daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-13
ghost 2024-11-05 07:20:12 +00:00
parent 5dbf188d5a
commit 809a70f879
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -658,6 +658,7 @@
{"ID":"CVE-2018-9205","Info":{"Name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","Severity":"high","Description":"In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9205.yaml"}
{"ID":"CVE-2018-9845","Info":{"Name":"Etherpad Lite \u003c1.6.4 - Admin Authentication Bypass","Severity":"critical","Description":"Etherpad Lite before 1.6.4 is exploitable for admin access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9845.yaml"}
{"ID":"CVE-2018-9995","Info":{"Name":"TBK DVR4104/DVR4216 Devices - Authentication Bypass","Severity":"critical","Description":"TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and\nMDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass\nauthentication via a \"Cookie: uid=admin\" header, as demonstrated by a device.rsp?opt=user\u0026cmd=list request that provides credentials within JSON data in a response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9995.yaml"}
{"ID":"CVE-2019-0192","Info":{"Name":"Apache Solr - Deserialization of Untrusted Data","Severity":"critical","Description":"In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0192.yaml"}
{"ID":"CVE-2019-0193","Info":{"Name":"Apache Solr DataImportHandler \u003c8.2.0 - Remote Code Execution","Severity":"high","Description":"Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-0193.yaml"}
{"ID":"CVE-2019-0221","Info":{"Name":"Apache Tomcat - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-0221.yaml"}
{"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
c77ca3eb1da3be95060f6c73e85b69a9
acf2f904db971d325adc78100e1df8d0