updated 2019 CVEs
Prince Chaddha
parent
d6f27be44f
commit
a92ce6783f
|
|
@ -6,22 +6,22 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
|
Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
|
||||||
|
remediation: |
|
||||||
|
Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
|
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
|
||||||
- https://paper.seebug.org/1009/
|
- https://paper.seebug.org/1009/
|
||||||
- https://issues.apache.org/jira/browse/SOLR-13669
|
- https://issues.apache.org/jira/browse/SOLR-13669
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-0193
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-0193
|
||||||
- https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E
|
- https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E
|
||||||
remediation: |
|
|
||||||
Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 7.2
|
cvss-score: 7.2
|
||||||
cve-id: CVE-2019-0193
|
cve-id: CVE-2019-0193
|
||||||
cwe-id: CWE-94
|
cwe-id: CWE-94
|
||||||
epss-score: 0.95869
|
epss-score: 0.95869
|
||||||
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99213
|
epss-percentile: 0.99213
|
||||||
|
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: apache
|
vendor: apache
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
|
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
|
||||||
|
remediation: |
|
||||||
|
Apply the necessary patches or updates provided by Apache Tomcat to fix the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://seclists.org/fulldisclosure/2019/May/50
|
- https://seclists.org/fulldisclosure/2019/May/50
|
||||||
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
|
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
|
||||||
|
|
@ -18,13 +20,13 @@ info:
|
||||||
cve-id: CVE-2019-0221
|
cve-id: CVE-2019-0221
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.01651
|
epss-score: 0.01651
|
||||||
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.86008
|
epss-percentile: 0.86008
|
||||||
|
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
shodan-query: title:"Apache Tomcat"
|
|
||||||
vendor: apache
|
vendor: apache
|
||||||
product: tomcat
|
product: tomcat
|
||||||
|
shodan-query: title:"Apache Tomcat"
|
||||||
tags: apache,xss,tomcat,seclists,edb,cve,cve2019
|
tags: apache,xss,tomcat,seclists,edb,cve,cve2019
|
||||||
variables:
|
variables:
|
||||||
payload: "<script>alert({{rand_int()}})</script>"
|
payload: "<script>alert({{rand_int()}})</script>"
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.
|
description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Apache Struts to a version higher than 2.5.20 or apply the necessary patches provided by the vendor.
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-0230
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-0230
|
||||||
- https://cwiki.apache.org/confluence/display/WW/S2-059
|
- https://cwiki.apache.org/confluence/display/WW/S2-059
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-0230
|
cve-id: CVE-2019-0230
|
||||||
cwe-id: CWE-1321
|
cwe-id: CWE-1321
|
||||||
epss-score: 0.92614
|
epss-score: 0.92614
|
||||||
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.98622
|
epss-percentile: 0.98622
|
||||||
|
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: apache
|
vendor: apache
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: davidmckennirey
|
author: davidmckennirey
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.
|
description: Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches and updates provided by Kentico CMS to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.aon.com/cyber-solutions/aon_cyber_labs/unauthenticated-remote-code-execution-in-kentico-cms/
|
- https://www.aon.com/cyber-solutions/aon_cyber_labs/unauthenticated-remote-code-execution-in-kentico-cms/
|
||||||
- https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
|
- https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-10068
|
cve-id: CVE-2019-10068
|
||||||
cwe-id: CWE-502
|
cwe-id: CWE-502
|
||||||
epss-score: 0.97358
|
epss-score: 0.97358
|
||||||
cpe: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.9984
|
epss-percentile: 0.9984
|
||||||
|
cpe: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: kentico
|
vendor: kentico
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
|
description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to Apache HTTP Server version 2.4.40 or later, which includes a fix for this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
|
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
|
||||||
- https://httpd.apache.org/security/vulnerabilities_24.html
|
- https://httpd.apache.org/security/vulnerabilities_24.html
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-10092
|
cve-id: CVE-2019-10092
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.01582
|
epss-score: 0.01582
|
||||||
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.8571
|
epss-percentile: 0.8571
|
||||||
|
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: apache
|
vendor: apache
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
|
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Apache HTTP server to version 2.4.40 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47689
|
- https://www.exploit-db.com/exploits/47689
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-10098
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-10098
|
||||||
|
|
@ -19,8 +21,8 @@ info:
|
||||||
cve-id: CVE-2019-10098
|
cve-id: CVE-2019-10098
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
epss-score: 0.08306
|
epss-score: 0.08306
|
||||||
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.9354
|
epss-percentile: 0.9354
|
||||||
|
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: apache
|
vendor: apache
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
description: 'Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.'
|
description: 'Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.'
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of Timesheet Next Gen (1.5.4 or above) that properly sanitizes user input to prevent XSS attacks.
|
||||||
reference:
|
reference:
|
||||||
- http://www.mdh-tz.info/
|
- http://www.mdh-tz.info/
|
||||||
- https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/
|
- https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-1010287
|
cve-id: CVE-2019-1010287
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00129
|
epss-score: 0.00129
|
||||||
cpe: cpe:2.3:a:timesheet_next_gen_project:timesheet_next_gen:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.46935
|
epss-percentile: 0.46935
|
||||||
|
cpe: cpe:2.3:a:timesheet_next_gen_project:timesheet_next_gen:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
google-query: inurl:"/timesheet/login.php"
|
|
||||||
vendor: timesheet_next_gen_project
|
vendor: timesheet_next_gen_project
|
||||||
product: timesheet_next_gen
|
product: timesheet_next_gen
|
||||||
|
google-query: inurl:"/timesheet/login.php"
|
||||||
tags: cve,cve2019,timesheet,xss
|
tags: cve,cve2019,timesheet,xss
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
|
description: Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to Babel version 7.4.0 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
|
- https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
|
||||||
- http://dev.cmsmadesimple.org/project/files/729
|
- http://dev.cmsmadesimple.org/project/files/729
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-1010290
|
cve-id: CVE-2019-1010290
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
epss-score: 0.00198
|
epss-score: 0.00198
|
||||||
cpe: cpe:2.3:a:cmsmadesimple:bable\:multilingual_site:*:*:*:*:*:cms_made_simple:*:*
|
|
||||||
epss-percentile: 0.56887
|
epss-percentile: 0.56887
|
||||||
|
cpe: cpe:2.3:a:cmsmadesimple:bable\:multilingual_site:*:*:*:*:*:cms_made_simple:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: cmsmadesimple
|
vendor: cmsmadesimple
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: RedTeamBrasil
|
author: RedTeamBrasil
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.
|
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of Teclib GLPI (9.3.4 or later) to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
|
- https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
|
||||||
- https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
|
- https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-10232
|
cve-id: CVE-2019-10232
|
||||||
cwe-id: CWE-89
|
cwe-id: CWE-89
|
||||||
epss-score: 0.21939
|
epss-score: 0.21939
|
||||||
cpe: cpe:2.3:a:teclib-edition:gestionnaire_libre_de_parc_informatique:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.95827
|
epss-percentile: 0.95827
|
||||||
|
cpe: cpe:2.3:a:teclib-edition:gestionnaire_libre_de_parc_informatique:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: teclib-edition
|
vendor: teclib-edition
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: c-sh0
|
author: c-sh0
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue.
|
description: Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Jenkins to a version higher than 2.196 to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1505
|
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1505
|
||||||
- http://www.openwall.com/lists/oss-security/2019/09/25/3
|
- http://www.openwall.com/lists/oss-security/2019/09/25/3
|
||||||
|
|
@ -15,13 +17,13 @@ info:
|
||||||
cve-id: CVE-2019-10405
|
cve-id: CVE-2019-10405
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00572
|
epss-score: 0.00572
|
||||||
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
|
|
||||||
epss-percentile: 0.75075
|
epss-percentile: 0.75075
|
||||||
|
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
shodan-query: http.favicon.hash:81586312
|
|
||||||
vendor: jenkins
|
vendor: jenkins
|
||||||
product: jenkins
|
product: jenkins
|
||||||
|
shodan-query: http.favicon.hash:81586312
|
||||||
tags: cve,cve2019,jenkins
|
tags: cve,cve2019,jenkins
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides.
|
description: Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of the Jenkins build-metrics plugin or apply the necessary fixes provided by the vendor.
|
||||||
reference:
|
reference:
|
||||||
- https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490
|
- https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490
|
||||||
- http://www.openwall.com/lists/oss-security/2019/10/23/2
|
- http://www.openwall.com/lists/oss-security/2019/10/23/2
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-10475
|
cve-id: CVE-2019-10475
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.97301
|
epss-score: 0.97301
|
||||||
cpe: cpe:2.3:a:jenkins:build-metrics:*:*:*:*:*:jenkins:*:*
|
|
||||||
epss-percentile: 0.99796
|
epss-percentile: 0.99796
|
||||||
|
cpe: cpe:2.3:a:jenkins:build-metrics:*:*:*:*:*:jenkins:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: jenkins
|
|
||||||
vendor: jenkins
|
vendor: jenkins
|
||||||
product: build-metrics
|
product: build-metrics
|
||||||
|
framework: jenkins
|
||||||
tags: cve,cve2019,jenkins,xss,plugin,packetstorm
|
tags: cve,cve2019,jenkins,xss,plugin,packetstorm
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
|
WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of the WordPress Google Maps plugin (7.11.18 or higher).
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/475404ce-2a1a-4d15-bf02-df0ea2afdaea
|
- https://wpscan.com/vulnerability/475404ce-2a1a-4d15-bf02-df0ea2afdaea
|
||||||
- https://wordpress.org/plugins/wp-google-maps/#developers
|
- https://wordpress.org/plugins/wp-google-maps/#developers
|
||||||
|
|
@ -17,14 +19,14 @@ info:
|
||||||
cve-id: CVE-2019-10692
|
cve-id: CVE-2019-10692
|
||||||
cwe-id: CWE-89
|
cwe-id: CWE-89
|
||||||
epss-score: 0.9737
|
epss-score: 0.9737
|
||||||
cpe: cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.9985
|
epss-percentile: 0.9985
|
||||||
|
cpe: cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
framework: wordpress
|
max-request: 1
|
||||||
vendor: codecabin
|
vendor: codecabin
|
||||||
product: wp_go_maps
|
product: wp_go_maps
|
||||||
|
framework: wordpress
|
||||||
tags: cve,cve2019,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan
|
tags: cve,cve2019,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
|
BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of BlogEngine.NET or apply the vendor-supplied patch to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
|
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
|
||||||
- https://github.com/rxtur/BlogEngine.NET/commits/master
|
- https://github.com/rxtur/BlogEngine.NET/commits/master
|
||||||
|
|
@ -17,14 +19,14 @@ info:
|
||||||
cve-id: CVE-2019-10717
|
cve-id: CVE-2019-10717
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.0042
|
epss-score: 0.0042
|
||||||
cpe: cpe:2.3:a:dotnetblogengine:blogengine.net:3.3.7.0:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.7095
|
epss-percentile: 0.7095
|
||||||
|
cpe: cpe:2.3:a:dotnetblogengine:blogengine.net:3.3.7.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
shodan-query: http.html:"Blogengine.net"
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
vendor: dotnetblogengine
|
vendor: dotnetblogengine
|
||||||
product: blogengine.net
|
product: blogengine.net
|
||||||
|
shodan-query: http.html:"Blogengine.net"
|
||||||
tags: seclists,cve,cve2019,blogengine,lfi,traversal
|
tags: seclists,cve,cve2019,blogengine,lfi,traversal
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,24 +5,24 @@ info:
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: critical
|
severity: critical
|
||||||
description: mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment.
