Auto Generated cves.json [Thu Apr 4 07:27:42 UTC 2024] 🤖
GitHub Action
parent
7ad2facf78
commit
a81eba5006
13
cves.json
13
cves.json
|
|
@ -361,6 +361,7 @@
|
||||||
{"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"}
|
{"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"}
|
||||||
{"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"}
|
{"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"}
|
||||||
{"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"}
|
{"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"}
|
||||||
|
{"ID":"CVE-2016-5674","Info":{"Name":"NUUO NVR camera `debugging_center_utils_.php` - Command Execution","Severity":"critical","Description":"__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5674.yaml"}
|
||||||
{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"critical","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"}
|
{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"critical","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"}
|
||||||
{"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"}
|
{"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"}
|
||||||
{"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"}
|
{"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"}
|
||||||
|
|
@ -491,6 +492,10 @@
|
||||||
{"ID":"CVE-2018-10201","Info":{"Name":"Ncomputing vSPace Pro 10 and 11 - Directory Traversal","Severity":"high","Description":"Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10201.yaml"}
|
{"ID":"CVE-2018-10201","Info":{"Name":"Ncomputing vSPace Pro 10 and 11 - Directory Traversal","Severity":"high","Description":"Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10201.yaml"}
|
||||||
{"ID":"CVE-2018-10230","Info":{"Name":"Zend Server \u003c9.13 - Cross-Site Scripting","Severity":"medium","Description":"Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10230.yaml"}
|
{"ID":"CVE-2018-10230","Info":{"Name":"Zend Server \u003c9.13 - Cross-Site Scripting","Severity":"medium","Description":"Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-10230.yaml"}
|
||||||
{"ID":"CVE-2018-10562","Info":{"Name":"Dasan GPON Devices - Remote Code Execution","Severity":"critical","Description":"Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-10562.yaml"}
|
{"ID":"CVE-2018-10562","Info":{"Name":"Dasan GPON Devices - Remote Code Execution","Severity":"critical","Description":"Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-10562.yaml"}
|
||||||
|
{"ID":"CVE-2018-10735","Info":{"Name":"NagiosXI \u003c= 5.4.12 `commandline.php` SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10735.yaml"}
|
||||||
|
{"ID":"CVE-2018-10736","Info":{"Name":"NagiosXI \u003c= 5.4.12 - SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10736.yaml"}
|
||||||
|
{"ID":"CVE-2018-10737","Info":{"Name":"NagiosXI \u003c= 5.4.12 logbook.php SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10737.yaml"}
|
||||||
|
{"ID":"CVE-2018-10738","Info":{"Name":"NagiosXI \u003c= 5.4.12 menuaccess.php - SQL injection","Severity":"high","Description":"A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2018/CVE-2018-10738.yaml"}
|
||||||
{"ID":"CVE-2018-10818","Info":{"Name":"LG NAS Devices - Remote Code Execution","Severity":"critical","Description":"LG NAS devices contain a pre-auth remote command injection via the \"password\" parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-10818.yaml"}
|
{"ID":"CVE-2018-10818","Info":{"Name":"LG NAS Devices - Remote Code Execution","Severity":"critical","Description":"LG NAS devices contain a pre-auth remote command injection via the \"password\" parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-10818.yaml"}
|
||||||
{"ID":"CVE-2018-10822","Info":{"Name":"D-Link Routers - Local File Inclusion","Severity":"high","Description":"D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10822.yaml"}
|
{"ID":"CVE-2018-10822","Info":{"Name":"D-Link Routers - Local File Inclusion","Severity":"high","Description":"D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10822.yaml"}
|
||||||
{"ID":"CVE-2018-10823","Info":{"Name":"D-Link Routers - Remote Command Injection","Severity":"high","Description":"D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10823.yaml"}
|
{"ID":"CVE-2018-10823","Info":{"Name":"D-Link Routers - Remote Command Injection","Severity":"high","Description":"D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10823.yaml"}
|
||||||
|
|
@ -610,9 +615,11 @@
|
||||||
{"ID":"CVE-2018-6184","Info":{"Name":"Zeit Next.js \u003c4.2.3 - Local File Inclusion","Severity":"high","Description":"Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6184.yaml"}
|
{"ID":"CVE-2018-6184","Info":{"Name":"Zeit Next.js \u003c4.2.3 - Local File Inclusion","Severity":"high","Description":"Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /_next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6184.yaml"}
|
||||||
{"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-6200.yaml"}
|
{"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-6200.yaml"}
|
||||||
{"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"}
|
{"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"}
|
||||||
|
{"ID":"CVE-2018-6605","Info":{"Name":"Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6605.yaml"}
|
||||||
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"}
|
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"}
|
||||||
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"}
|
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"}
|
||||||
{"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"}
|
{"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"}
|
||||||
|
{"ID":"CVE-2018-7314","Info":{"Name":"Joomla! Component PrayerCenter 3.0.2 - SQL Injection","Severity":"critical","Description":"SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7314.yaml"}
|
||||||
{"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"}
|
{"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"}
|
||||||
{"ID":"CVE-2018-7467","Info":{"Name":"AxxonSoft Axxon Next - Local File Inclusion","Severity":"high","Description":"AxxonSoft Axxon Next suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7467.yaml"}
|
{"ID":"CVE-2018-7467","Info":{"Name":"AxxonSoft Axxon Next - Local File Inclusion","Severity":"high","Description":"AxxonSoft Axxon Next suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7467.yaml"}
|
||||||
{"ID":"CVE-2018-7490","Info":{"Name":"uWSGI PHP Plugin Local File Inclusion","Severity":"high","Description":"uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7490.yaml"}
|
{"ID":"CVE-2018-7490","Info":{"Name":"uWSGI PHP Plugin Local File Inclusion","Severity":"high","Description":"uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7490.yaml"}
|
||||||
|
|
@ -1410,7 +1417,7 @@
|
||||||
{"ID":"CVE-2021-41174","Info":{"Name":"Grafana 8.0.0 \u003c= v.8.2.2 - Angularjs Rendering Cross-Site Scripting","Severity":"medium","Description":"Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41174.yaml"}
|
{"ID":"CVE-2021-41174","Info":{"Name":"Grafana 8.0.0 \u003c= v.8.2.2 - Angularjs Rendering Cross-Site Scripting","Severity":"medium","Description":"Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41174.yaml"}
|
||||||
{"ID":"CVE-2021-41192","Info":{"Name":"Redash Setup Configuration - Default Secrets Disclosure","Severity":"medium","Description":"Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions \u003c=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41192.yaml"}
|
{"ID":"CVE-2021-41192","Info":{"Name":"Redash Setup Configuration - Default Secrets Disclosure","Severity":"medium","Description":"Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions \u003c=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41192.yaml"}
|
||||||
{"ID":"CVE-2021-41266","Info":{"Name":"MinIO Operator Console Authentication Bypass","Severity":"critical","Description":"MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41266.yaml"}
|
{"ID":"CVE-2021-41266","Info":{"Name":"MinIO Operator Console Authentication Bypass","Severity":"critical","Description":"MinIO Console is a graphical user interface for the for MinIO Operator. MinIO itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41266.yaml"}
|
||||||
{"ID":"CVE-2021-41277","Info":{"Name":"Metabase Local File Inclusion","Severity":"high","Description":"Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41277.yaml"}
|
{"ID":"CVE-2021-41277","Info":{"Name":"Metabase - Local File Inclusion","Severity":"high","Description":"Metabase is an open source data analytics platform. In affected versions a local file inclusion security issue has been discovered with the custom GeoJSON map (`admin-\u003esettings-\u003emaps-\u003ecustom maps-\u003eadd a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41277.yaml"}
|
||||||
{"ID":"CVE-2021-41282","Info":{"Name":"pfSense - Arbitrary File Write","Severity":"high","Description":"diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-41282.yaml"}
|
{"ID":"CVE-2021-41282","Info":{"Name":"pfSense - Arbitrary File Write","Severity":"high","Description":"diag_routes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection mechanisms against command injection (e.g., the usage of the escapeshellarg function for the arguments) are used, it is still possible to inject sed-specific code and write an arbitrary file in an arbitrary location.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-41282.yaml"}
|
||||||
{"ID":"CVE-2021-41291","Info":{"Name":"ECOA Building Automation System - Directory Traversal Content Disclosure","Severity":"high","Description":"The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41291.yaml"}
|
{"ID":"CVE-2021-41291","Info":{"Name":"ECOA Building Automation System - Directory Traversal Content Disclosure","Severity":"high","Description":"The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager (fmangersub), attackers can disclose directory content on the affected device","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41291.yaml"}
|
||||||
{"ID":"CVE-2021-41293","Info":{"Name":"ECOA Building Automation System - Arbitrary File Retrieval","Severity":"high","Description":"The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41293.yaml"}
|
{"ID":"CVE-2021-41293","Info":{"Name":"ECOA Building Automation System - Arbitrary File Retrieval","Severity":"high","Description":"The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41293.yaml"}
|
||||||
|
|
@ -1489,6 +1496,7 @@
|
||||||
{"ID":"CVE-2021-46381","Info":{"Name":"D-Link DAP-1620 - Local File Inclusion","Severity":"high","Description":"D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46381.yaml"}
|
{"ID":"CVE-2021-46381","Info":{"Name":"D-Link DAP-1620 - Local File Inclusion","Severity":"high","Description":"D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46381.yaml"}
|
||||||
{"ID":"CVE-2021-46387","Info":{"Name":"Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting","Severity":"medium","Description":"ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46387.yaml"}
|
{"ID":"CVE-2021-46387","Info":{"Name":"Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting","Severity":"medium","Description":"ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46387.yaml"}
|
||||||
{"ID":"CVE-2021-46417","Info":{"Name":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion","Severity":"high","Description":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46417.yaml"}
|
{"ID":"CVE-2021-46417","Info":{"Name":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion","Severity":"high","Description":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 is susceptible to local file inclusion because of insecure handling of a download function that leads to disclosure of internal files due to path traversal with root privileges.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46417.yaml"}
|
||||||
|
{"ID":"CVE-2021-46419","Info":{"Name":"Telesquare TLR-2855KS6 - Arbitrary File Deletion","Severity":"critical","Description":"An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46419.yaml"}
|
||||||
{"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"}
|
{"ID":"CVE-2021-46422","Info":{"Name":"SDT-CW3B1 1.1.0 - OS Command Injection","Severity":"critical","Description":"Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46422.yaml"}
|
||||||
{"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"}
|
{"ID":"CVE-2021-46424","Info":{"Name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","Severity":"critical","Description":"Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-46424.yaml"}
|
||||||
{"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"}
|
{"ID":"CVE-2021-46704","Info":{"Name":"GenieACS =\u003e 1.2.8 - OS Command Injection","Severity":"critical","Description":"In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-46704.yaml"}
|
||||||
|
|
@ -1735,6 +1743,7 @@
|
||||||
{"ID":"CVE-2022-29006","Info":{"Name":"Directory Management System 1.0 - SQL Injection","Severity":"critical","Description":"Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29006.yaml"}
|
{"ID":"CVE-2022-29006","Info":{"Name":"Directory Management System 1.0 - SQL Injection","Severity":"critical","Description":"Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29006.yaml"}
|
||||||
{"ID":"CVE-2022-29007","Info":{"Name":"Dairy Farm Shop Management System 1.0 - SQL Injection","Severity":"critical","Description":"Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29007.yaml"}
|
{"ID":"CVE-2022-29007","Info":{"Name":"Dairy Farm Shop Management System 1.0 - SQL Injection","Severity":"critical","Description":"Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29007.yaml"}
|
||||||
{"ID":"CVE-2022-29009","Info":{"Name":"Cyber Cafe Management System 1.0 - SQL Injection","Severity":"critical","Description":"Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29009.yaml"}
|
{"ID":"CVE-2022-29009","Info":{"Name":"Cyber Cafe Management System 1.0 - SQL Injection","Severity":"critical","Description":"Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29009.yaml"}
|
||||||
|
{"ID":"CVE-2022-29013","Info":{"Name":"Razer Sila Gaming Router - Remote Code Execution","Severity":"critical","Description":"A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29013.yaml"}
|
||||||
{"ID":"CVE-2022-29014","Info":{"Name":"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion","Severity":"high","Description":"Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29014.yaml"}
|
{"ID":"CVE-2022-29014","Info":{"Name":"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion","Severity":"high","Description":"Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclusion which could allow attackers to read arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29014.yaml"}
|
||||||
{"ID":"CVE-2022-29078","Info":{"Name":"Node.js Embedded JavaScript 3.1.6 - Template Injection","Severity":"critical","Description":"Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29078.yaml"}
|
{"ID":"CVE-2022-29078","Info":{"Name":"Node.js Embedded JavaScript 3.1.6 - Template Injection","Severity":"critical","Description":"Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-29078.yaml"}
|
||||||
{"ID":"CVE-2022-29153","Info":{"Name":"HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery","Severity":"high","Description":"HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29153.yaml"}
|
{"ID":"CVE-2022-29153","Info":{"Name":"HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery","Severity":"high","Description":"HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-29153.yaml"}
|
||||||
|
|
@ -1880,6 +1889,7 @@
|
||||||
{"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40881.yaml"}
|
{"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40881.yaml"}
|
||||||
{"ID":"CVE-2022-4117","Info":{"Name":"WordPress IWS Geo Form Fields \u003c=1.0 - SQL Injection","Severity":"critical","Description":"WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4117.yaml"}
|
{"ID":"CVE-2022-4117","Info":{"Name":"WordPress IWS Geo Form Fields \u003c=1.0 - SQL Injection","Severity":"critical","Description":"WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4117.yaml"}
|
||||||
{"ID":"CVE-2022-4140","Info":{"Name":"WordPress Welcart e-Commerce \u003c2.8.5 - Arbitrary File Access","Severity":"high","Description":"WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-4140.yaml"}
|
{"ID":"CVE-2022-4140","Info":{"Name":"WordPress Welcart e-Commerce \u003c2.8.5 - Arbitrary File Access","Severity":"high","Description":"WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-4140.yaml"}
|
||||||
|
{"ID":"CVE-2022-41412","Info":{"Name":"perfSONAR 4.x \u003c= 4.4.4 - Server-Side Request Forgery","Severity":"high","Description":"An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior allows attackers to access sensitive data and execute Server-Side Request Forgery (SSRF) attacks.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2022/CVE-2022-41412.yaml"}
|
||||||
{"ID":"CVE-2022-41441","Info":{"Name":"ReQlogic v11.3 - Cross Site Scripting","Severity":"medium","Description":"ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41441.yaml"}
|
{"ID":"CVE-2022-41441","Info":{"Name":"ReQlogic v11.3 - Cross Site Scripting","Severity":"medium","Description":"ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41441.yaml"}
|
||||||
{"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41473.yaml"}
|
{"ID":"CVE-2022-41473","Info":{"Name":"RPCMS 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"RPCMS 3.0.2 contains a cross-site scripting vulnerability in the Search function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-41473.yaml"}
|
||||||
{"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-41840.yaml"}
|
{"ID":"CVE-2022-41840","Info":{"Name":"Welcart eCommerce \u003c=2.7.7 - Local File Inclusion","Severity":"critical","Description":"Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-41840.yaml"}
|
||||||
|
|
@ -2326,6 +2336,7 @@
|
||||||
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
|
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
|
||||||
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
|
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
|
||||||
{"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"}
|
{"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"}
|
||||||
|
{"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"}
|
||||||
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
|
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
|
||||||
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
|
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
|
||||||
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
|
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
f0a6bd824e4ec6bfe959d999d7ee16e8
|
1dfe006f411798c95b62e30292860f5b
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue