daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into some_tps

patch-1
Prince Chaddha 2023-09-17 13:03:38 +05:30 committed by GitHub
parent 49e2d39500 e1ee1d14b9
commit 88153faaf8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2480 changed files with 21179 additions and 10123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/autoassign.yml vendored
View File

@ -15,7 +15,7 @@ jobs:
ASSIGN_TASK_TOKEN: ${{ secrets.PDTEAMX_PAT }} # github personal token
steps:
- name: checkout repo content
uses: actions/checkout@v2 # checkout the repository content
uses: actions/checkout@v4 # checkout the repository content
- name: setup python
uses: actions/setup-python@v4
with:

2
.github/workflows/syntax-checking.yml vendored
View File

@ -10,7 +10,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v4
- name: Yamllint
uses: karancode/yamllint-github-action@v2.1.1
with:

2
.github/workflows/template-checksum.yml vendored
View File

@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0

2
.github/workflows/template-validate.yml vendored
View File

@ -10,7 +10,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0

2
.github/workflows/templates-stats.yml vendored
View File

@ -10,7 +10,7 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0

2
.github/workflows/wordpress-plugins-update.yml vendored
View File

@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo

27
.new-additions
View File

@ -1,11 +1,16 @@
http/cves/2015/CVE-2015-9323.yaml
http/cves/2021/CVE-2021-24409.yaml
http/cves/2021/CVE-2021-25065.yaml
http/cves/2022/CVE-2022-46463.yaml
http/technologies/besu-server-detect.yaml
http/technologies/erigon-server-detect.yaml
http/technologies/geth-server-detect.yaml
http/technologies/nethermind-server-detect.yaml
http/vulnerabilities/wordpress/wp-real-estate-xss.yaml
network/jarm/c2/havoc-c2-jarm.yaml
ssl/c2/havoc-c2.yaml
http/cves/2023/CVE-2023-22463.yaml
http/cves/2023/CVE-2023-25573.yaml
http/cves/2023/CVE-2023-2813.yaml
http/cves/2023/CVE-2023-30943.yaml
http/cves/2023/CVE-2023-39676.yaml
http/cves/2023/CVE-2023-39677.yaml
http/cves/2023/CVE-2023-4714.yaml
http/exposed-panels/phpldapadmin-panel.yaml
http/exposed-panels/quilium-panel.yaml
http/exposed-panels/satis-repository.yaml
http/exposed-panels/symantec/symantec-phishing-panel.yaml
http/misconfiguration/gitlab/gitlab-public-registration.yaml
http/osint/hackenproof.yaml
http/osint/intigriti.yaml
http/osint/yeswehack.yaml
http/vulnerabilities/other/phpldapadmin-xss.yaml

22
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
| cve | 2017 | dhiyaneshdk | 1045 | http | 6232 | info | 3185 | file | 309 |
| panel | 974 | dwisiswant0 | 798 | file | 309 | high | 1261 | dns | 17 |
| wordpress | 820 | daffainfo | 787 | workflows | 190 | medium | 1251 | | |
| exposure | 777 | pikpikcu | 353 | network | 115 | critical | 752 | | |
| xss | 713 | pussycat0x | 284 | ssl | 24 | low | 228 | | |
| wp-plugin | 711 | pdteam | 282 | dns | 17 | unknown | 29 | | |
| osint | 666 | ritikchaddha | 244 | headless | 9 | | | | |
| tech | 623 | geeknik | 221 | TEMPLATES-STATS.json | 1 | | | | |
| edb | 598 | ricardomaia | 221 | contributors.json | 1 | | | | |
| lfi | 579 | theamanrawat | 179 | cves.json | 1 | | | | |
| cve | 2054 | dhiyaneshdk | 1056 | http | 6342 | info | 3217 | file | 309 |
| panel | 985 | dwisiswant0 | 798 | file | 309 | high | 1288 | dns | 17 |
| wordpress | 831 | daffainfo | 787 | workflows | 191 | medium | 1270 | | |
| exposure | 784 | pikpikcu | 353 | network | 116 | critical | 785 | | |
| xss | 726 | pussycat0x | 289 | ssl | 26 | low | 230 | | |
| wp-plugin | 721 | pdteam | 283 | dns | 17 | unknown | 29 | | |
| osint | 672 | ritikchaddha | 259 | headless | 9 | | | | |
| tech | 632 | ricardomaia | 225 | TEMPLATES-STATS.json | 1 | | | | |
| edb | 598 | geeknik | 221 | contributors.json | 1 | | | | |
| lfi | 587 | 0x_akoko | 179 | cves.json | 1 | | | | |
**475 directories, 7137 files**.
**487 directories, 7254 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

7245
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

20
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------|
| cve | 2017 | dhiyaneshdk | 1045 | http | 6232 | info | 3185 | file | 309 |
| panel | 974 | dwisiswant0 | 798 | file | 309 | high | 1261 | dns | 17 |
| wordpress | 820 | daffainfo | 787 | workflows | 190 | medium | 1251 | | |
| exposure | 777 | pikpikcu | 353 | network | 115 | critical | 752 | | |
| xss | 713 | pussycat0x | 284 | ssl | 24 | low | 228 | | |
| wp-plugin | 711 | pdteam | 282 | dns | 17 | unknown | 29 | | |
| osint | 666 | ritikchaddha | 244 | headless | 9 | | | | |
| tech | 623 | geeknik | 221 | TEMPLATES-STATS.json | 1 | | | | |
| edb | 598 | ricardomaia | 221 | contributors.json | 1 | | | | |
| lfi | 579 | theamanrawat | 179 | cves.json | 1 | | | | |
| cve | 2054 | dhiyaneshdk | 1056 | http | 6342 | info | 3217 | file | 309 |
| panel | 985 | dwisiswant0 | 798 | file | 309 | high | 1288 | dns | 17 |
| wordpress | 831 | daffainfo | 787 | workflows | 191 | medium | 1270 | | |
| exposure | 784 | pikpikcu | 353 | network | 116 | critical | 785 | | |
| xss | 726 | pussycat0x | 289 | ssl | 26 | low | 230 | | |
| wp-plugin | 721 | pdteam | 283 | dns | 17 | unknown | 29 | | |
| osint | 672 | ritikchaddha | 259 | headless | 9 | | | | |
| tech | 632 | ricardomaia | 225 | TEMPLATES-STATS.json | 1 | | | | |
| edb | 598 | geeknik | 221 | contributors.json | 1 | | | | |
| lfi | 587 | 0x_akoko | 179 | cves.json | 1 | | | | |