|
description: mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment.
|
||||||
|
remediation: Upgrade mongo-express to version 0.54.0 or higher.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
|
- https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-10758
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-10758
|
||||||
- https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
|
- https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
|
||||||
remediation: Upgrade mongo-express to version 0.54.0 or higher.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
||||||
cvss-score: 9.9
|
cvss-score: 9.9
|
||||||
cve-id: CVE-2019-10758
|
cve-id: CVE-2019-10758
|
||||||
epss-score: 0.97345
|
epss-score: 0.97345
|
||||||
cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:*
|
|
||||||
epss-percentile: 0.99831
|
epss-percentile: 0.99831
|
||||||
|
cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
shodan-query: http.title:"Mongo Express"
|
|
||||||
framework: node.js
|
|
||||||
vendor: mongo-express_project
|
vendor: mongo-express_project
|
||||||
product: mongo-express
|
product: mongo-express
|
||||||
|
framework: node.js
|
||||||
|
shodan-query: http.title:"Mongo Express"
|
||||||
tags: vulhub,cve,cve2019,mongo,mongo-express,kev
|
tags: vulhub,cve,cve2019,mongo,mongo-express,kev
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
|
description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Nimble Streamer to a version higher than 3.5.4-9 to mitigate the LFI vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47301
|
- https://www.exploit-db.com/exploits/47301
|
||||||
- https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
|
- https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-11013
|
cve-id: CVE-2019-11013
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01775
|
epss-score: 0.01775
|
||||||
cpe: cpe:2.3:a:softvelum:nimble_streamer:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.86476
|
epss-percentile: 0.86476
|
||||||
|
cpe: cpe:2.3:a:softvelum:nimble_streamer:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: softvelum
|
vendor: softvelum
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
|
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
|
||||||
|
remediation: |
|
||||||
|
Disable or restrict access to the Debug Endpoint pprof to prevent unauthorized access.
|
||||||
reference:
|
reference:
|
||||||
- https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0
|
- https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0
|
||||||
- http://mmcloughlin.com/posts/your-pprof-is-showing
|
- http://mmcloughlin.com/posts/your-pprof-is-showing
|
||||||
|
|
@ -18,8 +20,8 @@ info:
|
||||||
cve-id: CVE-2019-11248
|
cve-id: CVE-2019-11248
|
||||||
cwe-id: CWE-419,CWE-862
|
cwe-id: CWE-419,CWE-862
|
||||||
epss-score: 0.74826
|
epss-score: 0.74826
|
||||||
cpe: cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.97731
|
epss-percentile: 0.97731
|
||||||
|
cpe: cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: kubernetes
|
vendor: kubernetes
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html "System contact" field.
|
Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html "System contact" field.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest patch or upgrade to a version that addresses the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/46897
|
- https://www.exploit-db.com/exploits/46897
|
||||||
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370
|
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370
|
||||||
|
|
@ -16,14 +18,14 @@ info:
|
||||||
cve-id: CVE-2019-11370
|
cve-id: CVE-2019-11370
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.1896
|
epss-score: 0.1896
|
||||||
cpe: cpe:2.3:o:carel:pcoweb_card_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.95583
|
epss-percentile: 0.95583
|
||||||
|
cpe: cpe:2.3:o:carel:pcoweb_card_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
|
||||||
shodan-query: http.html:"pCOWeb"
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 2
|
||||||
vendor: carel
|
vendor: carel
|
||||||
product: pcoweb_card_firmware
|
product: pcoweb_card_firmware
|
||||||
|
shodan-query: http.html:"pCOWeb"
|
||||||
tags: pcoweb,xss,carel,edb,cve,cve2019
|
tags: pcoweb,xss,carel,edb,cve,cve2019
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: organiccrap
|
author: organiccrap
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
|
description: Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches and updates provided by Pulse Secure.
|
||||||
reference:
|
reference:
|
||||||
- https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
|
- https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
|
||||||
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
|
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-11510
|
cve-id: CVE-2019-11510
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.97289
|
epss-score: 0.97289
|
||||||
cpe: cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99788
|
epss-percentile: 0.99788
|
||||||
|
cpe: cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: pulsesecure
|
vendor: pulsesecure
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
|
description: Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to Atlassian Crowd and Crowd Data Center version 3.4.3 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/jas502n/CVE-2019-11580
|
- https://github.com/jas502n/CVE-2019-11580
|
||||||
- https://jira.atlassian.com/browse/CWD-5388
|
- https://jira.atlassian.com/browse/CWD-5388
|
||||||
|
|
@ -15,13 +17,13 @@ info:
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2019-11580
|
cve-id: CVE-2019-11580
|
||||||
epss-score: 0.97501
|
epss-score: 0.97501
|
||||||
cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99963
|
epss-percentile: 0.99963
|
||||||
|
cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
shodan-query: http.component:"Atlassian Jira"
|
|
||||||
vendor: atlassian
|
vendor: atlassian
|
||||||
product: crowd
|
product: crowd
|
||||||
|
shodan-query: http.component:"Atlassian Jira"
|
||||||
tags: packetstorm,kev,cve,cve2019,atlassian,rce
|
tags: packetstorm,kev,cve,cve2019,atlassian,rce
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: ree4pwn
|
author: ree4pwn
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
|
description: Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
|
||||||
|
remediation: |
|
||||||
|
Apply the necessary security patches or upgrade to a fixed version provided by Atlassian to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/jas502n/CVE-2019-11581
|
- https://github.com/jas502n/CVE-2019-11581
|
||||||
- https://jira.atlassian.com/browse/JRASERVER-69532
|
- https://jira.atlassian.com/browse/JRASERVER-69532
|
||||||
|
|
@ -15,13 +17,13 @@ info:
|
||||||
cve-id: CVE-2019-11581
|
cve-id: CVE-2019-11581
|
||||||
cwe-id: CWE-74
|
cwe-id: CWE-74
|
||||||
epss-score: 0.97434
|
epss-score: 0.97434
|
||||||
cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99907
|
epss-percentile: 0.99907
|
||||||
|
cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
shodan-query: http.component:"Atlassian Jira"
|
|
||||||
vendor: atlassian
|
vendor: atlassian
|
||||||
product: jira
|
product: jira
|
||||||
|
shodan-query: http.component:"Atlassian Jira"
|
||||||
tags: cve,cve2019,atlassian,jira,ssti,rce,kev
|
tags: cve,cve2019,atlassian,jira,ssti,rce,kev
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ info:
|
||||||
request is for an admin page). An unauthenticated attacker can consequently inject
|
request is for an admin page). An unauthenticated attacker can consequently inject
|
||||||
a payload into the plugin settings, such as the
|
a payload into the plugin settings, such as the
|
||||||
yuzo_related_post_css_and_style setting.
|
yuzo_related_post_css_and_style setting.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
|
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
|
||||||
- https://wpscan.com/vulnerability/9254
|
- https://wpscan.com/vulnerability/9254
|
||||||
|
|
@ -23,13 +25,13 @@ info:
|
||||||
cve-id: CVE-2019-11869
|
cve-id: CVE-2019-11869
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00321
|
epss-score: 0.00321
|
||||||
cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.66852
|
epss-percentile: 0.66852
|
||||||
|
cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
framework: wordpress
|
|
||||||
vendor: yuzopro
|
vendor: yuzopro
|
||||||
product: yuzo
|
product: yuzo
|
||||||
|
framework: wordpress
|
||||||
tags: wpscan,cve,cve2019,wordpress,wp-plugin,xss
|
tags: wpscan,cve,cve2019,wordpress,wp-plugin,xss
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,22 +6,22 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
|
GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
|
||||||
|
remediation: |
|
||||||
|
A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
|
||||||
reference:
|
reference:
|
||||||
- https://security401.com/grandnode-path-traversal/
|
- https://security401.com/grandnode-path-traversal/
|
||||||
- https://grandnode.com
|
- https://grandnode.com
|
||||||
- https://github.com/grandnode/grandnode
|
- https://github.com/grandnode/grandnode
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-12276
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-12276
|
||||||
- http://packetstormsecurity.com/files/153373/GrandNode-4.40-Path-Traversal-File-Download.html
|
- http://packetstormsecurity.com/files/153373/GrandNode-4.40-Path-Traversal-File-Download.html
|
||||||
remediation: |
|
|
||||||
A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2019-12276
|
cve-id: CVE-2019-12276
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.96216
|
epss-score: 0.96216
|
||||||
cpe: cpe:2.3:a:grandnode:grandnode:4.40:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99307
|
epss-percentile: 0.99307
|
||||||
|
cpe: cpe:2.3:a:grandnode:grandnode:4.40:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: grandnode
|
vendor: grandnode
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
|
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Deltek Maconomy 2.2.5.
|
||||||
reference:
|
reference:
|
||||||
- http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
|
- http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
|
||||||
- https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm
|
- https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-12314
|
cve-id: CVE-2019-12314
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.23499
|
epss-score: 0.23499
|
||||||
cpe: cpe:2.3:a:deltek:maconomy:2.2.5:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.95935
|
epss-percentile: 0.95935
|
||||||
|
cpe: cpe:2.3:a:deltek:maconomy:2.2.5:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: deltek
|
vendor: deltek
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter.
|
description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to the latest version of WebPort (1.19.2 or higher) which includes a fix for this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
|
- https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
|
||||||
- https://webport.se/nedladdningar/
|
- https://webport.se/nedladdningar/
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-12461
|
cve-id: CVE-2019-12461
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00269
|
epss-score: 0.00269
|
||||||
cpe: cpe:2.3:a:webport:web_port:1.19.1:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.63646
|
epss-percentile: 0.63646
|
||||||
|
cpe: cpe:2.3:a:webport:web_port:1.19.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: webport
|
vendor: webport
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: n-thumann
|
author: n-thumann
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.
|
description: Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by Zyxel to fix the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
|
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
|
||||||
- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-zxel-zywall/
|
- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-zxel-zywall/
|
||||||
|
|
@ -17,13 +19,13 @@ info:
|
||||||
cve-id: CVE-2019-12581
|
cve-id: CVE-2019-12581
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00642
|
epss-score: 0.00642
|
||||||
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.7661
|
epss-percentile: 0.7661
|
||||||
|
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
shodan-query: http.title:"ZyWall"
|
|
||||||
vendor: zyxel
|
vendor: zyxel
|
||||||
product: uag2100_firmware
|
product: uag2100_firmware
|
||||||
|
shodan-query: http.title:"ZyWall"
|
||||||
tags: cve,cve2019,zyxel,zywall,xss
|
tags: cve,cve2019,zyxel,zywall,xss
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: n-thumann,daffainfo
|
author: n-thumann,daffainfo
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks.
