Auto Generated cves.json [Mon Mar 27 17:47:21 UTC 2023] 🤖
GitHub Action
parent
f47168659b
commit
88c08ef913
58
cves.json
58
cves.json
|
|
@ -255,7 +255,7 @@
|
|||
{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"high","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2166.yaml"}
|
||||
{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-2755.yaml"}
|
||||
{"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-2807.yaml"}
|
||||
{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"low","Description":"Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-2863.yaml"}
|
||||
{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-2863.yaml"}
|
||||
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-2996.yaml"}
|
||||
{"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2015/CVE-2015-3035.yaml"}
|
||||
{"ID":"CVE-2015-3224","Info":{"Name":"Ruby on Rails Web Console - Remote Code Execution","Severity":"critical","Description":"Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2015/CVE-2015-3224.yaml"}
|
||||
|
|
@ -291,7 +291,7 @@
|
|||
{"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-8349.yaml"}
|
||||
{"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"cves/2015/CVE-2015-8399.yaml"}
|
||||
{"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"cves/2015/CVE-2015-8813.yaml"}
|
||||
{"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c= 1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nsp_search.php’ several variables from the $_GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger a Reflected XSS attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9312.yaml"}
|
||||
{"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c=1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file \"includes/nsp_search.php\", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9312.yaml"}
|
||||
{"ID":"CVE-2015-9414","Info":{"Name":"WordPress Symposium \u003c=15.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2015/CVE-2015-9414.yaml"}
|
||||
{"ID":"CVE-2015-9480","Info":{"Name":"WordPress RobotCPA 5 - Directory Traversal","Severity":"high","Description":"The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2015/CVE-2015-9480.yaml"}
|
||||
{"ID":"CVE-2016-0957","Info":{"Name":"Adobe AEM Dispatcher \u003c4.15 - Rules Bypass","Severity":"high","Description":"Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2016/CVE-2016-0957.yaml"}
|
||||
|
|
@ -372,7 +372,7 @@
|
|||
{"ID":"CVE-2017-12794","Info":{"Name":"Django Debug Page - Cross-Site Scripting","Severity":"medium","Description":"Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with \"DEBUG = True\" is not on by default (which is what makes the page visible).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-12794.yaml"}
|
||||
{"ID":"CVE-2017-14135","Info":{"Name":"OpenDreambox 2.0.0 - Remote Code Execution","Severity":"critical","Description":"OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-14135.yaml"}
|
||||
{"ID":"CVE-2017-14186","Info":{"Name":"FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting","Severity":"medium","Description":"FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2017/CVE-2017-14186.yaml"}
|
||||
{"ID":"CVE-2017-14524","Info":{"Name":"OpenText Documentum Administrator 7.2.0180.0055 - Open redirect","Severity":"medium","Description":"Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-14524.yaml"}
|
||||
{"ID":"CVE-2017-14524","Info":{"Name":"OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect","Severity":"medium","Description":"OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-14524.yaml"}
|
||||
{"ID":"CVE-2017-14535","Info":{"Name":"Trixbox - 2.8.0.4 OS Command Injection","Severity":"high","Description":"Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2017/CVE-2017-14535.yaml"}
|
||||
{"ID":"CVE-2017-14537","Info":{"Name":"Trixbox 2.8.0 - Path Traversal","Severity":"medium","Description":"Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2017/CVE-2017-14537.yaml"}
|
||||
{"ID":"CVE-2017-14622","Info":{"Name":"WordPress 2kb Amazon Affiliates Store \u003c2.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-14622.yaml"}
|
||||
|
|
@ -401,7 +401,7 @@
|
|||
{"ID":"CVE-2017-5487","Info":{"Name":"WordPress Core \u003c4.7.1 - Username Enumeration","Severity":"medium","Description":"WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2017/CVE-2017-5487.yaml"}
|
||||
{"ID":"CVE-2017-5521","Info":{"Name":"NETGEAR Routers - Authentication Bypass","Severity":"high","Description":"NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"cves/2017/CVE-2017-5521.yaml"}
|
||||
{"ID":"CVE-2017-5631","Info":{"Name":"KMCIS CaseAware - Cross-Site Scripting","Severity":"medium","Description":"KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2017/CVE-2017-5631.yaml"}
|
||||
{"ID":"CVE-2017-5638","Info":{"Name":"Apache Struts 2 - Remote Command Execution","Severity":"critical","Description":"Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is vulnerable to remote command injection attacks through incorrectly parsing an attacker's invalid Content-Type HTTP header. The Struts vulnerability allows these commands to be executed under the privileges of the Web server.\n","Classification":{"CVSSScore":"10"}},"file_path":"cves/2017/CVE-2017-5638.yaml"}
|
||||
{"ID":"CVE-2017-5638","Info":{"Name":"Apache Struts 2 - Remote Command Execution","Severity":"critical","Description":"Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.\n","Classification":{"CVSSScore":"10"}},"file_path":"cves/2017/CVE-2017-5638.yaml"}
|
||||
{"ID":"CVE-2017-5689","Info":{"Name":"Intel Active Management Technology - Authentication Bypass","Severity":"critical","Description":"An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2017/CVE-2017-5689.yaml"}
|
||||
{"ID":"CVE-2017-5982","Info":{"Name":"Kodi 17.1 - Local File Inclusion","Severity":"high","Description":"Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2017/CVE-2017-5982.yaml"}
|
||||
{"ID":"CVE-2017-6090","Info":{"Name":"PhpColl 2.5.1 Arbitrary File Upload","Severity":"high","Description":"PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2017/CVE-2017-6090.yaml"}
|
||||
|
|
@ -626,7 +626,7 @@
|
|||
{"ID":"CVE-2019-16525","Info":{"Name":"WordPress Checklist \u003c1.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-16525.yaml"}
|
||||
{"ID":"CVE-2019-1653","Info":{"Name":"Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure","Severity":"high","Description":"Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2019/CVE-2019-1653.yaml"}
|
||||
{"ID":"CVE-2019-16662","Info":{"Name":"rConfig 3.9.2 - Remote Code Execution","Severity":"critical","Description":"rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-16662.yaml"}
|
||||
{"ID":"CVE-2019-16759","Info":{"Name":"vBulletin v5.0.0-v5.5.4 - Remote Command Execution","Severity":"critical","Description":"vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-16759.yaml"}
|
||||
{"ID":"CVE-2019-16759","Info":{"Name":"vBulletin 5.0.0-5.5.4 - Remote Command Execution","Severity":"critical","Description":"vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-16759.yaml"}
|
||||
{"ID":"CVE-2019-16920","Info":{"Name":"D-Link Routers - Remote Code Execution","Severity":"critical","Description":"D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a \"PingTest\" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2019/CVE-2019-16920.yaml"}
|
||||
{"ID":"CVE-2019-16931","Info":{"Name":"WordPress Visualizer \u003c3.3.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2019/CVE-2019-16931.yaml"}
|
||||
{"ID":"CVE-2019-16932","Info":{"Name":"Visualizer \u003c3.3.1 - Blind Server-Side Request Forgery","Severity":"critical","Description":"Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.\n","Classification":{"CVSSScore":"10"}},"file_path":"cves/2019/CVE-2019-16932.yaml"}
|
||||
|
|
@ -992,12 +992,12 @@
|
|||
{"ID":"CVE-2021-22214","Info":{"Name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","Severity":"high","Description":"GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:\n- CVE-2021-39935\n- CVE-2021-22214\n- CVE-2021-22175\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2021/CVE-2021-22214.yaml"}
|
||||
{"ID":"CVE-2021-22873","Info":{"Name":"Revive Adserver \u003c5.1.0 - Open Redirect","Severity":"medium","Description":"Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-22873.yaml"}
|
||||
{"ID":"CVE-2021-22911","Info":{"Name":"Rocket.Chat \u003c=3.13 - NoSQL Injection","Severity":"critical","Description":"Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-22911.yaml"}
|
||||
{"ID":"CVE-2021-22986","Info":{"Name":"F5 BIG-IP iControl REST unauthenticated RCE","Severity":"critical","Description":"The iControl REST interface has an unauthenticated remote command execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-22986.yaml"}
|
||||
{"ID":"CVE-2021-22986","Info":{"Name":"F5 iControl REST - Remote Command Execution","Severity":"critical","Description":"F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-22986.yaml"}
|
||||
{"ID":"CVE-2021-23241","Info":{"Name":"MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion","Severity":"medium","Description":"MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-23241.yaml"}
|
||||
{"ID":"CVE-2021-24145","Info":{"Name":"Modern Events Calendar Lite \u003c 5.16.5 - Arbitrary File Upload to RCE","Severity":"high","Description":"Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24145.yaml"}
|
||||
{"ID":"CVE-2021-24145","Info":{"Name":"WordPress Modern Events Calendar Lite \u003c5.16.5 - Authenticated Arbitrary File Upload","Severity":"high","Description":"WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-type in the request. This can possibly lead to remote code execution.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24145.yaml"}
|
||||
{"ID":"CVE-2021-24146","Info":{"Name":"WordPress Modern Events Calendar Lite \u003c5.16.5 - Sensitive Information Disclosure","Severity":"high","Description":"WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24146.yaml"}
|
||||
{"ID":"CVE-2021-24150","Info":{"Name":"Like Button Rating \u003c 2.6.32 - Unauthenticated Full-Read SSRF","Severity":"high","Description":"The LikeBtn WordPress plugin was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24150.yaml"}
|
||||
{"ID":"CVE-2021-24155","Info":{"Name":"Backup Guard \u003c 1.6.0 - Authenticated Arbitrary File Upload","Severity":"high","Description":"The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24155.yaml"}
|
||||
{"ID":"CVE-2021-24155","Info":{"Name":"WordPress BackupGuard \u003c1.6.0 - Authenticated Arbitrary File Upload","Severity":"high","Description":"WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2021/CVE-2021-24155.yaml"}
|
||||
{"ID":"CVE-2021-24165","Info":{"Name":"WordPress Ninja Forms \u003c3.4.34 - Open Redirect","Severity":"medium","Description":"WordPress Ninja Forms plugin before 3.4.34 contains an open redirect vulnerability via the wp_ajax_nf_oauth_connect AJAX action, due to the use of a user-supplied redirect parameter and no protection in place. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24165.yaml"}
|
||||
{"ID":"CVE-2021-24169","Info":{"Name":"WordPress Advanced Order Export For WooCommerce \u003c3.1.8 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress Advanced Order Export For WooCommerce plugin before 3.1.8 contains an authenticated cross-site scripting vulnerability via the tab parameter in the admin panel. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24169.yaml"}
|
||||
{"ID":"CVE-2021-24176","Info":{"Name":"WordPress JH 404 Logger \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2021/CVE-2021-24176.yaml"}
|
||||
|
|
@ -1025,7 +1025,7 @@
|
|||
{"ID":"CVE-2021-24335","Info":{"Name":"WordPress Car Repair Services \u0026 Auto Mechanic Theme \u003c4.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Car Repair Services \u0026 Auto Mechanic before 4.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the serviceestimatekey parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24335.yaml"}
|
||||
{"ID":"CVE-2021-24340","Info":{"Name":"WordPress Statistics \u003c13.0.8 - Blind SQL Injection","Severity":"high","Description":"WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-24340.yaml"}
|
||||
{"ID":"CVE-2021-24342","Info":{"Name":"WordPress JNews Theme \u003c8.0.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24342.yaml"}
|
||||
{"ID":"CVE-2021-24347","Info":{"Name":"SP Project \u0026 Document Manager \u003c 4.22 - Authenticated Shell Upload","Severity":"high","Description":"The SP Project \u0026 Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from \"php\" to \"pHP\".\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-24347.yaml"}
|
||||
{"ID":"CVE-2021-24347","Info":{"Name":"WordPress SP Project \u0026 Document Manager \u003c4.22 - Authenticated Shell Upload","Severity":"high","Description":"WordPress SP Project \u0026 Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still be uploaded by changing the file extension's case, for example, from php to pHP.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-24347.yaml"}
|
||||
{"ID":"CVE-2021-24358","Info":{"Name":"Plus Addons for Elementor Page Builder \u003c 4.1.10 - Open Redirect","Severity":"medium","Description":"WordPress Plus Addons for Elementor Page Builder before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24358.yaml"}
|
||||
{"ID":"CVE-2021-24364","Info":{"Name":"WordPress Jannah Theme \u003c5.4.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24364.yaml"}
|
||||
{"ID":"CVE-2021-24370","Info":{"Name":"WordPress Fancy Product Designer \u003c4.6.9 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-24370.yaml"}
|
||||
|
|
@ -1061,7 +1061,7 @@
|
|||
{"ID":"CVE-2021-24987","Info":{"Name":"WordPress Super Socializer \u003c7.13.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-24987.yaml"}
|
||||
{"ID":"CVE-2021-24991","Info":{"Name":"WooCommerce PDF Invoices \u0026 Packing Slips WordPress Plugin \u003c 2.10.5 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin WooCommerce PDF Invoices \u0026 Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.","Classification":{"CVSSScore":"4.8"}},"file_path":"cves/2021/CVE-2021-24991.yaml"}
|
||||
{"ID":"CVE-2021-24997","Info":{"Name":"WordPress Guppy \u003c=1.1 - Information Disclosure","Severity":"medium","Description":"WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-24997.yaml"}
|
||||
{"ID":"CVE-2021-25003","Info":{"Name":"WPCargo \u003c 6.9.0 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The WPCargo Track \u0026 Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25003.yaml"}
|
||||
{"ID":"CVE-2021-25003","Info":{"Name":"WordPress WPCargo Track \u0026 Trace \u003c6.9.0 - Remote Code Execution","Severity":"critical","Description":"WordPress WPCargo Track \u0026 Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25003.yaml"}
|
||||
{"ID":"CVE-2021-25008","Info":{"Name":"The Code Snippets WordPress Plugin \u003c 2.14.3 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25008.yaml"}
|
||||
{"ID":"CVE-2021-25028","Info":{"Name":"WordPress Event Tickets \u003c 5.2.2 - Open Redirect","Severity":"medium","Description":"WordPress Event Tickets \u003c 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25028.yaml"}
|
||||
{"ID":"CVE-2021-25033","Info":{"Name":"Noptin \u003c 1.6.5 - Open Redirect","Severity":"medium","Description":"Noptin \u003c 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the \"to\" parameter before redirecting the user to its given value, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25033.yaml"}
|
||||
|
|
@ -1080,9 +1080,9 @@
|
|||
{"ID":"CVE-2021-25118","Info":{"Name":"Yoast SEO \u003c 17.3 - Path Disclosure","Severity":"medium","Description":"The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-25118.yaml"}
|
||||
{"ID":"CVE-2021-25120","Info":{"Name":"Easy Social Feed \u003c 6.2.7 - Cross-Site Scripting","Severity":"medium","Description":"Easy Social Feed \u003c 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25120.yaml"}
|
||||
{"ID":"CVE-2021-25281","Info":{"Name":"SaltStack Salt \u003c3002.5 - Auth Bypass","Severity":"critical","Description":"SaltStack Salt before 3002.5 does not honor eauth credentials for the wheel_async client, allowing attackers to remotely run any wheel modules on the master.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-25281.yaml"}
|
||||
{"ID":"CVE-2021-25296","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25296.yaml"}
|
||||
{"ID":"CVE-2021-25297","Info":{"Name":"Nagios XI versions 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25297.yaml"}
|
||||
{"ID":"CVE-2021-25298","Info":{"Name":"Nagios XI 5.5.6 to 5.7.5 - Command Injection","Severity":"high","Description":"Nagios XI versions 5.5.6 to 5.7.5 are affected by OS command injection. An authenticated user can gain code execution due to unsanitized URL parameters.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25298.yaml"}
|
||||
{"ID":"CVE-2021-25296","Info":{"Name":"Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection","Severity":"high","Description":"Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25296.yaml"}
|
||||
{"ID":"CVE-2021-25297","Info":{"Name":"Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection","Severity":"high","Description":"Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25297.yaml"}
|
||||
{"ID":"CVE-2021-25298","Info":{"Name":"Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection","Severity":"high","Description":"Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25298.yaml"}
|
||||
{"ID":"CVE-2021-25299","Info":{"Name":"Nagios XI 5.7.5 - Cross-Site Scripting","Severity":"medium","Description":"Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with the previous bugs to get one-click remote command execution on the Nagios XI server.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-25299.yaml"}
|
||||
{"ID":"CVE-2021-25646","Info":{"Name":"Apache Druid - Remote Code Execution","Severity":"high","Description":"Apache Druid is susceptible to remote code execution because by default it lacks authorization and authentication. Attackers can send specially crafted requests to execute arbitrary code with the privileges of processes on the Druid server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-25646.yaml"}
|
||||
{"ID":"CVE-2021-25864","Info":{"Name":"Hue Magic 3.0.0 - Local File Inclusion","Severity":"high","Description":"Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-25864.yaml"}
|
||||
|
|
@ -1116,7 +1116,7 @@
|
|||
{"ID":"CVE-2021-28073","Info":{"Name":"Ntopng Authentication Bypass","Severity":"critical","Description":"Ntopng, a passive network monitoring tool, contains an authentication bypass vulnerability in ntopng \u003c= 4.2","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-28073.yaml"}
|
||||
{"ID":"CVE-2021-28149","Info":{"Name":"Hongdian H8922 3.0.5 Devices - Local File Inclusion","Severity":"medium","Description":"Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2021/CVE-2021-28149.yaml"}
|
||||
{"ID":"CVE-2021-28150","Info":{"Name":"Hongdian H8922 3.0.5 - Information Disclosure","Severity":"medium","Description":"Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.5"}},"file_path":"cves/2021/CVE-2021-28150.yaml"}
|
||||
{"ID":"CVE-2021-28151","Info":{"Name":"Hongdian H8922 3.0.5 - Remote Command Injection","Severity":"high","Description":"Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-28151.yaml"}
|
||||
{"ID":"CVE-2021-28151","Info":{"Name":"Hongdian H8922 3.0.5 - Remote Command Injection","Severity":"high","Description":"Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address (a/k/a Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2021/CVE-2021-28151.yaml"}
|
||||
{"ID":"CVE-2021-28164","Info":{"Name":"Jetty Authorization Before Parsing and Canonicalization","Severity":"medium","Description":"The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-28164.yaml"}
|
||||
{"ID":"CVE-2021-28169","Info":{"Name":"Jetty Utility Servlets Information Disclosure","Severity":"medium","Description":"For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-28169.yaml"}
|
||||
{"ID":"CVE-2021-28377","Info":{"Name":"Joomla! ChronoForums 2.0.11 - Local File Inclusion","Severity":"medium","Description":"Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2021/CVE-2021-28377.yaml"}
|
||||
|
|
@ -1134,7 +1134,7 @@
|
|||
{"ID":"CVE-2021-29625","Info":{"Name":"Adminer \u003c=4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-29625.yaml"}
|
||||
{"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3002.yaml"}
|
||||
{"ID":"CVE-2021-30049","Info":{"Name":"SysAid Technologies 20.3.64 b14 - Cross-Site Scripting","Severity":"medium","Description":"SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30049.yaml"}
|
||||
{"ID":"CVE-2021-30128","Info":{"Name":"Apache OFBiz \u003c17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-30128.yaml"}
|
||||
{"ID":"CVE-2021-30128","Info":{"Name":"Apache OFBiz \u003c17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-30128.yaml"}
|
||||
{"ID":"CVE-2021-30134","Info":{"Name":"Php-mod/curl Library \u003c2.3.2 - Cross-Site Scripting","Severity":"medium","Description":"Php-mod/curl library before 2.3.2 contains a cross-site scripting vulnerability via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. An attacker can inject arbitrary script, which can allow theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30134.yaml"}
|
||||
{"ID":"CVE-2021-30151","Info":{"Name":"Sidekiq \u003c=6.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30151.yaml"}
|
||||
{"ID":"CVE-2021-3017","Info":{"Name":"Intelbras WIN 300/WRN 342 - Credentials Disclosure","Severity":"high","Description":"Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3017.yaml"}
|
||||
|
|
@ -1369,11 +1369,11 @@
|
|||
{"ID":"CVE-2022-0786","Info":{"Name":"WordPress KiviCare \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0786.yaml"}
|
||||
{"ID":"CVE-2022-0788","Info":{"Name":"WordPress WP Fundraising Donation and Crowdfunding Platform \u003c1.5.0 - SQL Injection","Severity":"critical","Description":"WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0788.yaml"}
|
||||
{"ID":"CVE-2022-0817","Info":{"Name":"WordPress BadgeOS \u003c=3.7.0 - SQL Injection","Severity":"critical","Description":"WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0817.yaml"}
|
||||
{"ID":"CVE-2022-0824","Info":{"Name":"Webmin prior to 1.990 - Improper Access Control to Remote Code Execution","Severity":"high","Description":"Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-0824.yaml"}
|
||||
{"ID":"CVE-2022-0824","Info":{"Name":"Webmin \u003c1.990 - Improper Access Control","Severity":"high","Description":"Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-0824.yaml"}
|
||||
{"ID":"CVE-2022-0826","Info":{"Name":"WordPress WP Video Gallery \u003c=1.7.1 - SQL Injection","Severity":"critical","Description":"WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0826.yaml"}
|
||||
{"ID":"CVE-2022-0867","Info":{"Name":"WordPress ARPrice \u003c3.6.1 - SQL Injection","Severity":"critical","Description":"WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0867.yaml"}
|
||||
{"ID":"CVE-2022-0870","Info":{"Name":"Gogs \u003c 0.12.5 - Server Side Request Forgery","Severity":"medium","Description":"Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-0870.yaml"}
|
||||
{"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c= 1.0.9 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0885.yaml"}
|
||||
{"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c=1.0.9 - Remote Code Execution","Severity":"critical","Description":"WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0885.yaml"}
|
||||
{"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-0928.yaml"}
|
||||
{"ID":"CVE-2022-0948","Info":{"Name":"WordPress Order Listener for WooCommerce \u003c3.2.2 - SQL Injection","Severity":"critical","Description":"WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0948.yaml"}
|
||||
{"ID":"CVE-2022-0949","Info":{"Name":"WordPress Stop Bad Bots \u003c6.930 - SQL Injection","Severity":"critical","Description":"WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-0949.yaml"}
|
||||
|
|
@ -1421,7 +1421,7 @@
|
|||
{"ID":"CVE-2022-2034","Info":{"Name":"Sensei LMS \u003c 4.5.0 - Unauthenticated Private Messages Disclosure","Severity":"medium","Description":"The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-2034.yaml"}
|
||||
{"ID":"CVE-2022-21371","Info":{"Name":"Oracle WebLogic Server Local File Inclusion","Severity":"high","Description":"An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can result in unauthorized and sometimes complete access to critical data.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-21371.yaml"}
|
||||
{"ID":"CVE-2022-21500","Info":{"Name":"Oracle E-Business Suite \u003c=12.2 - Authentication Bypass","Severity":"high","Description":"Oracle E-Business Suite (component: Manage Proxies) 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-21500.yaml"}
|
||||
{"ID":"CVE-2022-21587","Info":{"Name":"Oracle EBS Unauthenticated - Remote Code Execution","Severity":"critical","Description":"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-21587.yaml"}
|
||||
{"ID":"CVE-2022-21587","Info":{"Name":"Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution","Severity":"critical","Description":"Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-21587.yaml"}
|
||||
{"ID":"CVE-2022-21705","Info":{"Name":"October CMS - Remote Code Execution","Severity":"high","Description":"October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-21705.yaml"}
|
||||
{"ID":"CVE-2022-2185","Info":{"Name":"GitLab CE/EE - Import RCE","Severity":"high","Description":"A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-2185.yaml"}
|
||||
{"ID":"CVE-2022-2187","Info":{"Name":"WordPress Contact Form 7 Captcha \u003c0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-2187.yaml"}
