daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated 2019 CVEs

patch-1
Prince Chaddha 2023-09-06 18:23:28 +05:30
parent d6f27be44f
commit a92ce6783f
159 changed files with 574 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
http/cves/2019/CVE-2019-0193.yaml
View File

@ -6,22 +6,22 @@ info:
severity: high
description: |
Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
remediation: |
Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
reference:
- https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
- https://paper.seebug.org/1009/
- https://issues.apache.org/jira/browse/SOLR-13669
- https://nvd.nist.gov/vuln/detail/CVE-2019-0193
- https://lists.apache.org/thread.html/1addbb49a1fc0947fb32ca663d76d93cfaade35a4848a76d4b4ded9c@%3Cissues.lucene.apache.org%3E
remediation: |
Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2019-0193
cwe-id: CWE-94
epss-score: 0.95869
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
epss-percentile: 0.99213
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: apache

6
http/cves/2019/CVE-2019-0221.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
remediation: |
Apply the necessary patches or updates provided by Apache Tomcat to fix the XSS vulnerability.
reference:
- https://seclists.org/fulldisclosure/2019/May/50
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
@ -18,13 +20,13 @@ info:
cve-id: CVE-2019-0221
cwe-id: CWE-79
epss-score: 0.01651
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
epss-percentile: 0.86008
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: title:"Apache Tomcat"
vendor: apache
product: tomcat
shodan-query: title:"Apache Tomcat"
tags: apache,xss,tomcat,seclists,edb,cve,cve2019
variables:
payload: "<script>alert({{rand_int()}})</script>"

4
http/cves/2019/CVE-2019-0230.yaml
View File

@ -5,6 +5,8 @@ info:
author: geeknik
severity: critical
description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.
remediation: |
Upgrade Apache Struts to a version higher than 2.5.20 or apply the necessary patches provided by the vendor.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-0230
- https://cwiki.apache.org/confluence/display/WW/S2-059
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-0230
cwe-id: CWE-1321
epss-score: 0.92614
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
epss-percentile: 0.98622
cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

4
http/cves/2019/CVE-2019-10068.yaml
View File

@ -5,6 +5,8 @@ info:
author: davidmckennirey
severity: critical
description: Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.
remediation: |
Apply the latest security patches and updates provided by Kentico CMS to mitigate this vulnerability.
reference:
- https://www.aon.com/cyber-solutions/aon_cyber_labs/unauthenticated-remote-code-execution-in-kentico-cms/
- https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-10068
cwe-id: CWE-502
epss-score: 0.97358
cpe: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*
epss-percentile: 0.9984
cpe: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: kentico

4
http/cves/2019/CVE-2019-10092.yaml
View File

@ -5,6 +5,8 @@ info:
author: pdteam
severity: medium
description: Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
remediation: |
Upgrade to Apache HTTP Server version 2.4.40 or later, which includes a fix for this vulnerability.
reference:
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd
- https://httpd.apache.org/security/vulnerabilities_24.html
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-10092
cwe-id: CWE-79
epss-score: 0.01582
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
epss-percentile: 0.8571
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

4
http/cves/2019/CVE-2019-10098.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
remediation: |
Upgrade Apache HTTP server to version 2.4.40 or later to mitigate this vulnerability.
reference:
- https://www.exploit-db.com/exploits/47689
- https://nvd.nist.gov/vuln/detail/CVE-2019-10098
@ -19,8 +21,8 @@ info:
cve-id: CVE-2019-10098
cwe-id: CWE-601
epss-score: 0.08306
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
epss-percentile: 0.9354
cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache

6
http/cves/2019/CVE-2019-1010287.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: 'Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the malicious url.'
remediation: |
Upgrade to a patched version of Timesheet Next Gen (1.5.4 or above) that properly sanitizes user input to prevent XSS attacks.
reference:
- http://www.mdh-tz.info/
- https://sourceforge.net/p/tsheetx/discussion/779083/thread/7fcb52f696/
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-1010287
cwe-id: CWE-79
epss-score: 0.00129
cpe: cpe:2.3:a:timesheet_next_gen_project:timesheet_next_gen:*:*:*:*:*:*:*:*
epss-percentile: 0.46935
cpe: cpe:2.3:a:timesheet_next_gen_project:timesheet_next_gen:*:*:*:*:*:*:*:*
metadata:
max-request: 1
google-query: inurl:"/timesheet/login.php"
vendor: timesheet_next_gen_project
product: timesheet_next_gen
google-query: inurl:"/timesheet/login.php"
tags: cve,cve2019,timesheet,xss
http:

4
http/cves/2019/CVE-2019-1010290.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: medium
description: Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.
remediation: |
Upgrade to Babel version 7.4.0 or later to mitigate this vulnerability.
reference:
- https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
- http://dev.cmsmadesimple.org/project/files/729
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-1010290
cwe-id: CWE-601
epss-score: 0.00198
cpe: cpe:2.3:a:cmsmadesimple:bable\:multilingual_site:*:*:*:*:*:cms_made_simple:*:*
epss-percentile: 0.56887
cpe: cpe:2.3:a:cmsmadesimple:bable\:multilingual_site:*:*:*:*:*:cms_made_simple:*:*
metadata:
max-request: 1
vendor: cmsmadesimple

4
http/cves/2019/CVE-2019-10232.yaml
View File

@ -5,6 +5,8 @@ info:
author: RedTeamBrasil
severity: critical
description: Teclib GLPI <= 9.3.3 exposes a script (/scripts/unlock_tasks.php) that incorrectly sanitizes user controlled data before using it in SQL queries. Thus, an attacker could abuse the affected feature to alter the semantic original SQL query and retrieve database records.
remediation: |
Upgrade to a patched version of Teclib GLPI (9.3.4 or later) to mitigate this vulnerability.
reference:
- https://www.synacktiv.com/ressources/advisories/GLPI_9.3.3_SQL_Injection.pdf
- https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-10232
cwe-id: CWE-89
epss-score: 0.21939
cpe: cpe:2.3:a:teclib-edition:gestionnaire_libre_de_parc_informatique:*:*:*:*:*:*:*:*
epss-percentile: 0.95827
cpe: cpe:2.3:a:teclib-edition:gestionnaire_libre_de_parc_informatique:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: teclib-edition

6
http/cves/2019/CVE-2019-10405.yaml
View File

@ -5,6 +5,8 @@ info:
author: c-sh0
severity: medium
description: Jenkins through 2.196, LTS 2.176.3 and earlier prints the value of the cookie on the /whoAmI/ URL despite it being marked HttpOnly, thus making it possible to steal cookie-based authentication credentials if the URL is exposed or accessed via another cross-site scripting issue.
remediation: |
Upgrade Jenkins to a version higher than 2.196 to mitigate the vulnerability.
reference:
- https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1505
- http://www.openwall.com/lists/oss-security/2019/09/25/3
@ -15,13 +17,13 @@ info:
cve-id: CVE-2019-10405
cwe-id: CWE-79
epss-score: 0.00572
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
epss-percentile: 0.75075
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
metadata:
max-request: 2
shodan-query: http.favicon.hash:81586312
vendor: jenkins
product: jenkins
shodan-query: http.favicon.hash:81586312
tags: cve,cve2019,jenkins
http:

6
http/cves/2019/CVE-2019-10475.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: medium
description: Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides.
remediation: |
Upgrade to a patched version of the Jenkins build-metrics plugin or apply the necessary fixes provided by the vendor.
reference:
- https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1490
- http://www.openwall.com/lists/oss-security/2019/10/23/2
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-10475
cwe-id: CWE-79
epss-score: 0.97301
cpe: cpe:2.3:a:jenkins:build-metrics:*:*:*:*:*:jenkins:*:*
epss-percentile: 0.99796
cpe: cpe:2.3:a:jenkins:build-metrics:*:*:*:*:*:jenkins:*:*
metadata:
max-request: 1
framework: jenkins
vendor: jenkins
product: build-metrics
framework: jenkins
tags: cve,cve2019,jenkins,xss,plugin,packetstorm
http:

8
http/cves/2019/CVE-2019-10692.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
remediation: |
Update to the latest version of the WordPress Google Maps plugin (7.11.18 or higher).
reference:
- https://wpscan.com/vulnerability/475404ce-2a1a-4d15-bf02-df0ea2afdaea
- https://wordpress.org/plugins/wp-google-maps/#developers
@ -17,14 +19,14 @@ info:
cve-id: CVE-2019-10692
cwe-id: CWE-89
epss-score: 0.9737
cpe: cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.9985
cpe: cpe:2.3:a:codecabin:wp_go_maps:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: codecabin
product: wp_go_maps
framework: wordpress
tags: cve,cve2019,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan
http:

8
http/cves/2019/CVE-2019-10717.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
remediation: |
Upgrade to a patched version of BlogEngine.NET or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
- https://github.com/rxtur/BlogEngine.NET/commits/master
@ -17,14 +19,14 @@ info:
cve-id: CVE-2019-10717
cwe-id: CWE-22
epss-score: 0.0042
cpe: cpe:2.3:a:dotnetblogengine:blogengine.net:3.3.7.0:*:*:*:*:*:*:*
epss-percentile: 0.7095
cpe: cpe:2.3:a:dotnetblogengine:blogengine.net:3.3.7.0:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"Blogengine.net"
verified: true
max-request: 1
vendor: dotnetblogengine
product: blogengine.net
shodan-query: http.html:"Blogengine.net"
tags: seclists,cve,cve2019,blogengine,lfi,traversal
http:

8
http/cves/2019/CVE-2019-10758.yaml
View File

@ -5,24 +5,24 @@ info:
author: princechaddha
severity: critical
description: mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method and misuse the `vm` dependency to perform `exec` commands in a non-safe environment.
remediation: Upgrade mongo-express to version 0.54.0 or higher.
reference:
- https://github.com/vulhub/vulhub/tree/master/mongo-express/CVE-2019-10758
- https://nvd.nist.gov/vuln/detail/CVE-2019-10758
- https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
remediation: Upgrade mongo-express to version 0.54.0 or higher.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.9
cve-id: CVE-2019-10758
epss-score: 0.97345
cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:*
epss-percentile: 0.99831
cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:*
metadata:
max-request: 1
shodan-query: http.title:"Mongo Express"
framework: node.js
vendor: mongo-express_project
product: mongo-express
framework: node.js
shodan-query: http.title:"Mongo Express"
tags: vulhub,cve,cve2019,mongo,mongo-express,kev
http:

4
http/cves/2019/CVE-2019-11013.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: medium
description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
remediation: |
Upgrade Nimble Streamer to a version higher than 3.5.4-9 to mitigate the LFI vulnerability.
reference:
- https://www.exploit-db.com/exploits/47301
- https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-11013
cwe-id: CWE-22
epss-score: 0.01775
cpe: cpe:2.3:a:softvelum:nimble_streamer:*:*:*:*:*:*:*:*
epss-percentile: 0.86476
cpe: cpe:2.3:a:softvelum:nimble_streamer:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: softvelum

4
http/cves/2019/CVE-2019-11248.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
remediation: |
Disable or restrict access to the Debug Endpoint pprof to prevent unauthorized access.
reference:
- https://medium.com/bugbountywriteup/my-first-bug-bounty-21d3203ffdb0
- http://mmcloughlin.com/posts/your-pprof-is-showing
@ -18,8 +20,8 @@ info:
cve-id: CVE-2019-11248
cwe-id: CWE-419,CWE-862
epss-score: 0.74826
cpe: cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
epss-percentile: 0.97731
cpe: cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: kubernetes

8
http/cves/2019/CVE-2019-11370.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html "System contact" field.
remediation: |
Apply the latest patch or upgrade to a version that addresses the vulnerability.
reference:
- https://www.exploit-db.com/exploits/46897
- https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370
@ -16,14 +18,14 @@ info:
cve-id: CVE-2019-11370
cwe-id: CWE-79
epss-score: 0.1896
cpe: cpe:2.3:o:carel:pcoweb_card_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.95583
cpe: cpe:2.3:o:carel:pcoweb_card_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.html:"pCOWeb"
verified: true
max-request: 2
vendor: carel
product: pcoweb_card_firmware
shodan-query: http.html:"pCOWeb"
tags: pcoweb,xss,carel,edb,cve,cve2019
http:

4
http/cves/2019/CVE-2019-11510.yaml
View File

@ -5,6 +5,8 @@ info:
author: organiccrap
severity: critical
description: Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.
remediation: |
Apply the latest security patches and updates provided by Pulse Secure.
reference:
- https://blog.orange.tw/2019/09/attacking-ssl-vpn-part-3-golden-pulse-secure-rce-chain.html
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-11510
cwe-id: CWE-22
epss-score: 0.97289
cpe: cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*
epss-percentile: 0.99788
cpe: cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:r1.0:*:*:*:*:*:*
metadata:
max-request: 1
vendor: pulsesecure

6
http/cves/2019/CVE-2019-11580.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: critical
description: Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
remediation: |
Upgrade to Atlassian Crowd and Crowd Data Center version 3.4.3 or later to mitigate this vulnerability.
reference:
- https://github.com/jas502n/CVE-2019-11580
- https://jira.atlassian.com/browse/CWD-5388
@ -15,13 +17,13 @@ info:
cvss-score: 9.8
cve-id: CVE-2019-11580
epss-score: 0.97501
cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
epss-percentile: 0.99963
cpe: cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"Atlassian Jira"
vendor: atlassian
product: crowd
shodan-query: http.component:"Atlassian Jira"
tags: packetstorm,kev,cve,cve2019,atlassian,rce
http:

6
http/cves/2019/CVE-2019-11581.yaml
View File

@ -5,6 +5,8 @@ info:
author: ree4pwn
severity: critical
description: Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
remediation: |
Apply the necessary security patches or upgrade to a fixed version provided by Atlassian to mitigate this vulnerability.
reference:
- https://github.com/jas502n/CVE-2019-11581
- https://jira.atlassian.com/browse/JRASERVER-69532
@ -15,13 +17,13 @@ info:
cve-id: CVE-2019-11581
cwe-id: CWE-74
epss-score: 0.97434
cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
epss-percentile: 0.99907
cpe: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"Atlassian Jira"
vendor: atlassian
product: jira
shodan-query: http.component:"Atlassian Jira"
tags: cve,cve2019,atlassian,jira,ssti,rce,kev
http:

6
http/cves/2019/CVE-2019-11869.yaml
View File

@ -11,6 +11,8 @@ info:
request is for an admin page). An unauthenticated attacker can consequently inject
a payload into the plugin settings, such as the
yuzo_related_post_css_and_style setting.
remediation: |
Update to the latest version of the Yuzo plugin (5.12.94 or higher) to mitigate this vulnerability.
reference:
- https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild
- https://wpscan.com/vulnerability/9254
@ -23,13 +25,13 @@ info:
cve-id: CVE-2019-11869
cwe-id: CWE-79
epss-score: 0.00321
cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:*:*:*:*:wordpress:*:*
epss-percentile: 0.66852
cpe: cpe:2.3:a:yuzopro:yuzo:5.12.94:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
framework: wordpress
vendor: yuzopro
product: yuzo
framework: wordpress
tags: wpscan,cve,cve2019,wordpress,wp-plugin,xss
http:

6
http/cves/2019/CVE-2019-12276.yaml
View File

@ -6,22 +6,22 @@ info:
severity: high
description: |
GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
remediation: |
A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
reference:
- https://security401.com/grandnode-path-traversal/
- https://grandnode.com
- https://github.com/grandnode/grandnode
- https://nvd.nist.gov/vuln/detail/CVE-2019-12276
- http://packetstormsecurity.com/files/153373/GrandNode-4.40-Path-Traversal-File-Download.html
remediation: |
A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-12276
cwe-id: CWE-22
epss-score: 0.96216
cpe: cpe:2.3:a:grandnode:grandnode:4.40:*:*:*:*:*:*:*
epss-percentile: 0.99307
cpe: cpe:2.3:a:grandnode:grandnode:4.40:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: grandnode

4
http/cves/2019/CVE-2019-12314.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: critical
description: Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Deltek Maconomy 2.2.5.
reference:
- http://packetstormsecurity.com/files/153079/Deltek-Maconomy-2.2.5-Local-File-Inclusion.html
- https://github.com/ras313/CVE-2019-12314/security/advisories/GHSA-8762-rf4g-23xm
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-12314
cwe-id: CWE-22
epss-score: 0.23499
cpe: cpe:2.3:a:deltek:maconomy:2.2.5:*:*:*:*:*:*:*
epss-percentile: 0.95935
cpe: cpe:2.3:a:deltek:maconomy:2.2.5:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: deltek

4
http/cves/2019/CVE-2019-12461.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter.
remediation: |
Upgrade to the latest version of WebPort (1.19.2 or higher) which includes a fix for this vulnerability.
reference:
- https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
- https://webport.se/nedladdningar/
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-12461
cwe-id: CWE-79
epss-score: 0.00269
cpe: cpe:2.3:a:webport:web_port:1.19.1:*:*:*:*:*:*:*
epss-percentile: 0.63646
cpe: cpe:2.3:a:webport:web_port:1.19.1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: webport