|
description: Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by Zyxel to fix the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
|
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
|
||||||
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
|
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-12583
|
cve-id: CVE-2019-12583
|
||||||
cwe-id: CWE-425
|
cwe-id: CWE-425
|
||||||
epss-score: 0.00481
|
epss-score: 0.00481
|
||||||
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.72824
|
epss-percentile: 0.72824
|
||||||
|
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: zyxel
|
vendor: zyxel
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
|
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
|
||||||
|
remediation: |
|
||||||
|
Upgrade IceWarp Mail Server to a version higher than 10.4.4 or apply the vendor-provided patch to fix the LFI vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
|
- https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
|
||||||
- http://www.icewarp.com
|
- http://www.icewarp.com
|
||||||
|
|
@ -17,14 +19,14 @@ info:
|
||||||
cve-id: CVE-2019-12593
|
cve-id: CVE-2019-12593
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.13201
|
epss-score: 0.13201
|
||||||
cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.94827
|
epss-percentile: 0.94827
|
||||||
|
cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
google-query: Powered By IceWarp 10.4.4
|
|
||||||
shodan-query: title:"icewarp"
|
|
||||||
vendor: icewarp
|
vendor: icewarp
|
||||||
product: mail_server
|
product: mail_server
|
||||||
|
shodan-query: title:"icewarp"
|
||||||
|
google-query: Powered By IceWarp 10.4.4
|
||||||
tags: packetstorm,cve,cve2019,lfi,icewarp
|
tags: packetstorm,cve,cve2019,lfi,icewarp
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: Mohammedsaneem,philippedelteil,daffainfo
|
author: Mohammedsaneem,philippedelteil,daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
|
description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
|
||||||
|
remediation: |
|
||||||
|
Upgrade phpMyAdmin to version 4.9.0 or later to mitigate the CSRF vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.phpmyadmin.net/security/PMASA-2019-4/
|
- https://www.phpmyadmin.net/security/PMASA-2019-4/
|
||||||
- https://www.exploit-db.com/exploits/46982
|
- https://www.exploit-db.com/exploits/46982
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-12616
|
cve-id: CVE-2019-12616
|
||||||
cwe-id: CWE-352
|
cwe-id: CWE-352
|
||||||
epss-score: 0.00989
|
epss-score: 0.00989
|
||||||
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.81614
|
epss-percentile: 0.81614
|
||||||
|
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: phpmyadmin
|
vendor: phpmyadmin
|
||||||
|
|
|
||||||
|
|
@ -5,21 +5,21 @@ info:
|
||||||
author: dwisiswant0,akincibor
|
author: dwisiswant0,akincibor
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
|
description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
|
||||||
|
remediation: Upgrade to 3.9.5. Be aware this product is no longer supported.
|
||||||
reference:
|
reference:
|
||||||
- https://www.zeroshell.org/new-release-and-critical-vulnerability/
|
- https://www.zeroshell.org/new-release-and-critical-vulnerability/
|
||||||
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
|
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
|
||||||
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
|
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
|
||||||
- https://zeroshell.org/blog/
|
- https://zeroshell.org/blog/
|
||||||
- http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html
|
- http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html
|
||||||
remediation: Upgrade to 3.9.5. Be aware this product is no longer supported.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2019-12725
|
cve-id: CVE-2019-12725
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.96479
|
epss-score: 0.96479
|
||||||
cpe: cpe:2.3:o:zeroshell:zeroshell:3.9.0:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99394
|
epss-percentile: 0.99394
|
||||||
|
cpe: cpe:2.3:o:zeroshell:zeroshell:3.9.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: zeroshell
|
vendor: zeroshell
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.
|
LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to the latest version of LiveZilla Server or apply the vendor-provided patch to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/49669
|
- https://www.exploit-db.com/exploits/49669
|
||||||
- https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
|
- https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
|
||||||
|
|
@ -17,14 +19,14 @@ info:
|
||||||
cve-id: CVE-2019-12962
|
cve-id: CVE-2019-12962
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.20689
|
epss-score: 0.20689
|
||||||
cpe: cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.95731
|
epss-percentile: 0.95731
|
||||||
|
cpe: cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
shodan-query: http.html:LiveZilla
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
vendor: livezilla
|
vendor: livezilla
|
||||||
product: livezilla
|
product: livezilla
|
||||||
|
shodan-query: http.html:LiveZilla
|
||||||
tags: xss,edb,packetstorm,cve,cve2019,livezilla
|
tags: xss,edb,packetstorm,cve,cve2019,livezilla
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
|
remediation: |
|
||||||
|
Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.tenable.com/security/research/tra-2019-31
|
- https://www.tenable.com/security/research/tra-2019-31
|
||||||
- https://support.citrix.com/article/CTX251987
|
- https://support.citrix.com/article/CTX251987
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-12985
|
cve-id: CVE-2019-12985
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.97433
|
epss-score: 0.97433
|
||||||
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99906
|
epss-percentile: 0.99906
|
||||||
|
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
shodan-query: http.title:"Citrix SD-WAN"
|
|
||||||
vendor: citrix
|
vendor: citrix
|
||||||
product: netscaler_sd-wan
|
product: netscaler_sd-wan
|
||||||
|
shodan-query: http.title:"Citrix SD-WAN"
|
||||||
tags: cve,cve2019,citrix,rce,unauth,oast,tenable
|
tags: cve,cve2019,citrix,rce,unauth,oast,tenable
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Citrix SD-WAN Center is susceptible to remote command injection via the trace_route function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
Citrix SD-WAN Center is susceptible to remote command injection via the trace_route function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
|
remediation: |
|
||||||
|
Apply the necessary patches or updates provided by Citrix to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.tenable.com/security/research/tra-2019-31
|
- https://www.tenable.com/security/research/tra-2019-31
|
||||||
- https://support.citrix.com/article/CTX251987
|
- https://support.citrix.com/article/CTX251987
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-12986
|
cve-id: CVE-2019-12986
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.97433
|
epss-score: 0.97433
|
||||||
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99906
|
epss-percentile: 0.99906
|
||||||
|
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
shodan-query: http.title:"Citrix SD-WAN"
|
|
||||||
vendor: citrix
|
vendor: citrix
|
||||||
product: netscaler_sd-wan
|
product: netscaler_sd-wan
|
||||||
|
shodan-query: http.title:"Citrix SD-WAN"
|
||||||
tags: unauth,oast,tenable,cve,cve2019,citrix,rce
|
tags: unauth,oast,tenable,cve,cve2019,citrix,rce
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches provided by Citrix to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.tenable.com/security/research/tra-2019-31
|
- https://www.tenable.com/security/research/tra-2019-31
|
||||||
- https://support.citrix.com/article/CTX251987
|
- https://support.citrix.com/article/CTX251987
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-12987
|
cve-id: CVE-2019-12987
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.97433
|
epss-score: 0.97433
|
||||||
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99906
|
epss-percentile: 0.99906
|
||||||
|
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
shodan-query: http.title:"Citrix SD-WAN"
|
|
||||||
vendor: citrix
|
vendor: citrix
|
||||||
product: netscaler_sd-wan
|
product: netscaler_sd-wan
|
||||||
|
shodan-query: http.title:"Citrix SD-WAN"
|
||||||
tags: citrix,rce,unauth,oast,tenable,cve,cve2019
|
tags: citrix,rce,unauth,oast,tenable,cve,cve2019
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ztd_password, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ztd_password, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches provided by Citrix to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.tenable.com/security/research/tra-2019-31
|
- https://www.tenable.com/security/research/tra-2019-31
|
||||||
- https://support.citrix.com/article/CTX251987
|
- https://support.citrix.com/article/CTX251987
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-12988
|
cve-id: CVE-2019-12988
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.97433
|
epss-score: 0.97433
|
||||||
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99906
|
epss-percentile: 0.99906
|
||||||
|
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
shodan-query: http.title:"Citrix SD-WAN"
|
|
||||||
vendor: citrix
|
vendor: citrix
|
||||||
product: netscaler_sd-wan
|
product: netscaler_sd-wan
|
||||||
|
shodan-query: http.title:"Citrix SD-WAN"
|
||||||
tags: rce,unauth,oast,tenable,cve,cve2019,citrix
|
tags: rce,unauth,oast,tenable,cve,cve2019,citrix
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for filename, filedata, and workspace_id, therefore being able to write files to locations writable by the www-data user and/or to write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.
|
Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for filename, filedata, and workspace_id, therefore being able to write files to locations writable by the www-data user and/or to write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches or updates provided by Citrix to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.tenable.com/security/research/tra-2019-31
|
- https://www.tenable.com/security/research/tra-2019-31
|
||||||
- https://support.citrix.com/search?searchQuery=*&lang=en&sort=relevance&prod=&pver=&ct=Security+Bulletin
|
- https://support.citrix.com/search?searchQuery=*&lang=en&sort=relevance&prod=&pver=&ct=Security+Bulletin
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-12990
|
cve-id: CVE-2019-12990
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.95724
|
epss-score: 0.95724
|
||||||
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99172
|
epss-percentile: 0.99172
|
||||||
|
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 3
|
max-request: 3
|
||||||
shodan-query: http.title:"Citrix SD-WAN"
|
|
||||||
vendor: citrix
|
vendor: citrix
|
||||||
product: netscaler_sd-wan
|
product: netscaler_sd-wan
|
||||||
|
shodan-query: http.title:"Citrix SD-WAN"
|
||||||
tags: cve,cve2019,citrix,rce,unauth,tenable,intrusive
|
tags: cve,cve2019,citrix,rce,unauth,tenable,intrusive
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: Suman_Kar
|
author: Suman_Kar
|
||||||
severity: critical
|
severity: critical
|
||||||
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
|
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
|
||||||
|
remediation: |
|
||||||
|
Update the router's firmware to the latest version provided by D-Link.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/d0x0/D-Link-DIR-600M
|
- https://github.com/d0x0/D-Link-DIR-600M
|
||||||
- https://www.exploit-db.com/exploits/47250
|
- https://www.exploit-db.com/exploits/47250
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-13101
|
cve-id: CVE-2019-13101
|
||||||
cwe-id: CWE-306
|
cwe-id: CWE-306
|
||||||
epss-score: 0.03717
|
epss-score: 0.03717
|
||||||
cpe: cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.90578
|
epss-percentile: 0.90578
|
||||||
|
cpe: cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: dlink
|
vendor: dlink
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
|
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to the latest version of MindPalette NateMail to fix the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.doyler.net/security-not-included/natemail-vulnerabilities
|
- https://www.doyler.net/security-not-included/natemail-vulnerabilities
|
||||||
- https://mindpalette.com/tag/natemail/
|
- https://mindpalette.com/tag/natemail/
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-13392
|
cve-id: CVE-2019-13392
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.0014
|
epss-score: 0.0014
|
||||||
cpe: cpe:2.3:a:mindpalette:natemail:3.0.15:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.4905
|
epss-percentile: 0.4905
|
||||||
|
cpe: cpe:2.3:a:mindpalette:natemail:3.0.15:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: mindpalette
|
vendor: mindpalette
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: 0x_Akoko,daffainfo
|
author: 0x_Akoko,daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion.
|
description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to the latest version to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47121
|
- https://www.exploit-db.com/exploits/47121
|
||||||
- http://getflightpath.com/node/2650
|
- http://getflightpath.com/node/2650
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-13396
|
cve-id: CVE-2019-13396
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.02107
|
epss-score: 0.02107
|
||||||
cpe: cpe:2.3:a:getflightpath:flightpath:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.87729
|
epss-percentile: 0.87729
|
||||||
|
cpe: cpe:2.3:a:getflightpath:flightpath:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: getflightpath
|
vendor: getflightpath
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: divya_mudgal
|
author: divya_mudgal
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
|
description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patch or update provided by Lansweeper to fix the SQL Injection vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
|
- https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-13462
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-13462
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-13462
|
cve-id: CVE-2019-13462
|
||||||
cwe-id: CWE-89
|
cwe-id: CWE-89
|
||||||
epss-score: 0.41054
|
epss-score: 0.41054
|
||||||
cpe: cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.96803
|
epss-percentile: 0.96803
|
||||||
|
cpe: cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: lansweeper
|
vendor: lansweeper
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
|
WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of the plugin (0.6.67) or apply the patch provided by the vendor.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/security-kma/EXPLOITING-CVE-2019-14205
|
- https://github.com/security-kma/EXPLOITING-CVE-2019-14205
|
||||||
- https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
|
- https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
|
||||||
|
|
@ -18,13 +20,13 @@ info:
|
||||||
cve-id: CVE-2019-14205
|
cve-id: CVE-2019-14205
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.06333
|
epss-score: 0.06333
|
||||||
cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.92717
|
epss-percentile: 0.92717
|
||||||
|
cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: nevma
|
vendor: nevma
|
||||||
product: adaptive_images
|
product: adaptive_images
|
||||||
|
framework: wordpress
|
||||||
tags: cve,cve2019,wordpress,wp-plugin,lfi,wp
|
tags: cve,cve2019,wordpress,wp-plugin,lfi,wp
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
description: Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches or updates provided by Alfresco to fix the open redirect vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
|
- https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
|
||||||
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
|
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-14223
|
cve-id: CVE-2019-14223
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
epss-score: 0.00188
|
epss-score: 0.00188
|
||||||
cpe: cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*
|
|
||||||
epss-percentile: 0.55496
|
epss-percentile: 0.55496
|
||||||
|
cpe: cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: alfresco
|
vendor: alfresco
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.
|
description: T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the T24 Web Server.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt
|
- https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt
|
||||||
- https://vuldb.com/?id.146815
|
- https://vuldb.com/?id.146815
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-14251
|
cve-id: CVE-2019-14251
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.01349
|
epss-score: 0.01349
|
||||||
cpe: cpe:2.3:a:temenos:t24:r15.01:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.84467
|
epss-percentile: 0.84467
|
||||||
|
cpe: cpe:2.3:a:temenos:t24:r15.01:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: temenos
|
vendor: temenos
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
|
description: Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of Aptana Jaxer or apply the necessary security patches to mitigate the LFI vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47214
|
- https://www.exploit-db.com/exploits/47214
|
||||||
- http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html
|
- http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-14312
|
cve-id: CVE-2019-14312
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.02327
|
epss-score: 0.02327
|
||||||
cpe: cpe:2.3:a:aptana:jaxer:1.0.3.4547:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.88328
|
epss-percentile: 0.88328
|
||||||
|
cpe: cpe:2.3:a:aptana:jaxer:1.0.3.4547:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: aptana
|
vendor: aptana
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
|
Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Pallets Werkzeug to version 0.15.5 or above to mitigate the LFI vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://palletsprojects.com/blog/werkzeug-0-15-5-released/
|
- https://palletsprojects.com/blog/werkzeug-0-15-5-released/
|
||||||
- http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
|
- http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-14322
|
cve-id: CVE-2019-14322
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.58463
|
epss-score: 0.58463
|
||||||
cpe: cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.97287
|
epss-percentile: 0.97287
|
||||||
|
cpe: cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 3
|
max-request: 3
|
||||||
vendor: palletsprojects
|
vendor: palletsprojects
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.
|
description: WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of UserPro or apply the provided patch to fix the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/9815
|
- https://wpscan.com/vulnerability/9815
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-14470
|
cve-id: CVE-2019-14470
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.78633
|
epss-score: 0.78633
|
||||||
cpe: cpe:2.3:a:instagram-php-api_project:instagram-php-api:-:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.97832
|
epss-percentile: 0.97832
|
||||||
|
cpe: cpe:2.3:a:instagram-php-api_project:instagram-php-api:-:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: instagram-php-api_project
|
vendor: instagram-php-api_project
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
|
OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
|
||||||
|
remediation: |
|
||||||
|
Upgrade OpenEMR to version 5.0.2 or later to mitigate the LFI vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/50037
|
- https://www.exploit-db.com/exploits/50037
|
||||||
- https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip
|
- https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip
|
||||||
|
|
@ -17,11 +19,11 @@ info:
|
||||||
cve-id: CVE-2019-14530
|
cve-id: CVE-2019-14530
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.83277
|
epss-score: 0.83277
|
||||||
cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.97995
|
epss-percentile: 0.97995
|
||||||
|
cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 2
|
||||||
vendor: open-emr
|
vendor: open-emr
|
||||||
product: openemr
|
product: openemr
|
||||||
tags: lfi,authenticated,edb,cve,cve2019,openemr
|
tags: lfi,authenticated,edb,cve,cve2019,openemr
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
|
description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
|
||||||
|
remediation: |
|
||||||
|
To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
|
||||||
reference:
|
reference:
|
||||||
- https://open-school.org
|
- https://open-school.org
|
||||||
- https://pastebin.com/AgxqdbAQ
|
- https://pastebin.com/AgxqdbAQ
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-14696
|
cve-id: CVE-2019-14696
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00776
|
epss-score: 0.00776
|
||||||
cpe: cpe:2.3:a:open-school:open-school:2.3:*:*:*:community:*:*:*
|
|
||||||
epss-percentile: 0.79096
|
epss-percentile: 0.79096
|
||||||
|
cpe: cpe:2.3:a:open-school:open-school:2.3:*:*:*:community:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: open-school
|
vendor: open-school
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
|
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
|
||||||
|
remediation: |
|
||||||
|
Upgrade osTicket to version 1.12.1 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html
|
- https://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14750
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-14750
|
||||||
|
|
@ -18,13 +20,13 @@ info:
|
||||||
cve-id: CVE-2019-14750
|
cve-id: CVE-2019-14750
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.05309
|
epss-score: 0.05309
|
||||||
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.92085
|
epss-percentile: 0.92085
|
||||||
|
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 4
|
max-request: 4
|
||||||
shodan-query: title:"osTicket"
|
|
||||||
vendor: osticket
|
vendor: osticket
|
||||||
product: osticket
|
product: osticket
|
||||||
|
shodan-query: title:"osTicket"
|
||||||
tags: packetstorm,cve,cve2019,osticket,xss,intrusive
|
tags: packetstorm,cve,cve2019,osticket,xss,intrusive
|
||||||
variables:
|
variables:
|
||||||
user_name: "{{to_lower(rand_text_alphanumeric(6))}}"
|
user_name: "{{to_lower(rand_text_alphanumeric(6))}}"
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||||
|
remediation: |
|
||||||
|
Update to Custom 404 Pro version 3.2.8 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/81ee1df5-12dc-49d8-8d49-ca28d6f5b7fd
|
- https://wpscan.com/vulnerability/81ee1df5-12dc-49d8-8d49-ca28d6f5b7fd
|
||||||
- https://wordpress.org/plugins/custom-404-pro/advanced/
|
- https://wordpress.org/plugins/custom-404-pro/advanced/
|
||||||
|
|
@ -17,14 +19,14 @@ info:
|
||||||
cve-id: CVE-2019-14789
|
cve-id: CVE-2019-14789
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00125
|
epss-score: 0.00125
|
||||||
cpe: cpe:2.3:a:kunalnagar:custom_404_pro:3.2.8:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.46223
|
epss-percentile: 0.46223
|
||||||
|
cpe: cpe:2.3:a:kunalnagar:custom_404_pro:3.2.8:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
|
||||||
verified: true
|
verified: true
|
||||||
framework: wordpress
|
max-request: 2
|
||||||
vendor: kunalnagar
|
vendor: kunalnagar
|
||||||
product: custom_404_pro
|
product: custom_404_pro
|
||||||
|
framework: wordpress
|
||||||
tags: wpscan,cve,cve2023,custom-404-pro,wp,wp-plugin,wordpress,authenticated,xss
|
tags: wpscan,cve,cve2023,custom-404-pro,wp,wp-plugin,wordpress,authenticated,xss
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: medium
|
||||||
description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
|
description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patch or upgrade to a non-vulnerable version of SugarCRM Enterprise.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47247
|
- https://www.exploit-db.com/exploits/47247
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-14974
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-14974
|
||||||
|
|
@ -14,8 +16,8 @@ info:
|
||||||
cve-id: CVE-2019-14974
|
cve-id: CVE-2019-14974
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00217
|
epss-score: 0.00217
|
||||||
cpe: cpe:2.3:a:sugarcrm:sugarcrm:9.0.0:*:*:*:enterprise:*:*:*
|
|
||||||
epss-percentile: 0.59028
|
epss-percentile: 0.59028
|
||||||
|
cpe: cpe:2.3:a:sugarcrm:sugarcrm:9.0.0:*:*:*:enterprise:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: sugarcrm
|
vendor: sugarcrm
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.
|
Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.
|
||||||
|
remediation: Upgrade to 6.3.4 or higher.
