From ac68ef0e9aea3f106393f8ea5ac2fd8bd7f41d7e Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 29 Aug 2021 14:44:12 +0530 Subject: [PATCH] misc updates --- cves/2018/CVE-2018-17254.yaml | 2 +- cves/2018/CVE-2018-18777.yaml | 4 ++-- cves/2018/CVE-2018-9995.yaml | 6 +++--- cves/2021/CVE-2021-24210.yaml | 6 +++--- cves/2021/CVE-2021-24387.yaml | 4 ++-- cves/2021/CVE-2021-35464.yaml | 4 ++-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/cves/2018/CVE-2018-17254.yaml b/cves/2018/CVE-2018-17254.yaml index 003557af06..fbcb014f26 100644 --- a/cves/2018/CVE-2018-17254.yaml +++ b/cves/2018/CVE-2018-17254.yaml @@ -6,7 +6,7 @@ info: description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. severity: high tags: joomla,sqli,cve,cve2018 - reference: | + reference: - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html - https://www.exploit-db.com/exploits/45423/ diff --git a/cves/2018/CVE-2018-18777.yaml b/cves/2018/CVE-2018-18777.yaml index cdea8f68ec..cba64072e6 100644 --- a/cves/2018/CVE-2018-18777.yaml +++ b/cves/2018/CVE-2018-18777.yaml @@ -5,8 +5,8 @@ info: author: 0x_Akoko severity: high description: | - Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) - allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. + Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) + allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. reference: https://www.exploit-db.com/exploits/45755 tags: microstrategy,lfi diff --git a/cves/2018/CVE-2018-9995.yaml b/cves/2018/CVE-2018-9995.yaml index 94fda9b71e..d97e5a8118 100644 --- a/cves/2018/CVE-2018-9995.yaml +++ b/cves/2018/CVE-2018-9995.yaml @@ -4,9 +4,9 @@ info: author: princechaddha severity: high description: | - TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and - MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass - authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides + TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and + MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass + authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. reference: - http://misteralfa-hack.blogspot.cl/2018/04/tbk-vision-dvr-login-bypass.html diff --git a/cves/2021/CVE-2021-24210.yaml b/cves/2021/CVE-2021-24210.yaml index 90452b4356..faca3d5383 100644 --- a/cves/2021/CVE-2021-24210.yaml +++ b/cves/2021/CVE-2021-24210.yaml @@ -4,9 +4,9 @@ info: name: PhastPress < 1.111 - Open Redirect author: 0x_Akoko description: | - There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page - with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year - ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only + There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page + with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year + ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain. reference: https://wpscan.com/vulnerability/9b3c5412-8699-49e8-b60c-20d2085857fb severity: low diff --git a/cves/2021/CVE-2021-24387.yaml b/cves/2021/CVE-2021-24387.yaml index 0e7156dea8..fa60b34342 100644 --- a/cves/2021/CVE-2021-24387.yaml +++ b/cves/2021/CVE-2021-24387.yaml @@ -4,8 +4,8 @@ info: name: Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS author: suman_kar description: | - The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter - in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which + The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter + in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context severity: medium tags: cve,cve2021,xss,wordpress diff --git a/cves/2021/CVE-2021-35464.yaml b/cves/2021/CVE-2021-35464.yaml index ea5dcbd8b5..f3e3f41ee9 100644 --- a/cves/2021/CVE-2021-35464.yaml +++ b/cves/2021/CVE-2021-35464.yaml @@ -5,8 +5,8 @@ info: name: Pre-auth RCE in ForgeRock OpenAM description: | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. - The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted - /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) + The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted + /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier severity: critical tags: cve,cve2021,openam,rce,java