6
http/cves/2019/CVE-2019-12581.yaml
View File

@ -5,6 +5,8 @@ info:
author: n-thumann
severity: medium
description: Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTML via the err_msg parameter free_time_failed.cgi CGI program, aka reflective cross-site scripting.
remediation: |
Apply the latest firmware update provided by Zyxel to fix the XSS vulnerability.
reference:
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
- https://sec-consult.com/vulnerability-lab/advisory/reflected-cross-site-scripting-in-zxel-zywall/
@ -17,13 +19,13 @@ info:
cve-id: CVE-2019-12581
cwe-id: CWE-79
epss-score: 0.00642
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.7661
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.title:"ZyWall"
vendor: zyxel
product: uag2100_firmware
shodan-query: http.title:"ZyWall"
tags: cve,cve2019,zyxel,zywall,xss
http:

4
http/cves/2019/CVE-2019-12583.yaml
View File

@ -5,6 +5,8 @@ info:
author: n-thumann,daffainfo
severity: critical
description: Zyxel UAG, USG, and ZyWall devices allows a remote attacker to generate guest accounts by directly accessing the account generator via the "Free Time" component. This can lead to unauthorized network access or DoS attacks.
remediation: |
Apply the latest firmware update provided by Zyxel to fix the vulnerability.
reference:
- https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
- https://n-thumann.de/blog/zyxel-gateways-missing-access-control-in-account-generator-xss/
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-12583
cwe-id: CWE-425
epss-score: 0.00481
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.72824
cpe: cpe:2.3:o:zyxel:uag2100_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: zyxel

8
http/cves/2019/CVE-2019-12593.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
remediation: |
Upgrade IceWarp Mail Server to a version higher than 10.4.4 or apply the vendor-provided patch to fix the LFI vulnerability.
reference:
- https://github.com/JameelNabbo/exploits/blob/master/IceWarp%20%3C%3D10.4.4%20local%20file%20include.txt
- http://www.icewarp.com
@ -17,14 +19,14 @@ info:
cve-id: CVE-2019-12593
cwe-id: CWE-22
epss-score: 0.13201
cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*
epss-percentile: 0.94827
cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:*
metadata:
max-request: 2
google-query: Powered By IceWarp 10.4.4
shodan-query: title:"icewarp"
vendor: icewarp
product: mail_server
shodan-query: title:"icewarp"
google-query: Powered By IceWarp 10.4.4
tags: packetstorm,cve,cve2019,lfi,icewarp
http:

4
http/cves/2019/CVE-2019-12616.yaml
View File

@ -5,6 +5,8 @@ info:
author: Mohammedsaneem,philippedelteil,daffainfo
severity: medium
description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
remediation: |
Upgrade phpMyAdmin to version 4.9.0 or later to mitigate the CSRF vulnerability.
reference:
- https://www.phpmyadmin.net/security/PMASA-2019-4/
- https://www.exploit-db.com/exploits/46982
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-12616
cwe-id: CWE-352
epss-score: 0.00989
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
epss-percentile: 0.81614
cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: phpmyadmin

4
http/cves/2019/CVE-2019-12725.yaml
View File

@ -5,21 +5,21 @@ info:
author: dwisiswant0,akincibor
severity: critical
description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
remediation: Upgrade to 3.9.5. Be aware this product is no longer supported.
reference:
- https://www.zeroshell.org/new-release-and-critical-vulnerability/
- https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
- https://github.com/X-C3LL/PoC-CVEs/blob/master/CVE-2019-12725/ZeroShell-RCE-EoP.py
- https://zeroshell.org/blog/
- http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html
remediation: Upgrade to 3.9.5. Be aware this product is no longer supported.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-12725
cwe-id: CWE-78
epss-score: 0.96479
cpe: cpe:2.3:o:zeroshell:zeroshell:3.9.0:*:*:*:*:*:*:*
epss-percentile: 0.99394
cpe: cpe:2.3:o:zeroshell:zeroshell:3.9.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: zeroshell

8
http/cves/2019/CVE-2019-12962.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting.
remediation: |
Upgrade to the latest version of LiveZilla Server or apply the vendor-provided patch to mitigate this vulnerability.
reference:
- https://www.exploit-db.com/exploits/49669
- https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2019-12962
cwe-id: CWE-79
epss-score: 0.20689
cpe: cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*
epss-percentile: 0.95731
cpe: cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:LiveZilla
verified: true
max-request: 1
vendor: livezilla
product: livezilla
shodan-query: http.html:LiveZilla
tags: xss,edb,packetstorm,cve,cve2019,livezilla
http:

6
http/cves/2019/CVE-2019-12985.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, pingCount, or packetSize, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Apply the necessary patches or updates provided by Citrix to mitigate this vulnerability.
reference:
- https://www.tenable.com/security/research/tra-2019-31
- https://support.citrix.com/article/CTX251987
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-12985
cwe-id: CWE-78
epss-score: 0.97433
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
epss-percentile: 0.99906
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"Citrix SD-WAN"
vendor: citrix
product: netscaler_sd-wan
shodan-query: http.title:"Citrix SD-WAN"
tags: cve,cve2019,citrix,rce,unauth,oast,tenable
http:

6
http/cves/2019/CVE-2019-12986.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Citrix SD-WAN Center is susceptible to remote command injection via the trace_route function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ipAddress, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Apply the necessary patches or updates provided by Citrix to mitigate the vulnerability.
reference:
- https://www.tenable.com/security/research/tra-2019-31
- https://support.citrix.com/article/CTX251987
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-12986
cwe-id: CWE-78
epss-score: 0.97433
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
epss-percentile: 0.99906
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"Citrix SD-WAN"
vendor: citrix
product: netscaler_sd-wan
shodan-query: http.title:"Citrix SD-WAN"
tags: unauth,oast,tenable,cve,cve2019,citrix,rce
http:

6
http/cves/2019/CVE-2019-12987.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying an array value with crafted values for action, host, path, or type, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Apply the latest security patches provided by Citrix to mitigate the vulnerability.
reference:
- https://www.tenable.com/security/research/tra-2019-31
- https://support.citrix.com/article/CTX251987
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-12987
cwe-id: CWE-78
epss-score: 0.97433
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
epss-percentile: 0.99906
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"Citrix SD-WAN"
vendor: citrix
product: netscaler_sd-wan
shodan-query: http.title:"Citrix SD-WAN"
tags: citrix,rce,unauth,oast,tenable,cve,cve2019
http:

6
http/cves/2019/CVE-2019-12988.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Citrix SD-WAN Center is susceptible to remote command injection via the addModifyZTDProxy function in NmsController. The function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for ztd_password, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Apply the latest security patches provided by Citrix to mitigate the vulnerability.
reference:
- https://www.tenable.com/security/research/tra-2019-31
- https://support.citrix.com/article/CTX251987
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-12988
cwe-id: CWE-78
epss-score: 0.97433
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
epss-percentile: 0.99906
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"Citrix SD-WAN"
vendor: citrix
product: netscaler_sd-wan
shodan-query: http.title:"Citrix SD-WAN"
tags: rce,unauth,oast,tenable,cve,cve2019,citrix
http:

6
http/cves/2019/CVE-2019-12990.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for filename, filedata, and workspace_id, therefore being able to write files to locations writable by the www-data user and/or to write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.
remediation: |
Apply the latest security patches or updates provided by Citrix to mitigate the vulnerability.
reference:
- https://www.tenable.com/security/research/tra-2019-31
- https://support.citrix.com/search?searchQuery=*&lang=en&sort=relevance&prod=&pver=&ct=Security+Bulletin
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-12990
cwe-id: CWE-22
epss-score: 0.95724
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
epss-percentile: 0.99172
cpe: cpe:2.3:a:citrix:netscaler_sd-wan:*:*:*:*:*:*:*:*
metadata:
max-request: 3
shodan-query: http.title:"Citrix SD-WAN"
vendor: citrix
product: netscaler_sd-wan
shodan-query: http.title:"Citrix SD-WAN"
tags: cve,cve2019,citrix,rce,unauth,tenable,intrusive
http:

4
http/cves/2019/CVE-2019-13101.yaml
View File

@ -5,6 +5,8 @@ info:
author: Suman_Kar
severity: critical
description: D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices can be accessed directly without authentication and lead to disclosure of information about the WAN, which can then be leveraged by an attacker to modify the data fields of the page.
remediation: |
Update the router's firmware to the latest version provided by D-Link.
reference:
- https://github.com/d0x0/D-Link-DIR-600M
- https://www.exploit-db.com/exploits/47250
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-13101
cwe-id: CWE-306
epss-score: 0.03717
cpe: cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*
epss-percentile: 0.90578
cpe: cpe:2.3:o:dlink:dir-600m_firmware:3.02:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: dlink

4
http/cves/2019/CVE-2019-13392.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.
remediation: |
Upgrade to the latest version of MindPalette NateMail to fix the XSS vulnerability.
reference:
- https://www.doyler.net/security-not-included/natemail-vulnerabilities
- https://mindpalette.com/tag/natemail/
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-13392
cwe-id: CWE-79
epss-score: 0.0014
cpe: cpe:2.3:a:mindpalette:natemail:3.0.15:*:*:*:*:*:*:*
epss-percentile: 0.4905
cpe: cpe:2.3:a:mindpalette:natemail:3.0.15:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: mindpalette

4
http/cves/2019/CVE-2019-13396.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko,daffainfo
severity: medium
description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://www.exploit-db.com/exploits/47121
- http://getflightpath.com/node/2650
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-13396
cwe-id: CWE-22
epss-score: 0.02107
cpe: cpe:2.3:a:getflightpath:flightpath:*:*:*:*:*:*:*:*
epss-percentile: 0.87729
cpe: cpe:2.3:a:getflightpath:flightpath:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: getflightpath

4
http/cves/2019/CVE-2019-13462.yaml
View File

@ -5,6 +5,8 @@ info:
author: divya_mudgal
severity: critical
description: Lansweeper before 7.1.117.4 allows unauthenticated SQL injection.
remediation: |
Apply the latest security patch or update provided by Lansweeper to fix the SQL Injection vulnerability.
reference:
- https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
- https://nvd.nist.gov/vuln/detail/CVE-2019-13462
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-13462
cwe-id: CWE-89
epss-score: 0.41054
cpe: cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*
epss-percentile: 0.96803
cpe: cpe:2.3:a:lansweeper:lansweeper:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: lansweeper

6
http/cves/2019/CVE-2019-14205.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WordPress Nevma Adaptive Images plugin before 0.6.67 allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.
remediation: |
Update to the latest version of the plugin (0.6.67) or apply the patch provided by the vendor.
reference:
- https://github.com/security-kma/EXPLOITING-CVE-2019-14205
- https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
@ -18,13 +20,13 @@ info:
cve-id: CVE-2019-14205
cwe-id: CWE-22
epss-score: 0.06333
cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.92717
cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: nevma
product: adaptive_images
framework: wordpress
tags: cve,cve2019,wordpress,wp-plugin,lfi,wp
http:

4
http/cves/2019/CVE-2019-14223.yaml
View File

@ -5,6 +5,8 @@ info:
author: pdteam
severity: medium
description: Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Apply the latest security patches or updates provided by Alfresco to fix the open redirect vulnerability.
reference:
- https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-14223
cwe-id: CWE-601
epss-score: 0.00188
cpe: cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*
epss-percentile: 0.55496
cpe: cpe:2.3:a:alfresco:alfresco:*:*:*:*:community:*:*:*
metadata:
max-request: 1
vendor: alfresco

4
http/cves/2019/CVE-2019-14251.yaml
View File

@ -5,6 +5,8 @@ info:
author: 0x_Akoko
severity: high
description: T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the T24 Web Server.
reference:
- https://github.com/kmkz/exploit/blob/master/CVE-2019-14251-TEMENOS-T24.txt
- https://vuldb.com/?id.146815
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-14251
cwe-id: CWE-22
epss-score: 0.01349
cpe: cpe:2.3:a:temenos:t24:r15.01:*:*:*:*:*:*:*
epss-percentile: 0.84467
cpe: cpe:2.3:a:temenos:t24:r15.01:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: temenos

4
http/cves/2019/CVE-2019-14312.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: medium
description: Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
remediation: |
Upgrade to a patched version of Aptana Jaxer or apply the necessary security patches to mitigate the LFI vulnerability.
reference:
- https://www.exploit-db.com/exploits/47214
- http://packetstormsecurity.com/files/153985/Aptana-Jaxer-1.0.3.4547-Local-File-Inclusion.html
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-14312
cwe-id: CWE-22
epss-score: 0.02327
cpe: cpe:2.3:a:aptana:jaxer:1.0.3.4547:*:*:*:*:*:*:*
epss-percentile: 0.88328
cpe: cpe:2.3:a:aptana:jaxer:1.0.3.4547:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: aptana

4
http/cves/2019/CVE-2019-14322.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
remediation: |
Upgrade Pallets Werkzeug to version 0.15.5 or above to mitigate the LFI vulnerability.
reference:
- https://palletsprojects.com/blog/werkzeug-0-15-5-released/
- http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-14322
cwe-id: CWE-22
epss-score: 0.58463
cpe: cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
epss-percentile: 0.97287
cpe: cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: palletsprojects

4
http/cves/2019/CVE-2019-14470.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: medium
description: WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.
remediation: |
Update to the latest version of UserPro or apply the provided patch to fix the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/9815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14470
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-14470
cwe-id: CWE-79
epss-score: 0.78633
cpe: cpe:2.3:a:instagram-php-api_project:instagram-php-api:-:*:*:*:*:*:*:*
epss-percentile: 0.97832
cpe: cpe:2.3:a:instagram-php-api_project:instagram-php-api:-:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: instagram-php-api_project

6
http/cves/2019/CVE-2019-14530.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.
remediation: |
Upgrade OpenEMR to version 5.0.2 or later to mitigate the LFI vulnerability.
reference:
- https://www.exploit-db.com/exploits/50037
- https://github.com/openemr/openemr/archive/refs/tags/v5_0_1_7.zip
@ -17,11 +19,11 @@ info:
cve-id: CVE-2019-14530
cwe-id: CWE-22
epss-score: 0.83277
cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
epss-percentile: 0.97995
cpe: cpe:2.3:a:open-emr:openemr:*:*:*:*:*:*:*:*
metadata:
max-request: 2
verified: true
max-request: 2
vendor: open-emr
product: openemr
tags: lfi,authenticated,edb,cve,cve2019,openemr

4
http/cves/2019/CVE-2019-14696.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.
remediation: |
To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
reference:
- https://open-school.org
- https://pastebin.com/AgxqdbAQ
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-14696
cwe-id: CWE-79
epss-score: 0.00776
cpe: cpe:2.3:a:open-school:open-school:2.3:*:*:*:community:*:*:*
epss-percentile: 0.79096
cpe: cpe:2.3:a:open-school:open-school:2.3:*:*:*:community:*:*:*
metadata:
max-request: 1
vendor: open-school

6
http/cves/2019/CVE-2019-14750.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
remediation: |
Upgrade osTicket to version 1.12.1 or later to mitigate this vulnerability.
reference:
- https://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-14750
@ -18,13 +20,13 @@ info:
cve-id: CVE-2019-14750
cwe-id: CWE-79
epss-score: 0.05309
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
epss-percentile: 0.92085
cpe: cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*
metadata:
max-request: 4
shodan-query: title:"osTicket"
vendor: osticket
product: osticket
shodan-query: title:"osTicket"
tags: packetstorm,cve,cve2019,osticket,xss,intrusive
variables:
user_name: "{{to_lower(rand_text_alphanumeric(6))}}"

8
http/cves/2019/CVE-2019-14789.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: |
Update to Custom 404 Pro version 3.2.8 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/81ee1df5-12dc-49d8-8d49-ca28d6f5b7fd
- https://wordpress.org/plugins/custom-404-pro/advanced/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2019-14789
cwe-id: CWE-79
epss-score: 0.00125
cpe: cpe:2.3:a:kunalnagar:custom_404_pro:3.2.8:*:*:*:*:wordpress:*:*
epss-percentile: 0.46223
cpe: cpe:2.3:a:kunalnagar:custom_404_pro:3.2.8:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
framework: wordpress
max-request: 2
vendor: kunalnagar
product: custom_404_pro
framework: wordpress
tags: wpscan,cve,cve2023,custom-404-pro,wp,wp-plugin,wordpress,authenticated,xss
http:

4
http/cves/2019/CVE-2019-14974.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: medium
description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
remediation: |
Apply the latest security patch or upgrade to a non-vulnerable version of SugarCRM Enterprise.
reference:
- https://www.exploit-db.com/exploits/47247
- https://nvd.nist.gov/vuln/detail/CVE-2019-14974
@ -14,8 +16,8 @@ info:
cve-id: CVE-2019-14974
cwe-id: CWE-79
epss-score: 0.00217
cpe: cpe:2.3:a:sugarcrm:sugarcrm:9.0.0:*:*:*:enterprise:*:*:*
epss-percentile: 0.59028
cpe: cpe:2.3:a:sugarcrm:sugarcrm:9.0.0:*:*:*:enterprise:*:*:*
metadata:
max-request: 1
vendor: sugarcrm

8
http/cves/2019/CVE-2019-15043.yaml
View File

@ -6,6 +6,7 @@ info:
severity: high
description: |
Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.
remediation: Upgrade to 6.3.4 or higher.
reference:
- https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569
- https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/
@ -13,21 +14,20 @@ info:
- https://aaron-hoffmann.com/posts/cve-2019-15043/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15043
- https://nvd.nist.gov/vuln/detail/CVE-2019-15043
remediation: Upgrade to 6.3.4 or higher.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cve-id: CVE-2019-15043
cwe-id: CWE-306
epss-score: 0.27328
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
epss-percentile: 0.96168
cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"Grafana"
verified: true
max-request: 1
vendor: grafana
product: grafana
shodan-query: title:"Grafana"
tags: cve,cve2019,grafana,dos,intrusive
variables:
payload: '{{repeat("A", 4000)}}'

4
http/cves/2019/CVE-2019-15107.yaml
View File

@ -5,6 +5,8 @@ info:
author: bp0lr
severity: critical
description: Webmin <=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.
remediation: |
Upgrade to Webmin version 1.930 or later to mitigate this vulnerability.
reference:
- https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-15107
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-15107
cwe-id: CWE-78
epss-score: 0.97528
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
epss-percentile: 0.99981
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: webmin

8
http/cves/2019/CVE-2019-15501.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
remediation: |
Upgrade to a version of L-Soft LISTSERV that is higher than 16.5-2018a to mitigate the XSS vulnerability.
reference:
- https://www.exploit-db.com/exploits/47302
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
@ -16,14 +18,14 @@ info:
cve-id: CVE-2019-15501
cwe-id: CWE-79
epss-score: 0.00303
cpe: cpe:2.3:a:lsoft:listserv:*:*:*:*:*:*:*:*
epss-percentile: 0.65819
cpe: cpe:2.3:a:lsoft:listserv:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.html:"LISTSERV"
verified: true
max-request: 1
vendor: lsoft
product: listserv
shodan-query: http.html:"LISTSERV"
tags: cve,cve2019,xss,listserv,edb
http:

8
http/cves/2019/CVE-2019-15642.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
remediation: |
Upgrade Webmin to version 1.920 or later to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-15642
- https://github.com/jas502n/CVE-2019-15642
@ -18,14 +20,14 @@ info:
cve-id: CVE-2019-15642
cwe-id: CWE-94
epss-score: 0.26994
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
epss-percentile: 0.96156
cpe: cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*
metadata:
max-request: 4
shodan-query: title:"Webmin"
verified: true
max-request: 4
vendor: webmin
product: webmin
shodan-query: title:"Webmin"
tags: cve,cve2019,webmin,rce
variables:
cmd: '`id`'

6
http/cves/2019/CVE-2019-15713.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo,dhiyaneshDk
severity: medium
description: WordPress plugin My Calendar <= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.
remediation: |
Update to the latest version of the My Calendar plugin (>= 3.1.10) or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/9267
- https://wordpress.org/plugins/my-calendar/#developers
@ -15,13 +17,13 @@ info:
cve-id: CVE-2019-15713
cwe-id: CWE-79
epss-score: 0.00101
cpe: cpe:2.3:a:my_calendar_project:my_calendar:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.40822
cpe: cpe:2.3:a:my_calendar_project:my_calendar:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: my_calendar_project
product: my_calendar
framework: wordpress
tags: cve,cve2019,wordpress,xss,wp-plugin,wpscan
http:

6
http/cves/2019/CVE-2019-15811.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
remediation: |
Upgrade to the latest version of DomainMOD (>=4.13.1) to mitigate this vulnerability.
reference:
- https://www.exploit-db.com/exploits/47325
- https://github.com/domainmod/domainmod/issues/108
@ -17,11 +19,11 @@ info:
cve-id: CVE-2019-15811
cwe-id: CWE-79
epss-score: 0.00376
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
epss-percentile: 0.6932
cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:*
metadata:
max-request: 2
verified: true
max-request: 2
vendor: domainmod
product: domainmod
tags: cve,cve2019,domainmod,xss,authenticated,edb

6
http/cves/2019/CVE-2019-15858.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.
remediation: |
Update to the latest version of the Woody Ad Snippets plugin (2.2.5) or apply the vendor-provided patch to mitigate the vulnerability.
reference:
- https://github.com/GeneralEG/CVE-2019-15858
- https://blog.nintechnet.com/multiple-vulnerabilities-in-wordpress-woody-ad-snippets-plugin-lead-to-remote-code-execution/
@ -17,13 +19,13 @@ info:
cve-id: CVE-2019-15858
cwe-id: CWE-306
epss-score: 0.02782
cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.8928
cpe: cpe:2.3:a:webcraftic:woody_ad_snippets:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: webcraftic
product: woody_ad_snippets
framework: wordpress
tags: cve,cve2019,wordpress,wp-plugin,xss,wp
http:

4
http/cves/2019/CVE-2019-15859.yaml
View File

@ -5,6 +5,8 @@ info:
author: geeknik
severity: critical
description: Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.
remediation: |
Update the firmware of the Socomec DIRIS A-40 devices to the latest version to mitigate the vulnerability.
reference:
- https://seclists.org/fulldisclosure/2019/Oct/10
- https://nvd.nist.gov/vuln/detail/CVE-2019-15859
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-15859
cwe-id: CWE-200
epss-score: 0.12379
cpe: cpe:2.3:o:socomec:diris_a-40_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.94685
cpe: cpe:2.3:o:socomec:diris_a-40_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: socomec

6
http/cves/2019/CVE-2019-15889.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: medium
description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
remediation: |
Update WordPress Download Manager plugin to version 2.9.94 or later to mitigate this vulnerability.
reference:
- https://www.cybersecurity-help.cz/vdb/SB2019041819
- https://wordpress.org/plugins/download-manager/#developers
@ -17,13 +19,13 @@ info:
cve-id: CVE-2019-15889
cwe-id: CWE-79
epss-score: 0.0427
cpe: cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.91187
cpe: cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: wpdownloadmanager
product: wordpress_download_manager
framework: wordpress
tags: packetstorm,cve,cve2019,wordpress,xss,wp-plugin
http:

8
http/cves/2019/CVE-2019-16057.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
remediation: |
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16057
- https://web.archive.org/web/20201222035258im_/https://blog.cystack.net/content/images/2019/09/poc.png
@ -16,14 +18,14 @@ info:
cve-id: CVE-2019-16057
cwe-id: CWE-78
epss-score: 0.97548
cpe: cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.99991
cpe: cpe:2.3:o:dlink:dns-320_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
shodan-query: html:"ShareCenter"
max-request: 1
vendor: dlink
product: dns-320_firmware
shodan-query: html:"ShareCenter"
tags: cve,cve2019,lfi,rce,kev,sharecenter,dlink
http:

4
http/cves/2019/CVE-2019-16097.yaml
View File

@ -5,21 +5,21 @@ info:
author: pikpikcu
severity: medium
description: Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.
remediation: Upgrade to v1.7.6 v1.8.3. v.1.9.0 or higher. A potential workaround without applying the fix is to configure Harbor to use a non-DB authentication backend such as LDAP.
reference:
- https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
- https://github.com/goharbor/harbor/issues/8951
- https://nvd.nist.gov/vuln/detail/CVE-2019-16097
- https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517
- http://www.vmware.com/security/advisories/VMSA-2019-0015.html
remediation: Upgrade to v1.7.6 v1.8.3. v.1.9.0 or higher. A potential workaround without applying the fix is to configure Harbor to use a non-DB authentication backend such as LDAP.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
cvss-score: 6.5
cve-id: CVE-2019-16097
cwe-id: CWE-862
epss-score: 0.96909
cpe: cpe:2.3:a:linuxfoundation:harbor:1.7.0:-:*:*:*:*:*:*
epss-percentile: 0.99592
cpe: cpe:2.3:a:linuxfoundation:harbor:1.7.0:-:*:*:*:*:*:*
metadata:
max-request: 1
vendor: linuxfoundation

4
http/cves/2019/CVE-2019-16123.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion.
remediation: |
Upgrade to a patched version of PilusCart (>=1.4.2) or apply the vendor-supplied patch to mitigate the LFI vulnerability.
reference:
- https://packetstormsecurity.com/files/154250/PilusCart-1.4.1-Local-File-Disclosure.html
- https://www.exploit-db.com/exploits/47315
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-16123
cwe-id: CWE-22
epss-score: 0.72953
cpe: cpe:2.3:a:kartatopia:piluscart:*:*:*:*:*:*:*:*
epss-percentile: 0.97666
cpe: cpe:2.3:a:kartatopia:piluscart:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: kartatopia