|
||||
|
|
@ -1435,7 +1435,7 @@
|
|||
{"ID":"CVE-2022-22972","Info":{"Name":"VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-22972.yaml"}
|
||||
{"ID":"CVE-2022-23131","Info":{"Name":"Zabbix - SAML SSO Authentication Bypass","Severity":"critical","Description":"When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-23131.yaml"}
|
||||
{"ID":"CVE-2022-23134","Info":{"Name":"Zabbix Setup Configuration Authentication Bypass","Severity":"medium","Description":"After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-23134.yaml"}
|
||||
{"ID":"CVE-2022-2314","Info":{"Name":"VR Calendar \u003c 2.3.2 - Unauthenticated Arbitrary Function Call","Severity":"critical","Description":"The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-2314.yaml"}
|
||||
{"ID":"CVE-2022-2314","Info":{"Name":"WordPress VR Calendar \u003c=2.3.2 - Remote Code Execution","Severity":"critical","Description":"WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-2314.yaml"}
|
||||
{"ID":"CVE-2022-23178","Info":{"Name":"Crestron Device - Credentials Disclosure","Severity":"critical","Description":"An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-23178.yaml"}
|
||||
{"ID":"CVE-2022-23347","Info":{"Name":"BigAnt Server v5.6.06 - Local File Inclusion","Severity":"high","Description":"BigAnt Server v5.6.06 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-23347.yaml"}
|
||||
{"ID":"CVE-2022-23348","Info":{"Name":"BigAnt Server 5.6.06 - Improper Access Control","Severity":"medium","Description":"BigAnt Server 5.6.06 is susceptible to improper access control. The software utililizes weak password hashes. An attacker can craft a password hash and thereby possibly possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-23348.yaml"}
|
||||
|
|
@ -1456,7 +1456,7 @@
|
|||
{"ID":"CVE-2022-24288","Info":{"Name":"Apache Airflow OS Command Injection","Severity":"high","Description":"Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-24288.yaml"}
|
||||
{"ID":"CVE-2022-2467","Info":{"Name":"Garage Management System 1.0 - SQL Injection","Severity":"critical","Description":"Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-2467.yaml"}
|
||||
{"ID":"CVE-2022-24681","Info":{"Name":"ManageEngine ADSelfService Plus \u003c6121 - Stored Cross-Site Scripting","Severity":"medium","Description":"ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-24681.yaml"}
|
||||
{"ID":"CVE-2022-24816","Info":{"Name":"Geoserver Server - Code Injection","Severity":"critical","Description":"Programs using jt-jiffle, and allowing Jiffle script to be provided via network request, are susceptible to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project Version \u003c 1.1.22.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-24816.yaml"}
|
||||
{"ID":"CVE-2022-24816","Info":{"Name":"GeoServer \u003c1.2.2 - Remote Code Execution","Severity":"critical","Description":"Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-24816.yaml"}
|
||||
{"ID":"CVE-2022-24856","Info":{"Name":"Flyte Console \u003c0.52.0 - Server-Side Request Forgery","Severity":"high","Description":"FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-24856.yaml"}
|
||||
{"ID":"CVE-2022-2486","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-2486.yaml"}
|
||||
{"ID":"CVE-2022-2487","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection which affects unknown code in /cgi-bin/nightled.cgi via manipulation of the argument start_hour. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-2487.yaml"}
|
||||
|
|
@ -1531,7 +1531,7 @@
|
|||
{"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-31299.yaml"}
|
||||
{"ID":"CVE-2022-31373","Info":{"Name":"SolarView Compact 6.00 - Cross-Site Scripting","Severity":"medium","Description":"SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-31373.yaml"}
|
||||
{"ID":"CVE-2022-31474","Info":{"Name":"BackupBuddy - Local File Inclusion","Severity":"high","Description":"BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31474.yaml"}
|
||||
{"ID":"CVE-2022-31499","Info":{"Name":"eMerge E3-Series - Command Injection","Severity":"critical","Description":"Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256 .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-31499.yaml"}
|
||||
{"ID":"CVE-2022-31499","Info":{"Name":"Nortek Linear eMerge E3-Series \u003c0.32-08f - Remote Command Injection","Severity":"critical","Description":"Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-7256.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-31499.yaml"}
|
||||
{"ID":"CVE-2022-31656","Info":{"Name":"VMware - Local File Inclusion","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-31656.yaml"}
|
||||
{"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-31793.yaml"}
|
||||
{"ID":"CVE-2022-31798","Info":{"Name":"Nortek Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-31798.yaml"}
|
||||
|
|
@ -1559,7 +1559,7 @@
|
|||
{"ID":"CVE-2022-33119","Info":{"Name":"NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting","Severity":"medium","Description":"NUUO NVRsolo Video Recorder 03.06.02 contains a reflected cross-site scripting vulnerability via login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-33119.yaml"}
|
||||
{"ID":"CVE-2022-33174","Info":{"Name":"Powertek Firmware \u003c3.30.30 - Authorization Bypass","Severity":"high","Description":"Powertek firmware (multiple brands) before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-33174.yaml"}
|
||||
{"ID":"CVE-2022-33891","Info":{"Name":"Apache Spark UI - Command Injection","Severity":"high","Description":"The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-33891.yaml"}
|
||||
{"ID":"CVE-2022-33901","Info":{"Name":"MultiSafepay plugin for WooCommerce \u003c= 4.13.1 - Unauthenticated Arbitrary File Read","Severity":"high","Description":"Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin \u003c= 4.13.1 at WordPress.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-33901.yaml"}
|
||||
{"ID":"CVE-2022-33901","Info":{"Name":"WordPress MultiSafepay for WooCommerce \u003c=4.13.1 - Arbitrary File Read","Severity":"high","Description":"WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an arbitrary file read vulnerability. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-33901.yaml"}
|
||||
{"ID":"CVE-2022-33965","Info":{"Name":"WordPress Visitor Statistics \u003c=5.7 - SQL Injection","Severity":"critical","Description":"WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-33965.yaml"}
|
||||
{"ID":"CVE-2022-34045","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"critical","Description":"WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etc_ro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-34045.yaml"}
|
||||
{"ID":"CVE-2022-34046","Info":{"Name":"WAVLINK WN533A8 - Improper Access Control","Severity":"high","Description":"WAVLINK WN533A8 M33A8.V5030.190716 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-34046.yaml"}
|
||||
|
|
@ -1570,7 +1570,7 @@
|
|||
{"ID":"CVE-2022-34328","Info":{"Name":"PMB 7.3.10 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-34328.yaml"}
|
||||
{"ID":"CVE-2022-34576","Info":{"Name":"WAVLINK WN535 G3 - Improper Access Control","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-34576.yaml"}
|
||||
{"ID":"CVE-2022-34590","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"high","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-34590.yaml"}
|
||||
{"ID":"CVE-2022-34753","Info":{"Name":"SpaceLogic C-Bus Home Controller - Remote Code Execution","Severity":"high","Description":"A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior)\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-34753.yaml"}
|
||||
{"ID":"CVE-2022-34753","Info":{"Name":"SpaceLogic C-Bus Home Controller \u003c=1.31.460 - Remote Command Execution","Severity":"high","Description":"SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2022/CVE-2022-34753.yaml"}
|
||||
{"ID":"CVE-2022-3484","Info":{"Name":"WordPress WPB Show Core - Cross-Site Scripting","Severity":"medium","Description":"WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-3484.yaml"}
|
||||
{"ID":"CVE-2022-3506","Info":{"Name":"WordPress Related Posts \u003c2.1.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Related Posts plugin prior to 2.1.3 contains a cross-site scripting vulnerability in the rp4wp[heading_text] parameter. User input is not properly sanitized, allowing the insertion of arbitrary code that can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3506.yaml"}
|
||||
{"ID":"CVE-2022-35151","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-35151.yaml"}
|
||||
|
|
@ -1600,12 +1600,12 @@
|
|||
{"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-39195.yaml"}
|
||||
{"ID":"CVE-2022-3933","Info":{"Name":"Essential Real Estate - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3933.yaml"}
|
||||
{"ID":"CVE-2022-3934","Info":{"Name":"WordPress FlatPM \u003c3.0.13 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape certain parameters before outputting them back in pages, which can be exploited against high privilege users such as admin. An attacker can steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2022/CVE-2022-3934.yaml"}
|
||||
{"ID":"CVE-2022-39952","Info":{"Name":"FortiNAC Unauthenticated Arbitrary File Write","Severity":"critical","Description":"A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-39952.yaml"}
|
||||
{"ID":"CVE-2022-39952","Info":{"Name":"Fortinet FortiNAC - Arbitrary File Write","Severity":"critical","Description":"Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-39952.yaml"}
|
||||
{"ID":"CVE-2022-39960","Info":{"Name":"Atlassian Jira addon Netic Group Export \u003c 1.0.3 - Unauthenticated Access","Severity":"medium","Description":"The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-39960.yaml"}
|
||||
{"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"cves/2022/CVE-2022-40083.yaml"}
|
||||
{"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-40359.yaml"}
|
||||
{"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4050.yaml"}
|
||||
{"ID":"CVE-2022-4060","Info":{"Name":"User Post Gallery \u003c= 2.19 - Unauthenticated RCE","Severity":"critical","Description":"The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4060.yaml"}
|
||||
{"ID":"CVE-2022-4060","Info":{"Name":"WordPress User Post Gallery \u003c=2.19 - Remote Code Execution","Severity":"critical","Description":"WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4060.yaml"}
|
||||
{"ID":"CVE-2022-4063","Info":{"Name":"WordPress InPost Gallery \u003c2.1.4.1 - Local File Inclusion","Severity":"critical","Description":"WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4063.yaml"}
|
||||
{"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-40684.yaml"}
|
||||
{"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2022/CVE-2022-40734.yaml"}
|
||||
|
|
@ -1630,7 +1630,7 @@
|
|||
{"ID":"CVE-2022-4320","Info":{"Name":"WordPress Events Calendar Plugin - Cross-Site Scripting","Severity":"medium","Description":"WordPress Events Calendar Plugin \u003c 1.4.5 - Multiple Reflected XSS\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4320.yaml"}
|
||||
{"ID":"CVE-2022-4325","Info":{"Name":"Post Status Notifier Lite \u003c 1.10.1 - Cross Site Scripting","Severity":"medium","Description":"The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4325.yaml"}
|
||||
{"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-4447.yaml"}
|
||||
{"ID":"CVE-2022-44877","Info":{"Name":"Centos Web Panel - Unauthenticated Remote Code Execution","Severity":"critical","Description":"RESERVED An issue in the /login/index.php component of Centos Web Panel 7 before v0.9.8.1147 allows unauthenticated attackers to execute arbitrary system commands via crafted HTTP requests.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-44877.yaml"}
|
||||
{"ID":"CVE-2022-44877","Info":{"Name":"CentOS Web Panel 7 \u003c0.9.8.1147 - Remote Code Execution","Severity":"critical","Description":"CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-44877.yaml"}
|
||||
{"ID":"CVE-2022-45362","Info":{"Name":"Paytm Payment Gateway Plugin \u003c= 2.7.0 Server Side Request Forgery (SSRF)","Severity":"high","Description":"Server Side Request Forgery (SSRF) vulnerability in WordPress Paytm Payment Gateway Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2022/CVE-2022-45362.yaml"}
|
||||
{"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.3 - SQL Injection","Severity":"critical","Description":"WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-45805.yaml"}
|
||||
{"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-45917.yaml"}
|
||||
|
|
@ -1647,15 +1647,15 @@
|
|||
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-4897.yaml"}
|
||||
{"ID":"CVE-2023-0236","Info":{"Name":"Tutor LMS \u003c 2.0.10 - Cross Site Scripting","Severity":"medium","Description":"The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-0236.yaml"}
|
||||
{"ID":"CVE-2023-0261","Info":{"Name":"WP TripAdvisor Review Slider \u003c 10.8 - Subscriber+ SQLi","Severity":"high","Description":"The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2023/CVE-2023-0261.yaml"}
|
||||
{"ID":"CVE-2023-0669","Info":{"Name":"GoAnywhere MFT - Remote Code Execution (ZeroDay)","Severity":"high","Description":"Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2023/CVE-2023-0669.yaml"}
|
||||
{"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"cves/2023/CVE-2023-0669.yaml"}
|
||||
{"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23488.yaml"}
|
||||
{"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-23489.yaml"}
|
||||
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n\nNote that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"cves/2023/CVE-2023-23492.yaml"}
|
||||
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2023/CVE-2023-23752.yaml"}
|
||||
{"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian - Host Header Injection","Severity":"medium","Description":"A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24044.yaml"}
|
||||
{"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2023/CVE-2023-24322.yaml"}
|
||||
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira - Menu \u0026 Themes - Local File Inclusion","Severity":"high","Description":"An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu \u0026 Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26255.yaml"}
|
||||
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira - Menu \u0026 Themes - Local File Inclusion","Severity":"high","Description":"An unauthenticated path traversal vulnerability affects the \"STAGIL Navigation for Jira - Menu \u0026 Themes\" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26256.yaml"}
|
||||
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26255.yaml"}
|
||||
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2023/CVE-2023-26256.yaml"}
|
||||
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"cves/2023/CVE-2023-27292.yaml"}
|
||||
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Google Cloud API Disclosure","Severity":"medium","Description":"If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"cves/2023/CVE-2023-27587.yaml"}
|
||||
{"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software - Command Injection","Severity":"critical","Description":"OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2023/CVE-2023-28343.yaml"}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
e9759c73dd0ca8f897e61f478feaa1aa
|
||||
0c55bc83013c170e10bb78f5c4c6d868
|
||||
|
|
|
|||
Loading…
Reference in New Issue