111
cves.json
View File

@ -336,6 +336,7 @@
{"ID":"CVE-2016-1000154","Info":{"Name":"WordPress WHIZZ \u003c=1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000154.yaml"}
{"ID":"CVE-2016-1000155","Info":{"Name":"WordPress WPSOLR \u003c=8.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000155.yaml"}
{"ID":"CVE-2016-10033","Info":{"Name":"WordPress PHPMailer \u003c 5.2.18 - Remote Code Execution","Severity":"critical","Description":"WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property in isMail transport.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10033.yaml"}
{"ID":"CVE-2016-10108","Info":{"Name":"Western Digital MyCloud NAS - Command Injection","Severity":"critical","Description":"Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10108.yaml"}
{"ID":"CVE-2016-10134","Info":{"Name":"Zabbix - SQL Injection","Severity":"critical","Description":"Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10134.yaml"}
{"ID":"CVE-2016-10367","Info":{"Name":"Opsview Monitor Pro - Local File Inclusion","Severity":"high","Description":"Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-10367.yaml"}
{"ID":"CVE-2016-10368","Info":{"Name":"Opsview Monitor Pro - Open Redirect","Severity":"medium","Description":"Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10368.yaml"}
@ -498,6 +499,7 @@
{"ID":"CVE-2018-15517","Info":{"Name":"D-Link Central WifiManager - Server-Side Request Forgery","Severity":"high","Description":"D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2018/CVE-2018-15517.yaml"}
{"ID":"CVE-2018-15535","Info":{"Name":"Responsive FileManager \u003c9.13.4 - Local File Inclusion","Severity":"high","Description":"Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-15535.yaml"}
{"ID":"CVE-2018-15745","Info":{"Name":"Argus Surveillance DVR 4.0.0.0 - Local File Inclusion","Severity":"high","Description":"Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-15745.yaml"}
{"ID":"CVE-2018-15917","Info":{"Name":"Jorani Leave Management System 0.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2018/CVE-2018-15917.yaml"}
{"ID":"CVE-2018-15961","Info":{"Name":"Adobe ColdFusion - Unrestricted File Upload Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-15961.yaml"}
{"ID":"CVE-2018-16059","Info":{"Name":"WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion","Severity":"medium","Description":"WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16059.yaml"}
{"ID":"CVE-2018-16133","Info":{"Name":"Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion","Severity":"medium","Description":"Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16133.yaml"}
@ -516,6 +518,7 @@
{"ID":"CVE-2018-16763","Info":{"Name":"FUEL CMS 1.4.1 - Remote Code Execution","Severity":"critical","Description":"FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16763.yaml"}
{"ID":"CVE-2018-16836","Info":{"Name":"Rubedo CMS \u003c=3.4.0 - Directory Traversal","Severity":"critical","Description":"Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16836.yaml"}
{"ID":"CVE-2018-16979","Info":{"Name":"Monstra CMS 3.0.4 - HTTP Header Injection","Severity":"medium","Description":"Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-16979.yaml"}
{"ID":"CVE-2018-17153","Info":{"Name":"Western Digital MyCloud NAS - Authentication Bypass","Severity":"critical","Description":"It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \\\"cgi_get_ipv6\\\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \\\"flag\\\" with the value \\\"1\\\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17153.yaml"}
{"ID":"CVE-2018-17246","Info":{"Name":"Kibana - Local File Inclusion","Severity":"critical","Description":"Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17246.yaml"}
{"ID":"CVE-2018-17254","Info":{"Name":"Joomla! JCK Editor SQL Injection","Severity":"critical","Description":"The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17254.yaml"}
{"ID":"CVE-2018-17422","Info":{"Name":"DotCMS \u003c 5.0.2 - Open Redirect","Severity":"medium","Description":"dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-17422.yaml"}
@ -528,7 +531,7 @@
{"ID":"CVE-2018-18775","Info":{"Name":"Microstrategy Web 7 - Cross-Site Scripting","Severity":"medium","Description":"Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-18775.yaml"}
{"ID":"CVE-2018-18777","Info":{"Name":"Microstrategy Web 7 - Local File Inclusion","Severity":"medium","Description":"Microstrategy Web 7 is vulnerable to local file inclusion via \"/WebMstr7/servlet/mstrWeb\" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2018/CVE-2018-18777.yaml"}
{"ID":"CVE-2018-18778","Info":{"Name":"ACME mini_httpd \u003c1.30 - Local File Inclusion","Severity":"medium","Description":"ACME mini_httpd before 1.30 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-18778.yaml"}
{"ID":"CVE-2018-18809","Info":{"Name":"TIBCO JasperReports Library - Directory Traversal","Severity":"critical","Description":"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-18809.yaml"}
{"ID":"CVE-2018-18809","Info":{"Name":"TIBCO JasperReports Library - Directory Traversal","Severity":"medium","Description":"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-18809.yaml"}
{"ID":"CVE-2018-18925","Info":{"Name":"Gogs (Go Git Service) 0.11.66 - Remote Code Execution","Severity":"critical","Description":"Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a \"..\" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-18925.yaml"}
{"ID":"CVE-2018-19136","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19136.yaml"}
{"ID":"CVE-2018-19137","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19137.yaml"}
@ -553,7 +556,7 @@
{"ID":"CVE-2018-20463","Info":{"Name":"WordPress JSmol2WP \u003c=1.07 - Local File Inclusion","Severity":"high","Description":"WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This can also be exploited for server-side request forgery.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20463.yaml"}
{"ID":"CVE-2018-20470","Info":{"Name":"Tyto Sahi pro 7.x/8.x - Local File Inclusion","Severity":"high","Description":"Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20470.yaml"}
{"ID":"CVE-2018-20526","Info":{"Name":"Roxy Fileman 1.4.5 - Unrestricted File Upload","Severity":"critical","Description":"Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-20526.yaml"}
{"ID":"CVE-2018-20608","Info":{"Name":"Imcat 4.4 - Phpinfo Configuration","Severity":"high","Description":"Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-20608.yaml"}
{"ID":"CVE-2018-20608","Info":{"Name":"Imcat 4.4 - Phpinfo Configuration","Severity":"high","Description":"Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20608.yaml"}
{"ID":"CVE-2018-20824","Info":{"Name":"Atlassian Jira WallboardServlet \u003c7.13.1 - Cross-Site Scripting","Severity":"medium","Description":"The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-20824.yaml"}
{"ID":"CVE-2018-20985","Info":{"Name":"WordPress Payeezy Pay \u003c=2.97 - Local File Inclusion","Severity":"critical","Description":"WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-20985.yaml"}
{"ID":"CVE-2018-2392","Info":{"Name":"SAP Internet Graphics Server (IGS) - XML External Entity Injection","Severity":"high","Description":"SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection (XXE) vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-2392.yaml"}
@ -612,7 +615,7 @@
{"ID":"CVE-2019-11248","Info":{"Name":"Debug Endpoint pprof - Exposure Detection","Severity":"high","Description":"The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2019/CVE-2019-11248.yaml"}
{"ID":"CVE-2019-11370","Info":{"Name":"Carel pCOWeb \u003cB1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html \"System contact\" field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2019/CVE-2019-11370.yaml"}
{"ID":"CVE-2019-11510","Info":{"Name":"Pulse Connect Secure SSL VPN Arbitrary File Read","Severity":"critical","Description":"Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-11510.yaml"}
{"ID":"CVE-2019-11580","Info":{"Name":"Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution","Severity":"critical","Description":"Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11580.yaml"}
{"ID":"CVE-2019-11580","Info":{"Name":"Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11580.yaml"}
{"ID":"CVE-2019-11581","Info":{"Name":"Atlassian Jira Server-Side Template Injection","Severity":"critical","Description":"Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11581.yaml"}
{"ID":"CVE-2019-11869","Info":{"Name":"WordPress Yuzo \u003c5.12.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting\nbecause it mistakenly expects that is_admin() verifies that the\nrequest comes from an admin user (it actually only verifies that the\nrequest is for an admin page). An unauthenticated attacker can consequently inject\na payload into the plugin settings, such as the\nyuzo_related_post_css_and_style setting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-11869.yaml"}
{"ID":"CVE-2019-12276","Info":{"Name":"GrandNode 4.40 - Local File Inclusion","Severity":"high","Description":"GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12276.yaml"}
@ -641,13 +644,13 @@
{"ID":"CVE-2019-14470","Info":{"Name":"WordPress UserPro 4.9.32 - Cross-Site Scripting","Severity":"medium","Description":"WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14470.yaml"}
{"ID":"CVE-2019-14530","Info":{"Name":"OpenEMR \u003c5.0.2 - Local File Inclusion","Severity":"high","Description":"OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-14530.yaml"}
{"ID":"CVE-2019-14696","Info":{"Name":"Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting","Severity":"medium","Description":"Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14696.yaml"}
{"ID":"CVE-2019-14750","Info":{"Name":"osTicket \u003c 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2019/CVE-2019-14750.yaml"}
{"ID":"CVE-2019-14750","Info":{"Name":"osTicket \u003c 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14750.yaml"}
{"ID":"CVE-2019-14789","Info":{"Name":"Custom 404 Pro \u003c 3.2.8 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14789.yaml"}
{"ID":"CVE-2019-14974","Info":{"Name":"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting","Severity":"medium","Description":"SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14974.yaml"}
{"ID":"CVE-2019-15043","Info":{"Name":"Grafana - Improper Access Control","Severity":"high","Description":"Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-15043.yaml"}
{"ID":"CVE-2019-15107","Info":{"Name":"Webmin \u003c= 1.920 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Webmin \u003c=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-15107.yaml"}
{"ID":"CVE-2019-15501","Info":{"Name":"L-Soft LISTSERV \u003c16.5-2018a - Cross-Site Scripting","Severity":"medium","Description":"L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15501.yaml"}
