Auto Generated CVE annotations [Thu Jan 5 11:21:19 UTC 2023] 🤖
parent
6cc929e2c3
commit
997d941552
|
@ -19,7 +19,7 @@ info:
|
|||
cwe-id: CWE-79
|
||||
metadata:
|
||||
shodan-query: title:"Grafana"
|
||||
tags: cve,cve2020,xss,grafana
|
||||
tags: grafana,hackerone,cve,cve2020,xss
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -18,7 +18,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"OpenTSDB"
|
||||
tags: cve,cve2020,opentsdb,rce
|
||||
tags: cve,cve2020,opentsdb,rce,packetstorm
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/modern-events-calendar-lite/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24946
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-24946
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2021,wordpress,wp-plugin,wp,sqli,modern-events-calendar-lite,unauth
|
||||
tags: wordpress,wp-plugin,wp,unauth,wpscan,cve,cve2021,sqli,modern-events-calendar-lite
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/give/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-25099
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2021-25099
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2021,wordpress,wp-plugin,wp,xss,give,unauth
|
||||
verified: "true"
|
||||
tags: wp-plugin,wp,give,unauth,wordpress,cve2021,xss,wpscan,cve
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -8,11 +8,16 @@ info:
|
|||
reference:
|
||||
- https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-30128
|
||||
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-30128
|
||||
cwe-id: CWE-502
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: app="Apache_OFBiz"
|
||||
verified: "true"
|
||||
tags: cve,cve2021,apache,ofbiz,deserialization,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -19,8 +19,8 @@ info:
|
|||
cve-id: CVE-2021-41773
|
||||
cwe-id: CWE-22
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: Apache 2.4.49
|
||||
verified: "true"
|
||||
tags: cve,cve2021,lfi,rce,apache,misconfig,traversal,kev
|
||||
|
||||
variables:
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/cve-2021-42887
|
||||
- https://github.com/p1Kk/vuln/blob/main/totolink_ex1200t_login_bypass.md
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-42887
|
||||
cwe-id: CWE-287
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/wp-experiments-free/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0784
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0784
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wp-experiments-free,unauth
|
||||
tags: cve,wpscan,wp-plugin,wp,sqli,wp-experiments-free,unauth,cve2022,wordpress
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/kivicare-clinic-management-system/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0786
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-0786
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,kivicare-clinic-management-system,unauth
|
||||
tags: sqli,kivicare-clinic-management-system,unauth,wordpress,wp-plugin,wp,cve,cve2022,wpscan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/hc-custom-wp-admin-url/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1595
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2022-1595
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url,unauth
|
||||
tags: unauth,wpscan,cve,cve2022,wordpress,wp-plugin,wp,hc-custom-wp-admin-url
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,12 @@ info:
|
|||
- https://wordpress.org/plugins/vr-calendar-sync/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-2314
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-2314
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,rce,vr-calendar-sync,unauth
|
||||
verified: "true"
|
||||
tags: rce,unauth,wpscan,cve,cve2022,wp,vr-calendar-sync,wordpress,wp-plugin
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -12,7 +12,10 @@ info:
|
|||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23854
|
||||
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-342-02
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-23854
|
||||
cwe-id: CWE-23
|
||||
metadata:
|
||||
shodan-query: http.html:"InTouch Access Anywhere"
|
||||
verified: "true"
|
||||
|
|
|
@ -9,12 +9,17 @@ info:
|
|||
reference:
|
||||
- https://www.synacktiv.com/en/publications/exploiting-cve-2022-24816-a-code-injection-in-the-jt-jiffle-extension-of-geoserver.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24816
|
||||
- https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx
|
||||
- https://github.com/geosolutions-it/jai-ext/commit/cb1d6565d38954676b0a366da4f965fef38da1cb
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-24816
|
||||
cwe-id: CWE-94
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: /geoserver/
|
||||
fofa-query: app="GeoServer"
|
||||
shodan-query: /geoserver/
|
||||
verified: "true"
|
||||
tags: cve,cve2022,geoserver,rce
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,9 +8,16 @@ info:
|
|||
reference:
|
||||
- https://github.com/W01fh4cker/cve-2022-33891
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-33891
|
||||
- https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc
|
||||
- http://packetstormsecurity.com/files/168309/Apache-Spark-Unauthenticated-Command-Injection.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-33891
|
||||
cwe-id: CWE-77
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: title:"Spark Master at"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,apache,spark,authenticated
|
||||
|
||||
variables:
|
||||
|
|
|
@ -6,12 +6,12 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
|
||||
remediation: Fixed in version 1.3.12
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/1d8bf5bb-5a17-49b7-a5ba-5f2866e1f8a3
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3768
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-3768
|
||||
- https://cve.report/CVE-2022-3768
|
||||
remediation: Fixed in version 1.3.12
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -19,7 +19,7 @@ info:
|
|||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wp-smart-contracts,authenticated
|
||||
tags: wp-smart-contracts,authenticated,cve,wordpress,wp,sqli,cve2022,wp-plugin,wpscan
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,10 +11,13 @@ info:
|
|||
- https://wordpress.org/plugins/joomsport-sports-league-results-management/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-4050
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-4050
|
||||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,joomsport-sports-league-results-management,unauth
|
||||
verified: "true"
|
||||
tags: wpscan,cve,cve2022,wp-plugin,wp,joomsport-sports-league-results-management,wordpress,sqli,unauth
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -16,7 +16,7 @@ info:
|
|||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,xss,wp-ban,authenticated
|
||||
tags: wp-plugin,xss,wp-ban,authenticated,wpscan,cve,cve2022,wordpress,wp
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -9,14 +9,15 @@ info:
|
|||
reference:
|
||||
- https://fluidattacks.com/advisories/modestep/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-42746
|
||||
- https://candidats.net/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 5.4
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-42746
|
||||
cwe-id: CWE-80
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"CandidATS"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,candidats,xss
|
||||
|
||||
requests:
|
||||
|
|
|
@ -11,10 +11,15 @@ info:
|
|||
- https://seclists.org/fulldisclosure/2022/Dec/7
|
||||
- https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-ilias-elearning-platform/
|
||||
- https://github.com/advisories/GHSA-hf6q-rx44-fh6j
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-45917
|
||||
cwe-id: CWE-601
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"ILIAS"
|
||||
tags: cve,cve2022,ilias,redirect
|
||||
verified: "true"
|
||||
tags: redirect,packetstorm,seclists,cve,cve2022,ilias
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: Hardik-Solanki
|
||||
severity: critical
|
||||
description: |
|
||||
The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.
|
||||
The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.
|
||||
reference:
|
||||
- https://security-tracker.debian.org/tracker/CVE-2022-46169
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-46169
|
||||
|
@ -17,8 +17,8 @@ info:
|
|||
cve-id: CVE-2022-46169
|
||||
cwe-id: CWE-285
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: title:"Login to Cacti"
|
||||
verified: "true"
|
||||
tags: cve2022,cve,auth-bypass,cacti
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,9 +9,14 @@ info:
|
|||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46381
|
||||
- https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-46381/CVE-2022-46381.txt
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-46381
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: http.html:"Linear eMerge"
|
||||
verified: "true"
|
||||
tags: cve,cve2022,xss,emerge,linear
|
||||
|
||||
requests:
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
google-query: intitle:"index of" "wc.db"
|
||||
tags: exposure,svn,config,files
|
||||
tags: msf,exposure,svn,config,files
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -21,7 +21,7 @@ info:
|
|||
verified: true
|
||||
shodan-query: title:"VMware Appliance Management"
|
||||
fofa-query: title="VMware Appliance Management"
|
||||
tags: vmware,xstream,rce
|
||||
tags: vmware,xstream,rce,msf
|
||||
|
||||
variables:
|
||||
lowerrstr: "{{to_lower(rand_text_alpha(6))}}"
|
||||
|
|
|
@ -13,7 +13,7 @@ info:
|
|||
metadata:
|
||||
verified: "true"
|
||||
shodan-query: http.html:"VMG1312-B10D"
|
||||
tags: misconfig,unauth,zyxel,lfi
|
||||
tags: misconfig,unauth,zyxel,lfi,msf
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
Loading…
Reference in New Issue