4
http/cves/2019/CVE-2019-16278.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: critical
description: nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify.
remediation: |
Upgrade to a patched version of nostromo web server (1.9.7 or later) or apply the vendor-supplied patch.
reference:
- https://packetstormsecurity.com/files/155802/nostromo-1.9.6-Remote-Code-Execution.html
- https://www.exploit-db.com/raw/47837
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-16278
cwe-id: CWE-22
epss-score: 0.97349
cpe: cpe:2.3:a:nazgul:nostromo_nhttpd:*:*:*:*:*:*:*:*
epss-percentile: 0.99835
cpe: cpe:2.3:a:nazgul:nostromo_nhttpd:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: nazgul

4
http/cves/2019/CVE-2019-16313.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: high
description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code.
remediation: |
Update the ifw8 Router ROM to a version that is not affected by CVE-2019-16313.
reference:
- https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/CVE-2019-16313%20%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
- https://nvd.nist.gov/vuln/detail/CVE-2019-16313
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-16313
cwe-id: CWE-798
epss-score: 0.02626
cpe: cpe:2.3:o:ifw8:fr6_firmware:4.31:*:*:*:*:*:*:*
epss-percentile: 0.88983
cpe: cpe:2.3:o:ifw8:fr6_firmware:4.31:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: ifw8

6
http/cves/2019/CVE-2019-16332.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: medium
description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
remediation: |
Update to the latest version of WordPress API Bearer Auth plugin (20190907 or later) to mitigate the vulnerability.
reference:
- https://plugins.trac.wordpress.org/changeset/2152730
- https://wordpress.org/plugins/api-bearer-auth/#developers
@ -17,13 +19,13 @@ info:
cve-id: CVE-2019-16332
cwe-id: CWE-79
epss-score: 0.00303
cpe: cpe:2.3:a:api_bearer_auth_project:api_bearer_auth:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.65787
cpe: cpe:2.3:a:api_bearer_auth_project:api_bearer_auth:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: api_bearer_auth_project
product: api_bearer_auth
framework: wordpress
tags: packetstorm,cve,cve2019,wordpress,xss,wp-plugin,auth
http:

6
http/cves/2019/CVE-2019-16525.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: medium
description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
remediation: |
Update to the latest version of the WordPress Checklist plugin (1.1.9 or higher) to mitigate this vulnerability.
reference:
- https://wordpress.org/plugins/checklist/#developers
- https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
@ -17,13 +19,13 @@ info:
cve-id: CVE-2019-16525
cwe-id: CWE-79
epss-score: 0.00323
cpe: cpe:2.3:a:checklist:checklist:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.66929
cpe: cpe:2.3:a:checklist:checklist:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: checklist
product: checklist
framework: wordpress
tags: xss,wp-plugin,packetstorm,cve,cve2019,wordpress
http:

6
http/cves/2019/CVE-2019-1653.yaml
View File

@ -6,22 +6,22 @@ info:
severity: high
description: |
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
remediation: |
Cisco has released firmware updates that address this vulnerability.
reference:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
- https://www.exploit-db.com/exploits/46262/
- https://www.exploit-db.com/exploits/46655/
- https://nvd.nist.gov/vuln/detail/CVE-2019-1653
- http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html
remediation: |
Cisco has released firmware updates that address this vulnerability.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-1653
cwe-id: CWE-200,CWE-284
epss-score: 0.97578
cpe: cpe:2.3:o:cisco:rv320_firmware:1.4.2.15:*:*:*:*:*:*:*
epss-percentile: 1
cpe: cpe:2.3:o:cisco:rv320_firmware:1.4.2.15:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: cisco

4
http/cves/2019/CVE-2019-16662.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: critical
description: rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
remediation: |
Upgrade to a patched version of rConfig (3.9.3 or later) or apply the vendor-supplied patch to mitigate this vulnerability.
reference:
- https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
- https://nvd.nist.gov/vuln/detail/CVE-2019-16662
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-16662
cwe-id: CWE-78
epss-score: 0.97573
cpe: cpe:2.3:a:rconfig:rconfig:3.9.2:*:*:*:*:*:*:*
epss-percentile: 0.99999
cpe: cpe:2.3:a:rconfig:rconfig:3.9.2:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: rconfig

8
http/cves/2019/CVE-2019-16759.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: critical
description: vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widget_php routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: |
Upgrade vBulletin to a version that is not affected by CVE-2019-16759.
reference:
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/
- https://seclists.org/fulldisclosure/2019/Sep/31
@ -16,14 +18,14 @@ info:
cve-id: CVE-2019-16759
cwe-id: CWE-94
epss-score: 0.97535
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
epss-percentile: 0.99987
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.component:"vBulletin"
verified: true
max-request: 1
vendor: vbulletin
product: vbulletin
shodan-query: http.component:"vBulletin"
tags: cve,cve2019,rce,kev,seclists,vbulletin
http:

4
http/cves/2019/CVE-2019-16920.yaml
View File

@ -5,6 +5,8 @@ info:
author: dwisiswant0
severity: critical
description: D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565 contain an unauthenticated remote code execution vulnerability. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these issues also affected; DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
remediation: |
Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16920
- https://github.com/pwnhacker0x18/CVE-2019-16920-MassPwn3r
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-16920
cwe-id: CWE-78
epss-score: 0.96275
cpe: cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.99325
cpe: cpe:2.3:o:dlink:dir-655_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: dlink

8
http/cves/2019/CVE-2019-16931.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
remediation: |
Update to the latest version of WordPress Visualizer plugin (3.3.1) or apply the provided patch to fix the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
@ -18,14 +20,14 @@ info:
cve-id: CVE-2019-16931
cwe-id: CWE-79
epss-score: 0.00244
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.61655
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
verified: true
framework: wordpress
max-request: 1
vendor: themeisle
product: visualizer
framework: wordpress
tags: cve,cve2019,wp-plugin,wordpress,wp,xss,unauth,wpscan
http:

6
http/cves/2019/CVE-2019-16932.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.
remediation: |
Update Visualizer plugin to version 3.3.1 or later to fix the SSRF vulnerability.
reference:
- https://wpscan.com/vulnerability/9892
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
@ -18,13 +20,13 @@ info:
cve-id: CVE-2019-16932
cwe-id: CWE-918
epss-score: 0.53434
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.97161
cpe: cpe:2.3:a:themeisle:visualizer:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: themeisle
product: visualizer
framework: wordpress
tags: cve,cve2019,wp-plugin,ssrf,wordpress,xss,unauth,wpscan,intrusive
http:

4
http/cves/2019/CVE-2019-16996.yaml
View File

@ -5,6 +5,8 @@ info:
author: ritikchaddha
severity: high
description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
remediation: |
Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability.
reference:
- https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/1
- https://nvd.nist.gov/vuln/detail/CVE-2019-16996
@ -14,8 +16,8 @@ info:
cve-id: CVE-2019-16996
cwe-id: CWE-89
epss-score: 0.30632
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
epss-percentile: 0.96378
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
metadata:
max-request: 1
vendor: metinfo

4
http/cves/2019/CVE-2019-16997.yaml
View File

@ -5,6 +5,8 @@ info:
author: ritikchaddha
severity: high
description: Metinfo 7.0.0 beta is susceptible to SQL Injection in app/system/language/admin/language_general.class.php via the admin/?n=language&c=language_general&a=doExportPack appno parameter.
remediation: |
Upgrade to a patched version of Metinfo or apply the necessary security patches to mitigate the SQL Injection vulnerability.
reference:
- https://github.com/XiaOkuoAi/XiaOkuoAi.github.io/issues/2
- https://nvd.nist.gov/vuln/detail/CVE-2019-16997
@ -14,8 +16,8 @@ info:
cve-id: CVE-2019-16997
cwe-id: CWE-89
epss-score: 0.30632
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
epss-percentile: 0.96378
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
metadata:
max-request: 1
vendor: metinfo

4
http/cves/2019/CVE-2019-17270.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
remediation: |
Apply the latest security patches or updates provided by the vendor to fix the remote command injection vulnerability.
reference:
- https://www.exploit-db.com/exploits/47760
- https://nvd.nist.gov/vuln/detail/CVE-2019-17270
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-17270
cwe-id: CWE-78
epss-score: 0.94092
cpe: cpe:2.3:a:yachtcontrol:yachtcontrol:*:*:*:*:*:*:*:*
epss-percentile: 0.98826
cpe: cpe:2.3:a:yachtcontrol:yachtcontrol:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: yachtcontrol

4
http/cves/2019/CVE-2019-17382.yaml
View File

@ -5,6 +5,8 @@ info:
author: harshbothra_
severity: critical
description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
remediation: |
Upgrade to a patched version of Zabbix (>=4.4) to mitigate this vulnerability.
reference:
- https://www.exploit-db.com/exploits/47467
- https://nvd.nist.gov/vuln/detail/CVE-2019-17382
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-17382
cwe-id: CWE-639
epss-score: 0.25064
cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
epss-percentile: 0.9605
cpe: cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
metadata:
max-request: 100
vendor: zabbix

4
http/cves/2019/CVE-2019-17418.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
MetInfo 7.0.0 beta is susceptible to SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter (a different issue than CVE-2019-16997).
remediation: |
Upgrade to a patched version of MetInfo or apply the necessary security patches provided by the vendor.
reference:
- https://github.com/evi1code/Just-for-fun/issues/2
- https://nvd.nist.gov/vuln/detail/CVE-2019-17418
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-17418
cwe-id: CWE-89
epss-score: 0.43984
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
epss-percentile: 0.96882
cpe: cpe:2.3:a:metinfo:metinfo:7.0.0:beta:*:*:*:*:*:*
metadata:
max-request: 1
vendor: metinfo

6
http/cves/2019/CVE-2019-17444.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
Jfrog Artifactory prior to 6.17.0 uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory.
remediation: |
Upgrade Jfrog Artifactory to version 6.17.0 or later and change the default admin password to a strong, unique one.
reference:
- https://www.jfrog.com/confluence/display/JFROG/Artifactory+Release+Notes
- https://www.jfrog.com/confluence/display/JFROG/JFrog+Artifactory
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-17444
cwe-id: CWE-521
epss-score: 0.07015
cpe: cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*
epss-percentile: 0.9309
cpe: cpe:2.3:a:jfrog:artifactory:*:*:*:*:*:-:*:*
metadata:
max-request: 1
framework: "-"
vendor: jfrog
product: artifactory
framework: "-"
tags: cve,cve2019,jfrog,default-login
http:

4
http/cves/2019/CVE-2019-17503.yaml
View File

@ -5,6 +5,8 @@ info:
author: LogicalHunter
severity: medium
description: Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.
remediation: |
Apply the latest patch or update provided by the vendor to fix the information disclosure vulnerability.
reference:
- https://www.exploit-db.com/exploits/47498
- https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-17503
cwe-id: CWE-425
epss-score: 0.00433
cpe: cpe:2.3:a:kirona:dynamic_resource_scheduling:5.5.3.5:*:*:*:*:*:*:*
epss-percentile: 0.71395
cpe: cpe:2.3:a:kirona:dynamic_resource_scheduling:5.5.3.5:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: kirona

4
http/cves/2019/CVE-2019-17506.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.
remediation: |
Apply the latest firmware update provided by D-Link to fix the information disclosure vulnerability.
reference:
- https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py
- https://nvd.nist.gov/vuln/detail/CVE-2019-17506
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-17506
cwe-id: CWE-306
epss-score: 0.90125
cpe: cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:*
epss-percentile: 0.98375
cpe: cpe:2.3:o:dlink:dir-868l_b1_firmware:2.03:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: dlink

4
http/cves/2019/CVE-2019-17538.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1&name=../.
remediation: |
Upgrade Jiangnan Online Judge to a patched version or apply the necessary security patches to fix the Local File Inclusion vulnerability.
reference:
- https://github.com/shi-yang/jnoj/issues/53
- https://nvd.nist.gov/vuln/detail/CVE-2019-17538
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-17538
cwe-id: CWE-22
epss-score: 0.00838
cpe: cpe:2.3:a:jnoj:jiangnan_online_judge:0.8.0:*:*:*:*:*:*:*
epss-percentile: 0.79928
cpe: cpe:2.3:a:jnoj:jiangnan_online_judge:0.8.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: jnoj

4
http/cves/2019/CVE-2019-17558.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu,madrobot
severity: high
description: Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
remediation: |
Upgrade to a patched version of Apache Solr (8.4.0 or later) to mitigate this vulnerability.
reference:
- https://issues.apache.org/jira/browse/SOLR-13971
- https://nvd.nist.gov/vuln/detail/CVE-2019-17558
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-17558
cwe-id: CWE-74
epss-score: 0.97543
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
epss-percentile: 0.99991
cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:*
metadata:
max-request: 3
vendor: apache

10
http/cves/2019/CVE-2019-17574.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
remediation: |
Update Popup-Maker plugin to version 1.8.12 or later.
reference:
- https://wpscan.com/vulnerability/9907
- https://web.archive.org/web/20191128065954/https://blog.redyops.com/wordpress-plugin-popup-maker/
@ -18,15 +20,15 @@ info:
cve-id: 'CVE-2019-17574'
cwe-id: CWE-639
epss-score: 0.14192
cpe: cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.94987
cpe: cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
verified: true
publicwww-query: "/wp-content/plugins/popup-maker/"
framework: wordpress
max-request: 2
vendor: code-atlantic
product: popup_maker
framework: wordpress
publicwww-query: "/wp-content/plugins/popup-maker/"
tags: wpscan,cve,cve2019,wp,wordpress,wp-plugin,disclosure,popup-maker,auth-bypass
http:

8
http/cves/2019/CVE-2019-17662.yaml
View File

@ -6,6 +6,8 @@ info:
severity: critical
description: |
ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.
remediation: |
Upgrade to a patched version of ThinVNC or implement additional authentication mechanisms.
reference:
- http://packetstormsecurity.com/files/154896/ThinVNC-1.0b1-Authentication-Bypass.html
- https://github.com/bewest/thinvnc/issues/5
@ -17,14 +19,14 @@ info:
cve-id: CVE-2019-17662
cwe-id: CWE-22
epss-score: 0.50347
cpe: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
epss-percentile: 0.9709
cpe: cpe:2.3:a:cybelsoft:thinvnc:1.0:b1:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: http.favicon.hash:-1414548363
verified: true
max-request: 1
vendor: cybelsoft
product: thinvnc
shodan-query: http.favicon.hash:-1414548363
tags: packetstorm,cve,cve2019,auth-bypass,thinvnc,intrusive
http:

6
http/cves/2019/CVE-2019-1821.yaml
View File

@ -5,6 +5,8 @@ info:
author: _0xf4n9x_
severity: critical
description: Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
remediation: |
Apply the latest security patches provided by Cisco to mitigate this vulnerability.
reference:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
- https://srcincite.io/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructure.html
@ -16,13 +18,13 @@ info:
cve-id: CVE-2019-1821
cwe-id: CWE-20
epss-score: 0.96882
cpe: cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
epss-percentile: 0.99577
cpe: cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query: http.title:"prime infrastructure"
vendor: cisco
product: evolved_programmable_network_manager
shodan-query: http.title:"prime infrastructure"
tags: packetstorm,cve,cve2019,rce,fileupload,unauth,intrusive,cisco
http:

4
http/cves/2019/CVE-2019-18371.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.
remediation: |
Update the firmware of the Xiaomi Mi WiFi R3G routers to the latest version, which includes a fix for the local file inclusion vulnerability.
reference:
- https://ultramangaia.github.io/blog/2019/Xiaomi-Series-Router-Command-Execution-Vulnerability.html
- https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC/blob/master/arbitrary_file_read_vulnerability.py
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-18371
cwe-id: CWE-22
epss-score: 0.02272
cpe: cpe:2.3:o:mi:millet_router_3g_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.88207
cpe: cpe:2.3:o:mi:millet_router_3g_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: mi

4
http/cves/2019/CVE-2019-18393.yaml
View File

@ -5,6 +5,8 @@ info:
author: pikpikcu
severity: medium
description: Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.
remediation: |
Upgrade Ignite Realtime Openfire to version 4.42 or later to mitigate this vulnerability.
reference:
- https://github.com/igniterealtime/Openfire/pull/1498
- https://swarm.ptsecurity.com/openfire-admin-console/
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-18393
cwe-id: CWE-22
epss-score: 0.00161
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
epss-percentile: 0.52069
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: igniterealtime

4
http/cves/2019/CVE-2019-18394.yaml
View File

@ -5,6 +5,8 @@ info:
author: pdteam
severity: critical
description: Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrary HTTP GET requests in FaviconServlet.java, resulting in server-side request forgery.
remediation: |
Upgrade to the latest version of Ignite Realtime Openfire (>=4.4.3) to fix this vulnerability.
reference:
- https://swarm.ptsecurity.com/openfire-admin-console/
- https://github.com/igniterealtime/Openfire/pull/1497
@ -15,8 +17,8 @@ info:
cve-id: CVE-2019-18394
cwe-id: CWE-918
epss-score: 0.5914
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
epss-percentile: 0.97299
cpe: cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: igniterealtime

4
http/cves/2019/CVE-2019-18665.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
SECUDOS DOMOS before 5.6 allows local file inclusion via the log module.
remediation: |
Apply the latest patch or update to a version that is not affected by this vulnerability.
reference:
- https://atomic111.github.io/article/secudos-domos-directory_traversal
- https://vuldb.com/?id.144804
@ -18,8 +20,8 @@ info:
cve-id: CVE-2019-18665
cwe-id: CWE-22
epss-score: 0.0855
cpe: cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:*
epss-percentile: 0.93623
cpe: cpe:2.3:a:secudos:domos:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: secudos

4
http/cves/2019/CVE-2019-18818.yaml
View File

@ -5,6 +5,8 @@ info:
author: idealphase
severity: critical
description: strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
remediation: |
Upgrade Strapi CMS to a version higher than 3.0.0-beta.17.5 to mitigate the vulnerability.
reference:
- https://github.com/advisories/GHSA-6xc2-mj39-q599
- https://www.exploit-db.com/exploits/50239
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-18818
cwe-id: CWE-640
epss-score: 0.88411
cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*
epss-percentile: 0.98263
cpe: cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: strapi

4
http/cves/2019/CVE-2019-18922.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.
remediation: |
Apply the latest firmware update provided by Allied Telesis to fix the vulnerability.
reference:
- https://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Traversal.html
- https://pastebin.com/dpEGKUGz
@ -18,8 +20,8 @@ info:
cve-id: CVE-2019-18922
cwe-id: CWE-22
epss-score: 0.16768
cpe: cpe:2.3:o:alliedtelesis:at-gs950\/8_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.95348
cpe: cpe:2.3:o:alliedtelesis:at-gs950\/8_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: alliedtelesis

4
http/cves/2019/CVE-2019-18957.yaml
View File

@ -6,21 +6,21 @@ info:
severity: medium
description: |
MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch.
reference:
- https://seclists.org/bugtraq/2019/Nov/23
- https://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html
- https://nvd.nist.gov/vuln/detail/CVE-2019-18957
- http://packetstormsecurity.com/files/155320/MicroStrategy-Library-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2019/Nov/4
remediation: The issue can be resolved by downloading and installing 1.1.3, which has the patch.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-18957
cwe-id: CWE-79
epss-score: 0.00247
cpe: cpe:2.3:a:microstrategy:microstrategy_library:*:*:*:*:*:*:*:*
epss-percentile: 0.61933
cpe: cpe:2.3:a:microstrategy:microstrategy_library:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: microstrategy

6
http/cves/2019/CVE-2019-1898.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
remediation: |
Apply the latest firmware update provided by Cisco to fix the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-1898
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess
@ -16,14 +18,14 @@ info:
cve-id: CVE-2019-1898
cwe-id: CWE-425,CWE-285
epss-score: 0.06482
cpe: cpe:2.3:o:cisco:rv110w_firmware:-:*:*:*:*:*:*:*
epss-percentile: 0.928
cpe: cpe:2.3:o:cisco:rv110w_firmware:-:*:*:*:*:*:*:*
metadata:
fofa-query: icon_hash="-646322113"
verified: true
max-request: 1
vendor: cisco
product: rv110w_firmware
fofa-query: icon_hash="-646322113"
tags: cve,cve2019,cisco,router,iot
http:

6
http/cves/2019/CVE-2019-19134.yaml
View File

@ -5,6 +5,8 @@ info:
author: daffainfo
severity: medium
description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
remediation: |
Update to the latest version of the WordPress Hero Maps Premium plugin (>=2.2.2) or apply the vendor-provided patch to fix the XSS vulnerability.
reference:
- https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
- https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
@ -17,13 +19,13 @@ info:
cve-id: CVE-2019-19134
cwe-id: CWE-79
epss-score: 0.00203
cpe: cpe:2.3:a:heroplugins:hero_maps_premium:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.57549
cpe: cpe:2.3:a:heroplugins:hero_maps_premium:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: heroplugins
product: hero_maps_premium
framework: wordpress
tags: wpscan,cve,cve2019,wordpress,xss,wp-plugin,maps
http:

4
http/cves/2019/CVE-2019-19368.yaml
View File

@ -5,6 +5,8 @@ info:
author: madrobot
severity: medium
description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
remediation: |
Upgrade to the latest version of Rumpus FTP Web File Manager or apply the vendor-provided patch to mitigate this vulnerability.
reference:
- https://github.com/harshit-shukla/CVE-2019-19368/
- https://www.maxum.com/Rumpus/Download.html
@ -16,8 +18,8 @@ info:
cve-id: CVE-2019-19368
cwe-id: CWE-79
epss-score: 0.00625
cpe: cpe:2.3:a:maxum:rumpus:8.2.9.1:*:*:*:*:*:*:*
epss-percentile: 0.76278
cpe: cpe:2.3:a:maxum:rumpus:8.2.9.1:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: maxum

10
http/cves/2019/CVE-2019-1943.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
remediation: |
Apply the necessary patches or updates provided by Cisco to fix the open redirect vulnerability.
reference:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-sbss-redirect
- https://www.exploit-db.com/exploits/47118
@ -17,15 +19,15 @@ info:
cve-id: CVE-2019-1943
cwe-id: CWE-601
epss-score: 0.03526
cpe: cpe:2.3:o:cisco:sg200-50_firmware:-:*:*:*:*:*:*:*
epss-percentile: 0.90351
cpe: cpe:2.3:o:cisco:sg200-50_firmware:-:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: "true"
shodan-query: "/config/log_off_page.htm"
censys-query: "services.http.response.headers.location: /config/log_off_page.htm"
max-request: 1
vendor: cisco
product: sg200-50_firmware
shodan-query: "/config/log_off_page.htm"
censys-query: "services.http.response.headers.location: /config/log_off_page.htm"
tags: cve,cve2023,redirect,cisco
http:

4
http/cves/2019/CVE-2019-19781.yaml
View File

@ -5,6 +5,8 @@ info:
author: organiccrap,geeknik
severity: critical
description: Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.
remediation: |
Apply the necessary security patches provided by Citrix to fix the directory traversal vulnerability.
reference:
- https://support.citrix.com/article/CTX267027
- https://nvd.nist.gov/vuln/detail/CVE-2019-19781
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-19781
cwe-id: CWE-22
epss-score: 0.97541
cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
epss-percentile: 0.9999
cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: citrix

4
http/cves/2019/CVE-2019-19824.yaml
View File

@ -6,6 +6,8 @@ info:
severity: high
description: |
TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.
remediation: |
Apply the latest firmware update provided by the vendor to fix the vulnerability.
reference:
- https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
- https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
@ -17,8 +19,8 @@ info:
cve-id: CVE-2019-19824
cwe-id: CWE-78
epss-score: 0.96631
cpe: cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*
epss-percentile: 0.99466
cpe: cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: totolink

8
http/cves/2019/CVE-2019-19908.yaml
View File

@ -6,6 +6,8 @@ info:
severity: medium
description: |
phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
remediation: |
Upgrade to a patched version of phpMyChat-Plus or apply the necessary security patches to mitigate the XSS vulnerability.
reference:
- https://cinzinga.github.io/CVE-2019-19908/
- http://ciprianmp.com/
@ -17,14 +19,14 @@ info:
cve-id: CVE-2019-19908
cwe-id: CWE-79
epss-score: 0.00622
cpe: cpe:2.3:a:ciprianmp:phpmychat-plus:1.98:*:*:*:*:*:*:*
epss-percentile: 0.76214
cpe: cpe:2.3:a:ciprianmp:phpmychat-plus:1.98:*:*:*:*:*:*:*
metadata:
max-request: 1
verified: true
google-query: inurl:"/plus/pass_reset.php"
max-request: 1
vendor: ciprianmp
product: phpmychat-plus
google-query: inurl:"/plus/pass_reset.php"
tags: cve,cve2019,phpMyChat,xss
http:

6
http/cves/2019/CVE-2019-19985.yaml
View File

@ -5,6 +5,8 @@ info:
author: KBA@SOGETI_ESEC,madrobot,dwisiswant0
severity: medium
description: WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations.
remediation: |
Update to the latest version of WordPress Email Subscribers & Newsletters plugin (4.2.3) or apply the patch provided by the vendor.
reference:
- https://www.exploit-db.com/exploits/48698
- https://wpvulndb.com/vulnerabilities/9946
@ -17,13 +19,13 @@ info:
cve-id: CVE-2019-19985
cwe-id: CWE-862
epss-score: 0.08255
cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*
epss-percentile: 0.93525
cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
framework: wordpress
vendor: icegram
product: email_subscribers_\&_newsletters
framework: wordpress
tags: cve2019,wordpress,wp-plugin,edb,packetstorm,cve
http:

Some files were not shown because too many files have changed in this diff Show More