daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-11
ghost 2024-08-29 03:58:29 +00:00
parent 8dc389c581
commit 95d8e7d583
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2520,6 +2520,7 @@
{"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"} {"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"}
{"ID":"CVE-2024-4434","Info":{"Name":"LearnPress WordPress LMS Plugin \u003c= 4.2.6.5 - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the term_id parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4434.yaml"} {"ID":"CVE-2024-4434","Info":{"Name":"LearnPress WordPress LMS Plugin \u003c= 4.2.6.5 - SQL Injection","Severity":"critical","Description":"The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the term_id parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4434.yaml"}
{"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the listingfields parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"} {"ID":"CVE-2024-4443","Info":{"Name":"Business Directory Plugin \u003c= 6.4.2 - SQL Injection","Severity":"critical","Description":"The Business Directory Plugin Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the listingfields parameter in all versions up to, and including, 6.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-4443.yaml"}
{"ID":"CVE-2024-45241","Info":{"Name":"CentralSquare CryWolf - Path Traversal","Severity":"high","Description":"A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-45241.yaml"}
{"ID":"CVE-2024-4577","Info":{"Name":"PHP CGI - Argument Injection","Severity":"critical","Description":"PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4577.yaml"} {"ID":"CVE-2024-4577","Info":{"Name":"PHP CGI - Argument Injection","Severity":"critical","Description":"PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4577.yaml"}
{"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"} {"ID":"CVE-2024-4836","Info":{"Name":"Edito CMS - Sensitive Data Leak","Severity":"high","Description":"Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4836.yaml"}
{"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"} {"ID":"CVE-2024-4879","Info":{"Name":"ServiceNow UI Macros - Template Injection","Severity":"unknown","Description":"ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4879.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
a220fdc53b5a427d99c3b000ad6b922a c51ee8e99d241a91c6d965df52179750