From 59a6cef7fbab16315e1dae837fb7475c634648a7 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Sun, 10 Oct 2021 16:07:15 +0300 Subject: [PATCH 1/7] Missing 'a' --- cves/2018/CVE-2018-12998.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cves/2018/CVE-2018-12998.yaml b/cves/2018/CVE-2018-12998.yaml index 276fbcff83..cd23caa054 100644 --- a/cves/2018/CVE-2018-12998.yaml +++ b/cves/2018/CVE-2018-12998.yaml @@ -4,7 +4,7 @@ info: name: Zoho manageengine Arbitrary Reflected XSS author: pikpikcu severity: medium - description: reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. + description: A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. reference: - https://github.com/unh3x/just4cve/issues/10 - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html From a3608c32f4b8b44f27f644e7cd9334fe2ad9ba19 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Wed, 13 Oct 2021 11:56:10 +0300 Subject: [PATCH 2/7] Add description --- vulnerabilities/other/netis-info-leak.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/netis-info-leak.yaml b/vulnerabilities/other/netis-info-leak.yaml index 9cfa7fac56..bb9688eb93 100644 --- a/vulnerabilities/other/netis-info-leak.yaml +++ b/vulnerabilities/other/netis-info-leak.yaml @@ -5,6 +5,7 @@ info: author: gy741 severity: medium reference: https://www.exploit-db.com/exploits/48384 + description: A vulnerability in Netis allows remote unauthenticated users to disclose the WiFi password of the remote device. tags: netis,exposure requests: From 708adea2856d7698adc05cefec9afac76f82b5a2 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 13 Oct 2021 08:57:56 +0000 Subject: [PATCH 3/7] Auto Generated CVE annotations [Wed Oct 13 08:57:56 UTC 2021] :robot: --- cves/2021/CVE-2021-41773.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-41773.yaml b/cves/2021/CVE-2021-41773.yaml index e82bbd6bef..430a5c5bb9 100644 --- a/cves/2021/CVE-2021-41773.yaml +++ b/cves/2021/CVE-2021-41773.yaml @@ -3,7 +3,7 @@ id: CVE-2021-41773 info: name: Apache 2.4.49 - Path Traversal and Remote Code Execution author: daffainfo - severity: critical + severity: high description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed. Additionally this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. reference: - https://github.com/apache/httpd/commit/e150697086e70c552b2588f369f2d17815cb1782 @@ -12,6 +12,11 @@ info: - https://twitter.com/h4x0r_dz/status/1445401960371429381 - https://github.com/blasty/CVE-2021-41773 tags: cve,cve2021,lfi,rce,apache,misconfig + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2021-41773 + cwe-id: CWE-22 requests: - raw: From b86a98703055b179035e1d7c10a78fd1405a2770 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Wed, 13 Oct 2021 12:00:36 +0300 Subject: [PATCH 4/7] Dead link --- vulnerabilities/other/opensis-lfi.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/vulnerabilities/other/opensis-lfi.yaml b/vulnerabilities/other/opensis-lfi.yaml index c6e5e91adf..f7ca3af0a6 100644 --- a/vulnerabilities/other/opensis-lfi.yaml +++ b/vulnerabilities/other/opensis-lfi.yaml @@ -6,7 +6,6 @@ info: severity: high reference: - https://www.exploit-db.com/exploits/38039 - - https://www.securityfocus.com/bid/56598/info tags: opensis,lfi requests: From ab008edc5b00674633d11ca55842758b72c82bbb Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Wed, 13 Oct 2021 12:00:39 +0300 Subject: [PATCH 5/7] Add description --- vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml b/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml index 05bb45755f..efc4f25bce 100644 --- a/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml +++ b/vulnerabilities/other/nginx-merge-slashes-path-traversal.yaml @@ -4,6 +4,7 @@ info: name: Nginx Merge Slashes Path Traversal author: dhiyaneshDk severity: medium + description: A vulnerability in the remote Nginx server could cause the server to merge slashslash together causing what should have protected the web site from a directory traversal vulnerability into a vulnerable server. reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/nginx-merge-slashes-path-traversal.json - https://medium.com/appsflyer/nginx-may-be-protecting-your-applications-from-traversal-attacks-without-you-even-knowing-b08f882fd43d From d5038b7520fd558732a35f93283b4a6063601a83 Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Wed, 13 Oct 2021 12:00:55 +0300 Subject: [PATCH 6/7] Add description --- vulnerabilities/other/opensis-lfi.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/vulnerabilities/other/opensis-lfi.yaml b/vulnerabilities/other/opensis-lfi.yaml index f7ca3af0a6..5a4268b658 100644 --- a/vulnerabilities/other/opensis-lfi.yaml +++ b/vulnerabilities/other/opensis-lfi.yaml @@ -4,6 +4,7 @@ info: name: openSIS 5.1 - 'ajax.php' Local File Inclusion author: pikpikcu severity: high + description: An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible. reference: - https://www.exploit-db.com/exploits/38039 tags: opensis,lfi From 2e9613d75b160c9150aa081beb1b2de38114b6ae Mon Sep 17 00:00:00 2001 From: Noam Rathaus Date: Wed, 13 Oct 2021 12:01:33 +0300 Subject: [PATCH 7/7] Improve description --- vulnerabilities/other/opensis-lfi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/other/opensis-lfi.yaml b/vulnerabilities/other/opensis-lfi.yaml index 5a4268b658..f2584939c4 100644 --- a/vulnerabilities/other/opensis-lfi.yaml +++ b/vulnerabilities/other/opensis-lfi.yaml @@ -4,7 +4,7 @@ info: name: openSIS 5.1 - 'ajax.php' Local File Inclusion author: pikpikcu severity: high - description: An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible. + description: An attacker can exploit a vulnerability in openSIS to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible. reference: - https://www.exploit-db.com/exploits/38039 tags: opensis,lfi