|
||||||
reference:
|
reference:
|
||||||
- https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569
|
- https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569
|
||||||
- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
|
- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
|
||||||
|
|
@ -13,21 +14,20 @@ info:
|
||||||
- https://aaron-hoffmann.com/posts/cve-2019-15043/
|
- https://aaron-hoffmann.com/posts/cve-2019-15043/
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15043
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15043
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15043
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-15043
|
||||||
remediation: Upgrade to 6.3.4 or higher.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2019-15043
|
cve-id: CVE-2019-15043
|
||||||
cwe-id: CWE-306
|
cwe-id: CWE-306
|
||||||
epss-score: 0.27328
|
epss-score: 0.27328
|
||||||
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.96168
|
epss-percentile: 0.96168
|
||||||
|
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
shodan-query: title:"Grafana"
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
vendor: grafana
|
vendor: grafana
|
||||||
product: grafana
|
product: grafana
|
||||||
|
shodan-query: title:"Grafana"
|
||||||
tags: cve,cve2019,grafana,dos,intrusive
|
tags: cve,cve2019,grafana,dos,intrusive
|
||||||
variables:
|
variables:
|
||||||
payload: '{{repeat("A", 4000)}}'
|
payload: '{{repeat("A", 4000)}}'
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: bp0lr
|
author: bp0lr
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
|
description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to Webmin version 1.930 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
|
- https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15107
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-15107
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-15107
|
cve-id: CVE-2019-15107
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.97528
|
epss-score: 0.97528
|
||||||
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99981
|
epss-percentile: 0.99981
|
||||||
|
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: webmin
|
vendor: webmin
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a version of L-Soft LISTSERV that is higher than 16.5-2018a to mitigate the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47302
|
- https://www.exploit-db.com/exploits/47302
|
||||||
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
|
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
|
||||||
|
|
@ -16,14 +18,14 @@ info:
|
||||||
cve-id: CVE-2019-15501
|
cve-id: CVE-2019-15501
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00303
|
epss-score: 0.00303
|
||||||
cpe: cpe:2.3:a:lsoft:listserv:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.65819
|
epss-percentile: 0.65819
|
||||||
|
cpe: cpe:2.3:a:lsoft:listserv:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
shodan-query: http.html:"LISTSERV"
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
vendor: lsoft
|
vendor: lsoft
|
||||||
product: listserv
|
product: listserv
|
||||||
|
shodan-query: http.html:"LISTSERV"
|
||||||
tags: cve,cve2019,xss,listserv,edb
|
tags: cve,cve2019,xss,listserv,edb
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
|
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
|
||||||
|
remediation: |
|
||||||
|
Upgrade Webmin to version 1.920 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15642
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-15642
|
||||||
- https://github.com/jas502n/CVE-2019-15642
|
- https://github.com/jas502n/CVE-2019-15642
|
||||||
|
|
@ -18,14 +20,14 @@ info:
|
||||||
cve-id: CVE-2019-15642
|
cve-id: CVE-2019-15642
|
||||||
cwe-id: CWE-94
|
cwe-id: CWE-94
|
||||||
epss-score: 0.26994
|
epss-score: 0.26994
|
||||||
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.96156
|
epss-percentile: 0.96156
|
||||||
|
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 4
|
|
||||||
shodan-query: title:"Webmin"
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 4
|
||||||
vendor: webmin
|
vendor: webmin
|
||||||
product: webmin
|
product: webmin
|
||||||
|
shodan-query: title:"Webmin"
|
||||||
tags: cve,cve2019,webmin,rce
|
tags: cve,cve2019,webmin,rce
|
||||||
variables:
|
variables:
|
||||||
cmd: '`id`'
|
cmd: '`id`'
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: daffainfo,dhiyaneshDk
|
author: daffainfo,dhiyaneshDk
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress plugin My Calendar <= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.
|
description: WordPress plugin My Calendar <= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of the My Calendar plugin (>= 3.1.10) or apply the vendor-provided patch to fix the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/9267
|
- https://wpscan.com/vulnerability/9267
|
||||||
- https://wordpress.org/plugins/my-calendar/#developers
|
- https://wordpress.org/plugins/my-calendar/#developers
|
||||||
|
|
@ -15,13 +17,13 @@ info:
|
||||||
cve-id: CVE-2019-15713
|
cve-id: CVE-2019-15713
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00101
|
epss-score: 0.00101
|
||||||
cpe: cpe:2.3:a:my_calendar_project:my_calendar:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.40822
|
epss-percentile: 0.40822
|
||||||
|
cpe: cpe:2.3:a:my_calendar_project:my_calendar:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: my_calendar_project
|
vendor: my_calendar_project
|
||||||
product: my_calendar
|
product: my_calendar
|
||||||
|
framework: wordpress
|
||||||
tags: cve,cve2019,wordpress,xss,wp-plugin,wpscan
|
tags: cve,cve2019,wordpress,xss,wp-plugin,wpscan
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
|
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to the latest version of DomainMOD (>=4.13.1) to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47325
|
- https://www.exploit-db.com/exploits/47325
|
||||||
- https://github.com/domainmod/domainmod/issues/108
|
- https://github.com/domainmod/domainmod/issues/108
|
||||||
|
|
@ -17,11 +19,11 @@ info:
|
||||||
cve-id: CVE-2019-15811
|
cve-id: CVE-2019-15811
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00376
|
epss-score: 0.00376
|
||||||
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.6932
|
epss-percentile: 0.6932
|
||||||
|
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 2
|
||||||
vendor: domainmod
|
vendor: domainmod
|
||||||
product: domainmod
|
product: domainmod
|
||||||
tags: cve,cve2019,domainmod,xss,authenticated,edb
|
tags: cve,cve2019,domainmod,xss,authenticated,edb
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.
|
WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of the Woody Ad Snippets plugin (2.2.5) or apply the vendor-provided patch to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/GeneralEG/CVE-2019-15858
|
- https://github.com/GeneralEG/CVE-2019-15858
|
||||||
- https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
|
- https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
|
||||||
|
|
@ -17,13 +19,13 @@ info:
|
||||||
cve-id: CVE-2019-15858
|
cve-id: CVE-2019-15858
|
||||||
cwe-id: CWE-306
|
cwe-id: CWE-306
|
||||||
epss-score: 0.02782
|
epss-score: 0.02782
|
||||||
cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.8928
|
epss-percentile: 0.8928
|
||||||
|
cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: webcraftic
|
vendor: webcraftic
|
||||||
product: woody_ad_snippets
|
product: woody_ad_snippets
|
||||||
|
framework: wordpress
|
||||||
tags: cve,cve2019,wordpress,wp-plugin,xss,wp
|
tags: cve,cve2019,wordpress,wp-plugin,xss,wp
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.
|
description: Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.
|
||||||
|
remediation: |
|
||||||
|
Update the firmware of the Socomec DIRIS A-40 devices to the latest version to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://seclists.org/fulldisclosure/2019/Oct/10
|
- https://seclists.org/fulldisclosure/2019/Oct/10
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-15859
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-15859
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-15859
|
cve-id: CVE-2019-15859
|
||||||
cwe-id: CWE-200
|
cwe-id: CWE-200
|
||||||
epss-score: 0.12379
|
epss-score: 0.12379
|
||||||
cpe: cpe:2.3:o:socomec:diris_a-40_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.94685
|
epss-percentile: 0.94685
|
||||||
|
cpe: cpe:2.3:o:socomec:diris_a-40_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: socomec
|
vendor: socomec
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
|
||||||
|
remediation: |
|
||||||
|
Update WordPress Download Manager plugin to version 2.9.94 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.cybersecurity-help.cz/vdb/SB2019041819
|
- https://www.cybersecurity-help.cz/vdb/SB2019041819
|
||||||
- https://wordpress.org/plugins/download-manager/#developers
|
- https://wordpress.org/plugins/download-manager/#developers
|
||||||
|
|
@ -17,13 +19,13 @@ info:
|
||||||
cve-id: CVE-2019-15889
|
cve-id: CVE-2019-15889
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.0427
|
epss-score: 0.0427
|
||||||
cpe: cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.91187
|
epss-percentile: 0.91187
|
||||||
|
cpe: cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: wpdownloadmanager
|
vendor: wpdownloadmanager
|
||||||
product: wordpress_download_manager
|
product: wordpress_download_manager
|
||||||
|
framework: wordpress
|
||||||
tags: packetstorm,cve,cve2019,wordpress,xss,wp-plugin
|
tags: packetstorm,cve,cve2019,wordpress,xss,wp-plugin
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
|
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16057
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-16057
|
||||||
- https://web.archive.org/web/20201222035258im_/https://blog.cystack.net/content/images/2019/09/poc.png
|
- https://web.archive.org/web/20201222035258im_/https://blog.cystack.net/content/images/2019/09/poc.png
|
||||||
|
|
@ -16,14 +18,14 @@ info:
|
||||||
cve-id: CVE-2019-16057
|
cve-id: CVE-2019-16057
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.97548
|
epss-score: 0.97548
|
||||||
cpe: cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99991
|
epss-percentile: 0.99991
|
||||||
|
cpe: cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: html:"ShareCenter"
|
max-request: 1
|
||||||
vendor: dlink
|
vendor: dlink
|
||||||
product: dns-320_firmware
|
product: dns-320_firmware
|
||||||
|
shodan-query: html:"ShareCenter"
|
||||||
tags: cve,cve2019,lfi,rce,kev,sharecenter,dlink
|
tags: cve,cve2019,lfi,rce,kev,sharecenter,dlink
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,21 +5,21 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.
|
description: Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.
|
||||||
|
remediation: Upgrade to v1.7.6 v1.8.3. v.1.9.0 or higher. A potential workaround without applying the fix is to configure Harbor to use a non-DB authentication backend such as LDAP.
|
||||||
reference:
|
reference:
|
||||||
- https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
|
- https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
|
||||||
- https://github.com/goharbor/harbor/issues/8951
|
- https://github.com/goharbor/harbor/issues/8951
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16097
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-16097
|
||||||
- https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517
|
- https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517
|
||||||
- http://www.vmware.com/security/advisories/VMSA-2019-0015.html
|
- http://www.vmware.com/security/advisories/VMSA-2019-0015.html
|
||||||
remediation: Upgrade to v1.7.6 v1.8.3. v.1.9.0 or higher. A potential workaround without applying the fix is to configure Harbor to use a non-DB authentication backend such as LDAP.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
||||||
cvss-score: 6.5
|
cvss-score: 6.5
|
||||||
cve-id: CVE-2019-16097
|
cve-id: CVE-2019-16097
|
||||||
cwe-id: CWE-862
|
cwe-id: CWE-862
|
||||||
epss-score: 0.96909
|
epss-score: 0.96909
|
||||||
cpe: cpe:2.3:a:linuxfoundation:harbor:1.7.0:-:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99592
|
epss-percentile: 0.99592
|
||||||
|
cpe: cpe:2.3:a:linuxfoundation:harbor:1.7.0:-:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: linuxfoundation
|
vendor: linuxfoundation
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion.
|
PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of PilusCart (>=1.4.2) or apply the vendor-supplied patch to mitigate the LFI vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/154250/PilusCart-1.4.1-Local-File-Disclosure.html
|
- https://packetstormsecurity.com/files/154250/PilusCart-1.4.1-Local-File-Disclosure.html
|
||||||
- https://www.exploit-db.com/exploits/47315
|
- https://www.exploit-db.com/exploits/47315
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-16123
|
cve-id: CVE-2019-16123
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.72953
|
epss-score: 0.72953
|
||||||
cpe: cpe:2.3:a:kartatopia:piluscart:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.97666
|
epss-percentile: 0.97666
|
||||||
|
cpe: cpe:2.3:a:kartatopia:piluscart:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: kartatopia
|
vendor: kartatopia
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: critical
|
severity: critical
|
||||||
description: nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify.
|
description: nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of nostromo web server (1.9.7 or later) or apply the vendor-supplied patch.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/155802/nostromo-1.9.6-Remote-Code-Execution.html
|
- https://packetstormsecurity.com/files/155802/nostromo-1.9.6-Remote-Code-Execution.html
|
||||||
- https://www.exploit-db.com/raw/47837
|
- https://www.exploit-db.com/raw/47837
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-16278
|
cve-id: CVE-2019-16278
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.97349
|
epss-score: 0.97349
|
||||||
cpe: cpe:2.3:a:nazgul:nostromo_nhttpd:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99835
|
epss-percentile: 0.99835
|
||||||
|
cpe: cpe:2.3:a:nazgul:nostromo_nhttpd:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: nazgul
|
vendor: nazgul
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.