{"ID":"CVE-2019-15642","Info":{"Name":"Webmin \u003c 1.920 - Authenticated Remote Code Execution","Severity":"high","Description":"rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\"\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2019/CVE-2019-15642.yaml"}
{"ID":"CVE-2019-15642","Info":{"Name":"Webmin \u003c 1.920 - Authenticated Remote Code Execution","Severity":"high","Description":"rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\"\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15642.yaml"}
{"ID":"CVE-2019-15713","Info":{"Name":"WordPress My Calendar \u003c= 3.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin My Calendar \u003c= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15713.yaml"}
{"ID":"CVE-2019-15811","Info":{"Name":"DomainMOD \u003c=4.13.0 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15811.yaml"}
{"ID":"CVE-2019-15858","Info":{"Name":"WordPress Woody Ad Snippets \u003c2.2.5 - Cross-Site Scripting/Remote Code Execution","Severity":"high","Description":"WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15858.yaml"}
@ -677,6 +680,7 @@
{"ID":"CVE-2019-17538","Info":{"Name":"Jiangnan Online Judge 0.8.0 - Local File Inclusion","Severity":"high","Description":"Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1\u0026name=../.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17538.yaml"}
{"ID":"CVE-2019-17558","Info":{"Name":"Apache Solr \u003c=8.3.1 - Remote Code Execution","Severity":"high","Description":"Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17558.yaml"}
{"ID":"CVE-2019-17574","Info":{"Name":"Popup-Maker \u003c 1.8.12 - Broken Authentication","Severity":"critical","Description":"An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the \"support debug text file\").\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-17574.yaml"}
{"ID":"CVE-2019-17662","Info":{"Name":"ThinVNC 1.0b1 - Authentication Bypass","Severity":"critical","Description":"ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17662.yaml"}
{"ID":"CVE-2019-1821","Info":{"Name":"Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution","Severity":"critical","Description":"Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-1821.yaml"}
{"ID":"CVE-2019-18371","Info":{"Name":"Xiaomi Mi WiFi R3G Routers - Local file Inclusion","Severity":"high","Description":"Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18371.yaml"}
{"ID":"CVE-2019-18393","Info":{"Name":"Ignite Realtime Openfire \u003c4.42 - Local File Inclusion","Severity":"medium","Description":"Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-18393.yaml"}
@ -685,6 +689,7 @@
{"ID":"CVE-2019-18818","Info":{"Name":"strapi CMS \u003c3.0.0-beta.17.5 - Admin Password Reset","Severity":"critical","Description":"strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-18818.yaml"}
{"ID":"CVE-2019-18922","Info":{"Name":"Allied Telesis AT-GS950/8 - Local File Inclusion","Severity":"high","Description":"Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18922.yaml"}
{"ID":"CVE-2019-18957","Info":{"Name":"MicroStrategy Library \u003c11.1.3 - Cross-Site Scripting","Severity":"medium","Description":"MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-18957.yaml"}
{"ID":"CVE-2019-1898","Info":{"Name":"Cisco RV110W RV130W RV215W Router - Information leakage","Severity":"medium","Description":"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-1898.yaml"}
{"ID":"CVE-2019-19134","Info":{"Name":"WordPress Hero Maps Premium \u003c=2.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19134.yaml"}
{"ID":"CVE-2019-19368","Info":{"Name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19368.yaml"}
{"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"}
@ -754,6 +759,7 @@
{"ID":"CVE-2020-0618","Info":{"Name":"Microsoft SQL Server Reporting Services - Remote Code Execution","Severity":"high","Description":"Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-0618.yaml"}
{"ID":"CVE-2020-10148","Info":{"Name":"SolarWinds Orion API - Auth Bypass","Severity":"critical","Description":"SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10148.yaml"}
{"ID":"CVE-2020-10199","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Remote Code Execution","Severity":"high","Description":"Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-10199.yaml"}
{"ID":"CVE-2020-10220","Info":{"Name":"rConfig 3.9 - SQL injection","Severity":"critical","Description":"An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10220.yaml"}
{"ID":"CVE-2020-10546","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10546.yaml"}
{"ID":"CVE-2020-10547","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10547.yaml"}
{"ID":"CVE-2020-10548","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10548.yaml"}
@ -770,6 +776,7 @@
{"ID":"CVE-2020-11547","Info":{"Name":"PRTG Network Monitor \u003c20.1.57.1745 - Information Disclosure","Severity":"medium","Description":"PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-11547.yaml"}
{"ID":"CVE-2020-11710","Info":{"Name":"Kong Admin \u003c=2.03 - Admin API Access","Severity":"critical","Description":"Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11710.yaml"}
{"ID":"CVE-2020-11738","Info":{"Name":"WordPress Duplicator 1.3.24 \u0026 1.3.26 - Local File Inclusion","Severity":"high","Description":"WordPress Duplicator 1.3.24 \u0026 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two\nversions v1.3.24 and v1.3.26, the vulnerability wasn't\npresent in versions 1.3.22 and before.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-11738.yaml"}
{"ID":"CVE-2020-11798","Info":{"Name":"Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal","Severity":"medium","Description":"A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-11798.yaml"}
{"ID":"CVE-2020-11853","Info":{"Name":"Micro Focus Operations Bridge Manager \u003c=2020.05 - Remote Code Execution","Severity":"high","Description":"Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-11853.yaml"}
{"ID":"CVE-2020-11854","Info":{"Name":"Micro Focus UCMDB - Remote Code Execution","Severity":"critical","Description":"Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11854.yaml"}
{"ID":"CVE-2020-11930","Info":{"Name":"WordPress GTranslate \u003c2.8.52 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-11930.yaml"}
@ -822,7 +829,7 @@
{"ID":"CVE-2020-17362","Info":{"Name":"Nova Lite \u003c 1.3.9 - Cross-Site Scripting","Severity":"medium","Description":"Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17362.yaml"}
{"ID":"CVE-2020-17453","Info":{"Name":"WSO2 Carbon Management Console \u003c=5.10 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17453.yaml"}
{"ID":"CVE-2020-17456","Info":{"Name":"SEOWON INTECH SLC-130 \u0026 SLR-120S - Unauthenticated Remote Code Execution","Severity":"critical","Description":"SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17456.yaml"}
{"ID":"CVE-2020-17463","Info":{"Name":"Fuel CMS 1.4.7 - SQL Injection","Severity":"high","Description":"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17463.yaml"}
{"ID":"CVE-2020-17463","Info":{"Name":"Fuel CMS 1.4.7 - SQL Injection","Severity":"critical","Description":"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17463.yaml"}
{"ID":"CVE-2020-17496","Info":{"Name":"vBulletin 5.5.4 - 5.6.2- Remote Command Execution","Severity":"critical","Description":"vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17496.yaml"}
{"ID":"CVE-2020-17505","Info":{"Name":"Artica Web Proxy 4.30 - OS Command Injection","Severity":"high","Description":"Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-17505.yaml"}
{"ID":"CVE-2020-17506","Info":{"Name":"Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection","Severity":"critical","Description":"Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17506.yaml"}
@ -900,7 +907,7 @@
{"ID":"CVE-2020-27866","Info":{"Name":"NETGEAR - Authentication Bypass","Severity":"high","Description":"NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-27866.yaml"}
{"ID":"CVE-2020-27982","Info":{"Name":"IceWarp WebMail 11.4.5.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-27982.yaml"}
{"ID":"CVE-2020-27986","Info":{"Name":"SonarQube - Authentication Bypass","Severity":"high","Description":"SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,\nSVN, and GitLab credentials via the api/settings/values URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27986.yaml"}
{"ID":"CVE-2020-28185","Info":{"Name":"TerraMaster TOS \u003c 4.2.06 - User Enumeration","Severity":"medium","Description":"User Enumeration vulnerability in TerraMaster TOS \u003c= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2020/CVE-2020-28185.yaml"}
{"ID":"CVE-2020-28185","Info":{"Name":"TerraMaster TOS \u003c 4.2.06 - User Enumeration","Severity":"medium","Description":"User Enumeration vulnerability in TerraMaster TOS \u003c= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-28185.yaml"}
{"ID":"CVE-2020-28188","Info":{"Name":"TerraMaster TOS - Unauthenticated Remote Command Execution","Severity":"critical","Description":"TerraMaster TOS \u003c= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-28188.yaml"}
{"ID":"CVE-2020-28208","Info":{"Name":"Rocket.Chat \u003c3.9.1 - Information Disclosure","Severity":"medium","Description":"Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-28208.yaml"}
{"ID":"CVE-2020-28351","Info":{"Name":"Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting","Severity":"medium","Description":"Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING\u0026 page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-28351.yaml"}
@ -1046,7 +1053,7 @@
{"ID":"CVE-2021-22205","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"critical","Description":"GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-22205.yaml"}
{"ID":"CVE-2021-22214","Info":{"Name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","Severity":"high","Description":"GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:\n- CVE-2021-39935\n- CVE-2021-22214\n- CVE-2021-22175\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-22214.yaml"}
{"ID":"CVE-2021-22502","Info":{"Name":"Micro Focus Operations Bridge Reporter - Remote Code Execution","Severity":"critical","Description":"Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22502.yaml"}
{"ID":"CVE-2021-22707","Info":{"Name":"EVlink City \u003c R8 V3.4.0.1 - Authentication Bypass","Severity":"critical","Description":"A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-22707.yaml"}
{"ID":"CVE-2021-22707","Info":{"Name":"EVlink City \u003c R8 V3.4.0.1 - Authentication Bypass","Severity":"critical","Description":"A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22707.yaml"}
{"ID":"CVE-2021-22873","Info":{"Name":"Revive Adserver \u003c5.1.0 - Open Redirect","Severity":"medium","Description":"Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22873.yaml"}
{"ID":"CVE-2021-22911","Info":{"Name":"Rocket.Chat \u003c=3.13 - NoSQL Injection","Severity":"critical","Description":"Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22911.yaml"}
{"ID":"CVE-2021-22986","Info":{"Name":"F5 iControl REST - Remote Command Execution","Severity":"critical","Description":"F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22986.yaml"}
@ -1121,6 +1128,7 @@
{"ID":"CVE-2021-24940","Info":{"Name":"WordPress Persian Woocommerce \u003c=5.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24940.yaml"}
{"ID":"CVE-2021-24946","Info":{"Name":"WordPress Modern Events Calendar \u003c6.1.5 - Blind SQL Injection","Severity":"critical","Description":"WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24946.yaml"}
{"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24947.yaml"}
{"ID":"CVE-2021-24956","Info":{"Name":"Blog2Social \u003c 6.8.7 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social: Social Media Auto Post \u0026 Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24956.yaml"}
{"ID":"CVE-2021-24970","Info":{"Name":"WordPress All-In-One Video Gallery \u003c2.5.0 - Local File Inclusion","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24970.yaml"}
{"ID":"CVE-2021-24987","Info":{"Name":"WordPress Super Socializer \u003c7.13.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24987.yaml"}
{"ID":"CVE-2021-24991","Info":{"Name":"WooCommerce PDF Invoices \u0026 Packing Slips WordPress Plugin \u003c 2.10.5 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin WooCommerce PDF Invoices \u0026 Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-24991.yaml"}
@ -1180,7 +1188,7 @@
{"ID":"CVE-2021-27520","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27520.yaml"}
{"ID":"CVE-2021-27561","Info":{"Name":"YeaLink DM 3.6.0.20 - Remote Command Injection","Severity":"critical","Description":"Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27561.yaml"}
{"ID":"CVE-2021-27651","Info":{"Name":"Pega Infinity - Authentication Bypass","Severity":"critical","Description":"Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27651.yaml"}
{"ID":"CVE-2021-27670","Info":{"Name":"Appspace 6.2.4 - Server-Side Request Forgery","Severity":"high","Description":"Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-27670.yaml"}
{"ID":"CVE-2021-27670","Info":{"Name":"Appspace 6.2.4 - Server-Side Request Forgery","Severity":"critical","Description":"Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27670.yaml"}
{"ID":"CVE-2021-27748","Info":{"Name":"IBM WebSphere HCL Digital Experience - Server-Side Request Forgery","Severity":"high","Description":"IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-27748.yaml"}
{"ID":"CVE-2021-27850","Info":{"Name":"Apache Tapestry - Remote Code Execution","Severity":"critical","Description":"Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27850.yaml"}
{"ID":"CVE-2021-27905","Info":{"Name":"Apache Solr \u003c=8.8.1 - Server-Side Request Forgery","Severity":"critical","Description":"Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at \"/replication\" under a Solr core) in Apache Solr has a \"masterUrl\" (also \"leaderUrl\" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the \"shards\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27905.yaml"}
@ -1218,7 +1226,7 @@
{"ID":"CVE-2021-30461","Info":{"Name":"VoipMonitor \u003c24.61 - Remote Code Execution","Severity":"critical","Description":"VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-30461.yaml"}
{"ID":"CVE-2021-30497","Info":{"Name":"Ivanti Avalanche 6.3.2 - Local File Inclusion","Severity":"high","Description":"Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-30497.yaml"}
{"ID":"CVE-2021-3110","Info":{"Name":"PrestaShop 1.7.7.0 - SQL Injection","Severity":"critical","Description":"PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3110.yaml"}
{"ID":"CVE-2021-31195","Info":{"Name":"Microsoft Exchange Server - Cross-Site Scripting","Severity":"high","Description":"Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-31195.yaml"}
{"ID":"CVE-2021-31195","Info":{"Name":"Microsoft Exchange Server - Cross-Site Scripting","Severity":"medium","Description":"Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-31195.yaml"}
{"ID":"CVE-2021-31249","Info":{"Name":"CHIYU TCP/IP Converter - Carriage Return Line Feed Injection","Severity":"medium","Description":"CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-31249.yaml"}
{"ID":"CVE-2021-31250","Info":{"Name":"CHIYU TCP/IP Converter - Cross-Site Scripting","Severity":"medium","Description":"CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-31250.yaml"}
{"ID":"CVE-2021-3129","Info":{"Name":"Laravel with Ignition \u003c= v8.4.2 Debug Mode - Remote Code Execution","Severity":"critical","Description":"Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3129.yaml"}
@ -1341,6 +1349,7 @@
{"ID":"CVE-2021-41349","Info":{"Name":"Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting","Severity":"medium","Description":"Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41349.yaml"}
{"ID":"CVE-2021-41381","Info":{"Name":"Payara Micro Community 5.2021.6 Directory Traversal","Severity":"high","Description":"Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41381.yaml"}
{"ID":"CVE-2021-41432","Info":{"Name":"FlatPress 1.2.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-41432.yaml"}
{"ID":"CVE-2021-41460","Info":{"Name":"ECShop 4.1.0 - SQL Injection","Severity":"high","Description":"ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41460.yaml"}
{"ID":"CVE-2021-41467","Info":{"Name":"JustWriting - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41467.yaml"}
{"ID":"CVE-2021-41569","Info":{"Name":"SAS/Internet 9.4 1520 - Local File Inclusion","Severity":"high","Description":"SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41569.yaml"}
{"ID":"CVE-2021-41648","Info":{"Name":"PuneethReddyHC action.php SQL Injection","Severity":"high","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41648.yaml"}
@ -1380,7 +1389,7 @@
{"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43810.yaml"}
{"ID":"CVE-2021-44077","Info":{"Name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44077.yaml"}
{"ID":"CVE-2021-44138","Info":{"Name":"Caucho Resin \u003e=4.0.52 \u003c=4.0.56 - Directory traversal","Severity":"high","Description":"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44138.yaml"}
{"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"}
{"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"}
{"ID":"CVE-2021-44152","Info":{"Name":"Reprise License Manager 14.2 - Authentication Bypass","Severity":"critical","Description":"Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44152.yaml"}
{"ID":"CVE-2021-44228","Info":{"Name":"Apache Log4j2 Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 \u003c=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-44228.yaml"}
{"ID":"CVE-2021-44427","Info":{"Name":"Rosario Student Information System Unauthenticated SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44427.yaml"}
@ -1404,6 +1413,7 @@
{"ID":"CVE-2021-46071","Info":{"Name":"ehicle Service Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46071.yaml"}
{"ID":"CVE-2021-46072","Info":{"Name":"Vehicle Service Management System 1.0 - Stored Cross Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46072.yaml"}
{"ID":"CVE-2021-46073","Info":{"Name":"Vehicle Service Management System 1.0 - Cross Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46073.yaml"}
{"ID":"CVE-2021-46107","Info":{"Name":"Ligeo Archives Ligeo Basics - Server Side Request Forgery","Severity":"high","Description":"Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46107.yaml"}
{"ID":"CVE-2021-46379","Info":{"Name":"D-Link DIR850 ET850-1.08TRb03 - Open Redirect","Severity":"medium","Description":"DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46379.yaml"}
{"ID":"CVE-2021-46381","Info":{"Name":"D-Link DAP-1620 - Local File Inclusion","Severity":"high","Description":"D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46381.yaml"}
{"ID":"CVE-2021-46387","Info":{"Name":"Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting","Severity":"medium","Description":"ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46387.yaml"}
@ -1417,7 +1427,7 @@
{"ID":"CVE-2022-0149","Info":{"Name":"WooCommerce Stored Exporter WordPress Plugin \u003c 2.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0149.yaml"}
{"ID":"CVE-2022-0150","Info":{"Name":"WordPress Accessibility Helper \u003c0.6.0.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0150.yaml"}
{"ID":"CVE-2022-0165","Info":{"Name":"WordPress Page Builder KingComposer \u003c=2.9.6 - Open Redirect","Severity":"medium","Description":"WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0165.yaml"}
{"ID":"CVE-2022-0169","Info":{"Name":"Photo Gallery by 10Web \u003c 1.6.0 - SQL Injection","Severity":"critical","Description":"The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0169.yaml"}
{"ID":"CVE-2022-0169","Info":{"Name":"Photo Gallery by 10Web \u003c 1.6.0 - SQL Injection","Severity":"critical","Description":"The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0169.yaml"}
{"ID":"CVE-2022-0189","Info":{"Name":"WordPress RSS Aggregator \u003c 4.20 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress RSS Aggregator \u003c 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0189.yaml"}
{"ID":"CVE-2022-0201","Info":{"Name":"WordPress Permalink Manager \u003c2.2.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0201.yaml"}
{"ID":"CVE-2022-0206","Info":{"Name":"WordPress NewStatPress \u003c1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0206.yaml"}
@ -1443,7 +1453,7 @@
{"ID":"CVE-2022-0482","Info":{"Name":"Easy!Appointments \u003c1.4.3 - Broken Access Control","Severity":"critical","Description":"Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0482.yaml"}
{"ID":"CVE-2022-0535","Info":{"Name":"WordPress E2Pdf \u003c1.16.45 - Cross-Site Scripting","Severity":"medium","Description":"WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-0535.yaml"}
{"ID":"CVE-2022-0540","Info":{"Name":"Atlassian Jira Seraph - Authentication Bypass","Severity":"critical","Description":"Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0540.yaml"}
{"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"}
{"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"}
{"ID":"CVE-2022-0594","Info":{"Name":"WordPress Shareaholic \u003c9.7.6 - Information Disclosure","Severity":"medium","Description":"WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0594.yaml"}
{"ID":"CVE-2022-0595","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.6.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0595.yaml"}
{"ID":"CVE-2022-0599","Info":{"Name":"WordPress Mapping Multiple URLs Redirect Same Page \u003c=5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0599.yaml"}
@ -1506,9 +1516,10 @@
{"ID":"CVE-2022-1595","Info":{"Name":"WordPress HC Custom WP-Admin URL \u003c=1.4 - Admin Login URL Disclosure","Severity":"medium","Description":"WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1595.yaml"}
{"ID":"CVE-2022-1597","Info":{"Name":"WordPress WPQA \u003c5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1597.yaml"}
{"ID":"CVE-2022-1598","Info":{"Name":"WordPress WPQA \u003c5.5 - Improper Access Control","Severity":"medium","Description":"WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1598.yaml"}
{"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"}
{"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"}
{"ID":"CVE-2022-1713","Info":{"Name":"Drawio \u003c18.0.4 - Server-Side Request Forgery","Severity":"high","Description":"Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1713.yaml"}
{"ID":"CVE-2022-1724","Info":{"Name":"WordPress Simple Membership \u003c4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1724.yaml"}
{"ID":"CVE-2022-1756","Info":{"Name":"Newsletter \u003c 7.4.5 - Cross-Site Scripting","Severity":"medium","Description":"The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1756.yaml"}
{"ID":"CVE-2022-1768","Info":{"Name":"WordPress RSVPMaker \u003c=9.3.2 - SQL Injection","Severity":"high","Description":"WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1768.yaml"}
{"ID":"CVE-2022-1815","Info":{"Name":"Drawio \u003c18.1.2 - Server-Side Request Forgery","Severity":"high","Description":"Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1815.yaml"}
{"ID":"CVE-2022-1883","Info":{"Name":"Terraboard \u003c2.2.0 - SQL Injection","Severity":"high","Description":"Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-1883.yaml"}
@ -1533,6 +1544,7 @@
{"ID":"CVE-2022-22242","Info":{"Name":"Juniper Web Device Manager - Cross-Site Scripting","Severity":"medium","Description":"Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-22242.yaml"}
{"ID":"CVE-2022-22536","Info":{"Name":"SAP Memory Pipes (MPI) Desynchronization","Severity":"critical","Description":"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22536.yaml"}
{"ID":"CVE-2022-22733","Info":{"Name":"Apache ShardingSphere ElasticJob-UI privilege escalation","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-22733.yaml"}
{"ID":"CVE-2022-22897","Info":{"Name":"PrestaShop Ap Pagebuilder \u003c= 2.4.4 SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22897.yaml"}
{"ID":"CVE-2022-2290","Info":{"Name":"Trilium \u003c0.52.4 - Cross-Site Scripting","Severity":"medium","Description":"Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2290.yaml"}
{"ID":"CVE-2022-22947","Info":{"Name":"Spring Cloud Gateway Code Injection","Severity":"critical","Description":"Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22947.yaml"}
{"ID":"CVE-2022-22954","Info":{"Name":"VMware Workspace ONE Access - Server-Side Template Injection","Severity":"critical","Description":"VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22954.yaml"}
@ -1604,7 +1616,7 @@
{"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-26159.yaml"}
{"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-26233.yaml"}
{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26263.yaml"}
{"ID":"CVE-2022-2627","Info":{"Name":"WordPress Newspaper \u003c12 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2627.yaml"}
{"ID":"CVE-2022-2627","Info":{"Name":"WordPress Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2627.yaml"}
{"ID":"CVE-2022-2633","Info":{"Name":"All-In-One Video Gallery \u003c=2.6.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-2633.yaml"}
{"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26352.yaml"}
{"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26564.yaml"}
@ -1753,6 +1765,7 @@
{"ID":"CVE-2022-3982","Info":{"Name":"WordPress Booking Calendar \u003c3.2.2 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3982.yaml"}
{"ID":"CVE-2022-39952","Info":{"Name":"Fortinet FortiNAC - Arbitrary File Write","Severity":"critical","Description":"Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39952.yaml"}
{"ID":"CVE-2022-39960","Info":{"Name":"Jira Netic Group Export \u003c1.0.3 - Missing Authorization","Severity":"medium","Description":"Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-39960.yaml"}
{"ID":"CVE-2022-39986","Info":{"Name":"RaspAP 2.8.7 - Unauthenticated Command Injection","Severity":"critical","Description":"A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39986.yaml"}
{"ID":"CVE-2022-40022","Info":{"Name":"Symmetricom SyncServer Unauthenticated - Remote Command Execution","Severity":"critical","Description":"Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40022.yaml"}
{"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2022/CVE-2022-40083.yaml"}
{"ID":"CVE-2022-40127","Info":{"Name":"AirFlow \u003c 2.4.0 - Remote Code Execution","Severity":"high","Description":"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-40127.yaml"}
@ -1763,7 +1776,7 @@
{"ID":"CVE-2022-4063","Info":{"Name":"WordPress InPost Gallery \u003c2.1.4.1 - Local File Inclusion","Severity":"critical","Description":"WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4063.yaml"}
{"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40684.yaml"}
{"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-40734.yaml"}
{"ID":"CVE-2022-40843","Info":{"Name":"Tenda AC1200 V-W15Ev2 - Authentication Bypass","Severity":"critical","Description":"The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2022/CVE-2022-40843.yaml"}
{"ID":"CVE-2022-40843","Info":{"Name":"Tenda AC1200 V-W15Ev2 - Authentication Bypass","Severity":"medium","Description":"The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2022/CVE-2022-40843.yaml"}
{"ID":"CVE-2022-40879","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40879.yaml"}
{"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40881.yaml"}
{"ID":"CVE-2022-4117","Info":{"Name":"WordPress IWS Geo Form Fields \u003c=1.0 - SQL Injection","Severity":"critical","Description":"WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4117.yaml"}
@ -1830,6 +1843,7 @@
{"ID":"CVE-2022-46934","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46934.yaml"}
{"ID":"CVE-2022-47002","Info":{"Name":"Masa CMS - Authentication Bypass","Severity":"critical","Description":"Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47002.yaml"}
{"ID":"CVE-2022-47003","Info":{"Name":"Mura CMS \u003c10.0.580 - Authentication Bypass","Severity":"critical","Description":"Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47003.yaml"}
{"ID":"CVE-2022-47615","Info":{"Name":"LearnPress Plugin \u003c 4.2.0 - Local File Inclusion","Severity":"critical","Description":"Local File Inclusion vulnerability in LearnPress WordPress LMS Plugin \u003c= 4.1.7.3.2 versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47615.yaml"}
{"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47945.yaml"}
{"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47966.yaml"}
{"ID":"CVE-2022-47986","Info":{"Name":"IBM Aspera Faspex \u003c=4.4.2 PL1 - Remote Code Execution","Severity":"critical","Description":"IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47986.yaml"}
@ -1841,9 +1855,9 @@
{"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"}
{"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"}
{"ID":"CVE-2023-0297","Info":{"Name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","Severity":"critical","Description":"Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0297.yaml"}
{"ID":"CVE-2023-0448","Info":{"Name":"WP Helper Lite \u003c 4.3 - Cross-Site Scripting","Severity":"medium","Description":"The WP Helper Lite WordPress plugin, in versions \u003c 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-0448.yaml"}
{"ID":"CVE-2023-0448","Info":{"Name":"WP Helper Lite \u003c 4.3 - Cross-Site Scripting","Severity":"medium","Description":"The WP Helper Lite WordPress plugin, in versions \u003c 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0448.yaml"}
{"ID":"CVE-2023-0514","Info":{"Name":"Membership Database \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0514.yaml"}
{"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"}
{"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"}
{"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"}
{"ID":"CVE-2023-0562","Info":{"Name":"Bank Locker Management System v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0562.yaml"}
{"ID":"CVE-2023-0563","Info":{"Name":"Bank Locker Management System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-0563.yaml"}
@ -1859,12 +1873,13 @@
{"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"}
{"ID":"CVE-2023-1454","Info":{"Name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1454.yaml"}
{"ID":"CVE-2023-1496","Info":{"Name":"Imgproxy \u003c 3.14.0 - Cross-site Scripting (XSS)","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1496.yaml"}
{"ID":"CVE-2023-1546","Info":{"Name":"MyCryptoCheckout \u003c 2.124 - Cross-Site Scripting","Severity":"medium","Description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1546.yaml"}
{"ID":"CVE-2023-1546","Info":{"Name":"MyCryptoCheckout \u003c 2.124 - Cross-Site Scripting","Severity":"medium","Description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1546.yaml"}
{"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"}
{"ID":"CVE-2023-1698","Info":{"Name":"WAGO - Remote Command Execution","Severity":"high","Description":"In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1698.yaml"}
{"ID":"CVE-2023-1698","Info":{"Name":"WAGO - Remote Command Execution","Severity":"critical","Description":"In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1698.yaml"}
{"ID":"CVE-2023-1730","Info":{"Name":"SupportCandy \u003c 3.1.5 - Unauthenticated SQL Injection","Severity":"critical","Description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1730.yaml"}
{"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"}
{"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"}
{"ID":"CVE-2023-20073","Info":{"Name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","Severity":"critical","Description":"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20073.yaml"}
{"ID":"CVE-2023-2023","Info":{"Name":"Custom 404 Pro \u003c 3.7.3 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2023.yaml"}
{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
{"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"}
@ -1872,7 +1887,7 @@
{"ID":"CVE-2023-20889","Info":{"Name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","Severity":"high","Description":"Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-20889.yaml"}
{"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
{"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
{"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"}
{"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"}
{"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"}
{"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"}
{"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"}
@ -1883,8 +1898,8 @@
{"ID":"CVE-2023-23333","Info":{"Name":"SolarView Compact 6.00 - OS Command Injection","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23333.yaml"}
{"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23488.yaml"}
{"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23489.yaml"}
{"ID":"CVE-2023-23491","Info":{"Name":"Quick Event Manager \u003c 9.7.5 - Cross-Site Scripting","Severity":"medium","Description":"The Quick Event Manager WordPress Plugin, version \u003c 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-23491.yaml"}
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n\nNote that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492.yaml"}
{"ID":"CVE-2023-23491","Info":{"Name":"Quick Event Manager \u003c 9.7.5 - Cross-Site Scripting","Severity":"medium","Description":"The Quick Event Manager WordPress Plugin, version \u003c 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-23491.yaml"}
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492 2.yaml"}
{"ID":"CVE-2023-2356","Info":{"Name":"Mlflow \u003c2.3.0 - Local File Inclusion","Severity":"high","Description":"Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2356.yaml"}
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-23752.yaml"}
{"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian \u003c=18.0.49 - Open Redirect","Severity":"medium","Description":"Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is \"the ability to use arbitrary domain names to access the panel is an intended feature.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24044.yaml"}
@ -1896,7 +1911,7 @@
{"ID":"CVE-2023-24489","Info":{"Name":"Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-24489.yaml"}
{"ID":"CVE-2023-24657","Info":{"Name":"phpIPAM - 1.6 - Cross-Site Scripting","Severity":"medium","Description":"phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24657.yaml"}
{"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"}
{"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"}
{"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735 2.yaml"}
{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"}
{"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"}
{"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"}
@ -1906,9 +1921,12 @@
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"}
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"}
{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"high","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"}
{"ID":"CVE-2023-26469","Info":{"Name":"Jorani 1.0.0 - Remote Code Execution","Severity":"critical","Description":"Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26469.yaml"}
{"ID":"CVE-2023-2648","Info":{"Name":"Weaver E-Office 9.5 - Remote Code Execution","Severity":"critical","Description":"A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2648.yaml"}
{"ID":"CVE-2023-26842","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26842.yaml"}
{"ID":"CVE-2023-26843","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26843.yaml"}
{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"}
{"ID":"CVE-2023-27034","Info":{"Name":"Blind SQL injection vulnerability in Jms Blog","Severity":"critical","Description":"The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27034.yaml"}
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"high","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"}
{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"high","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"}
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"}
@ -1925,7 +1943,7 @@
{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"}
{"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","Severity":"critical","Description":"Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28343.yaml"}
{"ID":"CVE-2023-28432","Info":{"Name":"MinIO Cluster Deployment - Information Disclosure","Severity":"high","Description":"MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-28432.yaml"}
{"ID":"CVE-2023-28665","Info":{"Name":"Woo Bulk Price Update \u003c2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The Woo Bulk Price Update WordPress plugin, in versions \u003c 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-28665.yaml"}
{"ID":"CVE-2023-28665","Info":{"Name":"Woo Bulk Price Update \u003c2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The Woo Bulk Price Update WordPress plugin, in versions \u003c 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-28665.yaml"}
{"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"}
{"ID":"CVE-2023-29298","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29298.yaml"}
{"ID":"CVE-2023-29300","Info":{"Name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29300.yaml"}
@ -1938,22 +1956,27 @@
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"}
{"ID":"CVE-2023-30019","Info":{"Name":"Imgproxy \u003c= 3.14.0 - Server-side request forgery (SSRF)","Severity":"medium","Description":"imgproxy \u003c=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30019.yaml"}
{"ID":"CVE-2023-30150","Info":{"Name":"PrestaShop leocustomajax 1.0 \u0026 1.0.0 - SQL Injection","Severity":"critical","Description":"PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30150.yaml"}
{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"}
{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
{"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"}
{"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"}
{"ID":"CVE-2023-30943","Info":{"Name":"Moodle - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30943.yaml"}
{"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"}
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"}
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
{"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"}
{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"}
{"ID":"CVE-2023-32563","Info":{"Name":"Ivanti Avalanche - Remote Code Execution","Severity":"critical","Description":"An unauthenticated attacker could achieve the code execution through a RemoteControl server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32563.yaml"}
{"ID":"CVE-2023-33338","Info":{"Name":"Old Age Home Management System v1.0 - SQL Injection","Severity":"critical","Description":"Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33338.yaml"}
{"ID":"CVE-2023-33439","Info":{"Name":"Faculty Evaluation System v1.0 - SQL Injection","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33439.yaml"}
{"ID":"CVE-2023-33440","Info":{"Name":"Faculty Evaluation System v1.0 - Remote Code Execution","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33440.yaml"}
{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"}
{"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"}
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
{"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"}
{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"high","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
{"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"}
{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"critical","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"}
@ -1962,25 +1985,37 @@
{"ID":"CVE-2023-34659","Info":{"Name":"JeecgBoot 3.5.0 - SQL Injection","Severity":"critical","Description":"jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34659.yaml"}
{"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"}
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"critical","Description":"A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
{"ID":"CVE-2023-35885","Info":{"Name":"Cloudpanel 2 \u003c 2.3.1 - Remote Code Execution","Severity":"critical","Description":"CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35885.yaml"}
{"ID":"CVE-2023-36287","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36287.yaml"}
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross-site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
{"ID":"CVE-2023-37265","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Internal IP","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37265.yaml"}
{"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"}
{"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"7.6"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"}
{"ID":"CVE-2023-37462","Info":{"Name":"XWiki Platform - Remote Code Execution","Severity":"critical","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-37462.yaml"}
{"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"}
{"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"}
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"high","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
{"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
{"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"}
{"ID":"CVE-2023-37462","Info":{"Name":"XWiki Platform - Remote Code Execution","Severity":"high","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37462.yaml"}
{"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"}
{"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"}
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
{"ID":"CVE-2023-38433","Info":{"Name":"Fujitsu IP Series - Hardcoded Credentials","Severity":"high","Description":"Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38433.yaml"}
{"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"}
{"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"}
{"ID":"CVE-2023-39120","Info":{"Name":"Nodogsplash - Directory Traversal","Severity":"high","Description":"Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39120.yaml"}
{"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"}
{"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"}
{"ID":"CVE-2023-39141","Info":{"Name":"Aria2 WebUI - Path traversal","Severity":"high","Description":"webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39141.yaml"}
{"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"}
{"ID":"CVE-2023-3936","Info":{"Name":"Blog2Social \u003c 7.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3936.yaml"}
{"ID":"CVE-2023-39361","Info":{"Name":"Cacti 1.2.24 - SQL Injection","Severity":"critical","Description":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39361.yaml"}
{"ID":"CVE-2023-39598","Info":{"Name":"IceWarp Email Client - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39598.yaml"}
{"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"}
{"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"}
{"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"}
{"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
929aa17afc0b8e297b806015ca85f09e
0fa9dbb5fa304e174cf185b9d13b1a48

2
file/keys/npm-accesstoken.yaml
View File

@ -21,4 +21,4 @@ file:
- type: regex
part: body
regex:
- "(npm_[A-Za-z0-9]{36})"
- "\b(npm_[A-Za-z0-9]{36})\b"

2
file/keys/openai-key.yaml
View File

@ -20,4 +20,4 @@ file:
- type: regex
part: body
regex:
- "(sk-[a-zA-Z0-9]{48})"
- \b(sk-[a-zA-Z0-9]{48})\b

183
headless/headless-open-redirect.yaml
View File

@ -21,104 +21,101 @@ headless:
payloads:
redirect:
- '%0a/evil.com/'
- '%0d/evil.com/'
- '%00/evil.com/'
- '%09/evil.com/'
- '%5C%5Cevil.com/%252e%252e%252f'
- '%5Cevil.com'
- '%5cevil.com/%2f%2e%2e'
- '%5c{{RootURL}}evil.com/%2f%2e%2e'
- '../evil.com'
- '.evil.com'
- '/%5cevil.com'
- '////\;@evil.com'
- '////evil.com'
- '///evil.com'
- '///evil.com/%2f%2e%2e'
- '///evil.com@//'
- '///{{RootURL}}evil.com/%2f%2e%2e'
- '//;@evil.com'
- '//\/evil.com/'
- '//\@evil.com'
- '//\evil.com'
- '//\tevil.com/'
- '//evil.com/%2F..'
- '//evil.com//'
- '%0a/oast.live/'
- '%0d/oast.live/'
- '%00/oast.live/'
- '%09/oast.live/'
- '%5C%5Coast.live/%252e%252e%252f'
- '%5Coast.live'
- '%5coast.live/%2f%2e%2e'
- '%5c{{RootURL}}oast.live/%2f%2e%2e'
- '../oast.live'
- '.oast.live'
- '/%5coast.live'
- '////\;@oast.live'
- '////oast.live'
- '///oast.live'
- '///oast.live/%2f%2e%2e'
- '///oast.live@//'
- '///{{RootURL}}oast.live/%2f%2e%2e'
- '//;@oast.live'
- '//\/oast.live/'
- '//\@oast.live'
- '//\oast.live'
- '//\toast.live/'
- '//oast.live/%2F..'
- '//oast.live//'
- '//%69%6e%74%65%72%61%63%74%2e%73%68'
- '//evil.com@//'
- '//evil.com\tevil.com/'
- '//https://evil.com@//'
- '/<>//evil.com'
- '/\/\/evil.com/'
- '/\/evil.com'
- '/\evil.com'
- '/evil.com'
- '/evil.com/%2F..'
- '/evil.com/'
- '/evil.com/..;/css'
- '/https:evil.com'
- '/{{RootURL}}evil.com/'
- '/〱evil.com'
- '/〵evil.com'
- '/ゝevil.com'
- '/ーevil.com'
- '/ーevil.com'
- '<>//evil.com'
- '@evil.com'
- '@https://evil.com'
- '\/\/evil.com/'
- '//oast.live@//'
- '//oast.live\toast.live/'
- '//https://oast.live@//'
- '/<>//oast.live'
- '/\/\/oast.live/'
- '/\/oast.live'
- '/\oast.live'
- '/oast.live'
- '/oast.live/%2F..'
- '/oast.live/'
- '/oast.live/..;/css'
- '/https:oast.live'
- '/{{RootURL}}oast.live/'
- '/〱oast.live'
- '/〵oast.live'
- '/ゝoast.live'
- '/ーoast.live'
- '/ーoast.live'
- '<>//oast.live'
- '@oast.live'
- '@https://oast.live'
- '\/\/oast.live/'
- 'evil%E3%80%82com'
- 'evil.com'
- 'evil.com/'
- 'evil.com//'
- 'evil.com;@'
- 'https%3a%2f%2fevil.com%2f'
- 'https:%0a%0devil.com'
- 'https://%0a%0devil.com'
- 'https://%09/evil.com'
- 'https://%2f%2f.evil.com/'
- 'https://%3F.evil.com/'
- 'https://%5c%5c.evil.com/'
- 'https://%5cevil.com@'
- 'https://%23.evil.com/'
- 'https://.evil.com'
- 'https://////evil.com'
- 'https:///evil.com'
- 'https:///evil.com/%2e%2e'
- 'https:///evil.com/%2f%2e%2e'
- 'https:///evil.com@evil.com/%2e%2e'
- 'https:///evil.com@evil.com/%2f%2e%2e'
- 'https://:80#@evil.com/'
- 'https://:80?@evil.com/'
- 'https://:@\@evil.com'
- 'https://:@evil.com\@evil.com'
- 'https://;@evil.com'
- 'https://\tevil.com/'
- 'https://evil.com/evil.com'
- 'https://evil.com/https://evil.com/'
- 'https://www.\.evil.com'
- 'https:/\/\evil.com'
- 'https:/\evil.com'
- 'https:/evil.com'
- 'https:evil.com'
- '{{RootURL}}evil.com'
- '〱evil.com'
- '〵evil.com'
- 'ゝevil.com'
- 'ーevil.com'
- 'ーevil.com'
- 'redirect/evil.com'
- 'cgi-bin/redirect.cgi?evil.com'
- 'out?evil.com'
- 'login?to=http://evil.com'
- 'oast.live'
- 'oast.live/'
- 'oast.live//'
- 'oast.live;@'
- 'https%3a%2f%2foast.live%2f'
- 'https:%0a%0doast.live'
- 'https://%0a%0doast.live'
- 'https://%09/oast.live'
- 'https://%2f%2f.oast.live/'
- 'https://%3F.oast.live/'
- 'https://%5c%5c.oast.live/'
- 'https://%5coast.live@'
- 'https://%23.oast.live/'
- 'https://.oast.live'
- 'https://////oast.live'
- 'https:///oast.live'
- 'https:///oast.live/%2e%2e'
- 'https:///oast.live/%2f%2e%2e'
- 'https:///oast.live@oast.live/%2e%2e'
- 'https:///oast.live@oast.live/%2f%2e%2e'
- 'https://:80#@oast.live/'
- 'https://:80?@oast.live/'
- 'https://:@\@oast.live'
- 'https://:@oast.live\@oast.live'
- 'https://;@oast.live'
- 'https://\toast.live/'
- 'https://oast.live/oast.live'
- 'https://oast.live/https://oast.live/'
- 'https://www.\.oast.live'
- 'https:/\/\oast.live'
- 'https:/\oast.live'
- 'https:/oast.live'
- 'https:oast.live'
- '{{RootURL}}oast.live'
- '〱oast.live'
- '〵oast.live'
- 'ゝoast.live'
- 'ーoast.live'
- 'ーoast.live'
- 'redirect/oast.live'
- 'cgi-bin/redirect.cgi?oast.live'
- 'out?oast.live'
- 'login?to=http://oast.live'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "evil.com"
- "Evil.Com - We get it...Daily."
condition: and
- "Interactsh Server"

2
helpers/wordpress/plugins/advanced-custom-fields.txt
View File

@ -1 +1 @@
6.2.0
6.2.1

2
helpers/wordpress/plugins/akismet.txt
View File

@ -1 +1 @@
5.2
5.3

2
helpers/wordpress/plugins/all-in-one-seo-pack.txt
View File

@ -1 +1 @@
4.4.3
4.4.6

2
helpers/wordpress/plugins/all-in-one-wp-migration.txt
View File

@ -1 +1 @@
7.77
7.78

2
helpers/wordpress/plugins/antispam-bee.txt
View File

@ -1 +1 @@
2.11.3
2.11.4

2
helpers/wordpress/plugins/astra-sites.txt
View File

@ -1 +1 @@
3.4.0
3.4.1

2
helpers/wordpress/plugins/better-wp-security.txt
View File

@ -1 +1 @@
8.1.7
8.1.8

2
helpers/wordpress/plugins/broken-link-checker.txt
View File

@ -1 +1 @@
2.2.1
2.2.2

2
helpers/wordpress/plugins/click-to-chat-for-whatsapp.txt
View File

@ -1 +1 @@
3.29.2
3.29.4

2
helpers/wordpress/plugins/coblocks.txt
View File

@ -1 +1 @@
3.1.2
3.1.4

2
helpers/wordpress/plugins/code-snippets.txt
View File

@ -1 +1 @@
3.4.2
3.5.0

2
helpers/wordpress/plugins/cookie-law-info.txt
View File

@ -1 +1 @@
3.1.1
3.1.4

2
helpers/wordpress/plugins/cookie-notice.txt
View File

@ -1 +1 @@
2.4.9
2.4.10

2
helpers/wordpress/plugins/custom-fonts.txt
View File

@ -1 +1 @@
2.0.2
2.1.0

2
helpers/wordpress/plugins/disable-comments.txt
View File

@ -1 +1 @@
2.4.4
2.4.5

2
helpers/wordpress/plugins/duplicate-page.txt
View File

@ -1 +1 @@
4.5.2
4.5.3

2
helpers/wordpress/plugins/duracelltomi-google-tag-manager.txt
View File

@ -1 +1 @@
1.18
1.18.1

2
helpers/wordpress/plugins/elementor.txt
View File

@ -1 +1 @@
3.15.2
3.16.3

2
helpers/wordpress/plugins/elementskit-lite.txt
View File

@ -1 +1 @@
2.9.0
2.9.2

2
helpers/wordpress/plugins/enable-media-replace.txt
View File

@ -1 +1 @@
4.1.2
4.1.3

2
helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt
View File

@ -1 +1 @@
5.8.6
5.8.9

2
helpers/wordpress/plugins/ewww-image-optimizer.txt
View File

@ -1 +1 @@
7.2.0
7.2.1

2
helpers/wordpress/plugins/facebook-for-woocommerce.txt
View File

@ -1 +1 @@
3.0.31
3.0.33

2
helpers/wordpress/plugins/fluentform.txt
View File

@ -1 +1 @@
5.0.7
5.0.9

2
helpers/wordpress/plugins/force-regenerate-thumbnails.txt
View File

@ -1 +1 @@
2.1.2
2.1.3

2
helpers/wordpress/plugins/formidable.txt
View File

@ -1 +1 @@
6.4.1
6.5

2
helpers/wordpress/plugins/forminator.txt
View File

@ -1 +1 @@
1.25.0
1.26.0

2
helpers/wordpress/plugins/gdpr-cookie-compliance.txt
View File

@ -1 +1 @@
4.12.5
4.12.7

2
helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt
View File

@ -1 +1 @@
7.18.1
7.19

2
helpers/wordpress/plugins/google-analytics-for-wordpress.txt
View File

@ -1 +1 @@
8.18
8.19

2
helpers/wordpress/plugins/google-listings-and-ads.txt
View File

@ -1 +1 @@
2.5.2
2.5.6

2
helpers/wordpress/plugins/google-site-kit.txt
View File

@ -1 +1 @@
1.107.0
1.109.0

2
helpers/wordpress/plugins/gtranslate.txt
View File

@ -1 +1 @@
3.0.3
3.0.4

2
helpers/wordpress/plugins/gutenberg.txt
View File

@ -1 +1 @@
16.4.0
16.6.0

2
helpers/wordpress/plugins/header-footer-code-manager.txt
View File

@ -1 +1 @@
1.1.35
1.1.36

2
helpers/wordpress/plugins/header-footer-elementor.txt
View File

@ -1 +1 @@
1.6.15
1.6.16

2
helpers/wordpress/plugins/host-webfonts-local.txt
View File

@ -1 +1 @@
5.6.5
5.7.2

2
helpers/wordpress/plugins/insert-headers-and-footers.txt
View File

@ -1 +1 @@
2.1.1
2.1.2

2
helpers/wordpress/plugins/jetpack-boost.txt
View File

@ -1 +1 @@
2.0.0
2.1.1

2
helpers/wordpress/plugins/jetpack.txt
View File

@ -1 +1 @@
12.4
12.5

2
helpers/wordpress/plugins/kadence-blocks.txt
View File

@ -1 +1 @@
3.1.11
3.1.15

2
helpers/wordpress/plugins/leadin.txt
View File

@ -1 +1 @@
10.2.1
10.2.5

2
helpers/wordpress/plugins/limit-login-attempts-reloaded.txt
View File

@ -1 +1 @@
2.25.22
2.25.25

2
helpers/wordpress/plugins/loco-translate.txt
View File

@ -1 +1 @@
2.6.4
2.6.6

2
helpers/wordpress/plugins/mailchimp-for-wp.txt
View File

@ -1 +1 @@
4.9.6
4.9.7

2
helpers/wordpress/plugins/mailpoet.txt
View File

@ -1 +1 @@
4.24.0
4.27.0

2
helpers/wordpress/plugins/maintenance.txt
View File

@ -1 +1 @@
4.07
4.08

2
helpers/wordpress/plugins/mainwp-child.txt
View File

@ -1 +1 @@
4.5
4.5.1

2
helpers/wordpress/plugins/malcare-security.txt
View File

@ -1 +1 @@
5.22
5.25

2
helpers/wordpress/plugins/megamenu.txt
View File

@ -1 +1 @@
3.2.2
3.2.3

2
helpers/wordpress/plugins/ml-slider.txt
View File

@ -1 +1 @@
3.36.0
3.37.0

2
helpers/wordpress/plugins/newsletter.txt
View File

@ -1 +1 @@
7.8.9
7.9.3

2
helpers/wordpress/plugins/nextgen-gallery.txt
View File

@ -1 +1 @@
3.37
3.39

2
helpers/wordpress/plugins/ninja-forms.txt
View File

@ -1 +1 @@
3.6.29
3.6.30

2
helpers/wordpress/plugins/ocean-extra.txt
View File

@ -1 +1 @@
2.1.8
2.2.0

2
helpers/wordpress/plugins/optinmonster.txt
View File

@ -1 +1 @@
2.13.7
2.13.8

2
helpers/wordpress/plugins/photo-gallery.txt
View File

@ -1 +1 @@
1.8.17
1.8.18

1
helpers/wordpress/plugins/pinterest-for-woocommerce.txt Normal file
View File

@ -0,0 +1 @@
1.3.10

2
helpers/wordpress/plugins/pixelyoursite.txt
View File

@ -1 +1 @@
9.4.2
9.4.5.1

2
helpers/wordpress/plugins/post-smtp.txt
View File

@ -1 +1 @@
2.5.9.2
2.6.0

2
helpers/wordpress/plugins/premium-addons-for-elementor.txt
View File

@ -1 +1 @@
4.10.4
4.10.7

2
helpers/wordpress/plugins/pretty-link.txt
View File

@ -1 +1 @@
3.5.1
3.5.2

2
helpers/wordpress/plugins/really-simple-ssl.txt
View File

@ -1 +1 @@
7.0.8
7.0.9

2
helpers/wordpress/plugins/redux-framework.txt
View File

@ -1 +1 @@
4.4.5
4.4.7

2
helpers/wordpress/plugins/safe-svg.txt
View File

@ -1 +1 @@
2.1.1
2.2.0

2
helpers/wordpress/plugins/seo-by-rank-math.txt
View File

@ -1 +1 @@
1.0.121.1
1.0.201.1

2
helpers/wordpress/plugins/sg-cachepress.txt
View File

@ -1 +1 @@
7.3.4
7.4.1

2
helpers/wordpress/plugins/shortpixel-image-optimiser.txt
View File

@ -1 +1 @@
5.4.0
5.4.2

2
helpers/wordpress/plugins/siteorigin-panels.txt
View File

@ -1 +1 @@
2.25.2
2.26.0

2
helpers/wordpress/plugins/the-events-calendar.txt
View File

@ -1 +1 @@
6.2.0.1
6.2.2

2
helpers/wordpress/plugins/translatepress-multilingual.txt
View File

@ -1 +1 @@
2.5.9
2.6.1

2
helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt
View File

@ -1 +1 @@
2.7.5
2.7.9

2
helpers/wordpress/plugins/updraftplus.txt
View File

@ -1 +1 @@
1.23.9
1.23.10

2
helpers/wordpress/plugins/webp-converter-for-media.txt
View File

@ -1 +1 @@
5.9.5
N/A

2
helpers/wordpress/plugins/woo-checkout-field-editor-pro.txt
View File

@ -1 +1 @@
1.9.0
1.9.1

2
helpers/wordpress/plugins/woocommerce-gateway-stripe.txt
View File

@ -1 +1 @@
7.5.0
7.6.0

2
helpers/wordpress/plugins/woocommerce-payments.txt
View File

@ -1 +1 @@
6.3.1
6.4.2

2
helpers/wordpress/plugins/woocommerce-paypal-payments.txt
View File

@ -1 +1 @@
2.2.0
2.2.2

2
helpers/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.txt
View File

@ -1 +1 @@
3.6.1
3.6.3

2
helpers/wordpress/plugins/woocommerce-services.txt
View File

@ -1 +1 @@
2.3.2
2.3.4

2
helpers/wordpress/plugins/woocommerce.txt
View File

@ -1 +1 @@
8.0.2
8.1.1

2
helpers/wordpress/plugins/wordpress-seo.txt
View File

@ -1 +1 @@
20.13
21.1

2
helpers/wordpress/plugins/wp-fastest-cache.txt
View File

@ -1 +1 @@
1.1.8
1.1.9

2
helpers/wordpress/plugins/wp-file-manager.txt
View File

@ -1 +1 @@
7.1.9
7.2

Some files were not shown because too many files have changed in this diff Show More