softwaresupport.softwaregrp.com/doc/KM03747658
@ -18,8 +20,8 @@ info:
cve-id: CVE-2020-11854
cwe-id: CWE-798
epss-score: 0.97414
cpe: cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
epss-percentile: 0.99886
cpe: cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microfocus

8
http/cves/2020/CVE-2020-11930.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
remediation: |
Update the WordPress GTranslate plugin to version 2.8.52 or later to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/10181
- https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
@ -18,14 +20,14 @@ info:
cve-id: CVE-2020-11930
cwe-id: CWE-79
epss-score: 0.00396
cpe: cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.70156
cpe: cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
publicwww-query: "/wp-content/plugins/gtranslate"
framework: wordpress
vendor: gtranslate
product: translate_wordpress_with_gtranslate
framework: wordpress
publicwww-query: "/wp-content/plugins/gtranslate"
tags: cve,cve2020,wordpress,wp,xss,wp-plugin,wpscan
http:

8
http/cves/2020/CVE-2020-11978.yaml
View File

@ -5,26 +5,26 @@ info:
author: pdteam
severity: high
description: Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use).
remediation: If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
reference:
- https://github.com/pberba/CVE-2020-11978
- https://twitter.com/wugeej/status/1400336603604668418
- https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2020-11978
remediation: If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2020-11978
cwe-id: CWE-78
epss-score: 0.97524
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
epss-percentile: 0.9998
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
metadata:
max-request: 4
shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
verified: true
max-request: 4
vendor: apache
product: airflow
shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
tags: cve,cve2020,apache,airflow,rce,kev
http:

6
http/cves/2020/CVE-2020-11991.yaml
View File

@ -5,24 +5,24 @@ info:
author: pikpikcu
severity: high
description: Apache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.
remediation: Upgrade to Apache Cocoon 2.1.13 or later.
reference:
- https://lists.apache.org/thread/6xg5j4knfczwdhggo3t95owqzol37k1b
- https://nvd.nist.gov/vuln/detail/CVE-2020-11991
- https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
remediation: Upgrade to Apache Cocoon 2.1.13 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-11991
cwe-id: CWE-611
epss-score: 0.80318
cpe: cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:*
epss-percentile: 0.97888
cpe: cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"Apache Cocoon"
vendor: apache
product: cocoon
shodan-query: http.html:"Apache Cocoon"
tags: cve,cve2020,apache,xml,cocoon,xxe
http:

6
http/cves/2020/CVE-2020-12054.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
remediation: |
Update to the latest version of WordPress Catch Breadcrumb plugin (1.5.4 or higher) to mitigate the vulnerability.
reference:
- https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
- https://wpvulndb.com/vulnerabilities/10184
@ -17,13 +19,13 @@ info:
cve-id: CVE-2020-12054
cwe-id: CWE-79
epss-score: 0.00129
cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.46935
cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: catchplugins
product: catch_breadcrumb
framework: wordpress
tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020
http:

4
http/cves/2020/CVE-2020-12116.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: high
description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.
remediation: |
Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine OpManger to mitigate the vulnerability.
reference:
- https://github.com/BeetleChunks/CVE-2020-12116
- https://nvd.nist.gov/vuln/detail/CVE-2020-12116
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-12116
cwe-id: CWE-22
epss-score: 0.97355
cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
epss-percentile: 0.99837
cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: zohocorp

8
http/cves/2020/CVE-2020-12127.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
remediation: |
Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability.
reference:
- https://cerne.xyz/bugs/CVE-2020-12127
- https://www.wavlink.com/en_us/product/WL-WN530H4.html
@ -16,14 +18,14 @@ info:
cve-id: CVE-2020-12127
cwe-id: CWE-306
epss-score: 0.03579
cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*
epss-percentile: 0.90419
cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"Wavlink"
verified: true
max-request: 1
vendor: wavlink
product: wn530h4_firmware
shodan-query: http.html:"Wavlink"
tags: cve,cve2020,wavlink,exposure
http:

4
http/cves/2020/CVE-2020-12447.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: high
description: Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion.
remediation: |
Apply the latest firmware update provided by the vendor to fix the directory traversal vulnerability.
reference:
- https://blog.spookysec.net/onkyo-lfi
- https://nvd.nist.gov/vuln/detail/CVE-2020-12447
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-12447
cwe-id: CWE-22
epss-score: 0.01778
cpe: cpe:2.3:o:onkyo:tx-nr585_firmware:1000-0000-000-0008-0000:*:*:*:*:*:*:*
epss-percentile: 0.86487
cpe: cpe:2.3:o:onkyo:tx-nr585_firmware:1000-0000-000-0008-0000:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: onkyo

8
http/cves/2020/CVE-2020-12478.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade to a patched version of TeamPass or apply the recommended security patches.
reference:
- https://github.com/nilsteampassnet/TeamPass/issues/2764
- https://nvd.nist.gov/vuln/detail/CVE-2020-12478
@ -15,14 +17,14 @@ info:
cve-id: CVE-2020-12478
cwe-id: CWE-306
epss-score: 0.00901
cpe: cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*
epss-percentile: 0.80707
cpe: cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"teampass"
verified: true
max-request: 1
vendor: teampass
product: teampass
shodan-query: http.html:"teampass"
tags: cve,cve2020,teampass,exposure,unauth
http:

4
http/cves/2020/CVE-2020-12720.yaml
View File

@ -5,6 +5,8 @@ info:
author: pdteam
severity: critical
description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.
remediation: |
Apply the latest security patch or upgrade to a non-vulnerable version of vBulletin.
reference:
- https://github.com/rekter0/exploits/tree/master/CVE-2020-12720
- https://nvd.nist.gov/vuln/detail/CVE-2020-12720
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-12720
cwe-id: CWE-306
epss-score: 0.88108
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
epss-percentile: 0.98245
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: vbulletin

6
http/cves/2020/CVE-2020-12800.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.
remediation: |
Update the Contact Form 7 plugin to version 1.3.3.3 or later to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-12800
- https://github.com/amartinsec/CVE-2020-12800
@ -17,13 +19,13 @@ info:
cve-id: CVE-2020-12800
cwe-id: CWE-434
epss-score: 0.97435
cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.99908
cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: codedropz
product: drag_and_drop_multiple_file_upload_-_contact_form_7
framework: wordpress
tags: wordpress,wp-plugin,fileupload,wp,rce,packetstorm,cve,cve2020,intrusive
http:

8
http/cves/2020/CVE-2020-13117.yaml
View File

@ -5,6 +5,8 @@ info:
author: gy741
severity: critical
description: Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected.
remediation: |
Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
reference:
- https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-13117
@ -14,14 +16,14 @@ info:
cve-id: CVE-2020-13117
cwe-id: CWE-77
epss-score: 0.0785
cpe: cpe:2.3:o:wavlink:wn575a4_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.93385
cpe: cpe:2.3:o:wavlink:wn575a4_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: http.title:"Wi-Fi APP Login"
max-request: 1
vendor: wavlink
product: wn575a4_firmware
shodan-query: http.title:"Wi-Fi APP Login"
tags: cve,cve2020,wavlink,rce,oast,router
http:

4
http/cves/2020/CVE-2020-13121.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: medium
description: Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade to Submitty version 20.04.01 or later to fix the open redirect vulnerability.
reference:
- https://github.com/Submitty/Submitty/issues/5265
- https://nvd.nist.gov/vuln/detail/CVE-2020-13121
@ -14,8 +16,8 @@ info:
cve-id: CVE-2020-13121
cwe-id: CWE-601
epss-score: 0.00235
cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:*
epss-percentile: 0.60968
cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: rcos

4
http/cves/2020/CVE-2020-13158.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: high
description: Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter.
remediation: |
Upgrade to Artica Proxy Community Edition version 4.30.000000 or later to fix the Local File Inclusion vulnerability.
reference:
- https://github.com/InfoSec4Fun/CVE-2020-13158
- https://sourceforge.net/projects/artica-squid/files/
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-13158
cwe-id: CWE-22
epss-score: 0.96791
cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:community:*:*:*
epss-percentile: 0.99534
cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:community:*:*:*
metadata:
max-request: 1
vendor: articatech

4
http/cves/2020/CVE-2020-13167.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
remediation: |
Upgrade to a patched version of Netsweeper (>=6.4.4) to mitigate this vulnerability.
reference:
- https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
- https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-13167
cwe-id: CWE-78
epss-score: 0.97384
cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*
epss-percentile: 0.99866
cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: netsweeper

4
http/cves/2020/CVE-2020-13258.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
remediation: |
Upgrade Contentful to a version that is not vulnerable to CVE-2020-13258 or apply the necessary patches provided by the vendor.
reference:
- https://github.com/contentful/the-example-app.py/issues/44
- https://nvd.nist.gov/vuln/detail/CVE-2020-13258
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-13258
cwe-id: CWE-79
epss-score: 0.00464
cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:*
epss-percentile: 0.72315
cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: contentful

7
http/cves/2020/CVE-2020-13379.yaml
View File

@ -6,13 +6,13 @@ info:
severity: high
description: |
Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: Upgrade to 6.3.4 or higher.
reference:
- https://github.com/advisories/GHSA-wc9w-wvq2-ffm9
- https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192
- http://www.openwall.com/lists/oss-security/2020/06/03/4
- https://nvd.nist.gov/vuln/detail/CVE-2020-13379
- http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
remediation: Upgrade to 6.3.4 or higher.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
cvss-score: 8.2
@ -22,11 +22,11 @@ info:
epss-percentile: 0.95791
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: grafana
product: grafana
shodan-query: title:"Grafana"
vendor: grafana
verified: true
tags: cve,cve2020,grafana,ssrf
http:
@ -36,6 +36,7 @@ http:
- "{{BaseURL}}/grafana/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word

8
http/cves/2020/CVE-2020-13405.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade Microweber to version 1.1.20 or later to mitigate the vulnerability.
reference:
- https://rhinosecuritylabs.com/research/microweber-database-disclosure/
- https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6
@ -16,14 +18,14 @@ info:
cve-id: CVE-2020-13405
cwe-id: CWE-306
epss-score: 0.00667
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
epss-percentile: 0.77128
cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
metadata:
max-request: 3
shodan-query: http.html:"microweber"
verified: true
max-request: 3
vendor: microweber
product: microweber
shodan-query: http.html:"microweber"
tags: cve,cve2020,microweber,unauth,disclosure
http:

4
http/cves/2020/CVE-2020-13483.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu,3th1c_yuk1
severity: medium
description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
remediation: |
Upgrade to a patched version of Bitrix24 (version >20.0.0) to mitigate this vulnerability.
reference:
- https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
- https://twitter.com/brutelogic/status/1483073170827628547
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-13483
cwe-id: CWE-79
epss-score: 0.00113
cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:*
epss-percentile: 0.44064
cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: bitrix24

6
http/cves/2020/CVE-2020-13700.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.
remediation: |
Update the acf-to-rest-api plugin to version >3.1.0 or apply the latest security patches.
reference:
- https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
- https://wordpress.org/plugins/acf-to-rest-api/#developers
@ -17,13 +19,13 @@ info:
cve-id: CVE-2020-13700
cwe-id: CWE-639
epss-score: 0.01923
cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.87118
cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: acf_to_rest_api_project
product: acf_to_rest_api
framework: wordpress
tags: cve,cve2020,wordpress,plugin
http:

8
http/cves/2020/CVE-2020-13820.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Apply the latest security patch or upgrade to a non-vulnerable version of Extreme Management Center.
reference:
- https://medium.com/@0x00crash/xss-reflected-in-extreme-management-center-8-4-1-24-cve-2020-13820-c6febe951219
- https://gtacknowledge.extremenetworks.com/articles/Solution/000051136
@ -18,14 +20,14 @@ info:
cve-id: CVE-2020-13820
cwe-id: CWE-79
epss-score: 0.00237
cpe: cpe:2.3:a:extremenetworks:extreme_management_center:8.4.1.24:*:*:*:*:*:*:*
epss-percentile: 0.6108
cpe: cpe:2.3:a:extremenetworks:extreme_management_center:8.4.1.24:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"Extreme Management Center"
verified: true
max-request: 1
vendor: extremenetworks
product: extreme_management_center
shodan-query: title:"Extreme Management Center"
tags: cve,cve2020,xss,extremenetworks
http:

10
http/cves/2020/CVE-2020-13927.yaml
View File

@ -6,27 +6,27 @@ info:
severity: critical
description: |
Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.
remediation: |
From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references.
reference:
- https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E
- http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html
- https://airflow.apache.org/docs/1.10.11/security.html#api-authenticatio
- https://nvd.nist.gov/vuln/detail/CVE-2020-13927
remediation: |
From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-13927
cwe-id: CWE-1188
epss-score: 0.95404
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
epss-percentile: 0.99097
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
max-request: 1
vendor: apache
product: airflow
shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
tags: packetstorm,cve,cve2020,apache,airflow,unauth,auth-bypass,kev
http:

4
http/cves/2020/CVE-2020-13937.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.
remediation: |
Secure the configuration file by restricting access permissions and implementing proper access controls.
reference:
- https://kylin.apache.org/docs/release_notes.html
- https://s.tencent.com/research/bsafe/1156.html
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-13937
cwe-id: CWE-922
epss-score: 0.97402
cpe: cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:*
epss-percentile: 0.99877
cpe: cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

4
http/cves/2020/CVE-2020-13942.yaml
View File

@ -9,21 +9,21 @@ info:
offers the possibility to call static Java classes from the JDK
that could execute code with the permission level of the running Java process.
This vulnerability affects all versions of Apache Unomi prior to 1.5.2.
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
reference:
- https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
- https://twitter.com/chybeta/status/1328912309440311297
- https://nvd.nist.gov/vuln/detail/CVE-2020-13942
- http://unomi.apache.org./security/cve-2020-13942.txt
- https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-13942
cwe-id: CWE-74,CWE-20
epss-score: 0.97533
cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*
epss-percentile: 0.99986
cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

4
http/cves/2020/CVE-2020-13945.yaml
View File

@ -5,6 +5,8 @@ info:
author: pdteam
severity: medium
description: Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.
remediation: |
Upgrade to the latest version of Apache APISIX, which includes a fix for the vulnerability. Additionally, ensure that sensitive credentials are properly protected and stored securely.
reference:
- https://github.com/vulhub/vulhub/tree/master/apisix/CVE-2020-13945
- https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-13945
cwe-id: CWE-522
epss-score: 0.00522
cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
epss-percentile: 0.73906
cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: apache

6
http/cves/2020/CVE-2020-14092.yaml
View File

@ -5,6 +5,8 @@ info:
author: princechaddha
severity: critical
description: WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format.
remediation: |
Update to the latest version of the WordPress PayPal Pro plugin (1.1.65 or higher) to mitigate the SQL Injection vulnerability.
reference:
- https://wpscan.com/vulnerability/10287
- https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro
@ -17,13 +19,13 @@ info:
cve-id: CVE-2020-14092
cwe-id: CWE-89
epss-score: 0.76739
cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.97784
cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: ithemes
product: paypal_pro
framework: wordpress
tags: wp-plugin,sqli,paypal,wpscan,cve,cve2020,wordpress
http:

8
http/cves/2020/CVE-2020-14144.yaml
View File

@ -6,27 +6,27 @@ info:
severity: high
description: |
Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides."
remediation: Fixed in version 1.16.7.
reference:
- https://dl.gitea.io/gitea/1.16.6
- https://github.com/go-gitea/gitea/pull/13058
- https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/
- https://nvd.nist.gov/vuln/detail/CVE-2020-14144
- https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script
remediation: Fixed in version 1.16.7.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2020-14144
cwe-id: CWE-78
epss-score: 0.96765
cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
epss-percentile: 0.99519
cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
metadata:
max-request: 7
shodan-query: html:"Powered by Gitea Version"
verified: true
max-request: 7
vendor: gitea
product: gitea
shodan-query: html:"Powered by Gitea Version"
tags: cve,cve2020,rce,gitea,authenticated,git,intrusive
http:

6
http/cves/2020/CVE-2020-14179.yaml
View File

@ -5,6 +5,8 @@ info:
author: x1m_martijn
severity: medium
description: Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.
remediation: |
Upgrade Atlassian Jira Server/Data Center to a version higher than 8.11.1 to mitigate the vulnerability.
reference:
- https://jira.atlassian.com/browse/JRASERVER-71536
- https://nvd.nist.gov/vuln/detail/CVE-2020-14179
@ -13,13 +15,13 @@ info:
cvss-score: 5.3
cve-id: CVE-2020-14179
epss-score: 0.0047
cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
epss-percentile: 0.72498
cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"Atlassian Jira"
vendor: atlassian
product: jira_data_center
shodan-query: http.component:"Atlassian Jira"
tags: cve,cve2020,atlassian,jira,exposure,disclosure
http:

6
http/cves/2020/CVE-2020-14181.yaml
View File

@ -5,6 +5,8 @@ info:
author: bjhulst
severity: medium
description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
remediation: |
Apply the necessary patches or updates provided by Atlassian to fix the vulnerability.
reference:
- https://jira.atlassian.com/browse/JRASERVER-71560
- http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html
@ -15,13 +17,13 @@ info:
cve-id: CVE-2020-14181
cwe-id: CWE-200
epss-score: 0.96932
cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
epss-percentile: 0.99604
cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"Atlassian Jira"
vendor: atlassian
product: data_center
shodan-query: http.component:"Atlassian Jira"
tags: cve,cve2020,atlassian,jira,packetstorm
http:

6
http/cves/2020/CVE-2020-14408.yaml
View File

@ -5,6 +5,8 @@ info:
author: edoardottt
severity: medium
description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
remediation: |
Upgrade to the latest version of Agentejo Cockpit or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://github.com/agentejo/cockpit/issues/1310
- https://nvd.nist.gov/vuln/detail/CVE-2020-14408
@ -14,11 +16,11 @@ info:
cve-id: CVE-2020-14408
cwe-id: CWE-79
epss-score: 0.00113
cpe: cpe:2.3:a:agentejo:cockpit:0.10.2:*:*:*:*:*:*:*
epss-percentile: 0.44064
cpe: cpe:2.3:a:agentejo:cockpit:0.10.2:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
max-request: 1
vendor: agentejo
product: cockpit
tags: cve,cve2020,cockpit,agentejo,xss,oss

4
http/cves/2020/CVE-2020-14413.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.
remediation: |
Upgrade to a patched version of NeDi or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8
- https://nvd.nist.gov/vuln/detail/CVE-2020-14413
@ -14,8 +16,8 @@ info:
cve-id: CVE-2020-14413
cwe-id: CWE-79
epss-score: 0.00095
cpe: cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:*
epss-percentile: 0.39345
cpe: cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: nedi

8
http/cves/2020/CVE-2020-14750.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update.
remediation: |
Apply the latest security patches provided by Oracle to mitigate this vulnerability.
reference:
- https://github.com/pprietosanchez/CVE-2020-14750
- https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
@ -17,14 +19,14 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-14750
epss-score: 0.97553
cpe: cpe:2.3:a:oracle:fusion_middleware:10.3.6.0:*:*:*:*:*:*:*
epss-percentile: 0.99993
cpe: cpe:2.3:a:oracle:fusion_middleware:10.3.6.0:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"Weblogic Application Server"
verified: true
max-request: 1
vendor: oracle
product: fusion_middleware
shodan-query: http.html:"Weblogic Application Server"
tags: packetstorm,cve,cve2020,rce,oracle,weblogic,unauth,kev
http:

4
http/cves/2020/CVE-2020-14864.yaml
View File

@ -5,6 +5,8 @@ info:
author: Ivo Palazzolo (@palaziv)
severity: high
description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage."
remediation: |
Apply the latest security patches and updates provided by Oracle to fix this vulnerability.
reference:
- http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-14864
cwe-id: CWE-22
epss-score: 0.32452
cpe: cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
epss-percentile: 0.96445
cpe: cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
metadata:
max-request: 2
vendor: oracle

4
http/cves/2020/CVE-2020-14882.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: critical
description: Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.
remediation: |
Apply the latest security patches provided by Oracle to fix the vulnerability.
reference:
- https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
- https://www.oracle.com/security-alerts/cpuoct2020.html
@ -17,8 +19,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-14882
epss-score: 0.97537
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
epss-percentile: 0.99988
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: oracle

8
http/cves/2020/CVE-2020-14883.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.
remediation: |
Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability.
reference:
- https://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883
@ -16,14 +18,14 @@ info:
cvss-score: 7.2
cve-id: CVE-2020-14883
epss-score: 0.97537
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
epss-percentile: 0.99989
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: title:"Oracle PeopleSoft Sign-in"
max-request: 1
vendor: oracle
product: weblogic_server
shodan-query: title:"Oracle PeopleSoft Sign-in"
tags: oracle,rce,weblogic,kev,packetstorm,cve,cve2020
variables:
str: "{{randstr}}"

4
http/cves/2020/CVE-2020-15050.yaml
View File

@ -5,6 +5,8 @@ info:
author: gy741
severity: high
description: Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.
remediation: |
Upgrade Suprema BioStar to version 2.8.2 or later to fix the LFI vulnerability.
reference:
- http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html
- https://www.supremainc.com/en/support/biostar-2-pakage.asp
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-15050
cwe-id: CWE-22
epss-score: 0.13878
cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*
epss-percentile: 0.94934
cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: supremainc

4
http/cves/2020/CVE-2020-15129.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: medium
description: Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Apply the vendor-provided patch or upgrade to a non-vulnerable version of Traefik.
reference:
- https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
- https://github.com/containous/traefik/releases/tag/v2.2.8
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-15129
cwe-id: CWE-601
epss-score: 0.00519
cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
epss-percentile: 0.73814
cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: traefik

4
http/cves/2020/CVE-2020-15148.yaml
View File

@ -5,20 +5,20 @@ info:
author: pikpikcu
severity: critical
description: Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory.
reference:
- https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
- https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
- https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
- https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2020-15148
cwe-id: CWE-502
epss-score: 0.02226
cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*
epss-percentile: 0.88079
cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: yiiframework

4
http/cves/2020/CVE-2020-15227.yaml
View File

@ -5,6 +5,8 @@ info:
author: becivells
severity: critical
description: Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework.
remediation: |
Apply the latest security patches provided by the Nette Framework to fix the deserialization vulnerability.
reference:
- https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
- https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-15227
cwe-id: CWE-94,CWE-74
epss-score: 0.97364
cpe: cpe:2.3:a:nette:application:*:*:*:*:*:*:*:*
epss-percentile: 0.99844
cpe: cpe:2.3:a:nette:application:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: nette

4
http/cves/2020/CVE-2020-15500.yaml
View File

@ -5,6 +5,8 @@ info:
author: Akash.C
severity: medium
description: TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.
remediation: |
Upgrade TileServer GL to a version higher than 3.0.0 or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://github.com/maptiler/tileserver-gl/issues/461
- http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-15500
cwe-id: CWE-79
epss-score: 0.0021
cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:*
epss-percentile: 0.58204
cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: tileserver

4
http/cves/2020/CVE-2020-15505.yaml
View File

@ -9,6 +9,8 @@ info:
author: dwisiswant0
severity: critical
description: A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.
remediation: |
Upgrade MobileIron Core & Connector and Sentry to versions above v10.6 & v9.8 respectively
reference:
- https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
- https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505
@ -21,8 +23,8 @@ info:
cve-id: CVE-2020-15505
cwe-id: CWE-706
epss-score: 0.97504
cpe: cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*
epss-percentile: 0.99964
cpe: cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: mobileiron

4
http/cves/2020/CVE-2020-15568.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: critical
description: TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
remediation: |
Upgrade TerraMaster TOS to version 1.29 or higher to mitigate this vulnerability.
reference:
- https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/
- https://nvd.nist.gov/vuln/detail/CVE-2020-15568
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-15568
cwe-id: CWE-913
epss-score: 0.96537
cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
epss-percentile: 0.99422
cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: terra-master

6
http/cves/2020/CVE-2020-15867.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but not in the UI, it could be considered a "product UI does not warn user of unsafe actions" issue.
remediation: |
Upgrade Gogs to a version that is not affected by the vulnerability (0.12.3 or later).
reference:
- https://packetstormsecurity.com/files/162123/Gogs-Git-Hooks-Remote-Code-Execution.html
- https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/
@ -16,11 +18,11 @@ info:
cvss-score: 7.2
cve-id: CVE-2020-15867
epss-score: 0.96465
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
epss-percentile: 0.99385
cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
metadata:
max-request: 7
verified: true
max-request: 7
vendor: gogs
product: gogs
tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm,intrusive

6
http/cves/2020/CVE-2020-15895.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.
remediation: |
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
reference:
- https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169
@ -16,13 +18,13 @@ info:
cve-id: CVE-2020-15895
cwe-id: CWE-79
epss-score: 0.00187
cpe: cpe:2.3:o:d-link:dir-816l_firmware:2.06:*:*:*:*:*:*:*
epss-percentile: 0.55288
cpe: cpe:2.3:o:d-link:dir-816l_firmware:2.06:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: html:"DIR-816L"
vendor: d-link
product: dir-816l_firmware
shodan-query: html:"DIR-816L"
tags: cve,cve2020,dlink,xss
http:

4
http/cves/2020/CVE-2020-15920.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: critical
description: Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.
remediation: |
Upgrade Mida eFramework to a version higher than 2.9.0 to mitigate the vulnerability.
reference:
- https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
- http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-15920
cwe-id: CWE-78
epss-score: 0.97263
cpe: cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:*
epss-percentile: 0.9977
cpe: cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: midasolutions

4
http/cves/2020/CVE-2020-16139.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.
remediation: |
Apply the latest firmware update provided by Cisco to mitigate this vulnerability.
reference:
- http://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.html
- https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html
@ -15,8 +17,8 @@ info:
cvss-score: 7.5
cve-id: CVE-2020-16139
epss-score: 0.01181
cpe: cpe:2.3:o:cisco:unified_ip_conference_station_7937g_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.83291
cpe: cpe:2.3:o:cisco:unified_ip_conference_station_7937g_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: cisco

4
http/cves/2020/CVE-2020-16846.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.
remediation: |
Upgrade to a patched version of SaltStack (>=3003) to mitigate this vulnerability.
reference:
- https://saltproject.io/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
- https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag
@ -18,8 +20,8 @@ info:
cve-id: CVE-2020-16846
cwe-id: CWE-78
epss-score: 0.97514
cpe: cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
epss-percentile: 0.99971
cpe: cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: saltstack

4
http/cves/2020/CVE-2020-16952.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: high
description: Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package.
remediation: |
Apply the latest security updates provided by Microsoft to address this vulnerability.
reference:
- https://srcincite.io/pocs/cve-2020-16952.py.txt
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-16952
cwe-id: CWE-346
epss-score: 0.19008
cpe: cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
epss-percentile: 0.95588
cpe: cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microsoft

6
http/cves/2020/CVE-2020-17362.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: medium
description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.
remediation: |
Upgrade to Nova Lite version 1.3.9 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
- https://nvd.nist.gov/vuln/detail/CVE-2020-17362
@ -15,13 +17,13 @@ info:
cve-id: CVE-2020-17362
cwe-id: CWE-79
epss-score: 0.00101
cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.40822
cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: themeinprogress
product: nova_lite
framework: wordpress
tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth
http:

4
http/cves/2020/CVE-2020-17453.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: medium
description: WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.
remediation: |
Upgrade to a patched version of WSO2 Carbon Management Console (5.11 or above) or apply the provided security patch to mitigate this vulnerability.
reference:
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132
- https://nvd.nist.gov/vuln/detail/CVE-2020-17453
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-17453
cwe-id: CWE-79
epss-score: 0.01736
cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
epss-percentile: 0.86329
cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: wso2

4
http/cves/2020/CVE-2020-17456.yaml
View File

@ -5,6 +5,8 @@ info:
author: gy741,edoardottt
severity: critical
description: SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page.
remediation: |
Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
reference:
- https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/
- https://nvd.nist.gov/vuln/detail/CVE-2020-17456
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-17456
cwe-id: CWE-78
epss-score: 0.97265
cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:*
epss-percentile: 0.99771
cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: seowonintech

8
http/cves/2020/CVE-2020-17463.yaml
View File

@ -6,27 +6,27 @@ info:
severity: critical
description: |
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
remediation: Fixed in version 115
reference:
- https://www.exploit-db.com/exploits/48741
- https://nvd.nist.gov/vuln/detail/CVE-2020-17463
- http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html
- https://getfuelcms.com/
- https://cwe.mitre.org/data/definitions/89.html
remediation: Fixed in version 115
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-17463
cwe-id: CWE-89
epss-score: 0.8963
cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:*
epss-percentile: 0.98341
cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:*
metadata:
max-request: 3
verified: true
shodan-query: http.title:"fuel cms"
max-request: 3
vendor: thedaylightstudio
product: fuel_cms
shodan-query: http.title:"fuel cms"
tags: packetstorm,cve,cve2020,sqli,fuel-cms,kev
http:

4
http/cves/2020/CVE-2020-17496.yaml
View File

@ -5,6 +5,8 @@ info:
author: pussycat0x
severity: critical
description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.'
remediation: |
Upgrade vBulletin to a version that is not affected by CVE-2020-17496.
reference:
- https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
- https://nvd.nist.gov/vuln/detail/CVE-2020-17496
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-17496
cwe-id: CWE-74
epss-score: 0.97475
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
epss-percentile: 0.99945
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: vbulletin

4
http/cves/2020/CVE-2020-17505.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: high
description: Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
remediation: |
Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-17505
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-17505
cwe-id: CWE-78
epss-score: 0.96863
cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
epss-percentile: 0.99563
cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: articatech

4
http/cves/2020/CVE-2020-17506.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: critical
description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
remediation: |
Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17506
- http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-17506
cwe-id: CWE-89
epss-score: 0.96091
cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
epss-percentile: 0.9927
cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: articatech

4
http/cves/2020/CVE-2020-17518.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER.
remediation: |
Upgrade Apache Flink to a version that is not affected by the vulnerability (1.5.2 or later).
reference:
- https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518
- https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E
@ -18,8 +20,8 @@ info:
cve-id: CVE-2020-17518
cwe-id: CWE-22,CWE-23
epss-score: 0.97465
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
epss-percentile: 0.99936
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: apache

4
http/cves/2020/CVE-2020-17519.yaml
View File

@ -5,6 +5,8 @@ info:
author: pdteam
severity: high
description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
remediation: |
Apply the latest security patches or upgrade to a patched version of Apache Flink to mitigate the vulnerability.
reference:
- https://github.com/B1anda0/CVE-2020-17519
- https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-17519
cwe-id: CWE-552
epss-score: 0.97432
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
epss-percentile: 0.99903
cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

8
http/cves/2020/CVE-2020-17526.yaml
View File

@ -6,27 +6,27 @@ info:
severity: high
description: |
Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session.
remediation: Change default value for [webserver] secret_key config.
reference:
- https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise
- https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E
- http://www.openwall.com/lists/oss-security/2020/12/21/1
- https://nvd.nist.gov/vuln/detail/CVE-2020-17526
- https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E
remediation: Change default value for [webserver] secret_key config.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
cvss-score: 7.7
cve-id: CVE-2020-17526
cwe-id: CWE-287
epss-score: 0.03274
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
epss-percentile: 0.90012
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
metadata:
max-request: 2
fofa-query: Apache Airflow
verified: true
max-request: 2
vendor: apache
product: airflow
fofa-query: Apache Airflow
tags: cve,cve2020,apache,airflow,auth-bypass
http:

4
http/cves/2020/CVE-2020-17530.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: critical
description: Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it.
remediation: |
Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts.
reference:
- http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
- http://jvn.jp/en/jp/JVN43969166/index.html
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-17530
cwe-id: CWE-917
epss-score: 0.97161
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
epss-percentile: 0.99704
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

4
http/cves/2020/CVE-2020-18268.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: medium
description: Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zb_system/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade Z-Blog to version 1.5.3 or later to fix the open redirect vulnerability.
reference:
- https://github.com/zblogcn/zblogphp/issues/216
- https://github.com/zblogcn/zblogphp/issues/209
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-18268
cwe-id: CWE-601
epss-score: 0.00138
cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:*
epss-percentile: 0.48623
cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: zblogcn

4
http/cves/2020/CVE-2020-19282.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
remediation: |
Upgrade to the latest version of Jeesns or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://github.com/zchuanzhao/jeesns/issues/11
- https://www.seebug.org/vuldb/ssvid-97940
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-19282
cwe-id: CWE-79
epss-score: 0.00135
cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
epss-percentile: 0.47974
cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: jeesns

4
http/cves/2020/CVE-2020-19283.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML.
remediation: |
Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://github.com/zchuanzhao/jeesns/issues/10
- https://www.seebug.org/vuldb/ssvid-97939
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-19283
cwe-id: CWE-79
epss-score: 0.00135
cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
epss-percentile: 0.47974
cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: jeesns

6
http/cves/2020/CVE-2020-19295.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
remediation: |
Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://github.com/zchuanzhao/jeesns/issues/21
- https://www.seebug.org/vuldb/ssvid-97950
@ -15,13 +17,13 @@ info:
cve-id: CVE-2020-19295
cwe-id: CWE-79
epss-score: 0.00116
cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
epss-percentile: 0.44609
cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
metadata:
max-request: 1
fofa-query: title="Jeesns"
vendor: jeesns
product: jeesns
fofa-query: title="Jeesns"
tags: cve,cve2020,jeesns,xss
http:

4
http/cves/2020/CVE-2020-19360.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: high
description: FHEM version 6.0 suffers from a local file inclusion vulnerability.
remediation: |
Apply the latest patch or upgrade to a version that is not affected by the vulnerability.
reference:
- https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability/blob/master/README.md
- https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-19360
cwe-id: CWE-22
epss-score: 0.08829
cpe: cpe:2.3:a:fhem:fhem:6.0:*:*:*:*:*:*:*
epss-percentile: 0.93744
cpe: cpe:2.3:a:fhem:fhem:6.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: fhem

4
http/cves/2020/CVE-2020-1943.yaml
View File

@ -5,6 +5,8 @@ info:
author: pdteam
severity: medium
description: Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized.
remediation: |
Upgrade Apache OFBiz to a version higher than 16.11.07 to mitigate this vulnerability.
reference:
- https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E
- https://s.apache.org/pr5u8
@ -17,8 +19,8 @@ info:
cve-id: CVE-2020-1943
cwe-id: CWE-79
epss-score: 0.9737
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
epss-percentile: 0.99851
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

8
http/cves/2020/CVE-2020-19515.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
remediation: |
To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
reference:
- https://topsecalphalab.github.io/CVE/qdPM9.1-Installer-Cross-Site-Scripting
- http://qdpm.net/download-qdpm-free-project-management
@ -16,14 +18,14 @@ info:
cve-id: CVE-2020-19515
cwe-id: CWE-79
epss-score: 0.00102
cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:*
epss-percentile: 0.40864
cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.favicon.hash:762074255
verified: true
max-request: 1
vendor: qdpm
product: qdpm
shodan-query: http.favicon.hash:762074255
tags: cve,cve2020,xss,qdpm,unauth
http:

8
http/cves/2020/CVE-2020-1956.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
remediation: |
Upgrade to a patched version of Apache Kylin or apply the necessary security patches provided by the vendor.
reference:
- https://www.sonarsource.com/blog/apache-kylin-command-injection-vulnerability/
- https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706
@ -18,14 +20,14 @@ info:
cve-id: CVE-2020-1956
cwe-id: CWE-78
epss-score: 0.97423
cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
epss-percentile: 0.99894
cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
metadata:
max-request: 2
verified: true
shodan-query: http.favicon.hash:-186961397
max-request: 2
vendor: apache
product: kylin
shodan-query: http.favicon.hash:-186961397
tags: cve,cve2020,apache,kylin,rce,oast,kev
variables:
username: "{{username}}:"

4
http/cves/2020/CVE-2020-19625.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter.
remediation: |
Apply the latest security patch or upgrade to a non-vulnerable version of Gridx.
reference:
- http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf
- https://github.com/oria/gridx/issues/433
@ -15,8 +17,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-19625
epss-score: 0.88684
cpe: cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:*
epss-percentile: 0.98276
cpe: cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: gridx_project

8
http/cves/2020/CVE-2020-20285.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/iohex/ZZCMS/blob/master/zzcms2019_login_xss.md
- https://nvd.nist.gov/vuln/detail/CVE-2020-20285
@ -15,14 +17,14 @@ info:
cve-id: CVE-2020-20285
cwe-id: CWE-79
epss-score: 0.0009
cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:*
epss-percentile: 0.37386
cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:*
metadata:
max-request: 1
fofa-query: zzcms
verified: true
max-request: 1
vendor: zzcms
product: zzcms
fofa-query: zzcms
tags: cve,cve2020,zzcms,xss
http:

8
http/cves/2020/CVE-2020-20300.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: critical
description: WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
remediation: |
Upgrade to a patched version of WeiPHP or apply the vendor-supplied patch to fix the SQL Injection vulnerability.
reference:
- https://github.com/Y4er/Y4er.com/blob/15f49973707f9d526a059470a074cb6e38a0e1ba/content/post/weiphp-exp-sql.md
- https://nvd.nist.gov/vuln/detail/CVE-2020-20300
@ -15,14 +17,14 @@ info:
cve-id: CVE-2020-20300
cwe-id: CWE-89
epss-score: 0.218
cpe: cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:*
epss-percentile: 0.95816
cpe: cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"WeiPHP5.0"
verified: true
max-request: 1
vendor: weiphp
product: weiphp
shodan-query: http.html:"WeiPHP5.0"
tags: weiphp,sql
http:

6
http/cves/2020/CVE-2020-2036.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
remediation: |
Apply the latest security patches or updates provided by Palo Alto Networks to mitigate this vulnerability.
reference:
- https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
- https://security.paloaltonetworks.com/CVE-2020-2036
@ -16,8 +18,8 @@ info:
cve-id: CVE-2020-2036
cwe-id: CWE-79
epss-score: 0.00951
cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
epss-percentile: 0.81231
cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: paloaltonetworks
@ -29,11 +31,9 @@ http:
- |
GET /_404_/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1
Host: {{Hostname}}
- |
GET /unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1
Host: {{Hostname}}
- |
GET /php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1
Host: {{Hostname}}

8
http/cves/2020/CVE-2020-2096.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: medium
description: Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability.
remediation: |
Upgrade to the latest version of Jenkins Gitlab Hook plugin (>=1.4.3) to mitigate this vulnerability.
reference:
- https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683
- http://www.openwall.com/lists/oss-security/2020/01/15/1
@ -16,14 +18,14 @@ info:
cve-id: CVE-2020-2096
cwe-id: CWE-79
epss-score: 0.96767
cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:jenkins:*:*
epss-percentile: 0.9952
cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:jenkins:*:*
metadata:
max-request: 1
shodan-query: http.title:"GitLab"
framework: jenkins
vendor: jenkins
product: gitlab_hook
framework: jenkins
shodan-query: http.title:"GitLab"
tags: jenkins,xss,gitlab,plugin,packetstorm,cve,cve2020
http:

6
http/cves/2020/CVE-2020-20982.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu,ritikchaddha
severity: critical
description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/shadoweb/wdja/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2020-20982
@ -14,11 +16,11 @@ info:
cve-id: CVE-2020-20982
cwe-id: CWE-79
epss-score: 0.01894
cpe: cpe:2.3:a:wdja:wdja_cms:1.5.1:*:*:*:*:*:*:*
epss-percentile: 0.87011
cpe: cpe:2.3:a:wdja:wdja_cms:1.5.1:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
max-request: 1
vendor: wdja
product: wdja_cms
tags: cve,cve2020,xss,wdja,shadoweb

6
http/cves/2020/CVE-2020-20988.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter.
remediation: |
Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
reference:
- https://mycvee.blogspot.com/p/xss2.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-20988
@ -15,11 +17,11 @@ info:
cve-id: CVE-2020-20988
cwe-id: CWE-79
epss-score: 0.0009
cpe: cpe:2.3:a:domainmod:domainmod:4.13.0:*:*:*:*:*:*:*
epss-percentile: 0.37386
cpe: cpe:2.3:a:domainmod:domainmod:4.13.0:*:*:*:*:*:*:*
metadata:
max-request: 2
verified: true
max-request: 2
vendor: domainmod
product: domainmod
tags: cve,cve2020,domainmod,xss,authenticated

6
http/cves/2020/CVE-2020-21012.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
remediation: |
Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Hotel and Lodge Management System 2.0.
reference:
- https://github.com/hitIer/web_test/tree/master/hotel
- https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html
@ -16,11 +18,11 @@ info:
cve-id: CVE-2020-21012
cwe-id: CWE-89
epss-score: 0.07545
cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:*
epss-percentile: 0.93277
cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
max-request: 1
vendor: hotel_and_lodge_booking_management_system_project
product: hotel_and_lodge_booking_management_system
tags: cve,cve2020,hotel,sqli,unauth

6
http/cves/2020/CVE-2020-2103.yaml
View File

@ -5,6 +5,8 @@ info:
author: c-sh0
severity: medium
description: Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Upgrade Jenkins to a version higher than 2.218 to mitigate the vulnerability.
reference:
- https://www.jenkins.io/security/advisory/2020-01-29/#SECURITY-1695
- https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695
@ -17,13 +19,13 @@ info:
cve-id: CVE-2020-2103
cwe-id: CWE-200
epss-score: 0.00534
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
epss-percentile: 0.74191
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
metadata:
max-request: 2
shodan-query: http.favicon.hash:81586312
vendor: jenkins
product: jenkins
shodan-query: http.favicon.hash:81586312
tags: cve,cve2020,jenkins
http:

4
http/cves/2020/CVE-2020-21224.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: critical
description: Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server.
remediation: |
Apply the latest security patches or updates provided by Inspur to mitigate this vulnerability.
reference:
- https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul
- https://nvd.nist.gov/vuln/detail/CVE-2020-21224
@ -15,8 +17,8 @@ info:
cve-id: CVE-2020-21224
cwe-id: CWE-88
epss-score: 0.03105
cpe: cpe:2.3:a:inspur:clusterengine:4.0:*:*:*:*:*:*:*
epss-percentile: 0.89779
cpe: cpe:2.3:a:inspur:clusterengine:4.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: inspur

6
http/cves/2020/CVE-2020-2140.yaml
View File

@ -5,6 +5,8 @@ info:
author: j3ssie/geraldino2
severity: medium
description: Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
remediation: |
Upgrade to the latest version of Jenkin Audit Trail (>=3.3) which includes a fix for this vulnerability.
reference:
- https://www.jenkins.io/security/advisory/2020-03-09/
- https://nvd.nist.gov/vuln/detail/CVE-2020-2140
@ -16,13 +18,13 @@ info:
cve-id: CVE-2020-2140
cwe-id: CWE-79
epss-score: 0.00181
cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:*
epss-percentile: 0.54659
cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:*
metadata:
max-request: 2
framework: jenkins
vendor: jenkins
product: audit_trail
framework: jenkins
tags: cve,cve2020,jenkins,xss,plugin
http:

Some files were not shown because too many files have changed in this diff Show More