|
description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.
|
||||||
|
remediation: |
|
||||||
|
Update the ifw8 Router ROM to a version that is not affected by CVE-2019-16313.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/CVE-2019-16313%20%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
|
- https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/CVE-2019-16313%20%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16313
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-16313
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-16313
|
cve-id: CVE-2019-16313
|
||||||
cwe-id: CWE-798
|
cwe-id: CWE-798
|
||||||
epss-score: 0.02626
|
epss-score: 0.02626
|
||||||
cpe: cpe:2.3:o:ifw8:fr6_firmware:4.31:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.88983
|
epss-percentile: 0.88983
|
||||||
|
cpe: cpe:2.3:o:ifw8:fr6_firmware:4.31:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: ifw8
|
vendor: ifw8
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
|
description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of WordPress API Bearer Auth plugin (20190907 or later) to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://plugins.trac.wordpress.org/changeset/2152730
|
- https://plugins.trac.wordpress.org/changeset/2152730
|
||||||
- https://wordpress.org/plugins/api-bearer-auth/#developers
|
- https://wordpress.org/plugins/api-bearer-auth/#developers
|
||||||
|
|
@ -17,13 +19,13 @@ info:
|
||||||
cve-id: CVE-2019-16332
|
cve-id: CVE-2019-16332
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00303
|
epss-score: 0.00303
|
||||||
cpe: cpe:2.3:a:api_bearer_auth_project:api_bearer_auth:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.65787
|
epss-percentile: 0.65787
|
||||||
|
cpe: cpe:2.3:a:api_bearer_auth_project:api_bearer_auth:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: api_bearer_auth_project
|
vendor: api_bearer_auth_project
|
||||||
product: api_bearer_auth
|
product: api_bearer_auth
|
||||||
|
framework: wordpress
|
||||||
tags: packetstorm,cve,cve2019,wordpress,xss,wp-plugin,auth
|
tags: packetstorm,cve,cve2019,wordpress,xss,wp-plugin,auth
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
|
description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of the WordPress Checklist plugin (1.1.9 or higher) to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://wordpress.org/plugins/checklist/#developers
|
- https://wordpress.org/plugins/checklist/#developers
|
||||||
- https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
|
- https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
|
||||||
|
|
@ -17,13 +19,13 @@ info:
|
||||||
cve-id: CVE-2019-16525
|
cve-id: CVE-2019-16525
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00323
|
epss-score: 0.00323
|
||||||
cpe: cpe:2.3:a:checklist:checklist:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.66929
|
epss-percentile: 0.66929
|
||||||
|
cpe: cpe:2.3:a:checklist:checklist:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: checklist
|
vendor: checklist
|
||||||
product: checklist
|
product: checklist
|
||||||
|
framework: wordpress
|
||||||
tags: xss,wp-plugin,packetstorm,cve,cve2019,wordpress
|
tags: xss,wp-plugin,packetstorm,cve,cve2019,wordpress
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,22 +6,22 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
|
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
|
||||||
|
remediation: |
|
||||||
|
Cisco has released firmware updates that address this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
|
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
|
||||||
- https://www.exploit-db.com/exploits/46262/
|
- https://www.exploit-db.com/exploits/46262/
|
||||||
- https://www.exploit-db.com/exploits/46655/
|
- https://www.exploit-db.com/exploits/46655/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-1653
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-1653
|
||||||
- http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html
|
- http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html
|
||||||
remediation: |
|
|
||||||
Cisco has released firmware updates that address this vulnerability.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
cve-id: CVE-2019-1653
|
cve-id: CVE-2019-1653
|
||||||
cwe-id: CWE-200,CWE-284
|
cwe-id: CWE-200,CWE-284
|
||||||
epss-score: 0.97578
|
epss-score: 0.97578
|
||||||
cpe: cpe:2.3:o:cisco:rv320_firmware:1.4.2.15:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 1
|
epss-percentile: 1
|
||||||
|
cpe: cpe:2.3:o:cisco:rv320_firmware:1.4.2.15:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: cisco
|
vendor: cisco
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: critical
|
severity: critical
|
||||||
description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
|
description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of rConfig (3.9.3 or later) or apply the vendor-supplied patch to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
|
- https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16662
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-16662
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-16662
|
cve-id: CVE-2019-16662
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.97573
|
epss-score: 0.97573
|
||||||
cpe: cpe:2.3:a:rconfig:rconfig:3.9.2:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99999
|
epss-percentile: 0.99999
|
||||||
|
cpe: cpe:2.3:a:rconfig:rconfig:3.9.2:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: rconfig
|
vendor: rconfig
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: critical
|
severity: critical
|
||||||
description: vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
description: vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
|
||||||
|
remediation: |
|
||||||
|
Upgrade vBulletin to a version that is not affected by CVE-2019-16759.
|
||||||
reference:
|
reference:
|
||||||
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
|
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
|
||||||
- https://seclists.org/fulldisclosure/2019/Sep/31
|
- https://seclists.org/fulldisclosure/2019/Sep/31
|
||||||
|
|
@ -16,14 +18,14 @@ info:
|
||||||
cve-id: CVE-2019-16759
|
cve-id: CVE-2019-16759
|
||||||
cwe-id: CWE-94
|
cwe-id: CWE-94
|
||||||
epss-score: 0.97535
|
epss-score: 0.97535
|
||||||
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99987
|
epss-percentile: 0.99987
|
||||||
|
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
shodan-query: http.component:"vBulletin"
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
vendor: vbulletin
|
vendor: vbulletin
|
||||||
product: vbulletin
|
product: vbulletin
|
||||||
|
shodan-query: http.component:"vBulletin"
|
||||||
tags: cve,cve2019,rce,kev,seclists,vbulletin
|
tags: cve,cve2019,rce,kev,seclists,vbulletin
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: critical
|
severity: critical
|
||||||
description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
|
description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16920
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-16920
|
||||||
- https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
|
- https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-16920
|
cve-id: CVE-2019-16920
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.96275
|
epss-score: 0.96275
|
||||||
cpe: cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99325
|
epss-percentile: 0.99325
|
||||||
|
cpe: cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 3
|
max-request: 3
|
||||||
vendor: dlink
|
vendor: dlink
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
|
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of WordPress Visualizer plugin (3.3.1) or apply the provided patch to fix the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
|
- https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
|
||||||
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
|
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
|
||||||
|
|
@ -18,14 +20,14 @@ info:
|
||||||
cve-id: CVE-2019-16931
|
cve-id: CVE-2019-16931
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00244
|
epss-score: 0.00244
|
||||||
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.61655
|
epss-percentile: 0.61655
|
||||||
|
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
framework: wordpress
|
max-request: 1
|
||||||
vendor: themeisle
|
vendor: themeisle
|
||||||
product: visualizer
|
product: visualizer
|
||||||
|
framework: wordpress
|
||||||
tags: cve,cve2019,wp-plugin,wordpress,wp,xss,unauth,wpscan
|
tags: cve,cve2019,wp-plugin,wordpress,wp,xss,unauth,wpscan
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.
|
Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.
|
||||||
|
remediation: |
|
||||||
|
Update Visualizer plugin to version 3.3.1 or later to fix the SSRF vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/9892
|
- https://wpscan.com/vulnerability/9892
|
||||||
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
|
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
|
||||||
|
|
@ -18,13 +20,13 @@ info:
|
||||||
cve-id: CVE-2019-16932
|
cve-id: CVE-2019-16932
|
||||||
cwe-id: CWE-918
|
cwe-id: CWE-918
|
||||||
epss-score: 0.53434
|
epss-score: 0.53434
|
||||||
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.97161
|
epss-percentile: 0.97161
|
||||||
|
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: themeisle
|
vendor: themeisle
|
||||||
product: visualizer
|
product: visualizer
|
||||||
|
framework: wordpress
|
||||||
tags: cve,cve2019,wp-plugin,ssrf,wordpress,xss,unauth,wpscan,intrusive
|
tags: cve,cve2019,wp-plugin,ssrf,wordpress,xss,unauth,wpscan,intrusive
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: high
|
severity: high
|
||||||
description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
|
description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1
|
- https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16996
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-16996
|
||||||
|
|
@ -14,8 +16,8 @@ info:
|
||||||
cve-id: CVE-2019-16996
|
cve-id: CVE-2019-16996
|
||||||
cwe-id: CWE-89
|
cwe-id: CWE-89
|
||||||
epss-score: 0.30632
|
epss-score: 0.30632
|
||||||
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.96378
|
epss-percentile: 0.96378
|
||||||
|
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: metinfo
|
vendor: metinfo
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: high
|
severity: high
|
||||||
description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
|
description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/2
|
- https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/2
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-16997
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-16997
|
||||||
|
|
@ -14,8 +16,8 @@ info:
|
||||||
cve-id: CVE-2019-16997
|
cve-id: CVE-2019-16997
|
||||||
cwe-id: CWE-89
|
cwe-id: CWE-89
|
||||||
epss-score: 0.30632
|
epss-score: 0.30632
|
||||||
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.96378
|
epss-percentile: 0.96378
|
||||||
|
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: metinfo
|
vendor: metinfo
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
|
Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47760
|
- https://www.exploit-db.com/exploits/47760
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17270
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-17270
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-17270
|
cve-id: CVE-2019-17270
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.94092
|
epss-score: 0.94092
|
||||||
cpe: cpe:2.3:a:yachtcontrol:yachtcontrol:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.98826
|
epss-percentile: 0.98826
|
||||||
|
cpe: cpe:2.3:a:yachtcontrol:yachtcontrol:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: yachtcontrol
|
vendor: yachtcontrol
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: harshbothra_
|
author: harshbothra_
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
|
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47467
|
- https://www.exploit-db.com/exploits/47467
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-17382
|
cve-id: CVE-2019-17382
|
||||||
cwe-id: CWE-639
|
cwe-id: CWE-639
|
||||||
epss-score: 0.25064
|
epss-score: 0.25064
|
||||||
cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.9605
|
epss-percentile: 0.9605
|
||||||
|
cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 100
|
max-request: 100
|
||||||
vendor: zabbix
|
vendor: zabbix
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter (a different issue than CVE-2019-16997).
|
MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter (a different issue than CVE-2019-16997).
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of MetInfo or apply the necessary security patches provided by the vendor.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/evi1code/Just-for-fun/issues/2
|
- https://github.com/evi1code/Just-for-fun/issues/2
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17418
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-17418
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-17418
|
cve-id: CVE-2019-17418
|
||||||
cwe-id: CWE-89
|
cwe-id: CWE-89
|
||||||
epss-score: 0.43984
|
epss-score: 0.43984
|
||||||
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.96882
|
epss-percentile: 0.96882
|
||||||
|
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: metinfo
|
vendor: metinfo
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory.
|
Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Jfrog Artifactory to version 6.17.0 or later and change the default admin password to a strong, unique one.
|
||||||
reference:
|
reference:
|
||||||
- https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes
|
- https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes
|
||||||
- https://www.jfrog.com/confluence/display/JFROG/JFrog+Artifactory
|
- https://www.jfrog.com/confluence/display/JFROG/JFrog+Artifactory
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-17444
|
cve-id: CVE-2019-17444
|
||||||
cwe-id: CWE-521
|
cwe-id: CWE-521
|
||||||
epss-score: 0.07015
|
epss-score: 0.07015
|
||||||
cpe: cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*
|
|
||||||
epss-percentile: 0.9309
|
epss-percentile: 0.9309
|
||||||
|
cpe: cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: "-"
|
|
||||||
vendor: jfrog
|
vendor: jfrog
|
||||||
product: artifactory
|
product: artifactory
|
||||||
|
framework: "-"
|
||||||
tags: cve,cve2019,jfrog,default-login
|
tags: cve,cve2019,jfrog,default-login
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: LogicalHunter
|
author: LogicalHunter
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.
|
description: Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest patch or update provided by the vendor to fix the information disclosure vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47498
|
- https://www.exploit-db.com/exploits/47498
|
||||||
- https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities
|
- https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-17503
|
cve-id: CVE-2019-17503
|
||||||
cwe-id: CWE-425
|
cwe-id: CWE-425
|
||||||
epss-score: 0.00433
|
epss-score: 0.00433
|
||||||
cpe: cpe:2.3:a:kirona:dynamic_resource_scheduling:5.5.3.5:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.71395
|
epss-percentile: 0.71395
|
||||||
|
cpe: cpe:2.3:a:kirona:dynamic_resource_scheduling:5.5.3.5:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
vendor: kirona
|
vendor: kirona
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
|
D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by D-Link to fix the information disclosure vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py
|
- https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17506
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-17506
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-17506
|
cve-id: CVE-2019-17506
|
||||||
cwe-id: CWE-306
|
cwe-id: CWE-306
|
||||||
epss-score: 0.90125
|
epss-score: 0.90125
|
||||||
cpe: cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.98375
|
epss-percentile: 0.98375
|
||||||
|
cpe: cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: dlink
|
vendor: dlink
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1&name=../.
|
Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1&name=../.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Jiangnan Online Judge to a patched version or apply the necessary security patches to fix the Local File Inclusion vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/shi-yang/jnoj/issues/53
|
- https://github.com/shi-yang/jnoj/issues/53
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17538
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-17538
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-17538
|
cve-id: CVE-2019-17538
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00838
|
epss-score: 0.00838
|
||||||
cpe: cpe:2.3:a:jnoj:jiangnan_online_judge:0.8.0:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.79928
|
epss-percentile: 0.79928
|
||||||
|
cpe: cpe:2.3:a:jnoj:jiangnan_online_judge:0.8.0:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: jnoj
|
vendor: jnoj
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu,madrobot
|
author: pikpikcu,madrobot
|
||||||
severity: high
|
severity: high
|
||||||
description: Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
|
description: Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of Apache Solr (8.4.0 or later) to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://issues.apache.org/jira/browse/SOLR-13971
|
- https://issues.apache.org/jira/browse/SOLR-13971
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-17558
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-17558
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-17558
|
cve-id: CVE-2019-17558
|
||||||
cwe-id: CWE-74
|
cwe-id: CWE-74
|
||||||
epss-score: 0.97543
|
epss-score: 0.97543
|
||||||
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99991
|
epss-percentile: 0.99991
|
||||||
|
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 3
|
max-request: 3
|
||||||
vendor: apache
|
vendor: apache
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
|
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
|
||||||
|
remediation: |
|
||||||
|
Update Popup-Maker plugin to version 1.8.12 or later.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/9907
|
- https://wpscan.com/vulnerability/9907
|
||||||
- https://web.archive.org/web/20191128065954/https://blog.redyops.com/wordpress-plugin-popup-maker/
|
- https://web.archive.org/web/20191128065954/https://blog.redyops.com/wordpress-plugin-popup-maker/
|
||||||
|
|
@ -18,15 +20,15 @@ info:
|
||||||
cve-id: 'CVE-2019-17574'
|
cve-id: 'CVE-2019-17574'
|
||||||
cwe-id: CWE-639
|
cwe-id: CWE-639
|
||||||
epss-score: 0.14192
|
epss-score: 0.14192
|
||||||
cpe: cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.94987
|
epss-percentile: 0.94987
|
||||||
|
cpe: cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
|
||||||
verified: true
|
verified: true
|
||||||
publicwww-query: "/wp-content/plugins/popup-maker/"
|
max-request: 2
|
||||||
framework: wordpress
|
|
||||||
vendor: code-atlantic
|
vendor: code-atlantic
|
||||||
product: popup_maker
|
product: popup_maker
|
||||||
|
framework: wordpress
|
||||||
|
publicwww-query: "/wp-content/plugins/popup-maker/"
|
||||||
tags: wpscan,cve,cve2019,wp,wordpress,wp-plugin,disclosure,popup-maker,auth-bypass
|
tags: wpscan,cve,cve2019,wp,wordpress,wp-plugin,disclosure,popup-maker,auth-bypass
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: critical
|
severity: critical
|
||||||
description: |
|
description: |
|
||||||
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
|
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of ThinVNC or implement additional authentication mechanisms.
|
||||||
reference:
|
reference:
|
||||||
- http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
|
- http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
|
||||||
- https://github.com/bewest/thinvnc/issues/5
|
- https://github.com/bewest/thinvnc/issues/5
|
||||||
|
|
@ -17,14 +19,14 @@ info:
|
||||||
cve-id: CVE-2019-17662
|
cve-id: CVE-2019-17662
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.50347
|
epss-score: 0.50347
|
||||||
cpe: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.9709
|
epss-percentile: 0.9709
|
||||||
|
cpe: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
shodan-query: http.favicon.hash:-1414548363
|
|
||||||
verified: true
|
verified: true
|
||||||
|
max-request: 1
|
||||||
vendor: cybelsoft
|
vendor: cybelsoft
|
||||||
product: thinvnc
|
product: thinvnc
|
||||||
|
shodan-query: http.favicon.hash:-1414548363
|
||||||
tags: packetstorm,cve,cve2019,auth-bypass,thinvnc,intrusive
|
tags: packetstorm,cve,cve2019,auth-bypass,thinvnc,intrusive
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: _0xf4n9x_
|
author: _0xf4n9x_
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
|
description: Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest security patches provided by Cisco to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
|
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
|
||||||
- https://srcincite.io/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructure.html
|
- https://srcincite.io/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructure.html
|
||||||
|
|
@ -16,13 +18,13 @@ info:
|
||||||
cve-id: CVE-2019-1821
|
cve-id: CVE-2019-1821
|
||||||
cwe-id: CWE-20
|
cwe-id: CWE-20
|
||||||
epss-score: 0.96882
|
epss-score: 0.96882
|
||||||
cpe: cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99577
|
epss-percentile: 0.99577
|
||||||
|
cpe: cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 2
|
max-request: 2
|
||||||
shodan-query: http.title:"prime infrastructure"
|
|
||||||
vendor: cisco
|
vendor: cisco
|
||||||
product: evolved_programmable_network_manager
|
product: evolved_programmable_network_manager
|
||||||
|
shodan-query: http.title:"prime infrastructure"
|
||||||
tags: packetstorm,cve,cve2019,rce,fileupload,unauth,intrusive,cisco
|
tags: packetstorm,cve,cve2019,rce,fileupload,unauth,intrusive,cisco
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.
|
Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.
|
||||||
|
remediation: |
|
||||||
|
Update the firmware of the Xiaomi Mi WiFi R3G routers to the latest version, which includes a fix for the local file inclusion vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://ultramangaia.github.io/blog/2019/Xiaomi-Series-Router-Command-Execution-Vulnerability.html
|
- https://ultramangaia.github.io/blog/2019/Xiaomi-Series-Router-Command-Execution-Vulnerability.html
|
||||||
- https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/arbitrary_file_read_vulnerability.py
|
- https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/arbitrary_file_read_vulnerability.py
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-18371
|
cve-id: CVE-2019-18371
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.02272
|
epss-score: 0.02272
|
||||||
cpe: cpe:2.3:o:mi:millet_router_3g_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.88207
|
epss-percentile: 0.88207
|
||||||
|
cpe: cpe:2.3:o:mi:millet_router_3g_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: mi
|
vendor: mi
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
|
description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Ignite Realtime Openfire to version 4.42 or later to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/igniterealtime/Openfire/pull/1498
|
- https://github.com/igniterealtime/Openfire/pull/1498
|
||||||
- https://swarm.ptsecurity.com/openfire-admin-console/
|
- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-18393
|
cve-id: CVE-2019-18393
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.00161
|
epss-score: 0.00161
|
||||||
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.52069
|
epss-percentile: 0.52069
|
||||||
|
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: igniterealtime
|
vendor: igniterealtime
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: pdteam
|
author: pdteam
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery.
|
description: Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to the latest version of Ignite Realtime Openfire (>=4.4.3) to fix this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://swarm.ptsecurity.com/openfire-admin-console/
|
- https://swarm.ptsecurity.com/openfire-admin-console/
|
||||||
- https://github.com/igniterealtime/Openfire/pull/1497
|
- https://github.com/igniterealtime/Openfire/pull/1497
|
||||||
|
|
@ -15,8 +17,8 @@ info:
|
||||||
cve-id: CVE-2019-18394
|
cve-id: CVE-2019-18394
|
||||||
cwe-id: CWE-918
|
cwe-id: CWE-918
|
||||||
epss-score: 0.5914
|
epss-score: 0.5914
|
||||||
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.97299
|
epss-percentile: 0.97299
|
||||||
|
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: igniterealtime
|
vendor: igniterealtime
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
SECUDOS DOMOS before 5.6 allows local file inclusion via the log module.
|
SECUDOS DOMOS before 5.6 allows local file inclusion via the log module.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest patch or update to a version that is not affected by this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://atomic111.github.io/article/secudos-domos-directory_traversal
|
- https://atomic111.github.io/article/secudos-domos-directory_traversal
|
||||||
- https://vuldb.com/?id.144804
|
- https://vuldb.com/?id.144804
|
||||||
|
|
@ -18,8 +20,8 @@ info:
|
||||||
cve-id: CVE-2019-18665
|
cve-id: CVE-2019-18665
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.0855
|
epss-score: 0.0855
|
||||||
cpe: cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.93623
|
epss-percentile: 0.93623
|
||||||
|
cpe: cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: secudos
|
vendor: secudos
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: idealphase
|
author: idealphase
|
||||||
severity: critical
|
severity: critical
|
||||||
description: strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
|
description: strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
|
||||||
|
remediation: |
|
||||||
|
Upgrade Strapi CMS to a version higher than 3.0.0-beta.17.5 to mitigate the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/advisories/GHSA-6xc2-mj39-q599
|
- https://github.com/advisories/GHSA-6xc2-mj39-q599
|
||||||
- https://www.exploit-db.com/exploits/50239
|
- https://www.exploit-db.com/exploits/50239
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-18818
|
cve-id: CVE-2019-18818
|
||||||
cwe-id: CWE-640
|
cwe-id: CWE-640
|
||||||
epss-score: 0.88411
|
epss-score: 0.88411
|
||||||
cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.98263
|
epss-percentile: 0.98263
|
||||||
|
cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: strapi
|
vendor: strapi
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.
|
Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by Allied Telesis to fix the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html
|
- https://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html
|
||||||
- https://pastebin.com/dpEGKUGz
|
- https://pastebin.com/dpEGKUGz
|
||||||
|
|
@ -18,8 +20,8 @@ info:
|
||||||
cve-id: CVE-2019-18922
|
cve-id: CVE-2019-18922
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.16768
|
epss-score: 0.16768
|
||||||
cpe: cpe:2.3:o:alliedtelesis:at-gs950\/8_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.95348
|
epss-percentile: 0.95348
|
||||||
|
cpe: cpe:2.3:o:alliedtelesis:at-gs950\/8_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: alliedtelesis
|
vendor: alliedtelesis
|
||||||
|
|
|
||||||
|
|
@ -6,21 +6,21 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||||
|
remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch.
|
||||||
reference:
|
reference:
|
||||||
- https://seclists.org/bugtraq/2019/Nov/23
|
- https://seclists.org/bugtraq/2019/Nov/23
|
||||||
- https://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html
|
- https://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-18957
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-18957
|
||||||
- http://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html
|
- http://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html
|
||||||
- http://seclists.org/fulldisclosure/2019/Nov/4
|
- http://seclists.org/fulldisclosure/2019/Nov/4
|
||||||
remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch.
|
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2019-18957
|
cve-id: CVE-2019-18957
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00247
|
epss-score: 0.00247
|
||||||
cpe: cpe:2.3:a:microstrategy:microstrategy_library:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.61933
|
epss-percentile: 0.61933
|
||||||
|
cpe: cpe:2.3:a:microstrategy:microstrategy_library:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: microstrategy
|
vendor: microstrategy
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
|
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by Cisco to fix the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-1898
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-1898
|
||||||
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess
|
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess
|
||||||
|
|
@ -16,14 +18,14 @@ info:
|
||||||
cve-id: CVE-2019-1898
|
cve-id: CVE-2019-1898
|
||||||
cwe-id: CWE-425,CWE-285
|
cwe-id: CWE-425,CWE-285
|
||||||
epss-score: 0.06482
|
epss-score: 0.06482
|
||||||
cpe: cpe:2.3:o:cisco:rv110w_firmware:-:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.928
|
epss-percentile: 0.928
|
||||||
|
cpe: cpe:2.3:o:cisco:rv110w_firmware:-:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
fofa-query: icon_hash="-646322113"
|
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: cisco
|
vendor: cisco
|
||||||
product: rv110w_firmware
|
product: rv110w_firmware
|
||||||
|
fofa-query: icon_hash="-646322113"
|
||||||
tags: cve,cve2019,cisco,router,iot
|
tags: cve,cve2019,cisco,router,iot
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: daffainfo
|
author: daffainfo
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
|
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of the WordPress Hero Maps Premium plugin (>=2.2.2) or apply the vendor-provided patch to fix the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
|
- https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
|
||||||
- https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
|
- https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
|
||||||
|
|
@ -17,13 +19,13 @@ info:
|
||||||
cve-id: CVE-2019-19134
|
cve-id: CVE-2019-19134
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00203
|
epss-score: 0.00203
|
||||||
cpe: cpe:2.3:a:heroplugins:hero_maps_premium:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.57549
|
epss-percentile: 0.57549
|
||||||
|
cpe: cpe:2.3:a:heroplugins:hero_maps_premium:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: heroplugins
|
vendor: heroplugins
|
||||||
product: hero_maps_premium
|
product: hero_maps_premium
|
||||||
|
framework: wordpress
|
||||||
tags: wpscan,cve,cve2019,wordpress,xss,wp-plugin,maps
|
tags: wpscan,cve,cve2019,wordpress,xss,wp-plugin,maps
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: madrobot
|
author: madrobot
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
|
description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to the latest version of Rumpus FTP Web File Manager or apply the vendor-provided patch to mitigate this vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/harshit-shukla/CVE-2019-19368/
|
- https://github.com/harshit-shukla/CVE-2019-19368/
|
||||||
- https://www.maxum.com/Rumpus/Download.html
|
- https://www.maxum.com/Rumpus/Download.html
|
||||||
|
|
@ -16,8 +18,8 @@ info:
|
||||||
cve-id: CVE-2019-19368
|
cve-id: CVE-2019-19368
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00625
|
epss-score: 0.00625
|
||||||
cpe: cpe:2.3:a:maxum:rumpus:8.2.9.1:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.76278
|
epss-percentile: 0.76278
|
||||||
|
cpe: cpe:2.3:a:maxum:rumpus:8.2.9.1:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: maxum
|
vendor: maxum
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
|
remediation: |
|
||||||
|
Apply the necessary patches or updates provided by Cisco to fix the open redirect vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect
|
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect
|
||||||
- https://www.exploit-db.com/exploits/47118
|
- https://www.exploit-db.com/exploits/47118
|
||||||
|
|
@ -17,15 +19,15 @@ info:
|
||||||
cve-id: CVE-2019-1943
|
cve-id: CVE-2019-1943
|
||||||
cwe-id: CWE-601
|
cwe-id: CWE-601
|
||||||
epss-score: 0.03526
|
epss-score: 0.03526
|
||||||
cpe: cpe:2.3:o:cisco:sg200-50_firmware:-:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.90351
|
epss-percentile: 0.90351
|
||||||
|
cpe: cpe:2.3:o:cisco:sg200-50_firmware:-:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: "true"
|
verified: "true"
|
||||||
shodan-query: "/config/log_off_page.htm"
|
max-request: 1
|
||||||
censys-query: "services.http.response.headers.location: /config/log_off_page.htm"
|
|
||||||
vendor: cisco
|
vendor: cisco
|
||||||
product: sg200-50_firmware
|
product: sg200-50_firmware
|
||||||
|
shodan-query: "/config/log_off_page.htm"
|
||||||
|
censys-query: "services.http.response.headers.location: /config/log_off_page.htm"
|
||||||
tags: cve,cve2023,redirect,cisco
|
tags: cve,cve2023,redirect,cisco
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: organiccrap,geeknik
|
author: organiccrap,geeknik
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.
|
description: Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.
|
||||||
|
remediation: |
|
||||||
|
Apply the necessary security patches provided by Citrix to fix the directory traversal vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://support.citrix.com/article/CTX267027
|
- https://support.citrix.com/article/CTX267027
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-19781
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-19781
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-19781
|
cve-id: CVE-2019-19781
|
||||||
cwe-id: CWE-22
|
cwe-id: CWE-22
|
||||||
epss-score: 0.97541
|
epss-score: 0.97541
|
||||||
cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.9999
|
epss-percentile: 0.9999
|
||||||
|
cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: citrix
|
vendor: citrix
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
|
TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
|
||||||
|
remediation: |
|
||||||
|
Apply the latest firmware update provided by the vendor to fix the vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
|
- https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
|
||||||
- https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
|
- https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
|
||||||
|
|
@ -17,8 +19,8 @@ info:
|
||||||
cve-id: CVE-2019-19824
|
cve-id: CVE-2019-19824
|
||||||
cwe-id: CWE-78
|
cwe-id: CWE-78
|
||||||
epss-score: 0.96631
|
epss-score: 0.96631
|
||||||
cpe: cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.99466
|
epss-percentile: 0.99466
|
||||||
|
cpe: cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
vendor: totolink
|
vendor: totolink
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,8 @@ info:
|
||||||
severity: medium
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
|
phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
|
||||||
|
remediation: |
|
||||||
|
Upgrade to a patched version of phpMyChat-Plus or apply the necessary security patches to mitigate the XSS vulnerability.
|
||||||
reference:
|
reference:
|
||||||
- https://cinzinga.github.io/CVE-2019-19908/
|
- https://cinzinga.github.io/CVE-2019-19908/
|
||||||
- http://ciprianmp.com/
|
- http://ciprianmp.com/
|
||||||
|
|
@ -17,14 +19,14 @@ info:
|
||||||
cve-id: CVE-2019-19908
|
cve-id: CVE-2019-19908
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
epss-score: 0.00622
|
epss-score: 0.00622
|
||||||
cpe: cpe:2.3:a:ciprianmp:phpmychat-plus:1.98:*:*:*:*:*:*:*
|
|
||||||
epss-percentile: 0.76214
|
epss-percentile: 0.76214
|
||||||
|
cpe: cpe:2.3:a:ciprianmp:phpmychat-plus:1.98:*:*:*:*:*:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
|
||||||
verified: true
|
verified: true
|
||||||
google-query: inurl:"/plus/pass_reset.php"
|
max-request: 1
|
||||||
vendor: ciprianmp
|
vendor: ciprianmp
|
||||||
product: phpmychat-plus
|
product: phpmychat-plus
|
||||||
|
google-query: inurl:"/plus/pass_reset.php"
|
||||||
tags: cve,cve2019,phpMyChat,xss
|
tags: cve,cve2019,phpMyChat,xss
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ info:
|
||||||
author: KBA@SOGETI_ESEC,madrobot,dwisiswant0
|
author: KBA@SOGETI_ESEC,madrobot,dwisiswant0
|
||||||
severity: medium
|
severity: medium
|
||||||
description: WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
|
description: WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
|
||||||
|
remediation: |
|
||||||
|
Update to the latest version of WordPress Email Subscribers & Newsletters plugin (4.2.3) or apply the patch provided by the vendor.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/48698
|
- https://www.exploit-db.com/exploits/48698
|
||||||
- https://wpvulndb.com/vulnerabilities/9946
|
- https://wpvulndb.com/vulnerabilities/9946
|
||||||
|
|
@ -17,13 +19,13 @@ info:
|
||||||
cve-id: CVE-2019-19985
|
cve-id: CVE-2019-19985
|
||||||
cwe-id: CWE-862
|
cwe-id: CWE-862
|
||||||
epss-score: 0.08255
|
epss-score: 0.08255
|
||||||
cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*
|
|
||||||
epss-percentile: 0.93525
|
epss-percentile: 0.93525
|
||||||
|
cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*
|
||||||
metadata:
|
metadata:
|
||||||
max-request: 1
|
max-request: 1
|
||||||
framework: wordpress
|
|
||||||
vendor: icegram
|
vendor: icegram
|
||||||
product: email_subscribers_\&_newsletters
|
product: email_subscribers_\&_newsletters
|
||||||
|
framework: wordpress
|
||||||
tags: cve2019,wordpress,wp-plugin,edb,packetstorm,cve
|
tags: cve2019,wordpress,wp-plugin,edb,packetstorm,cve
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue