Auto Generated cves.json [Fri Feb 10 16:11:25 UTC 2023] 🤖

patch-1
GitHub Action 2023-02-10 16:11:25 +00:00
parent 1e8c88369a
commit 944996ff12
1 changed files with 1 additions and 1 deletions

View File

@ -1426,7 +1426,7 @@
{"ID":"CVE-2022-25356","Info":{"Name":"Alt-N MDaemon Security Gateway - XML Injection","Severity":"medium","Description":"In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-25356.yaml"} {"ID":"CVE-2022-25356","Info":{"Name":"Alt-N MDaemon Security Gateway - XML Injection","Severity":"medium","Description":"In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"cves/2022/CVE-2022-25356.yaml"}
{"ID":"CVE-2022-25369","Info":{"Name":"Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation","Severity":"critical","Description":"Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-25369.yaml"} {"ID":"CVE-2022-25369","Info":{"Name":"Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation","Severity":"critical","Description":"Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-25369.yaml"}
{"ID":"CVE-2022-2544","Info":{"Name":"WordPress Ninja Job Board \u003c 1.3.3 - Direct Request","Severity":"high","Description":"WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-2544.yaml"} {"ID":"CVE-2022-2544","Info":{"Name":"WordPress Ninja Job Board \u003c 1.3.3 - Direct Request","Severity":"high","Description":"WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-2544.yaml"}
{"ID":"CVE-2022-2546","Info":{"Name":"WordPress All-in-One WP Migration \u003c=7.62 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-2546.yaml"} {"ID":"CVE-2022-2546","Info":{"Name":"WordPress All-in-One WP Migration \u003c=7.62 - Cross-Site Scripting","Severity":"medium","Description":"WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"cves/2022/CVE-2022-2546.yaml"}
{"ID":"CVE-2022-25481","Info":{"Name":"ThinkPHP 5.0.24 - Information Disclosure","Severity":"high","Description":"ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-25481.yaml"} {"ID":"CVE-2022-25481","Info":{"Name":"ThinkPHP 5.0.24 - Information Disclosure","Severity":"high","Description":"ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-25481.yaml"}
{"ID":"CVE-2022-2551","Info":{"Name":"Duplicator \u003c 1.4.7 - Unauthenticated Backup Download","Severity":"high","Description":"The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-2551.yaml"} {"ID":"CVE-2022-2551","Info":{"Name":"Duplicator \u003c 1.4.7 - Unauthenticated Backup Download","Severity":"high","Description":"The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-2551.yaml"}
{"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26134.yaml"} {"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-26134.yaml"}