diff --git a/cves.json b/cves.json index b234a55e75..4d9e3c6b96 100644 --- a/cves.json +++ b/cves.json @@ -237,6 +237,7 @@ {"ID":"CVE-2014-4577","Info":{"Name":"WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion","Severity":"medium","Description":"Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4577.yaml"} {"ID":"CVE-2014-4592","Info":{"Name":"WP Planet \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4592.yaml"} {"ID":"CVE-2014-4940","Info":{"Name":"WordPress Plugin Tera Charts - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4940.yaml"} +{"ID":"CVE-2014-4941","Info":{"Name":"Cross RSS 1.7 - Local File Inclusion","Severity":"medium","Description":"Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4941.yaml"} {"ID":"CVE-2014-4942","Info":{"Name":"WordPress EasyCart \u003c2.0.6 - Information Disclosure","Severity":"medium","Description":"WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4942.yaml"} {"ID":"CVE-2014-5111","Info":{"Name":"Fonality trixbox - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5111.yaml"} {"ID":"CVE-2014-5187","Info":{"Name":"Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5187.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index c8a48fb35e..c58711ff1a 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -81470b22c51367393fa72c0f4e334c77 +e24cab5091cf75eded6fd5aeba9aa699